• Stay aware

    Inquietari sueti praenturis et stationibus servabantur agrariis

  • How to get the best

    Inquietari sueti praenturis et stationibus servabantur agrariis

  • Help us

    Inquietari sueti praenturis et stationibus servabantur agrariis

  • Forum

    Inquietari sueti praenturis et stationibus servabantur agrariis

Wed, 03/29/2017 - 03:13

Installer.Win32.InnoSetup.2_0e09343227

Installer.Win32.InnoSetup.2.FD, Trojan.Win32.Sasfis.FD, WebToolbar.Win32.InstallCore.FD, mzpefinder_pcap_file.YR (Lavasoft MAS) Behaviour: Trojan, Installer, WebToolbar

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

Summary

MD5: 0e09343227248ddeb3a40270abce7ab0

SHA1: 20f57121aabe1c3c4472a5ca62489646abf562f7

SHA256: 593a5cf82bf2fd799e0e00e11ff5caac7eae2481bd9574bcbaba02fdad00f0b0

SSDeep: 12288:v0PUkazPtY60fL JfdytyHtGTj6nZULvXNLA43xd5XneclBop7iDnoeoPCZ4rAKL:v0MkWVYr6fd8EZUTNAi5AO14rAKL

Size: 759496 bytes

File type: EXE

Platform: WIN32

Entropy: Packed

PEID: BorlandDelphi30, UPolyXv05_v6

Company: no certificate found

Created at: 1992-06-20 01:22:17

Analyzed on: Windows7 SP1 32-bit

Summary: Installer. An installation package.

Dynamic Analysis

Payload

No specific payload has been found.

Process activity

The Installer creates the following process(es):

%original file name%.exe:2920

The Installer injects its code into the following process(es):

%original file name%.exe:2792

Mutexes

The following mutexes were created/opened: No objects were found.

File activity

The process %original file name%.exe:2792 makes changes in the file system.


The Installer creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\bar7[1].png (1037 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\CH_logo_new[1].png (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\css[1].css (186 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\css\sdk-ui\images\progress-bg2.png (978 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\IE_logo_new[1].png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\images\Resume_Button.png (718 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\images\Loader.gif (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\css\main.css (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\images\Grey_Button_Hover.png (719 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\locale\CS.locale (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\images\ProgressBar.png (812 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is1301533066\40B7A53A_stp.CIS (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\css\sdk-ui\button.css (417 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\truste[1].png (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\isf_424328.flat (19 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\0006A0EF.log (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\0006A082.log (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\winrar[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\locale\JA.locale (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\css\sdk-ui\images\button-bg.png (131 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\1_V3-BG[1].jpg (584 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\locale\EN.locale (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\isf_424385.flat (554 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is1301533066\00377329_stp.CIS (1960 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\bg2[1].jpg (9941 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\images\Color_Button.png (808 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\css\sdk-ui\browse.css (337 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\logo_b[1].png (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\images\Progress.png (104 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\css\sdk-ui\checkbox.css (190 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\images\default_wi.png (28 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\0006A053.log (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\form.bmp.Mask (244 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\BG[1].jpg (10224 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is1301533066\00377329_stp\asgnd.json (553 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\logo[1].png (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\0006783B.log (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\FS_BG[1].png (644 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\images\default_tb.png (19 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\images\Color_Button_Hover.png (818 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is1301533066\73F506C1_stp.EXE.part (528 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\Nininininon[1].png (79122 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\images\Quick_Specs.png (221 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\J797LD84.txt (125 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\css\sdk-ui\progress-bar.css (506 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\0006A929.log (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\locale\EL.locale (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\css\sdk-ui\images\progress-bg-corner.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\images\Pause_Button.png (577 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\0006A533.log (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\bg1[1].jpg (22120 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\css\ie6_main.css (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\images\BG.jpg (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\bootstrap_35795.html (156 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\images\Icon_Generic.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\locale\ID.locale (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is1301533066\73F506C1_stp.EXE (9025 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\Cazurazihiz[1].png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\BG_FS[1].jpg (5877 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\FF_logo_new[1].png (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\images\Grey_Button.png (698 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\css\sdk-ui\images\progress-bg.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\BG[1].png (3280 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\images\sponsored.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\000678C7.log (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is1301533066\40B7A53A_stp.CIS.part (819 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\images\Close_Hover.png (207 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is1301533066\40B7A53A_stp\run.vbs (147 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\images\Close.png (207 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\images\text-bg.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is1301533066\00377329_stp.CIS.part (795 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\0006A311.log (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\csshover3.htc (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is1301533066\40B7A53A_stp\osutils.vbs (18 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\locale\NL.locale (4 bytes)

The Installer deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\0006A929.log (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\bootstrap_35795.html (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\0006A311.log (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\000678C7.log (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\0006A053.log (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\0006A533.log (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\isf_424328.flat (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\0006A0EF.log (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\0006A082.log (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\0006783B.log (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\isf_424385.flat (0 bytes)

Registry activity

The process %original file name%.exe:2792 makes changes in the system registry.


The Installer creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Tracing\0e09343227248ddeb3a40270abce7ab0_RASMANCS]
"EnableFileTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\0e09343227248ddeb3a40270abce7ab0_RASAPI32]
"EnableFileTracing" = "0"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "708992537"

[HKLM\SOFTWARE\Microsoft\Tracing\0e09343227248ddeb3a40270abce7ab0_RASAPI32]
"EnableConsoleTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\0e09343227248ddeb3a40270abce7ab0_RASMANCS]
"EnableConsoleTracing" = "0"
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Microsoft\Tracing\0e09343227248ddeb3a40270abce7ab0_RASAPI32]
"MaxFileSize" = "1048576"
"ConsoleTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Tracing\0e09343227248ddeb3a40270abce7ab0_RASMANCS]
"FileTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Tracing\0e09343227248ddeb3a40270abce7ab0_RASAPI32]
"FileDirectory" = "%windir%\tracing"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\0e09343227248ddeb3a40270abce7ab0_RASMANCS]
"FileDirectory" = "%windir%\tracing"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3C 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "%original file name%.exe"

[HKLM\SOFTWARE\Microsoft\Tracing\0e09343227248ddeb3a40270abce7ab0_RASMANCS]
"ConsoleTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Tracing\0e09343227248ddeb3a40270abce7ab0_RASAPI32]
"FileTracingMask" = "4294901760"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Installer deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

Dropped PE files

MD5 File path
c9e6ef630d782db948107b45eae9a05bc:\Users\"%CurrentUserName%"\AppData\Local\Temp\is1301533066\73F506C1_stp.EXE

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

Removals

Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.

Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    %original file name%.exe:2920

  2. Delete the original Installer file.
  3. Delete or disinfect the following files created/modified by the Installer:

    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\bar7[1].png (1037 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\CH_logo_new[1].png (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\css[1].css (186 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\css\sdk-ui\images\progress-bg2.png (978 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\IE_logo_new[1].png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\images\Resume_Button.png (718 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\images\Loader.gif (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\css\main.css (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\images\Grey_Button_Hover.png (719 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\locale\CS.locale (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\images\ProgressBar.png (812 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is1301533066\40B7A53A_stp.CIS (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\css\sdk-ui\button.css (417 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\truste[1].png (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\isf_424328.flat (19 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\0006A0EF.log (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\0006A082.log (16 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\winrar[1].jpg (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\locale\JA.locale (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\css\sdk-ui\images\button-bg.png (131 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\1_V3-BG[1].jpg (584 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\locale\EN.locale (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\isf_424385.flat (554 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is1301533066\00377329_stp.CIS (1960 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\bg2[1].jpg (9941 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\images\Color_Button.png (808 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\css\sdk-ui\browse.css (337 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\logo_b[1].png (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\images\Progress.png (104 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\css\sdk-ui\checkbox.css (190 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\images\default_wi.png (28 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\0006A053.log (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\form.bmp.Mask (244 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\BG[1].jpg (10224 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is1301533066\00377329_stp\asgnd.json (553 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\logo[1].png (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\0006783B.log (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\FS_BG[1].png (644 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\images\default_tb.png (19 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\images\Color_Button_Hover.png (818 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is1301533066\73F506C1_stp.EXE.part (528 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\Nininininon[1].png (79122 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\images\Quick_Specs.png (221 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\J797LD84.txt (125 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\css\sdk-ui\progress-bar.css (506 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\0006A929.log (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\locale\EL.locale (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\css\sdk-ui\images\progress-bg-corner.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\images\Pause_Button.png (577 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\0006A533.log (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\bg1[1].jpg (22120 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\css\ie6_main.css (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\images\BG.jpg (27 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\bootstrap_35795.html (156 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\images\Icon_Generic.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\locale\ID.locale (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\Cazurazihiz[1].png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\BG_FS[1].jpg (5877 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\FF_logo_new[1].png (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\images\Grey_Button.png (698 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\css\sdk-ui\images\progress-bg.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\BG[1].png (3280 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\images\sponsored.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\000678C7.log (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is1301533066\40B7A53A_stp.CIS.part (819 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\images\Close_Hover.png (207 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is1301533066\40B7A53A_stp\run.vbs (147 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\images\Close.png (207 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\images\text-bg.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is1301533066\00377329_stp.CIS.part (795 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\0006A311.log (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\csshover3.htc (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is1301533066\40B7A53A_stp\osutils.vbs (18 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ish423995\locale\NL.locale (4 bytes)

  4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  5. Reboot the computer.
*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Static Analysis

VersionInfo

Company Name: Software Program
Product Name: Web Internet installer
Product Version: 2.1.6
Legal Copyright: Program Generic
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 4.4.5.0
File Description: Web Internet installer Setup
Comments: This installation was built with Inno Setup.
Language: English (United States)

Company Name: Software Program Product Name: Web Internet installer Product Version: 2.1.6 Legal Copyright: Program Generic Legal Trademarks: Original Filename: Internal Name: File Version: 4.4.5.0 File Description: Web Internet installer Setup Comments: This installation was built with Inno Setup. Language: English (United States)

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
CODE409637732378884.64747320e8fd51cf5cb8f68e34695b06c6013
DATA4505658810241.897365d98c64569668b0235ae89005918165a
BSS49152372000d41d8cd98f00b204e9800998ecf8427e
.idata53248238425603.07115bb5485bf968b970e5ea81292af2acdba
.tls57344800d41d8cd98f00b204e9800998ecf8427e
.rdata61440245120.141749ba824905bf9c7922b6fc87a38b74366
.reloc65536222800d41d8cd98f00b204e9800998ecf8427e
.rsrc6963238296384003.866988e001ebb7bf38e149af4e1b6f1c1ed31

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Network Activity

URLs

URL IP
hxxp://rp.downloadastrocdn.com/?pcrc=2138688593&v=2.052.214.247.42
hxxp://info.downloadastrocdn.com/?v=1.03&c=ed70951e&at=1301533066&cntr=1176.34.130.130
hxxp://rp.downloadastrocdn.com/?pcrc=1964922035&v=2.052.214.247.42
hxxp://os.downloadastrocdn.com/DownloadAstro/?v=5.0&c=82558763152.213.148.235
hxxp://images.downloadastro.com/downloader/pl/winrar.jpeg104.25.54.103
hxxp://rp.downloadastrocdn.com/?pcrc=570995061&v=2.052.214.247.42
hxxp://googleadapis.l.google.com/css?family=Open Sans
hxxp://img.downloadastrocdn.com/img/Malaromoro/bg1.jpg85.159.237.103
hxxp://cdneu.downloadastrocdn.com/ofr/Solululadul/asgnd.cis146.185.27.45
hxxp://cdneu.downloadastrocdn.com/ofr/Solululadul/osutils.cis146.185.27.45
hxxp://cdnus.downloadastrocdn.com/ofr/Solululadul/asgnd.cis199.58.87.151
hxxp://cdnus.downloadastrocdn.com/ofr/Solululadul/osutils.cis199.58.87.151
hxxp://img.downloadastrocdn.com/img/Tuburera/logo.png85.159.237.103
hxxp://img.downloadastrocdn.com/img/Tuburera/truste.png85.159.237.103
hxxp://win-rar.com/fileadmin/winrar-versions/winrar/wrar521.exe
hxxp://img.downloadastrocdn.com/img/Tuburera/bar7.png85.159.237.103
hxxp://img.downloadastrocdn.com/img/Tuburera/logo_b.png85.159.237.103
hxxp://img.downloadastrocdn.com/img/Rewudaw/BG.jpg85.159.237.103
hxxp://img.downloadastrocdn.com/img/Rewudaw/BG_FS.jpg85.159.237.103
hxxp://img.downloadastrocdn.com/img/IE_logo_new.png85.159.237.103
hxxp://img.downloadastrocdn.com/img/FF_logo_new.png85.159.237.103
hxxp://img.downloadastrocdn.com/img/CH_logo_new.png85.159.237.103
hxxp://img.downloadastrocdn.com/img/Cazurazihiz/Cazurazihiz.png85.159.237.103
hxxp://img.downloadastrocdn.com/img/Nininininon/Nininininon.png85.159.237.103
hxxp://img.downloadastrocdn.com/img/Fividof/BG.png85.159.237.103
hxxp://img.downloadastrocdn.com/img/Fividof/FS_BG.png85.159.237.103
hxxp://img.downloadastrocdn.com/img/Xoxoxop/1_V3-BG.jpg85.159.237.103
hxxp://img.downloadastrocdn.com/img/Malaromoro/bg2.jpg85.159.237.103
hxxp://fonts.googleapis.com/css?family=Open Sans216.58.214.234
hxxp://www.win-rar.com/fileadmin/winrar-versions/winrar/wrar521.exe5.135.104.99
hxxp://info.downloadastrocdn.com/?v=1.03&c=ed70951e&at=1301533066&cntr=0176.34.130.130

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)


ET MALWARE DealPly Adware CnC Beacon
ET POLICY PE EXE or DLL Windows file download HTTP
ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected


Traffic

POST /DownloadAstro/?v=5.0&c=825587631 HTTP/1.1

Accept: */*

Host: os.downloadastrocdn.com

User-Agent: ICAS

Content-Length: 1208

Cache-Control: no-cache

0A0Czu0D1F2W1G1I1F1T1Q0A1B2Z1C1FtN0U0I0DzutDtDyDtDyDyCtAzzyEyE0CyE0FyB0E0DtN0W0VzuyCtFtCtN0W0S0PzutCtN0O0S0L1T1G1Nzu1P1GtN0E2V1P0C1M1J0S2Y1HzutBtCyEyEtAzzyDyCtCtAtN1L1B0A1Q1H1L1GzutCtN0T0KzuyEtAtBzzyBtCtN0U0I0DzutDtDyDtDyDyCtAzzyEyE0CyE0FyB0E0DtN0U0I0D0N1P2WzutDtDyDtDyDyCtAzzyEyE0CyE0FyB0E0DtN0M0G0U0I0Dzuzzzz1Q1R1QtAzyyDtG1StDyCtBtGyEyD1StAtG1TyC1R1QtGyBzy1OtAyB1RtD1P1S1TtDzztN0M0S0I0DzuyBtAtBzytBtAzzzzzytGtCtBzyyCzzyEyEtDtAyEtGtCtBtDzzyDzztCtDtDtCtN0S0I0D0U0I0DzutB0B0A0FzzyB0FtCyE0DyE0CyEyDtDtByEzztDzyyB0BzzzytCtD0FyD0FyB0E0DtN0M0A0C1V0LzutDtDyDtDyDyCtAzzyEyE0CyEtOtA0AtCzytBtFtCyCzztFtCtCtFtCtAtAtOtA0AyCtOtA0AtCtN0S0D0TzutBtDtCyBtDtAtBzztCyDyDyEtAtByDtDyDtN0V0M0Czu0V0M0WtN1L1B0V0M0D1P1OzutCtN0P0E1V0M0O0D0Ezu0D0L0LtN1I1L2ZzuyEtCtDyBtAyDtN1L1Q1B1RzutCtAtN0D0E0P1V0M0O0DzutBtN1L1B0A1Q1H1L1GzutCtN1L1B0U1T1R0O1GzutDtN1L1B0U1B1P1C0A1Q1H1L1GzutCtN0R0N1T1H1Pzu1RtOtA0AtOyD0CtD1PtDzytAyEtAtBtByBtByEzz1Q1Q1P1StA1TyEtDtByBtD1T1S1R1PyB1T1StDtF1P2V1PtN0O0S0L1T1G1Nzu1P1GtN0O0S0V1P1CzuyCtFtCtN0O0S0S0P0V1P1CzutCtN0O0S2VyCyEzutDtN0P0P0Nzu1B1T1G1Q1S1F2V1V1B2X1RtF1P2V1PtN0M1P1H0P1M0AzutCtDyBzytN0M1P1H0P1M0TzutCyDtAyDtN0M1P1H0V1L1C0AzutCzyzzzztN0M1P1H0V1L1C0TzutBtDyEyBtN0P0R0O0D0U0C0T1V0T0I0T0L0Ezu2W1L1G1C1T1C

HTTP/1.1 200 OK

Cache-Control: no-cache

Content-Type: text/plain

Date: Tue, 28 Mar 2017 12:54:39 GMT

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Server: nginx

X-ICSCT-CC: UA

X-ICSCT-GICSET: 137152ahotfixSWRMWRM

X-ICSCT-IP: 194.242.96.218

X-ICSCT-SERVER-NAME: ads.slave-132-prod-eu-west-1c-2fe33aa4

X-ICSCT-TIMESTAMP: 20170328075439034

X-ICSCT-VERSION: 1.3.3

X-ICSCT-XC: 1f3cfb072bc5ded412eb0f20eaa0b3fa349c056a

X-ICSCT-XS: 91bba9083b637bbb85f2bc525458ea3d2e0cb405

X-Robots-Tag: none

transfer-encoding: chunked

Connection: keep-alive

1ed8.....r. .r.(c.(X. d..O...:...dbc... .....-.b.._.%..#.|...r..3.j2.....S.!..R{.1...^..c.0.G..$......4.se..:.......a...q...c..Pb........IK..O:.c.Y~|[email protected]}..T.[^.Y........1<U.e.,....(1Yxg<.........^.}..~.*[email protected]&..;.l...i...q.[43.N.....s.#b5...FI6...:....2.F4b........;....Oit7.]..F54..|\B#.RHQ^M......1.\.../hNAv.....'d.%`.(.f.....2.N.#.6Sd..D.'..zB2$([email protected]( ........v...T.A.......T?..B; 2...u...G./.aZ... ....F\..#.....Q....%.t....Y.....xI.DS~.%..b........T;..h...hL..v...f..B.T....U..-..'...tn..(...)...b.D...Lv..E...mwz.....u......."S.. ...^.....~......<}<P...6R......e.....1....."...../...3v.o'giwx....E..|.....l....P..~X..A.vPd5..L...t|.ND.....f.....x...U....^V....;.d.....J.H.."......<......K/..D=yt7...m...1.AD....5.9.d...\].<.......~f.[.Nc..>[email protected]#...pi.7..Z7..k......&...*........IU>..cA..&:.~......d(...S..Q0E..Ui..=B|.w..WT..!.n <H..PHW......$..........3.D...smZ.."i&...N.,.....>Q.5.........3.....E0j;.a.b..}O....j.......b..c.QC5......Qo..P.]......t.m...V.FR.&...........q..B...W9X...5J....M^..NF.1....S..L..c.T.$....w..lM.CvN.eTH.f.E.8...K.......GQ.....H...=/i9.U&^[email protected]@....../S.N.*[email protected]?...P.6_..F.:..-7....A.....b..|...S.6..........rhe.h...k...5.n.Yp'.......(.k.s...v......R[....v...U...%.K.ky..l.,'1_.!.9....... ..j.lQ.....O.e..tv..6.]-_.b..[..v.}.h.....`z......s............|.e.........^LV`.......m6.....G..3...`.r......:...A.....&. [email protected]:.P...>"..D.(.......{]zK{A:..D.Oa...8...x.3..F|..M.............n...A...NG(..3..."...*?..,.{.U

<<< skipped >>>

HEAD /ofr/Solululadul/asgnd.cis HTTP/1.1

Accept: */*

Host: cdneu.downloadastrocdn.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Content-Length: 0

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 200 OK

Server: nginx/1.10.2

Date: Tue, 28 Mar 2017 12:54:40 GMT

Content-Type: application/octet-stream

Content-Length: 101029

Connection: keep-alive

x-amz-id-2: dQ5GZhJbm460bZAf9RDvuSrDFCZPaVITqQc/GHAzXf4kWT9F I6FTEyvA73/ulzp

x-amz-request-id: 7977B875E949F9AD

x-amz-version-id: ak82ScyXtEXeOWL8crBo3MgwwdwO6r.3

x-amz-meta-cb-modifiedtime: Wed, 20 Jan 2016 14:37:36 GMT

Last-Modified: Wed, 20 Jan 2016 14:38:52 GMT

ETag: "638ebcd93f900c3908f5dde6d8bc2d9f"

Accept-Ranges: bytes

HTTP/1.1 200 OK..Server: nginx/1.10.2..Date: Tue, 28 Mar 2017 12:54:40 GMT..Content-Type: application/octet-stream..Content-Length: 101029..Connection: keep-alive..x-amz-id-2: dQ5GZhJbm460bZAf9RDvuSrDFCZPaVITqQc/GHAzXf4kWT9F I6FTEyvA73/ulzp..x-amz-request-id: 7977B875E949F9AD..x-amz-version-id: ak82ScyXtEXeOWL8crBo3MgwwdwO6r.3..x-amz-meta-cb-modifiedtime: Wed, 20 Jan 2016 14:37:36 GMT..Last-Modified: Wed, 20 Jan 2016 14:38:52 GMT..ETag: "638ebcd93f900c3908f5dde6d8bc2d9f"..Accept-Ranges: bytes......

GET /ofr/Solululadul/asgnd.cis HTTP/1.1

Range: bytes=0-101028

Accept: */*

Host: cdneu.downloadastrocdn.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.10.2

Date: Tue, 28 Mar 2017 12:54:41 GMT

Content-Type: application/octet-stream

Content-Length: 101029

Connection: keep-alive

x-amz-id-2: dQ5GZhJbm460bZAf9RDvuSrDFCZPaVITqQc/GHAzXf4kWT9F I6FTEyvA73/ulzp

x-amz-request-id: 7977B875E949F9AD

x-amz-version-id: ak82ScyXtEXeOWL8crBo3MgwwdwO6r.3

x-amz-meta-cb-modifiedtime: Wed, 20 Jan 2016 14:37:36 GMT

Last-Modified: Wed, 20 Jan 2016 14:38:52 GMT

ETag: "638ebcd93f900c3908f5dde6d8bc2d9f"

Content-Range: bytes 0-101028/101029

CIS................?...............P..............M.U....$..q.X]....9u..9u...#a!.s..2.....{8.u..i3.\...Q.....X..}.E..c.).........&`.......B>Zr..|...E....=..>.o.u..........=|....:[email protected]'/.C^..t...e%.s^.3..4..&..o)[email protected]%?...lW.-..g.'..KC...'..0E.m.d.....x.#]...y..u...?.x.V[....o5.x..MQ\[email protected]@'..[..C(4.&.../A..i........e...`T..H. ........)....9(!.D..m...0..e.,...~..<. ..L.}...................../...sC..#..}.... .......9.9.....Ji..Xb.Yjk.../[email protected]&....F....M..a....u..B..~_2....h.:nu....-..QiL.P|.LB.).....X..v5Z.$aP.".*...z.b5J..z....h.a>?n~h.$..;.V.'i...2......Y..q^Z4..\....=`....o.M....~.....:u..^[email protected]<.!..;......&y..!4...#..S.p;[email protected]_.......At.5..pz........t.5H.. 8.-..7...{.P.a;[email protected],dmoE's;....5...B.7.vQ$9......y{.j...F....|...9.u....M......1./.-t....dI#d..C9..Lg...../. .v.......1T..60.2........#..B..............8.....y#~5A...~t...K...{a.|.z....~.*..b*.49k.2....>..]s...W...B.n....zK.,..Vk.....h...........w..."......I..XW[..}W...y0f..k.~..O6.97#Gk8.5(....Y.W..k...Lz....6fz.....)|.}../h(8....0dzx.\........._..b...'..Y..w/*H..\.B...\.......1&..Vg..[..N(.ZI.......G..[.x....0:.eJ.J~..)o..,....T...i..Z.Q......P!.J......_...F.1er.8...#d...).......Z..im..F.i....%".o.....F.z.V..Q..K....R..W ./.".E..dR...y......'Tu....9U..$4."..wP...d9.....x$...W`....8....#u...1..\,.S.:.kdU..[...,.a"....". P....!.V.K.Q"M.G.e....w!C..../..... m9J1..&I..z&.2.I..-B.......{[email protected]/..c..^W/Wo .h

<<< skipped >>>

GET /css?family=Open Sans HTTP/1.1

Accept: */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: fonts.googleapis.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: text/css; charset=utf-8

Access-Control-Allow-Origin: *

Timing-Allow-Origin: *

Expires: Tue, 28 Mar 2017 12:54:40 GMT

Date: Tue, 28 Mar 2017 12:54:40 GMT

Cache-Control: private, max-age=86400

Content-Encoding: gzip

Transfer-Encoding: chunked

Server: ESF

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

ae............<....0.Ew...:H.......`... [....-...1.....=..ls%a.3...B.....)..VHta....30..".t..?}..(.".ugf4......h)..c.....;\5.`5......`.gG.t;-.{x.........H...>>..~`.....`.Xo........a.....X.V......0..

POST /?pcrc=2138688593&v=2.0 HTTP/1.1

Accept: */*

Host: rp.downloadastrocdn.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Content-Length: 832

Cache-Control: no-cache

...3E.Q)_l.y...K.1>Q.9v"..0....AZ.g.....6.t=..h%(....r

.M....hxk...3g..>.....B.0."2......Q...'....J7

.c.8..O......

!......D......m.s.......(........[.....`.m.Z..0N.C.J......;@...0.Ip.......E....S..'.K..8...n.Z.._..=..................3A.%..d..aw...

..Q.l!........2.A_E...Mz..=&.|1=m18X.u...0.Gj..."..7.w.qz,._N/.U...Ud{c.\..[W...$..0....G......9.S.

..I..b.J....[.._.......q,..q....X# 5%.....;..E7.b..X=...p....Q."c.....=SQ.9.Z...y..h*...UB... .K.?.U ..?"....v..[ .<.V. ....TQ.......}........)=....N=Seg.....

..........l.._q5.QsT.~&..%.h.?.....h.....0....<z..x..V}9w# .G......P...U...v...C#...T|..8.!u....._....G. ........Ju..1#.&.(.o=....,o..a..;.(...t..h r....=....1.............&=.?#..L.NDO.....U...`.....K......6?.Z.*......e.t.(}.6.......!.S#...3.0.aJ_5.....a^....W.^9.Q..q.......v.t..8 A..o.]..fB5FN.Hw....:.h8..r#$.c

HTTP/1.1 200 OK

Content-Type: text/html; charset=UTF-8

Date: Tue, 28 Mar 2017 12:54:30 GMT

Content-Length: 4

Connection: keep-alive

DONEHTTP/1.1 200 OK..Content-Type: text/html; charset=UTF-8..Date: Tue, 28 Mar 2017 12:54:30 GMT..Content-Length: 4..Connection: keep-alive..DONE....

POST /?pcrc=1964922035&v=2.0 HTTP/1.1

Accept: */*

Host: rp.downloadastrocdn.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Content-Length: 1152

Cache-Control: no-cache

.I..~...$$........h....n...N./.'oD......N.4?ux....bR...^....M/o...H.K%....._..E.T..........x.$.=...).G. .f. s...c.s6~-...2..YH.cU..m.o$...M....B\.t:jx..G...[.&$Z...Y.m..43..A).. .e.&7...$..{J..

.UXtp.....7."K..,...k[K.3..$Qo....9....:.=.o.wS<.s...../)...|..._.r.V........M.a]@.V..a......[.-K.

...i...<avAzj..*..T..2!.....Ly..K......T...m%D...N.q#.S...4..%.q...NUQ..Y.y>....I....}...7....Jc1.......2by..o...ek..C..MADT....D..K..{~... .7..o0!n...}.}...%D.........t.D...A

!.x..r.=.i59...-j....... 5q..;....N._..|$..^...DCC...tW..m....kF)S..k49.O..e] N$.0}.u<..m(..A..b..5.:.p."....b..............R..k...

... ..h....t..g......l..,.#P.......i..9...= .;Zt..'=...Ww.{...q&.$1..<?8.P07...B....G..*.x......cq....#."..6.N....u..J._.f8.c..L.......t.LW.IA;)b.Y.. .r....m......g....I.a|.C.......3_?| [email protected])...hva)...#[email protected]{.5._j..8Z....7.) X...L6.T.i..P.S.Rs.:....;.E9;L8....g/{T....[email protected]@^0..!A.CN...{`.m.....W...\.........|u....GL.X!...f.....} Pv2M........6,:k.pe...wk.......B.,......f.B..*..%.xf..d.;.......uV..lc'...K.~..{......8.. .....E...I..I.......S6..J.{[email protected]\@|Us].k.~.JZ....U-..w.:....F.....W...n.Wm.

HTTP/1.1 200 OK

Content-Type: text/html; charset=UTF-8

Date: Tue, 28 Mar 2017 12:54:38 GMT

Content-Length: 4

Connection: keep-alive

DONEHTTP/1.1 200 OK..Content-Type: text/html; charset=UTF-8..Date: Tue, 28 Mar 2017 12:54:38 GMT..Content-Length: 4..Connection: keep-alive..DONE....

POST /?pcrc=570995061&v=2.0 HTTP/1.1

Accept: */*

Host: rp.downloadastrocdn.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Content-Length: 1200

Cache-Control: no-cache

...4.....>.K..~..}...0..5..i..M.c...{..VM....T.c|.hrM...L ."v..S..)/.HL...!Z..c...C.......Q.b..a..y.Iha.V. .C

1.....u...`.....r....Gt5.hn..-..q...0T!.o........k..P.,..xl......,v.#.0P.........PU...\...b............p.C......W.u.$.M..:...9..C...n`....A..:m..8.G-.&.....y...YI.......P.......C_.`...C.K...H....DK<Co.=...F....."...V....0..%gYr7.....D/..:....."....R.k....p...(:...K...'>M'.... ...6...........].."...Y}.J....D...... 3..../... Q.Ibw..n...............C.....hn.... ...>.. ..m..........o..B.#`Q...Y...:J6.g..G ..7.!H$...m.x.<.'D.l.Ka...t..e..7..p.V..-*.3.b...k.y.P..U. M.gbG..B...........)...WH.. `....C .l.....#.F....)...,.Q.....gf......\...D3^L....n....!o^..>[email protected] ..Yv

Dk !..=....=.....>[email protected]_......i......d.^xh..ug..*..1.:'..#).8.I.B.72.}r..v...j"sT.`.}. ....].p...G .d\.9: .LM-.u.x....!O.1.D.*.;9.."...W.-j-.....=..Z......<..

.m...y)S...:..1

8f~..ZN\%...c...<$..y... [email protected]$.._....42.. .. .s......k.uc;........W8,...^..[..x.....r....-T$3. ..[.."[email protected][c..> .k.../..G`.......Wh..._SC....S..>..C..Z.]L...=C..|...jp..`......)2..>2..*K2...4=uD6....*.^[..2..N8..K8. 7...YI..p..h$Vo.o.ti*..hh.y..tq6..98.I[:M.Z?....o..7..dO.}...w..*.6'.A\...j..D......=.

HTTP/1.1 200 OK

Content-Type: text/html; charset=UTF-8

Date: Tue, 28 Mar 2017 12:54:39 GMT

Content-Length: 4

Connection: keep-alive

DONEHTTP/1.1 200 OK..Content-Type: text/html; charset=UTF-8..Date: Tue, 28 Mar 2017 12:54:39 GMT..Content-Length: 4..Connection: keep-alive..DONE..

POST /?v=1.03&c=ed70951e&at=1301533066&cntr=1 HTTP/1.1

Accept: */*

Host: info.downloadastrocdn.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Content-Length: 172

Cache-Control: no-cache

6l7GU7LYt04pVHc/00d7Jq3echfF9QCpjdqI9kfl18xaxvYbsgQDWxyx4wcVWiICihkkB2noxH5vrFucGIE5bdEFU6JfDg5kwv4GBkyV64HwauQKvDFzJub3yUvFHNlV5dox2kjPOeZgD4kMHckKnsYneNKUP648QrFKjdC2vbM=

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *

Content-Type: text/plain; charset=utf-8

Date: Tue, 28 Mar 2017 12:54:38 GMT

Content-Length: 984

Connection: keep-alive

wsvNsHy53W/Qp58OlhHaBCmCdtNozRDdYg2WVKnB/bMs55fPl3y6kRyqBSfsBi5eyTj47YKZADAuwqXMTmD7u7NbAe9qAwChs7WKEvXn/b07aSg0FhDQLJZhLIti2fwst7Dapzh0fRuvT9tF2Y3g6GdCQIaft2kXabq6UmFHS3rycAU/RDk0h6KkdnlH6SjEdoToAptxPhoU9/nqhb4sUjI73IeOvOrrbb4gR4G8qFQys3tV4OUUccV7iohoI5mror bGH2XpePY sJf W/wZDKHqLvnYDJOCOtYQlPqgGWOqN3x50U2SRk2y8SL VjwpUV69EtP4klwmrwSgSows9gXal2ceZ4/IQJjFm7ow5oTXZEt9zf6Q3d1OpmWbTFTKb6ypS1NqSIKLPbRHDGDo nSCBHsyOHNitYUsPMc9/zYFM8pExJGsptrNEkzSIvIKQiY8MY1jG1Pj74pwfb9rQBcMNNSlwp3Cs2bKvynEDAT4yIldG8dWw3v4ic/zF rvVGA/9qF1bR5RPB7MqLVr1pcbuGadShjWlMCPHxPnJYwSTZQaotnOwYnffIZbqm6ysbHg5xVt8iYhwEit3Ol5 Kfm030oQXQvnhaZfAmjKBHBlrrVao mjhJrm2/63txrlvggV0aXtiw3bgCnKbVvoHbmjbliN08bEfqwhR1MX9tY1K5fDeLUpsUH7BLrfBt45zi5r9dJKPGWEAqdxOrO6Oh31zggTkEYsmkxKQ3BLW51/NH4hpPLTyPkEAOKg9mfNb0em5e6hgpZLbWRjYeRV85AXv BUTF9ow7Vlcg/cEgzxbDkz1m179lcJJLTdiZutf47QZ/gVQyNjX95qoE/Fhr9oGU2gOeUFEA5km1iJ6XEqA3 LHalLklP2ehlMEjEjyn/7Z4Q/RUWjXdgsosOfuQxrXh5N1yutoCpATWn2PZFuQByV9WCRmvgEHqjjs5BMo3un36FXYAoHr7TSVmmA==HTTP/1.1 200 OK..Access-Control-Allow-Origin: *..Content-Type: text/plain; charset=utf-8..Date: Tue, 28 Mar 2017 12:54:38 GMT..Content-Length: 984..Connection: keep-alive..wsvNsHy53W/Qp58OlhHaBCmCdtNozRDdYg2WVKnB/bMs55fPl3y6kRyqBSfsBi5eyTj47YKZADAuwqXMTmD7u7NbAe9qAwChs7WKEvXn/b07aSg0FhDQLJZhLIti2fwst7Dapzh0fRuvT9tF2Y3g6GdCQIaft2kXabq6UmFHS3rycAU/RDk0h6KkdnlH6SjEdoToAptxPhoU9/nqhb4sUjI73IeOvOrrbb4gR4G8qFQys3tV4OUUccV7iohoI5mror bGH2XpePY sJf W/wZDKHqLvnYDJOCOtYQlPqgGWOqN3x50U2SRk2y8SL VjwpUV69EtP4klwmrwSgSows9gXal2ceZ4/IQJjFm7ow5oTXZEt9zf6Q3d1OpmW

<<< skipped >>>

GET /ofr/Solululadul/asgnd.cis HTTP/1.1

Range: bytes=0-101028

Accept: */*

Host: cdnus.downloadastrocdn.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.0.10

Date: Tue, 28 Mar 2017 12:54:51 GMT

Content-Type: application/octet-stream

Content-Length: 101029

Connection: keep-alive

x-amz-id-2: sVVw879Rw1z0U8R9/j v07WScKQK/sIYEvWMRFfijxkiF65X38cehO6jREX5W/K2cEtAjn70WeU=

x-amz-request-id: D36AFB311361DCAA

Last-Modified: Wed, 20 Jan 2016 14:38:52 GMT

ETag: "638ebcd93f900c3908f5dde6d8bc2d9f"

x-amz-meta-cb-modifiedtime: Wed, 20 Jan 2016 14:37:36 GMT

x-amz-version-id: ak82ScyXtEXeOWL8crBo3MgwwdwO6r.3

Content-Range: bytes 0-101028/101029

CIS................?...............P..............M.U....$..q.X]....9u..9u...#a!.s..2.....{8.u..i3.\...Q.....X..}.E..c.).........&`.......B>Zr..|...E....=..>.o.u..........=|....:[email protected]'/.C^..t...e%.s^.3..4..&..o)[email protected]%?...lW.-..g.'..KC...'..0E.m.d.....x.#]...y..u...?.x.V[....o5.x..MQ\[email protected]@'..[..C(4.&.../A..i........e...`T..H. ........)....9(!.D..m...0..e.,...~..<. ..L.}...................../...sC..#..}.... .......9.9.....Ji..Xb.Yjk.../[email protected]&....F....M..a....u..B..~_2....h.:nu....-..QiL.P|.LB.).....X..v5Z.$aP.".*...z.b5J..z....h.a>?n~h.$..;.V.'i...2......Y..q^Z4..\....=`....o.M....~.....:u..^[email protected]<.!..;......&y..!4...#..S.p;[email protected]_.......At.5..pz........t.5H.. 8.-..7...{.P.a;[email protected],dmoE's;....5...B.7.vQ$9......y{.j...F....|...9.u....M......1./.-t....dI#d..C9..Lg...../. .v.......1T..60.2........#..B..............8.....y#~5A...~t...K...{a.|.z....~.*..b*.49k.2....>..]s...W...B.n....zK.,..Vk.....h...........w..."......I..XW[..}W...y0f..k.~..O6.97#Gk8.5(....Y.W..k...Lz....6fz.....)|.}../h(8....0dzx.\........._..b...'..Y..w/*H..\.B...\.......1&..Vg..[..N(.ZI.......G..[.x....0:.eJ.J~..)o..,....T...i..Z.Q......P!.J......_...F.1er.8...#d...).......Z..im..F.i....%".o.....F.z.V..Q..K....R..W ./.".E..dR...y......'Tu....9U..$4."..wP...d9.....x$...W`....8....#u...1..\,.S.:.kdU..[...,.a"....". P....!.V.K.Q"M.G.e....w!C..../..... m9J1..&I..z&.2.I..-B.......{[email protected]/..c..^W/Wo .h

<<< skipped >>>

GET /downloader/pl/winrar.jpeg HTTP/1.1

Accept: */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: images.downloadastro.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Tue, 28 Mar 2017 12:54:39 GMT

Content-Type: image/jpeg

Content-Length: 1542

Connection: keep-alive

Set-Cookie: __cfduid=da6799630ec83c858d599109917bf66e61490705679; expires=Wed, 28-Mar-18 12:54:39 GMT; path=/; domain=.downloadastro.com; HttpOnly

Last-Modified: Thu, 10 Mar 2016 18:00:38 GMT

ETag: "bfa8c409db77f70870830c79daad5f23"

Cache-Control: public, max-age=432000

X-Cache: RefreshHit from cloudfront

Via: 1.1 dc7fc6a25b38b792278999ed3a495fcb.cloudfront.net (CloudFront)

X-Amz-Cf-Id: h5sYp568KBAsti2VrHI3lw6lkdTEreFUhhbMuIALHyKeCaSZ1jAg6A==

CF-Cache-Status: MISS

Expires: Sun, 02 Apr 2017 12:54:39 GMT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 346abd4022044f08-DME

GIF89a . ...........<..<..?..<..<..8.....F..8.L^.u..2J.$C.....8..<..8..8..8..8}.4}..%*.&O:HSDN- 2.4}.4.L7.TJÜZsHi.Nw.Z..... U....sL{d0}]..q....}.<.4y.4yt...T.N_OgA$.R..0y........8Co=6HK.1g.9{[email protected]#A.T. R.!9m8b..Dy..].,[email protected][.%,.....a.w;*4...R.rE.,..,i...u.B.(i.(d.,q.8..,d...iz........$b.$_.7v...Sg...T.....O.(h. Z.#j....(o...5L.8T....Ym........(n....... U.,p.............................................................................................................................................................................................................................................................................................................................................................................................!.......,.... . ........ [email protected](`@A...5....%K.)#(0PQ...-uB..2...F..d.a'[email protected]%h..u......xJA.V..$.=.6...m...0..[.v).......i...`[email protected] T...3g..;\...2..!D. a.3e..b..].D...N...B...#XX.-.....[ppq.E..0|...c....9..n.9s..[...qA...3B.......;xt.>.........C......A.B.1...yg.~.6...E.g........$q...8....)...$..A....D..6....:...Q..!.RL...SP.../[email protected]$\`..W`...Zl...0.i..\tQ..K>...[.p..Wr...\P...^..d.f.y&.p.ig.q.`..\|........\.!...~...c$.'......`4.F.b,.i..v....T*....Q..f.q..:......F.h.`[email protected]!l...[.......\..E.r......1..md.........8;,[email protected]{..C.q.[n.|[email protected]{q...K....Aq..[[email protected] .. ............;....m..-..;lq.G..4._H.G..

<<< skipped >>>

POST /?v=1.03&c=ed70951e&at=1301533066&cntr=0 HTTP/1.1

Accept: */*

Host: info.downloadastrocdn.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Content-Length: 172

Cache-Control: no-cache

6l7GU7LYt04pVHc/00d7Jq3echfF9QCpjdqI9kfl18xaxvYbsgQDWxyx4wcVWiICihkkB2noxH5vrFucGIE5bdEFU6JfDg5kwv4GBkyV64HwauQKvDFzJub3yUvFHNlV5dox2kjPOeZgD4kMHckKnsYneNKUP648QrFKjdC2vbM=

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *

Content-Type: text/plain; charset=utf-8

Date: Tue, 28 Mar 2017 12:54:39 GMT

Content-Length: 984

Connection: keep-alive

B2BXuMqNABbsQQTUyQfueYG8l8ikR3mydEVEAaSrK/3MeF7qqz hQk4fRN4Q7unpXVcHyX CU1vIJOk7/Knspkw0VvqrnUNAWwgUwsjh4mqUsb70wCW01YpraqxQB0JVfMHNhPgFaXRQwKyZUNpPwMjODqcf4BGPbRBFJc81q/HChVm4cWMPYN4B6hKqQ8MaGJTs7Ludqr0L0Ol4AzgHAsBLsEagbP7oevwvmC3SFE4fal6MwiHQIw2T4L0ztlXbhx2uhHN0kdyOySACTnXmePMjOjrmNfuyKzTsQU5jHcN9EnlpNIxZYKJ2FGwc92jLnLR0crWKlp/UWLg64YCjRiWXdZcjIxLH35wZWn3RANciCS9lbiO8qQ7tLCQ0S4ZwKf4sldh56GUvJMtHOxQ6Dix37Je6ff1THtqgwtNvbcaR2R rFGnaBH6ATzi2Xo5GqQNJo9InuUIaNjd1MYZsHLEy6 aayNfUHNv8Y25FCCWvSBqKgv9qVVX6jkGfQ9qg3bldQvuqqmGJvlLyV5iueQnoF RWvMELS HR/9CC/WpGVqeZC7DaTVaGyTdKXU41W18aXjigJSvVBNwJclAnLTyCigfiTTdjd6sOai3/i5Sh1odQv6C5A0pD3iqRr8J5tAbFUefBP9b1K u4I02BMJoTZ5GR4Zsh1UsowQLE6g8taQleH ZbjjRC8PmVr3b3fk3BluF tOfhQLrVsIPUoMYL5nV4WuliHtoVF/ Rwv0lmMZ4dyT3GYPJSHnO8tjQSkNXpitT3lTXK5ZsW32s204j7b9FmyVZqpdMdCtwG6hiH MX NoJOyR2mbZ1TtXA4YwqQ F nm9r4iL3K2wKOJlqGoo2oaxwma8XfLuZ0VdiHw8n QqkQbNSqT5m/4gVl8YwwwafOSBKkoqIFjDKowvuqLyP8bQvzX UbEfTYt sZ381leJv5uEorI/B3HggnVXl8gcW5cWS9VxLfRwynA==HTTP/1.1 200 OK..Access-Control-Allow-Origin: *..Content-Type: text/plain; charset=utf-8..Date: Tue, 28 Mar 2017 12:54:39 GMT..Content-Length: 984..Connection: keep-alive..B2BXuMqNABbsQQTUyQfueYG8l8ikR3mydEVEAaSrK/3MeF7qqz hQk4fRN4Q7unpXVcHyX CU1vIJOk7/Knspkw0VvqrnUNAWwgUwsjh4mqUsb70wCW01YpraqxQB0JVfMHNhPgFaXRQwKyZUNpPwMjODqcf4BGPbRBFJc81q/HChVm4cWMPYN4B6hKqQ8MaGJTs7Ludqr0L0Ol4AzgHAsBLsEagbP7oevwvmC3SFE4fal6MwiHQIw2T4L0ztlXbhx2uhHN0kdyOySACTnXmePMjOjrmNfuyKzTsQU5jHcN9EnlpNIxZYKJ2FGwc92jLnLR0crWKlp/UWLg64YCjRiWXdZcjIxLH35wZWn3RANciCS9lbiO8qQ7tLCQ0

<<< skipped >>>

HEAD /ofr/Solululadul/osutils.cis HTTP/1.1

Accept: */*

Host: cdneu.downloadastrocdn.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Content-Length: 0

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 200 OK

Server: nginx/1.10.2

Date: Tue, 28 Mar 2017 12:54:40 GMT

Content-Type: application/octet-stream

Content-Length: 4084

Connection: keep-alive

x-amz-id-2: VbwTsPo2Yau/IstJuqOtjvS56nas/K4U//J5/OMJCVsrrOgNQDgUYQ G1hkkz9C1dZm4ElSzYE=

x-amz-request-id: 12EAC2F1415241A3

Last-Modified: Tue, 20 Dec 2016 16:18:14 GMT

ETag: "ac905fcf33e18cbbb37dc4a6ece849c2"

x-amz-meta-cb-modifiedtime: Tue, 20 Dec 2016 16:17:47 GMT

x-amz-version-id: vXnyUrn0g4rNqDR.L9aD_PCbkYfAWhsy

Accept-Ranges: bytes

HTTP/1.1 200 OK..Server: nginx/1.10.2..Date: Tue, 28 Mar 2017 12:54:40 GMT..Content-Type: application/octet-stream..Content-Length: 4084..Connection: keep-alive..x-amz-id-2: VbwTsPo2Yau/IstJuqOtjvS56nas/K4U//J5/OMJCVsrrOgNQDgUYQ G1hkkz9C1dZm4ElSzYE=..x-amz-request-id: 12EAC2F1415241A3..Last-Modified: Tue, 20 Dec 2016 16:18:14 GMT..ETag: "ac905fcf33e18cbbb37dc4a6ece849c2"..x-amz-meta-cb-modifiedtime: Tue, 20 Dec 2016 16:17:47 GMT..x-amz-version-id: vXnyUrn0g4rNqDR.L9aD_PCbkYfAWhsy..Accept-Ranges: bytes..

GET /ofr/Solululadul/osutils.cis HTTP/1.1

Range: bytes=0-4083

Accept: */*

Host: cdnus.downloadastrocdn.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.0.10

Date: Tue, 28 Mar 2017 12:54:51 GMT

Content-Type: application/octet-stream

Content-Length: 4084

Connection: keep-alive

x-amz-id-2: 0lp5yxb6JiVInBm4H/LXm6tsS622sMvzhQ4qp6FkWwK7lqY dObn79DgbFkd6Jwi/tJC64o3xNw=

x-amz-request-id: 04EB99F5D85C371E

Last-Modified: Tue, 20 Dec 2016 16:18:14 GMT

ETag: "ac905fcf33e18cbbb37dc4a6ece849c2"

x-amz-meta-cb-modifiedtime: Tue, 20 Dec 2016 16:17:47 GMT

x-amz-version-id: vXnyUrn0g4rNqDR.L9aD_PCbkYfAWhsy

Content-Range: bytes 0-4083/4084

CIS................7...............P.......a..3m..k...X]....,M..,M...#a .Kv.>y......U.:.i.......<.*._fq.~k...*[email protected](......;.....c?..P....Rn..s..Sq..:.jF}..2.Io.^x.y.$.. ..Wc./..2...U....|.........a.'..z_S~..^v.6..L...Pj.5yMz`P.e.M.S........%K....3...`y-'....jB....cIL<...q.HS..Eh....&.X?tK>..n..?.y[d]...R......WD.\...&?..I......H..U.-gGq.../.6\..M`.j-5u...B.R..T.P_G.zLK.O3.c.O.}AD.dh.Q.."a..CCB..5K:(..2..'1./.....5......e).....v.G...N...?dBrh......5.3.y...Y0....J&.yQ..mpN[...7./....|.p.o...M>UB....., .z.....aT^9d..c...F*|.c(...;M"5...w-..H..|<...G.#.R.0.....#.5...~nZ...G..`...... ....lB..6..E%....=.....P....WY.!O)..VD.d.C..|.4..[a..>\..;...r6.../.G.<.P...D..J.*.;..}.a.8.b.....Z....Fad..j...O..1....%k.$.....v.6VL.u.......55....>.T..".QbOm3.....>.............V..}.".!..c%..K..cNhY...F.&...>.....].jI.07$Y..i8..S......HH ...0Z..y..7...y.R.,..h.k.[g}..{......0.\j..z.V.>.%.i1`7.t..7...u.O..T,[email protected](k..A;$..~.....e.....k.w./.%.8.6.xn....P ";.i7.(@M..3.).P.&...\.g...H".su,........:m....6."../.8....c4.._.hBphnGq'....$...Z....,..]..R..yv)[email protected]{..F...S.8..CY.s`...*..o..6m.......|q5..._.'C.....2....g..?511.8C.2..........qj.y..K.;8.....1^....}%F..... .5v?.CE....~d.%....&;_Q..9%.F.$ G.d......[.G.LU......6f.ne..........p.....s.......~...z..ap/.(...../.....QY..!...J;.................,Gv....r..p...Y.k..2..X..{....Q\........6..^....[[email protected]*......?;v..hn`..~.7Q..D.F...'o.3...6...._...4. .B..r .../........c...Q....Sx..i.k......6b. iHoR.K..p...........n..*.......=..

<<< skipped >>>

GET /img/Malaromoro/bg1.jpg HTTP/1.1

Accept: */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: img.downloadastrocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.10.2

Date: Tue, 28 Mar 2017 12:54:40 GMT

Content-Type: image/jpeg

Content-Length: 190754

Connection: keep-alive

x-amz-id-2: 6n QodwE1ZgoRLYxFmXf5/1RqYKAjFQVcTH/vvSa Hb BlZCCejrMcpVQ4s6Ntb4Vn1GnuleQJw=

x-amz-request-id: 4BEEB786098508D2

Last-Modified: Sun, 16 Mar 2014 10:45:33 GMT

ETag: "04007b142892c379ac83bd75ac617cf6"

x-amz-meta-cb-modifiedtime: Sun, 16 Mar 2014 10:17:54 GMT

x-amz-version-id: EqXw9hQ1szW0X1KVab90EKpMdqK_JEeL

Accept-Ranges: bytes

......Exif..II*.................Ducky.......d.....ohXXp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:A49514ECFC9DE31187F4F8E0F4860236" xmpMM:DocumentID="xmp.did:0699FCAEAA0111E389E68AC7CC963200" xmpMM:InstanceID="xmp.iid:0699FCADAA0111E389E68AC7CC963200" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:069AD74DE0A9E311B383BEF54B638275" stRef:documentID="xmp.did:A49514ECFC9DE31187F4F8E0F4860236"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...................................................................................................................................................0...................................................................................................!.1".A..Q2#.aq$..B3%...4.....R..Ue&........................!.1..A"Qa.q.2#....B....R...br3...$.CScs.4.T%....Dt.U&............?..../*z..E].c..H..S..^g*...B....a.<.Q.....A ...$..M.>..M..........i6l{..p..rMdu..A1$...........r5W..S.......mmk......}u.......=#<...Dh...;.V.....N.r#;Q~...us..EO.

<<< skipped >>>

GET /img/Tuburera/logo.png HTTP/1.1

Accept: */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: img.downloadastrocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.10.2

Date: Tue, 28 Mar 2017 12:54:40 GMT

Content-Type: image/png

Content-Length: 8970

Connection: keep-alive

x-amz-id-2: cY4EF/qg3G49JW KTOYTXDqMGEaN6sKprUsdLoFRxgW 6Z/03igqM5cy6bfmDHhcnsR4np5daM0=

x-amz-request-id: BA32B7A1773CDC24

Last-Modified: Tue, 19 Nov 2013 13:08:49 GMT

ETag: "b084c85324dcb4d88f500ebaf8ab37ce"

x-amz-meta-cb-modifiedtime: Tue, 19 Nov 2013 13:07:02 GMT

x-amz-version-id: CbercSsLGa07nAy9AshJRzsQW0lz1UK5

Accept-Ranges: bytes

.PNG........IHDR.......5.....Ap^.....tEXtSoftware.Adobe ImageReadyq.e<..".IDATx..]......^.. l.w..... XP....%..X.1.D.$DM."".. ....J.E.u.]v....{....3.... .j....D........s.{.....D %H..B..zB...n...K.^,.Z.*..[[.K.[.._.GD|.....x/.V.g..L..Y.....44 .<U.=N..yY..B.R.....[_ [email protected]_...f$...%{....1y.b.U...Oxy...YG..a..E....PRZC..?..|......e.Q.E..{./~..<.X...i.( 9..[....Dx.-N|<ZhO...F.......P.&V.?.U.l..1qLW..z.?Ld........m...B.0..8.../~....B....[..../......M..4...Dnh.....&11.......|..6DD.`......a............J..}.";E.i..._......r.......Gr.p....i{sp2.....(......8.g."...:.Db..Ix....=..^...r...}.'4.......P.0.....~../..L......EUX......1..mX.l7..*......Lf.d.........^..&....Z..W.hl.......e.R.B..z..=~.......}E..å...W.........l.]Lr...............kD.....:8.N\<.#..m.......%CZ-x...../g.............s6`..L....!..L.8....y......2..^||<..... ..G...........#._e.........[...#..x..Fl.QL......W!1!..=9....J_..z...~..._~yN.q.3..,........EBB.4.].aG[................8.......E|....Bw.../[email protected] m.......>1...\F....C..xy...-(..W....[......_......&Q.p<...=....8...p...........X?6*...I.....P]S...3z..N.........l..f.[/..(.Z-t..._.m..V.u..._~m . t.M...}...g".:.5...pi.19......j.......'PY]'..\<.3..G...^a...0..Y-...J.U..KI...s.v ...!x.....>.3...U.6[...........0..}...Y...../.)...v....B. t...Q.T.......%Bs...By.]x..jQ..O..;G....e.<z..S..a.......~.......Hi...........k.O.....r....h..w...!=4.s8..>..N.......`.........m?.C\L0^x.S........I..9.>.%.....G..F3e..u.c..s.RG/.z..U..W....A....FS.#......y0V.-i..j.....8.A.

<<< skipped >>>

GET /img/Tuburera/truste.png HTTP/1.1

Accept: */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: img.downloadastrocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.10.2

Date: Tue, 28 Mar 2017 12:54:41 GMT

Content-Type: image/png

Content-Length: 11597

Connection: keep-alive

x-amz-id-2: rDMeyYrYU/38k5bWRgrrK3YDUI SWmCKqHtPN89DnXZm71ilplt0rSPqzCtgXBNyohaWOlaS U=

x-amz-request-id: 3B226FB5670E7AC1

Last-Modified: Tue, 19 Nov 2013 13:08:49 GMT

ETag: "9d7db4bf8aea860f288e41d97c3687a1"

x-amz-meta-cb-modifiedtime: Tue, 19 Nov 2013 13:07:27 GMT

x-amz-version-id: TsQX4cb1jyoGu5DXk3rpuvCf_fAlhQQa

Accept-Ranges: bytes

.PNG........IHDR...A...U.............tEXtSoftware.Adobe ImageReadyq.e<..,.IDATx..|..].u....ez/*..D....f....)6.KlB......%....;.>..8..<.Nl.......l.hB.Q..F..4.....sOy..w.......;..w............(... ...;yx>l..`.M....m..i..[..v....V.R1.y...r9...p.<....ab...H$......D#(....#...X.j.......?pp..O<..H4ZX}...,?...s'..a..}..-9..s7.X.Bn.a..gm~...y.`[[...W\.`CSc..{...bU.J....B.U..|!.U4....>.n....`..3......!..............G|....._........c.....|.....m...?......q..&>..o~......g?........o....'?...[..G.6uv........;.../z..]....<'.U............,K}[email protected]/.P(.........PW..n..333....088(..v.Z|.c....c.....?._}.....k.L$.w..u..C...0~..q ......L&....n...m..7.!....;.....;#...7}.&\s.5....O~..z\....gPu.8...~(..m..........%.\...0s...8N.?..u.V?.H..]...7.w...r&.....n..|.z.0....].#.=....754......s.[........w.u...I...,..;.|...........y..3......f...?.>...0..g.y..[.lYy2^ ..7M....Z.Bx..#.w...b.....a1.....l....pTzS...*..(...:.jjj....w..e..w......k..... .........1:..>.."TU....6b....}.........../.....~..7..e.d.A...MZD.r&..._5..>..8...z.K.-..........oDSK3.mU84.A.6L.>.DV.....Yc~...Dkk........<.(...N.... ..........ax..%....BN.9k.F.XBgg'....q...s..5k.l=a#....A<.,...kF.....,.yd|[email protected][.U........O....k"^....v|....e.g7HL............u0.&...S....0..P5....{/<.0..I.u.'....a0w..~..}.=.8..<......~....p..TJ~...!....<.~...v.Z&r..O?s.H...X.l......M.....r....u.]'........?;9.z.Y#..P.\\~..x..g.._?........[W.u.Y/1|L..'."..>/V..s.='.f..%..z.).?.....7......g...r.....g<..-....-Y.....%....E~2.......

<<< skipped >>>

GET /img/Tuburera/bar7.png HTTP/1.1

Accept: */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: img.downloadastrocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.10.2

Date: Tue, 28 Mar 2017 12:54:41 GMT

Content-Type: image/png

Content-Length: 10604

Connection: keep-alive

x-amz-id-2: 6JZTNlRz5ho9mmlGJHGS92ObyuDIRroqiTgSGOGH/whBvuWsLWeDUi6wbIf9OWH2AuiXIvITBIY=

x-amz-request-id: 96AB3BF3E41F6511

Last-Modified: Tue, 19 Nov 2013 13:08:45 GMT

ETag: "4fa9087a65898badf6d8955c16d73809"

x-amz-meta-cb-modifiedtime: Tue, 19 Nov 2013 13:06:52 GMT

x-amz-version-id: N2ls4ElWemvYIzegu69FA58gpcXntv9c

Accept-Ranges: bytes

.PNG........IHDR...'...(......{< ....tEXtSoftware.Adobe ImageReadyq.e<..).IDATx..}.p....7..w...."H..xS.)J2.H.....Z. {.x..!Wy....T%....T6..U...........,i..:m..u..H..).........>f&..=3.yx....R.Y.............Gy.....PRlX.k P..W..._.}..W.t=h.,..T*Yo.......r.m[.r..U.9..8....o:.,..../p.......,Uu..Tl=...[Z....h.TT.R...R..g..%.........^o*..O.Q...U.'....o.P.......tP..e.....B......L.m.......w.)..FQ.,..b......,qLq...9....vt...._...Wi.Y._.}..W.t=?.k.vc....bY.4M.X.4......<P.y.wK."..... .......`...B..B..?^x.%.w.}...K.>..NU......>....:..{...k5. ...s*n.r..~`9.UoT`...4..n....9...FL.OE.[.O........_...n.O....;.....D.A.......\....R....,...chp.c.....(.....466bI{ ../ESC.j1..]...4...`T.....f.....$n....#S(ZA....n~."..I.......d9....%.Y....H......s..\...V...uJ...MU.g....894)....[...\...iy..f...]..7...w..y.<.we9..s.b9..........?w ....~....t.....9s...i.$T......q...<uB.?.4.f...F.w\...5k....G$E..3..\.............PB......]w..;....A...MON.....?}./.."r.ql\..[..v....D../v"...T...U.|..........6...5.[y.n3......m]....H\.. XL..T.8.}....k.N.W..J..7.9.......b...Q.\...A..8..S.T......:Q..\'?...f.......8t`?..f.....W.v.:t45..*Y.)IX......f........w....n.~...c..u.q....y.GC.Q.~....P.f........X..d....8.O...~\.t.`NK..&...2m.(.T....$f.\b....c...R.1...T....C(.I...d.N..3.....ww.EhjM...7.....$.....Y....s....<.W...}...ip..E))X.c6..d...a.f...)...P......\*............o}...vC/.QH.appPR8..*.$.........k.....x?>.?...z..<..>....nk.,G...}>...W.....]Q...;SU...R..S.:/W4z..7.W.....p......dO..^........2....-..?s....\0b....~p.c...eY.....G..

<<< skipped >>>

GET /img/Tuburera/logo_b.png HTTP/1.1

Accept: */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: img.downloadastrocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.10.2

Date: Tue, 28 Mar 2017 12:54:41 GMT

Content-Type: image/png

Content-Length: 11762

Connection: keep-alive

x-amz-id-2: 3QDKCBuBv8YVfObBcCDkNgy7zbK8EpyWInDhEsqOchauW QjTIHRG0yVbE3rNPvFc8JzJzZql3c=

x-amz-request-id: A1EDABB3C6D0B344

Last-Modified: Thu, 13 Feb 2014 09:38:37 GMT

ETag: "cc4bec630c2ec102cb6159e463ede5cc"

x-amz-meta-s3fox-filesize: 11762

x-amz-version-id: akDXJVqWGXlhXhhZ8YepY7NAR4.yDN8P

x-amz-meta-s3fox-modifiedtime: 1392281588994

Accept-Ranges: bytes

.PNG........IHDR.......-.......;.....pHYs..........o.d...OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...........Q,......!.........{.k........>[email protected]$p....d!s.#...~<< ".....x.....M..0.....B.\[email protected]@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I. [email protected]_-...."[email protected]~..,/...;..m..%..h^[email protected]~<<E.........J.B[a.W}.g._.W.l.~<......$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?....D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]=p..a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., .......3...!.[[email protected](R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._... .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).)..4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......

<<< skipped >>>

GET /img/Rewudaw/BG.jpg HTTP/1.1

Accept: */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: img.downloadastrocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.10.2

Date: Tue, 28 Mar 2017 12:54:41 GMT

Content-Type: image/jpeg

Content-Length: 102878

Connection: keep-alive

x-amz-id-2: 5/ahiXX5oijEiJkxzA2xkN3e8Jol3XZDz/eHVCDQQXodKuee5kAdNb7fyXLTFuPub5G9wuZOV U=

x-amz-request-id: AB210358BAACA286

Last-Modified: Thu, 31 Dec 2015 19:47:27 GMT

ETag: "d4337f9e3cdbb54bd455a9b749954a87"

x-amz-meta-cb-modifiedtime: Thu, 31 Dec 2015 19:47:01 GMT

x-amz-version-id: sCJ._v0SQy.IKyc6FrWiaRIAYL2XAV4H

Accept-Ranges: bytes

......JFIF.....`.`.....fExif..MM.*.................>...........F.(...........1.........N.......`.......`....paint.net 4.0.5....C....................................................................C.........................................................................0.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..5.u.... .z'.|.........z...G$....1..[K..=.........^..g.....-.O..}.....6:....r[!gw.....{.[..[.....c\$Q......:M..6.^....9............6x.x...w...J.q..x.`..S.UO..._.q._....J..n..JJ.m.I%.r.w...s. .NTd.\..T............Zm....|v...9...P.4.P.d:m......B.D.[.|3...o..y.s=..R.].._L.x.C....:R\H.....Zy..2.<....O...4...u85.kO.[./...E../..u... ....h...Ju..8O....;v.._....R...4m.2.w.3.G...ZT.Zo.SI...Ke.E.3.8...I7.........}.O....4x-..<j.$..Y..._....>.......C.Dg...G.........(...........Xh.^..h....M.}.U.5..M..O:...=Jy.,......*.'.Ic...<....#k.,.r..~.S.......D..e.Y..Y..L...HO..TO..".... ./j.p...5...Z.O.J...}.\9Z...m..c..%R.....2..........'.g...).....4.^O....].....}.j.....X.C.o.n.d...s..qx...Y...f&..N..n|Is.C.K...~x...d.....*l.|~...~...>".7...........mk..|<.6....E.^.~ ....o$..H.67.[..]....(..F....t...c

<<< skipped >>>

GET /img/Rewudaw/BG_FS.jpg HTTP/1.1

Accept: */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: img.downloadastrocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.10.2

Date: Tue, 28 Mar 2017 12:54:41 GMT

Content-Type: image/jpeg

Content-Length: 72475

Connection: keep-alive

x-amz-id-2: EkNllojKHYp2U1TmkNxggaIeUFA5rRp54UE0fJoowY0G31H0PxSAah2h9s318xz7d5Etumr62EM=

x-amz-request-id: 6F99EDD08E85BA97

Last-Modified: Wed, 06 Jan 2016 14:31:44 GMT

ETag: "9146e3b2964074e188543372a5757a2f"

x-amz-meta-cb-modifiedtime: Wed, 06 Jan 2016 14:31:32 GMT

x-amz-version-id: Nz7N2MAKlOO7oSd4nN3DlfFquV7Kpg4k

Accept-Ranges: bytes

......JFIF.....`.`.....fExif..MM.*.................>...........F.(...........1.........N.......`.......`....paint.net 4.0.6....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..^.;.O.|:.#....j.}...i..zu.Y]....x.T.....kI....&)6...Uj.5...7.-...'..-.'[email protected]`.p..Y...&...Y.....%......7v...p.K.c......#..#..K..,.Z=..$W.i.|......g.;..H.....7.....UtTe.[.M.J-.....J.Zz........E.HA..[.R.v.../....|W..u]S_...g.Vyg..!......h.....1....\.Z....}ona...<J..I...m......U.!._.6....8....$Pq#g.!.:...$......gut.[j...........(...'..m.7V.l......{.....>.P....S...p.R.[.E.k ].....mo..QN..\.4...t.......>4.n.w..G..............(5.3..]...x..ebnd.Hp..&X.............5.W....o... ...kAo...v.j0]E5..........E.Y.D.......GZ.P.,...k....F......x`72..f.WF..J..8.IB...N..d/..%.....c.WA.?.O.......y..>../..}.Z../N./. {....`...:..[G.....^./.,>..iZ..*r..S.jta)...\]Y(BZ... Y......^......q.%.J..j....e...]hwz..$.a..c.!q...5.S`..U1m.\.vF.!.q..k.<3.xj.L>...z..g....MI .x.HY.V...O

<<< skipped >>>

GET /img/IE_logo_new.png HTTP/1.1

Accept: */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: img.downloadastrocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.10.2

Date: Tue, 28 Mar 2017 12:54:41 GMT

Content-Type: image/png

Content-Length: 5921

Connection: keep-alive

x-amz-id-2: cej2dwtUi 48wztOEbK4hnNofqKC/to1L8ZfCYz8jm9EjC2NavI5/Zed jC1kJGL/nLy8VTK2mw=

x-amz-request-id: 1A4987BBE2239850

Last-Modified: Thu, 12 Mar 2015 10:46:07 GMT

ETag: "d86b9d354a5cdd126ae5250c162630d3"

x-amz-meta-cb-modifiedtime: Thu, 12 Mar 2015 10:46:00 GMT

x-amz-version-id: JCaAVEF0XYSznIkNb1ccJeiC74z2Hy2T

Accept-Ranges: bytes

.PNG........IHDR...0...0.....W.......tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:10B50654C8A411E4A871F63F79D4AE1E" xmpMM:InstanceID="xmp.iid:10B50653C8A411E4A871F63F79D4AE1E" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.did:A5370A64F8C7E411A9F2DF1F27361A01" stRef:documentID="xmp.did:A5370A64F8C7E411A9F2DF1F27361A01"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.. Y....IDATx..Z{.......].==...a....A....Z.$$.=..s.G...M6.Y_..l.&.$..yxt..W.9.....b|F.. 1.A..F`...GwOwuW....W.3A..`..{..........{...a!.}T_.L..4.t..\...a.?......C.....kPL*.S...........}..k.w}..8.5C...E...?.$..?^......N......Iz...3TKW.B.)....).R.....E.C.........L.~..v.......%B'N..%..U.e]........!.~.:8O.ZG..Ie.1.).....h.X...d_...W.L..bi.6.ps....1x.....O.....Zx.,..W.F.r..[..<.L.?...XqZ..t...XEP...*RI\0.0)D...=.n.....|.(S(...O....We.k.8.X.........# ..........P....S...m.##...Vq..Rt.."."# ..........>..nA...1.... E.cE...h......$.1..JQ..!..o...;$..O.GA J.R.cV.Xp..f<.s}4<........7..A'..V.RX

<<< skipped >>>

GET /img/FF_logo_new.png HTTP/1.1

Accept: */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: img.downloadastrocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.10.2

Date: Tue, 28 Mar 2017 12:54:41 GMT

Content-Type: image/png

Content-Length: 6157

Connection: keep-alive

x-amz-id-2: e8hqV0bSTgsnKjqyrHXK7z 6E2IcRLjYd/ w1eMPg/OfSnyZ6XoPkZ8j4m8aUVaK4RLw21OimO8=

x-amz-request-id: 945B88973B24CB8F

Last-Modified: Thu, 12 Mar 2015 10:46:07 GMT

ETag: "177a897550166829af6f7d037d86a2d6"

x-amz-meta-cb-modifiedtime: Thu, 12 Mar 2015 10:46:00 GMT

x-amz-version-id: wLXM_trCFKsgiAKj58s6fy6EyOPJSUfV

Accept-Ranges: bytes

.PNG........IHDR...0...0.....W.......tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:E6EBD962C8A311E48FF2C56440BD2A7D" xmpMM:InstanceID="xmp.iid:E6EBD961C8A311E48FF2C56440BD2A7D" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.did:A5370A64F8C7E411A9F2DF1F27361A01" stRef:documentID="xmp.did:A5370A64F8C7E411A9F2DF1F27361A01"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...U....IDATx..Zil\.y=o.}...CR.6...}..6...v....l(..h."......E...Q4M..1P.-..N....$.lk."k.,..HQ.Dr8..g.~{...,...&..R.......r....> B....../..(.TU...m7..q.....S...W...H_..................)..,T.........h....H....!...]1#...........l'lx0....g.pZ..Z..k!lW....'9..T..T.................g.....u=.!OU.S..]FWb$.......r....VSQ7..u........C9.o.....;[email protected]=..9|......C.do2.M%.}.Y..T..l..../.M..e....~.....s......W<G...3l9.1...g......D...F&...}..{'{...SF:.C<l .V...Bw6.......DmT..t!...x:....{...c..O.y.Q.|..l.....f.\.&._.i..v`9...CS......H....9..............Gx>.5........\..MO...,...

<<< skipped >>>

GET /img/CH_logo_new.png HTTP/1.1

Accept: */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: img.downloadastrocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.10.2

Date: Tue, 28 Mar 2017 12:54:41 GMT

Content-Type: image/png

Content-Length: 4849

Connection: keep-alive

x-amz-id-2: AJO7TI15D0Dj62Sx5tsQyZqNvsS/P40Z8fzZSElewtN1KSHqn04X4I9xc4Sn Z7SzeiRzKV 3a0=

x-amz-request-id: 157BAEAC2262B425

Last-Modified: Wed, 18 Mar 2015 10:35:12 GMT

ETag: "ba264606ca1d89ed519c9b8b3515f163"

x-amz-meta-cb-modifiedtime: Wed, 18 Mar 2015 10:35:00 GMT

x-amz-version-id: omxwqkFcs1tUW940Ss4VTxiINXau15QT

Accept-Ranges: bytes

.PNG........IHDR...0...0.....W.......tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:B8B544DFCD4F11E4BC7FA5DADF6159A3" xmpMM:DocumentID="xmp.did:B8B544E0CD4F11E4BC7FA5DADF6159A3"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:B8B544DDCD4F11E4BC7FA5DADF6159A3" stRef:documentID="xmp.did:B8B544DECD4F11E4BC7FA5DADF6159A3"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..<....eIDATx..Zyl..y..9...\rEQ.%J.M...I.U...4E*..].A[.h...:hQ.)P [email protected](..H]4..*.R7Q.D.m].bK.%X.uQ$%...s.cvf...f.,W.%..x....y...}......!.Y;.c.YQ.=S.....gOv...6f.~.=9W.g.........:b4..d..8.m....o=...;]`......I..'.......3..u1:...\......No..p..\...... .h-..QF [email protected]*..#..........?..|.4>.........4...Ohl.^....Q............?..B2.^...!8.)4h..Me...$/8...}}.8.v..{9.cc....T..).p..{U.......8.'....o...Z.....fw!..OBD...PiIE..\uFT. m....z..w.`...p...p....d27h.C.)N...*.<9.]o...-(.. .Y.T2.P8.x...d!..!...S......(.........5D..t...S.,]....\;......H_8V..c...t9I......d.6.E..*.'..]O..1.!-!c.\7........N:.

<<< skipped >>>

GET /img/Cazurazihiz/Cazurazihiz.png HTTP/1.1

Accept: */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: img.downloadastrocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.10.2

Date: Tue, 28 Mar 2017 12:54:41 GMT

Content-Type: image/png

Content-Length: 5983

Connection: keep-alive

x-amz-id-2: eCGmZufVohYgJ5Ty9zflAwGbeIBU4JmjDoSdSsRmtXNAMWmlHUWp8zmTZWClJbWQwaA Mg0CDVw=

x-amz-request-id: 14EABA72F81BDB67

Last-Modified: Thu, 31 Dec 2015 17:54:18 GMT

ETag: "a22c3d2918d1834d285dae064d3cee86"

x-amz-meta-cb-modifiedtime: Thu, 31 Dec 2015 17:53:51 GMT

x-amz-version-id: wyC6mtJU.8C8djRcSmCE4rVxqum5xvWX

Accept-Ranges: bytes

.PNG........IHDR.......'......i:.....sRGB.........gAMA......a.....pHYs..........o.d....tEXtAuthor.Nir SaharZb].... tEXtCreationTime.2015:06:24 17:02:12a .A....tEXtSoftware.paint.net 4.0.6..c.....IDATx^.[y\Tu.F....a.a`.....4mQ.7..Y...Yo.........[...........H.............;....sirf..L.T?.x..{.s.\.<.9.9.........j..-....lA.....q.4.'.EN..........Z?-...h[..O....F._.>.......)~J$i.X..IP!Q..d./R...9.l..1.....}.. .\C..q..0..A..PlT."..5...E.-...Z...O......B6!.>.Cs'Z.P.....u.X...9N.....8. .fW).:[email protected]}[email protected]).~1.[[email protected]>r.PLD..I..mA ;....t........l..T....G...'...G$..iE.9........-.)....To?\Y.C.`r--...lp%a...T.f..be.. .p.w.b.8...hk.;.H...p...8jk.#...u..j.s'. r.9.,[&.=..9...)v........<....t..........{..;..D.{.v......8. ....{:.b...Q..].q.I...".rp.v....J.9:...#r.mq..=K..2Y..L..w..~"k1..........U..t.............q..A...Q.....0.....!Jk..>Dd.Id; ".eC)...1R.lg'....U....w....b_..... 0$...V...QH..`.L..bVIJ..r').fS.>b...R.|.?CjwXd..r9.rO.e._`C8s..>..S.....|.A=...{......#Gb..U8}.4.Z.\...C......1L.>....>S..8.c...]..7...K..[o..y.....{[email protected]^M.....PRR./................k.k*...Z?d...4...ze8..'[email protected]?q*.CC..;.....e.. ..4..>.".....:u.VgWJ...$.f.rC.....<.).^G{,..B...o.%..........#::...-Z..s.b..ax..7.../ **..7?W(]..v....&&....a..-..e......}||p....Y..5l....>..p..........4...g....C....{....a..a.....?...{..?..rrr......7...VXX..V......c..Z...0.....H ...8...M)........T.....vm...2..~.. .c.{}.;..C.........z..u.....=?G........%b.{...U.l..!.kW.7].C.d2.....3.>...%..

<<< skipped >>>

GET /img/Nininininon/Nininininon.png HTTP/1.1

Accept: */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: img.downloadastrocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.10.2

Date: Tue, 28 Mar 2017 12:54:41 GMT

Content-Type: image/png

Content-Length: 415606

Connection: keep-alive

x-amz-id-2: 0XMgQnVIF4zguVn2RJzYvFqLHaNteD/HP6BWpPSmR0VzhatDB0iwsqrBlXGlo P9tzTBY7yqWs0=

x-amz-request-id: 63BEE2DC9E59D937

Last-Modified: Wed, 09 Dec 2015 16:18:51 GMT

ETag: "2cad81e24a9d1d2c55b26ee3c73b61e5"

x-amz-meta-cb-modifiedtime: Wed, 09 Dec 2015 16:17:48 GMT

x-amz-version-id: s.HW.VrEMobnKgHFcVDtYUH1Ob1rUFLd

Accept-Ranges: bytes

.PNG........IHDR...0.........A.>.....sRGB.........gAMA......a.....pHYs.......... ......IDATx^...LVi.........C..h,...q.............b..((U........DAE.......{.}ko.{..y...|W\.zm...c.u.k....e.7):...;.);[email protected]>.......T;YP.f7a...u.6q[.R........w...5..Z...,......4...Q`bJEE([email protected]\.JYu.Ua^TW$..w......s.......G...hhh.2d.`Y..{.......w.8....9...csvq|...~.....g.v..;..{.&.........8..FN....s..QjcJ...J./Sl|.../.....P......r;...)..G.j]Zo<....1......._"..O....y;nPz....L.wp!..O.o....%.v.......G..'4&.S_.CMn.yw..u.Dmz.5NO(.t.5!....R/."N..~..E..}.9B..)....0.GcG...e..?....9*.r.n.....9..b..........K.._y~....'...6...-({v... ...R.....h*R_...%g.:R..A]..j._Q.PH}....]...=...hN..^....f...M..;.^}...-..|i.q..YS..JS.'Zs.i.k..yP..BkN..'\..s....T{..:.....4y.c.4x.4d...Z9X.Y.....T......M..D...alG..5....s...qn.w..{.d.7...g-.....C...x..2#}J..QpZ..kSj.....(7e..G8....M.....i6......S....N{x$..\.d.-E....!...........%<..g.i..e.zKUm<.n.....Z.....O...V.=.........$...t...X4D...?c..c.4x.....>.q..1~.`A....X.KWx...[#F.w.H....60.d.'.n....~.|.....).5..q.3N.^?....Qq..(F....T^<[email protected](...4.?....N\[email protected]$.......<..r..w.... .-4...H...h..f..;.ZY.R.J....3..J..H.g..M&X.1q..f.........C.. .Mu...jR#..ap.Mu_............&V.......C0.Z..9.g..(h....$.9:b>z...7..~.. Q...x.. ...{.2.B......\.....=:z.,..e..sZ?........g...i....hOKg...L]..l..r^~f.......?... . .u.....4.k.5...ZE{b...Q...1..5&\..;#...?..........._nT...G.R...........d......'.m;....OSD...(.S../.j..3.~..~...~K.3...k..|.,&........0_|..M*<......C..

<<< skipped >>>

GET /img/Fividof/BG.png HTTP/1.1

Accept: */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: img.downloadastrocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.10.2

Date: Tue, 28 Mar 2017 12:54:42 GMT

Content-Type: image/png

Content-Length: 27707

Connection: keep-alive

x-amz-id-2: NxpR0X1Y lYf/enkiHgGat503UnvXDNkJoMLfXObNLroX/4WHeQBar7kz6cO grLnu1mcZuI7Rs=

x-amz-request-id: 258DEC60308FBBD4

Last-Modified: Mon, 08 Aug 2016 08:08:18 GMT

ETag: "024f03602a6f7fe69592f9472cb01d4f"

x-amz-meta-cb-modifiedtime: Sun, 07 Aug 2016 14:10:06 GMT

x-amz-version-id: X3Cs5_ZFW8itsyxo6oqulRxPSOcm3fMR

Accept-Ranges: bytes

.PNG........IHDR...0.........6..I....tEXtSoftware.Adobe ImageReadyq.e<..k.IDATx....t..u.x.Wt7.... ..../.I..IY.#[.$/...I~.3.bYV...s&/.3o9y......Ifb.yq.o.%[.%."...wp.Ap.Bb_..Fw.....F........'.......j.~u.w.%[email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] ..f.4Y.....n.B..[w.>..H..B".H#.\'.j.v....../............a..].Rw..4= .w.:.."..2.Q...P.;O=.W...$......W.[.....>\.ey...>........;.w...#.......k......|$...k^.,[email protected]<........k.T.......6x]...R.3.a......5.c... .P..u......e...aM..F"'.;.m...g.....:.G.j-..".I.S.....M...r..B .x^T.O./....Z....k.4..9..C .(\..3.......fE.....5->_.]...<.XL..CNM=R>< .1...H.G.5...fzma..p..S.\......<......=E{N.......e...]#....Kj{v4C9C..g.w.......5~A..[I...e.u.w^...fp.5..1......N...E`L...I^.xN}..>1..-....F.........[.iN*.i....E.k....5.....A.^P..\......w....d...th]M]...8...HC%9h...v.I....?\...Y..O..b.,1....i.....i....z6...........o.....c.I..4....e...A.}|.]......"\x..w o ..9..u..5.:E_..|[email protected]!.Ns.o..........z.......Z....V...$.W..y.5..........e..K.pn.y.....p.o..........|.t..-..9.;.....u...5...6..4\.X....g.......8/...........q{".k;^.tn.>.M.. ).v.o.<..I...=.k..M.5.L.K.6.A[.q.c;b.k.X....-A.8..9W4 ..I.......%].'....D.h.....x...U.. ..x......8f.....E..t..5:...j..B......y... ]....T.;.....n.6x,......V.0..>{.f..m.6..............0..?GC..dC.l....?.;......x7.......G8.0....qs.....c..>.o...{.M..x.8....1.

<<< skipped >>>

GET /img/Fividof/FS_BG.png HTTP/1.1

Accept: */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: img.downloadastrocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.10.2

Date: Tue, 28 Mar 2017 12:54:42 GMT

Content-Type: image/png

Content-Length: 20910

Connection: keep-alive

x-amz-id-2: BVjh/YQPHrSj62LQlpXxJANtyovHOXzmtbtm9mNYk9pFjsDPQbc3DcEE76FvLRvagTU NBd4 H4=

x-amz-request-id: 2E871CED05D0649B

Last-Modified: Thu, 25 Aug 2016 16:15:53 GMT

ETag: "20838f981ab877adebe8cc27d8fd8e8a"

x-amz-version-id: NGHte6ooz0o7QShucGRMfn4HeyGT11cm

Accept-Ranges: bytes

.PNG........IHDR..............u......tEXtSoftware.Adobe ImageReadyq.e<..QPIDATx....p\.u.......9..s..pr.&..fd..%.A............^...z..d....gK.% Z..H..C.sN ..r...}.sn7.. ..`...Pw.h4...=..~... .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ....&.`aq..v-i..RV...<gV..4...V..kId....-.....A...n...}W ..[...t ..^....."..y.V...P[...Xm.j.....1.L.....<"[email protected])..Q.*3)..j(W?...=...6...j3....~.4...l:....\._.. ......C..)=-.;..J]. .Cm....W...>.V........6{Ndmj3...t....:z.. ....S...K./... .. ....x....d.f......kR.T.(.t..N!.r.f.u(G..Z.^.)'.......yC5...E/.9.]....x8....7...5.t..._M.;(.. .|[email protected]:m...O.....). T.U\r.p.\..N...dB"....gq........<....v^m/.mg....m.I.X..A.....N.;..4d.z.:5..T.J|26u...I`i..B...v....bF*.........HGS..w:1....U]...R.Km.... ...v..~.d....f*..].Mk.u.(.........6....}.....dV.7.......w.#..\K|..j.P.Q.......]..M.?.A....Y.G..H."kS..P.'...b...?.....;JM&miV..4v.ZQ..TBKn..;."..w.C.Jx.....G{1.5..6.|-.M_TO... Nf.._..ZZ.i.. ......A..D....^u7mT..e;.w.:.b.4o........M......f2l...7M./.m..8.\.a... ...4.d.....3j.G...u..K./.... ...D.....h.d3.Y=KM&...T.D.Hm.0.c....`),[email protected]&......7K.`.Z......Sh....`0.F..[.....3j.K.j.qQ9...L...J.W.... ..}$.....,...PIb....%.E..j.j...,.q...='.N..............7.y........2vTYd.X..D..;[q..yt.u#.I.Ix.|d...gCv5XL.8...J<.W.._......*.F.~........C...^..?Y...D6nW....Dk.6.O....RbS.../.01..n..V.Hv..(7.%.(.)....C..Z8.....I..{/8.af...d..`..'/...6t.w.....zYJ......_..f..`.Y.k6..v.W.S..

<<< skipped >>>

GET /img/Xoxoxop/1_V3-BG.jpg HTTP/1.1

Accept: */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: img.downloadastrocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.10.2

Date: Tue, 28 Mar 2017 12:54:42 GMT

Content-Type: application/octet-stream

Content-Length: 24046

Connection: keep-alive

x-amz-id-2: He3/kCzTu Qz5riz8prY3MMFc54K/AU4Wwuy/c4iF6m0zdKdnEMJJduxRwI6juKQD/iYu2ZkCYk=

x-amz-request-id: DAF469A535593C43

Last-Modified: Mon, 25 Apr 2016 14:30:47 GMT

ETag: "41838656682b6f053398602b6884b63d"

x-amz-version-id: sI3J4tMDQpTfZMZdx893Dh6bbxT6LlWP

Accept-Ranges: bytes

......JFIF.....d.d......Ducky.......d.....&Adobe.d...................5E..J...]...............................................................................................................................................0.............2..................[email protected]P"2B..6. 3C5.0!.F#..$&A47...........................!.1.5v...AQa"2..6. @PqB.#...u0..Rr3.4.....bCc...S.t%F...s..$......................1.!Aq...Q..2.. Pa...."[email protected]#3......4%C....................!1A.Qa... [email protected]`....................................................................................................................................................................................................................................................X.5.7.........~~T9g.c..................u.P.......o.[......J.:.h...............%V...Z.1..|........a.E.s..U................................ai.*[email protected]<%V4.............\<.....=p.%..r...{x.*....B..........ZxJ.h..............O......e....w"ai..IU...:[email protected]=>.....<L......J.<.....3.>.....f......&.................ai.|h...LS.IU...:[email protected]|.../..G..........{o..:F..t........Z.......................Zb.........Ui..N..........O._".].......~%#\.';..H6.R..~..\.'........l...e.h.....e.....o[....:u..z....ZxJ.h..............)..kp.7...........L-1O.%V.~T.PBw. .W...tG.......b...u..z....s.........=..v...]..o|...o..I..e.^G.~5....Q..?X~V.|...................Zcj...<}s.Wo......y.......Zb..J.<...

<<< skipped >>>

HEAD /fileadmin/winrar-versions/winrar/wrar521.exe HTTP/1.1

Accept: */*

Host: VVV.win-rar.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Content-Length: 0

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 200 OK

Date: Tue, 28 Mar 2017 12:54:41 GMT

Server: Apache

Last-Modified: Mon, 16 Feb 2015 15:49:10 GMT

ETag: "1ad5e0-50f3686eec980"

Accept-Ranges: bytes

Content-Length: 1758688

Cache-Control: max-age=5184000

Expires: Sat, 27 May 2017 12:54:41 GMT

Content-Type: application/octet-stream

....

GET /fileadmin/winrar-versions/winrar/wrar521.exe HTTP/1.1

Range: bytes=0-1758687

Accept: */*

Host: VVV.win-rar.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Date: Tue, 28 Mar 2017 12:54:41 GMT

Server: Apache

Last-Modified: Mon, 16 Feb 2015 15:49:10 GMT

ETag: "1ad5e0-50f3686eec980"

Accept-Ranges: bytes

Content-Length: 1758688

Cache-Control: max-age=5184000

Expires: Sat, 27 May 2017 12:54:41 GMT

Content-Range: bytes 0-1758687/1758688

Content-Type: application/octet-stream

[email protected]........!..L.!This program cannot be run in DOS mode....$........&K.HG%.HG%.HG%.A?..SG%.A?...G%.A?..]G%.HG$..G%.A?../G%.A?..IG%.A?..IG%.A?..IG%.RichHG%.................PE..L...*[email protected]...................................................3...L...........4[email protected]...............t............................text............................... ..`.rdata..#[email protected]@.data...([email protected][email protected]@..................................................................................................................................................................................................................................................................................................................................................................................................Z.B......QV...u....8...E......b.....l-...E...S......"[email protected]^d........3..|$..rJ.L$..9RuA.|$..r:.y.au4.y.ru..y.!u(.y..u".y..u..I...u.j......u.j......u.j.X.....j...L.....H....P..U....\[email protected]]....D$.V...F..N.;N.v_.F.SUW..%C...t.;.v.Ph..B.U..P........[P...F.......D. .N...;.w...S.6.......YY..u....-P...>_].^.[^...V...L$......P..F..V...^.........j..p..p..R...D$.V...F..N.;N.v`.F.SUW..%C...t.;.v.Ph..B.U..P.........O...F..~.......D. ;.w.....?P.6

<<< skipped >>>

GET /img/Malaromoro/bg2.jpg HTTP/1.1

Accept: */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: img.downloadastrocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.10.2

Date: Tue, 28 Mar 2017 12:54:43 GMT

Content-Type: image/jpeg

Content-Length: 59210

Connection: keep-alive

x-amz-id-2: 8wxvqROGf3NPyThTSiwxyzGJ50ZdCN5Ayj13qhrCzythhUZsjDgXkZSMwvnXeWm0q2z8MpJcJgA=

x-amz-request-id: 08C9392FF80607B5

Last-Modified: Sun, 16 Mar 2014 10:45:33 GMT

ETag: "3ca90bdb0184dba078b0e604eb239df0"

x-amz-meta-cb-modifiedtime: Sun, 16 Mar 2014 10:17:54 GMT

x-amz-version-id: JMXnkH_Q4w85o.RRxkVvr1HHBSYxTWbA

Accept-Ranges: bytes

......Exif..II*.................Ducky.......<.....ohXXp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:345E81DDDAA9E311B383BEF54B638275" xmpMM:DocumentID="xmp.did:118EE61EAA0211E3A8EABD135B592C02" xmpMM:InstanceID="xmp.iid:118EE61DAA0211E3A8EABD135B592C02" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:086B2D40FAA9E311A847ACF83C7EB2CA" stRef:documentID="xmp.did:345E81DDDAA9E311B383BEF54B638275"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.........................W j.......|W....`.....O.......".x....79kZ.]._.....x.qv..2........;.W._.XP..-...K..Nd..q........?....NDu^"8.v..[Z~..n...s*..81......=..m......E.v7p2....Z.....N ..c1.v...F..O..S.j.............?..}DN>cN*.W.gn(v.].....Eq^"8."M2V...........D..1BrV..."_..sD..4.......m....:.Eq^'>C.F.R........$/..}.^...q;......u$..F......m......I8.........n.....^.....l....v.Ss.........8l............$...\=..FY..Z.G. *..C..u$...E.v.V.sd ....<...]_.VU....H............G.q..D.e......c#.<).EN.0rF1H.$BU.....:.....N.!.....W#_.D..#

<<< skipped >>>

Map

The Installer connects to the servers at the folowing location(s):

Strings from Dumps

%original file name%.exe_2792:

.idata

.idata

.rdata

.rdata

P.reloc

P.reloc

P.rsrc

P.rsrc

kernel32.dll

kernel32.dll

.DEFAULT\Control Panel\International

.DEFAULT\Control Panel\International

File I/O error %d

File I/O error %d

lzmadecompsmall: Compressed data is corrupted (%d)

lzmadecompsmall: Compressed data is corrupted (%d)

lzmadecompsmall: %s

lzmadecompsmall: %s

LzmaDecode failed (%d)

LzmaDecode failed (%d)

shell32.dll

shell32.dll

/SL5="$%x,%d,%d,

/SL5="$%x,%d,%d,

Inno Setup Setup Data (5.5.0)

Inno Setup Setup Data (5.5.0)

Inno Setup Messages (5.5.0)

Inno Setup Messages (5.5.0)

user32.dll

user32.dll

oleaut32.dll

oleaut32.dll

advapi32.dll

advapi32.dll

RegOpenKeyExA

RegOpenKeyExA

RegCloseKey

RegCloseKey

GetWindowsDirectoryA

GetWindowsDirectoryA

MsgWaitForMultipleObjects

MsgWaitForMultipleObjects

ExitWindowsEx

ExitWindowsEx

comctl32.dll

comctl32.dll

name="JR.Inno.Setup"

name="JR.Inno.Setup"

version="1.0.0.0"

version="1.0.0.0"

name="Microsoft.Windows.Common-Controls"

name="Microsoft.Windows.Common-Controls"

version="6.0.0.0"

version="6.0.0.0"

publicKeyToken="6595b64144ccf1df"

publicKeyToken="6595b64144ccf1df"

true

true

!'%s' is not a valid integer value('%s' is not a valid floating point value

!'%s' is not a valid integer value('%s' is not a valid floating point value

'%s' is not a valid date

'%s' is not a valid date

'%s' is not a valid time!'%s' is not a valid date and time

'%s' is not a valid time!'%s' is not a valid date and time

I/O error %d

I/O error %d

Integer overflow Invalid floating point operation

Integer overflow Invalid floating point operation

Invalid pointer operation

Invalid pointer operation

Invalid class typecast0Access violation at address %p. %s of address %p

Invalid class typecast0Access violation at address %p. %s of address %p

Operation aborted%Exception %s in module %s at %p.

Operation aborted%Exception %s in module %s at %p.

Application Error1Format '%s' invalid or incompatible with argument

Application Error1Format '%s' invalid or incompatible with argument

No argument for format '%s'

No argument for format '%s'

Invalid variant operation"Variant method calls not supported

Invalid variant operation"Variant method calls not supported

External exception %x

External exception %x

Web Internet installer Setup

Web Internet installer Setup

4.4.5.0

4.4.5.0

Web Internet installer

Web Internet installer

2.1.6

2.1.6

%original file name%.exe_2792_rwx_01200000_000BA000:

.rsrc

.rsrc

rnel32.dllwGetLongPathNam,

rnel32.dllwGetLongPathNam,

Q0.Fl

Q0.Fl

.xh%]

.xh%]

(_.SCK_LINES/$

(_.SCK_LINES/$

JYUIt.Vl?

JYUIt.Vl?

* (()@-3$-

* (()@-3$-

0J%Fs

0J%Fs

Keyw

Keyw

%s[%d]

%s[%d]

.FDiag

.FDiag

B.IIx

B.IIx

?7E(AL("%s",4),"

?7E(AL("%s",4),"

XI.Cr

XI.Cr

4'.Yt

4'.Yt

keysK

keysK

k3.yhF

k3.yhF

.cu%S

.cu%S

O%uorT

O%uorT

Ht.HA

Ht.HA

ibD.ZP

ibD.ZP

\*.*2XE

\*.*2XE

.dwcnh

.dwcnh

vfjzg V.fG!>_

vfjzg V.fG!>_

De-a.ew

De-a.ew

webqsk

webqsk

.fcclJL

.fcclJL

JL-Q.JW

JL-Q.JW

1.2.3

1.2.3

,M.DJ?

,M.DJ?

bVsqlz3_

bVsqlz3_

[.Il

[.Il

KG.Ia

KG.Ia

.FJn`m

.FJn`m

0.XC/X[

0.XC/X[

H|iqi.DD.

H|iqi.DD.

UC.HS

UC.HS

.cP>&*

.cP>&*

chmk.mswrzf

chmk.mswrzf

,kt V -,%D

,kt V -,%D

c.cjjm0).S"

c.cjjm0).S"

.rdf'.fks

.rdf'.fks

.qiuykchVw

.qiuykchVw

[email protected],.sdaw

[email protected],.sdaw

dcm.NH

dcm.NH

.wuf.

.wuf.

=.uwJj

=.uwJj

:.pk\d`P

:.pk\d`P

i!%u$3

i!%u$3

vgv,.Pn

vgv,.Pn

ir$ah.Lx

ir$ah.Lx

^.rzPcQI/&^#&

^.rzPcQI/&^#&

Lmca(WglzgjH.Mo5

Lmca(WglzgjH.Mo5

8"~l.VwDgv:V/

8"~l.VwDgv:V/

.dv6B.:

.dv6B.:

.bcs3i

.bcs3i

!zY^A.XGw

!zY^A.XGw

h`8q.Hy

h`8q.Hy

RI.AT

RI.AT

;XQw`%f

;XQw`%f

gjvZi.AT

gjvZi.AT

n.hhp

n.hhp

mw.ll

mw.ll

C|.uC

C|.uC

UrlJ

UrlJ

.Uvl7Ll#Q

.Uvl7Ll#Q

[email protected]

[email protected]

n6.GIg$

n6.GIg$

L_LCUNTF, KHC.op=

L_LCUNTF, KHC.op=

6?0N2=.Lq

6?0N2=.Lq

W]E).rG

W]E).rG

a%dH^

a%dH^

.LC&U

.LC&U

!-W.vB

!-W.vB

aaFj`iZ.iFN

aaFj`iZ.iFN

%[email protected]#"

%[email protected]#"

)hix.CBOP

)hix.CBOP

RWoCJ[hx.Xu

RWoCJ[hx.Xu

NAER_[URNDT].Lw/OFL[^\\[@

NAER_[URNDT].Lw/OFL[^\\[@

.BOhZ

.BOhZ

m^rk.Um_gtw

m^rk.Um_gtw

'JXpx6.tg

'JXpx6.tg

nDlb.vok

nDlb.vok

.Bp/pe,

.Bp/pe,

IWeb

IWeb

.mI25

.mI25

y.jHP

y.jHP

i.SpT

i.SpT

!.blv

!.blv

m.Advi

m.Advi

.1..WAHO9[Zcn*b

.1..WAHO9[Zcn*b

;)W.gD

;)W.gD

HX.Pd`bj

HX.Pd`bj

IWV.cQ

IWV.cQ

fa`w.eoicTjo7

fa`w.eoicTjo7

D\[email protected]

D\[email protected]

!a%Cv

!a%Cv

MSGOf

MSGOf

\6$945'/

\6$945'/

UM.xX

UM.xX

.Hagddw M,7

.Hagddw M,7

r.vY?"[

r.vY?"[

hWkkaTmjC.Oo

hWkkaTmjC.Oo

VZY*rf.aeWXM

VZY*rf.aeWXM

.qB/hkk[lfqd

.qB/hkk[lfqd

PIPE_DATA'

PIPE_DATA'

cnyzgcEi.Tc/7

cnyzgcEi.Tc/7

a,/.ia

a,/.ia

v=.vpF

v=.vpF

nwgbo\hfm.cV]

nwgbo\hfm.cV]

h%d;s

h%d;s

.VccSivfkw V

.VccSivfkw V

o>TP\Oqah`k,.nlvcTmK

o>TP\Oqah`k,.nlvcTmK

'AwdAmcd.oi

'AwdAmcd.oi

wYb.wv

wYb.wv

VNJPu.IgYJgrwljQ`q2

VNJPu.IgYJgrwljQ`q2

z`o1caig2,.hf5b"

z`o1caig2,.hf5b"

wg8k-P.VO

wg8k-P.VO

%xH1 FZ"

%xH1 FZ"

khbbxl,.blzz

khbbxl,.blzz

C$.rv

C$.rv

]s.ZRy

]s.ZRy

4.nBG

4.nBG

.oBke

.oBke

.xOuk

.xOuk

%x0b[

%x0b[

5ñ1

5ñ1

z.gvPT

z.gvPT

z.qq4?

z.qq4?

U.mlv

U.mlv

-.uRE{EI

-.uRE{EI

..kSQ

..kSQ

L.pRf

L.pRf

YnE%DM

YnE%DM

.bU|>"QQ

.bU|>"QQ

oNkEY

oNkEY

.UbUb

.UbUb

XKG;Key#

XKG;Key#

"$ %),'8

"$ %),'8

(&&$' )#

(&&$' )#

H.JXA^

H.JXA^

1 0 .'7(2':

1 0 .'7(2':

'.-!6&'(' )

'.-!6&'(' )

#-**(-#,

#-**(-#,

&",,/- '

&",,/- '

p.PMDF

p.PMDF

CP.re

CP.re

KERNEL32.DLL

KERNEL32.DLL

advapi32.dll

advapi32.dll

comctl32.dll

comctl32.dll

comdlg32.dll

comdlg32.dll

gdi32.dll

gdi32.dll

ole32.dll

ole32.dll

oleaut32.dll

oleaut32.dll

shell32.dll

shell32.dll

URLMON.DLL

URLMON.DLL

user32.dll

user32.dll

version.dll

version.dll

wininet.dll

wininet.dll

ShellExecuteExW

ShellExecuteExW

HtmlUIInstallerSADLL.dll

HtmlUIInstallerSADLL.dll

%original file name%.exe_2792_rwx_012C1000_0015F000:

kernel32.dll

kernel32.dll

MSWHEEL_ROLLMSG

MSWHEEL_ROLLMSG

MSH_WHEELSUPPORT_MSG

MSH_WHEELSUPPORT_MSG

MSH_SCROLL_LINES_MSG

MSH_SCROLL_LINES_MSG

$*@@@*[email protected]@@$ *@@* [email protected]@($*)@-$*@@$-*@@$*[email protected]@(*$)@-*[email protected]@*[email protected]@*[email protected]@-* [email protected]$ *@* [email protected]$ *[email protected]$ -*@*- [email protected]($ *)(* $)

$*@@@*[email protected]@@$ *@@* [email protected]@($*)@-$*@@$-*@@$*[email protected]@(*$)@-*[email protected]@*[email protected]@*[email protected]@-* [email protected]$ *@* [email protected]$ *[email protected]$ -*@*- [email protected]($ *)(* $)

EVariantBadIndexError

EVariantBadIndexError

htKeyword

htKeyword

EInvalidOperation

EInvalidOperation

u%CNu

u%CNu

%s[%d]

%s[%d]

%s_%d

%s_%d

.Owner

.Owner

EInvalidGraphicOperation

EInvalidGraphicOperation

USER32.DLL

USER32.DLL

comctl32.dll

comctl32.dll

UrlMon

UrlMon

IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")

IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")

JumpID("","%s")

JumpID("","%s")

TKeyEvent

TKeyEvent

TKeyPressEvent

TKeyPressEvent

HelpKeywordD

HelpKeywordD

crSQLWait

crSQLWait

%s (%s)

%s (%s)

IMM32.DLL

IMM32.DLL

AutoHotkeys4_0

AutoHotkeys4_0

AutoHotkeys|_0

AutoHotkeys|_0

ssHotTrack

ssHotTrack

TWindowState

TWindowState

poProportional

poProportional

TWMKey

TWMKey

KeyPreview(f0

KeyPreview(f0

WindowState`a0

WindowState`a0

OnKeyDown|:/

OnKeyDown|:/

OnKeyPress<:>

OnKeyPress<:>

OnKeyUp

OnKeyUp

System\CurrentControlSet\Control\Keyboard Layouts\%.8x

System\CurrentControlSet\Control\Keyboard Layouts\%.8x

vcltest3.dll

vcltest3.dll

User32.dll

User32.dll

2301654879

2301654879

A`bng`@ikc-4,uUxlxs-4,Ht.HA

A`bng`@ikc-4,uUxlxs-4,Ht.HA

Vh-0,Cd`jiVhlxwd-0,tLcibD.ZP

Vh-0,Cd`jiVhlxwd-0,tLcibD.ZP

TThreadExecuter

TThreadExecuter

TScanAllWindowsCallBackData

TScanAllWindowsCallBackData

Portuguese

Portuguese

i\*.*2XE

i\*.*2XE

i.dwcnhE

i.dwcnhE

webqskv`T-Y

webqskv`T-Y

nmhpjhc03.fcclJL

nmhpjhc03.fcclJL

i.ulzn1E

i.ulzn1E

1.2.3

1.2.3

THttpTimeOutThread

THttpTimeOutThread

THttpCallBackShell

THttpCallBackShell

Gx-21,\igh]ixyj-42,M.DJ

Gx-21,\igh]ixyj-42,M.DJ

A`qjz``-0,ZkdkNgij.pc

A`qjz``-0,ZkdkNgij.pc

Kcqjpc`-0,Aaj-1,gEdafa`.pM

Kcqjpc`-0,Aaj-1,gEdafa`.pM

SQL error or missing database

SQL error or missing database

An internal logic error in SQLite

An internal logic error in SQLite

Operation terminated by sqlite3_interrupt()

Operation terminated by sqlite3_interrupt()

Uses OS features not supported on host

Uses OS features not supported on host

2nd parameter to sqlite3_bind out of range

2nd parameter to sqlite3_bind out of range

sqlite3_step() has another row ready

sqlite3_step() has another row ready

sqlite3_step() has finished executing

sqlite3_step() has finished executing

Unknown SQLite Error Code

Unknown SQLite Error Code

sqlite3.dll

sqlite3.dll

ESQLiteException

ESQLiteException

TSQLiteDatabase

TSQLiteDatabase

TSQLiteTable

TSQLiteTable

Error executing SQL

Error executing SQL

Could not prepare SQL statement

Could not prepare SQL statement

Error executing SQL statement

Error executing SQL statement

select [sql] from sqlite_master where [type] = 'table' and lower(name) = '

select [sql] from sqlite_master where [type] = 'table' and lower(name) = '

Could not prepare SQL statement

Could not prepare SQL statement

SQLite is Busy

SQLite is Busy

Ecezcb-4 S,Tmeic6.fA

Ecezcb-4 S,Tmeic6.fA

W,iqi.DD

W,iqi.DD

-00,chmk.ms

-00,chmk.ms

Locate sqlite3.dll

Locate sqlite3.dll

8SQLit

8SQLit

install.rdf

install.rdf

chrome version is not a number:

chrome version is not a number:

DoAddChromeStartupPage - status:

DoAddChromeStartupPage - status:

DoSetChromeHomePage AL=

DoSetChromeHomePage AL=

[email protected],.sda-0,` U,K\JH,-c`ql,.RMH\@ U,fk-1,8*J`cl-0,iq,-]`d-4,mm U,]-1,jsdj`w,-GA R,^.P

[email protected],.sda-0,` U,K\JH,-c`ql,.RMH\@ U,fk-1,8*J`cl-0,iq,-]`d-4,mm U,]-1,jsdj`w,-GA R,^.P

exception while getting Chrome SP(after DB copy):

exception while getting Chrome SP(after DB copy):

-0,iq-3,dcm.NH

-0,iq-3,dcm.NH

Exception in InstallChromeExtensionRegistry:

Exception in InstallChromeExtensionRegistry:

[email protected]@,.ji-1,yn-3,a-2 Q,[email protected] Q,ek-2,umkz^ywb

[email protected]@,.ji-1,yn-3,a-2 Q,[email protected] Q,ek-2,umkz^ywb

@QA^ T,WOLHF,.eazyavg-2,Qfbmeqs.i,4

@QA^ T,WOLHF,.eazyavg-2,Qfbmeqs.i,4

Bchnsjz/Uco-2,en,._tixfbc-1,/OB,.Mgeezv V,]faho-0,stk.y,f

Bchnsjz/Uco-2,en,._tixfbc-1,/OB,.Mgeezv V,]faho-0,stk.y,f

SetChromeSP: failed to Add SP:

SetChromeSP: failed to Add SP:

to chrome

to chrome

SetChromeSP: failed to set SP:

SetChromeSP: failed to set SP:

as default search provider at chrome

as default search provider at chrome

RemoveChromeSearchProvider - cannot remove

RemoveChromeSearchProvider - cannot remove

RemoveChromeSearchProvider - exception:

RemoveChromeSearchProvider - exception:

DoSetChromeExistingSP - no file:

DoSetChromeExistingSP - no file:

sqlGetQueryResultEx failed! Query:

sqlGetQueryResultEx failed! Query:

Gndovgv,.Pnc-1,`c R,^qdtggnp,.JO.]-h

Gndovgv,.Pnc-1,`c R,^qdtggnp,.JO.]-h

DoSetChromeExistingSP: error:

DoSetChromeExistingSP: error:

Q-4,sbkfmhQ`qh-4,nq-4,hir S,dah.Lx

Q-4,sbkfmhQ`qh-4,nq-4,hir S,dah.Lx

Q-3,cmf,.Bacb V,[gotkj-;.]

Q-3,cmf,.Bacb V,[gotkj-;.]

Kjij-0,ja.pz

Kjij-0,ja.pz

Ckkhskc07.Rb

Ckkhskc07.Rb

IE version is not supported:

IE version is not supported:

is not supported:

is not supported:

Y^A.XG

Y^A.XG

Hn-0,em`cY\CKmbcommd.Hy

Hn-0,em`cY\CKmbcommd.Hy

TPipeServer

TPipeServer

TPipeObject

TPipeObject

TPipeServerListener

TPipeServerListener

TPipeClientU

TPipeClientU

Starting default pipe server, PipeName:

Starting default pipe server, PipeName:

isrPipe

isrPipe

Falied to start default pipe server, PipeName:

Falied to start default pipe server, PipeName:

Bc/K-33,`-1.jG

Bc/K-33,`-1.jG

Jbhblnrefc V,H-0,bv-1,li.AT

Jbhblnrefc V,H-0,bv-1,li.AT

Uju-0,c-2 W,Ht-2,h-4.Rq

Uju-0,c-2 W,Ht-2,h-4.Rq

Ijv-1,h-0,jm Q,Jq-1,n-2,/,.u`l,.lnmw Q,ll`oj`zh`m-2 Q,xjzi`vz Q,kbz`.^l

Ijv-1,h-0,jm Q,Jq-1,n-2,/,.u`l,.lnmw Q,ll`oj`zh`m-2 Q,xjzi`vz Q,kbz`.^l

Q-0,iznjib Q,`u,.tgu-0,qyi-1,ulb.a-F

Q-0,iznjib Q,`u,.tgu-0,qyi-1,ulb.a-F

Ob-4,/dcdzfe, kh-3,`/r-2,jld.vL

Ob-4,/dcdzfe, kh-3,`/r-2,jld.vL

V-1,ns-4-.,hx V,lmdeehea,.mdhi Q,hi`onezhdh-2f.a

V-1,ns-4-.,hx V,lmdeehea,.mdhi Q,hi`onezhdh-2f.a

ebP-3,dLfnda`-4,`yj-4.PL

ebP-3,dLfnda`-4,`yj-4.PL

Retrieved Filename from Url:

Retrieved Filename from Url:

Restart attempts surpassed the maximum (

Restart attempts surpassed the maximum (

) is different than supported (

) is different than supported (

Urls stored in Chunks Map differ from the ones provided, ignoring the Chunks Map:

Urls stored in Chunks Map differ from the ones provided, ignoring the Chunks Map:

Chunks Map contains URLs, but the size is illegal:

Chunks Map contains URLs, but the size is illegal:

New Source created, url:

New Source created, url:

, httpCode:

, httpCode:

, url:

, url:

, Url:

, Url:

, old Url:

, old Url:

, new Url:

, new Url:

Switching suspended Server back to use; Url:

Switching suspended Server back to use; Url:

, HttpCode:

, HttpCode:

TDownloadConnection.Destroy() was called from not authorized thread (

TDownloadConnection.Destroy() was called from not authorized thread (

HttpCode:

HttpCode:

Unsupported 3xx redirect response, code:

Unsupported 3xx redirect response, code:

]DKizHi-4,exc-1,Hc`hk-3.GI

]DKizHi-4,exc-1,Hc`hk-3.GI

L_LCUNTF, KHC.op

L_LCUNTF, KHC.op

0.0.0.0

0.0.0.0

6?0N2=.Lq

6?0N2=.Lq

;768>1-80

;768>1-80

005345000000

005345000000

000000000000

000000000000

000000000010

000000000010

000000000030

000000000030

cabinet.dll

cabinet.dll

Rijndael Key is too short!

Rijndael Key is too short!

;7.Q,>N-Y,[ T,Tc.Uv

;7.Q,>N-Y,[ T,Tc.Uv

Reporting failed on first attempt, second attempt is cancelled (finallizing)! HttpRes:

Reporting failed on first attempt, second attempt is cancelled (finallizing)! HttpRes:

First report attempt failed, going for second! HttpRes:

First report attempt failed, going for second! HttpRes:

The report failed! HttpRes:

The report failed! HttpRes:

Report sent, Url:

Report sent, Url:

TUninstallExecuter

TUninstallExecuter

)hix.CB

)hix.CB

Y^`acxziagKphh-01,hy,.kle,.jh, mzhjzmi, afar,.gchk V-C.8

Y^`acxziagKphh-01,hy,.kle,.jh, mzhjzmi, afar,.gchk V-C.8

RootKey:

RootKey:

RegDelKey:

RegDelKey:

(FF) TUninstallExecuter.RestoreBrwAddrSearch: OpCode=

(FF) TUninstallExecuter.RestoreBrwAddrSearch: OpCode=

Opera SP is in use, can't restore

Opera SP is in use, can't restore

TUninstallExecuter.RestoreBrwSearchProvider: OpCode=

TUninstallExecuter.RestoreBrwSearchProvider: OpCode=

FireFox SP is in use, can't restore

FireFox SP is in use, can't restore

ExecuteCmd: key=

ExecuteCmd: key=

KillProcess: key=

KillProcess: key=

: key=

: key=

Remaining uninstall instructions after exeution:

Remaining uninstall instructions after exeution:

ExecuteCmd:

ExecuteCmd:

ExecuteCmd: ExitCode:

ExecuteCmd: ExitCode:

CJ[hx.Xu

CJ[hx.Xu

Downloading Bundles data from adServer on url:

Downloading Bundles data from adServer on url:

,,XW2.lu

,,XW2.lu

,.cwLlgmc5.O-]

,.cwLlgmc5.O-]

NAER_[URNDT].Lw

NAER_[URNDT].Lw

Report main param:

Report main param:

Exclusive Execution mode is switched to:

Exclusive Execution mode is switched to:

Report param

Report param

Report param:

Report param:

Package execution returned bad ExitCode:

Package execution returned bad ExitCode:

Package execution failed, bad ErrorCode:

Package execution failed, bad ErrorCode:

LJ_.ge

LJ_.ge

fxk S,Cym^rk.Um

fxk S,Cym^rk.Um

ole32.dll

ole32.dll

olepro32.dll

olepro32.dll

IWebBrowser

IWebBrowser

IWebBrowserApp

IWebBrowserApp

IWebBrowser2

IWebBrowser2

TEWBWindowSetResizable

TEWBWindowSetResizable

TEWBWindowSetLeft

TEWBWindowSetLeft

TEWBWindowSetTop

TEWBWindowSetTop

TEWBWindowSetWidth

TEWBWindowSetWidth

TEWBWindowSetHeight

TEWBWindowSetHeight

bstrUrlContext

bstrUrlContext

bstrUrl

bstrUrl

OnWindowSetResizablelp8

OnWindowSetResizablelp8

OnWindowSetLeft

OnWindowSetLeft

OnWindowSetTop

OnWindowSetTop

OnWindowSetWidth

OnWindowSetWidth

OnWindowSetHeightTq8

OnWindowSetHeightTq8

grfKeyState

grfKeyState

TComTargetExecEvent

TComTargetExecEvent

CmdGroup

CmdGroup

nCmdID

nCmdID

nCmdexecopt

nCmdexecopt

hhctrl.ocx

hhctrl.ocx

URLMON.DLL

URLMON.DLL

SHDOCLC.DLL

SHDOCLC.DLL

rcmDefault

rcmDefault

rcmDebug

rcmDebug

DontExecuteScripts

DontExecuteScripts

DontExecuteJava

DontExecuteJava

DontExecuteActiveX

DontExecuteActiveX

DisableUrlIfEncodingUTF8

DisableUrlIfEncodingUTF8

EnableUrlIfEncodingUTF8

EnableUrlIfEncodingUTF8

CheckFontSupportsCodePage

CheckFontSupportsCodePage

DisableSubmitUrlInUTF8

DisableSubmitUrlInUTF8

EnableSubmitUrlInUTF8

EnableSubmitUrlInUTF8

lpMsg

lpMsg

PMsg

PMsg

pguidCmdGroup

pguidCmdGroup

TTranslateUrlEvent

TTranslateUrlEvent

pchURLIn

pchURLIn

ppchURLOut

ppchURLOut

CmdID

CmdID

pszUrl

pszUrl

pszUrlContext

pszUrlContext

szPassWord

szPassWord

ErrorUrl

ErrorUrl

OptionKeyPath

OptionKeyPath

OverrideOptionKeyPath

OverrideOptionKeyPath

OnEnableModelessh

OnEnableModelessh

OnTranslateUrl

OnTranslateUrl

OnCommandExec

OnCommandExec

'%s' is not supported.

'%s' is not supported.

TMsgEvent

TMsgEvent

TKeyEventEx

TKeyEventEx

Port

Port

Password

Password

poPortrait

poPortrait

OnKeyDownP

OnKeyDownP

0.750000

0.750000

3333333

3333333

\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform

\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform

User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)(

User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)(

This object does not support this method (

This object does not support this method (

Unsupported type for Parameter with Index %d

Unsupported type for Parameter with Index %d

Method call unsuccessful. Object: %s, Method: %s, Exception: %s , Source: %s.

Method call unsuccessful. Object: %s, Method: %s, Exception: %s , Source: %s.

hXXp://

hXXp://

hXXps://

hXXps://

eiOnKeyDown

eiOnKeyDown

eiOnKeyPress

eiOnKeyPress

eiOnKeyUp

eiOnKeyUp

OnKeyDown

OnKeyDown

OnKeyPress

OnKeyPress

Handler with EventID = %s already exists.

Handler with EventID = %s already exists.

Error on IConnectionPoint.Advise

Error on IConnectionPoint.Advise

Source don't have connection point for [%s]

Source don't have connection point for [%s]

JS function sync-execution failed with message:

JS function sync-execution failed with message:

] execution failed with message:

] execution failed with message:

MAPI32.DLL

MAPI32.DLL

LeftPopup

LeftPopup

not supported

not supported

YR-0,xh]izn.cQ

YR-0,xh]izn.cQ

2.1.0.0

2.1.0.0

This exe was created with an old version of HtmlAppMaker.

This exe was created with an old version of HtmlAppMaker.

https

https

Log server Url is invalid:

Log server Url is invalid:

Sending Log to the following Url:

Sending Log to the following Url:

Log Http request has failed, res:

Log Http request has failed, res:

MSGALL

MSGALL

irsoMsgDialog

irsoMsgDialog

irsoJoinPath

irsoJoinPath

irsoGetCmdLineParam

irsoGetCmdLineParam

irsoGetCmdLineCount

irsoGetCmdLineCount

irsoGetCmdLineIndexOf

irsoGetCmdLineIndexOf

irsoGetCmdLineParamValue

irsoGetCmdLineParamValue

irsoGetCmdLineAll

irsoGetCmdLineAll

irsoRegCreateKey

irsoRegCreateKey

irsoRegCreateKeyTree

irsoRegCreateKeyTree

irsoRegDeleteKey

irsoRegDeleteKey

irsoIsRegKeyExists

irsoIsRegKeyExists

irsoRegListKeyValues

irsoRegListKeyValues

irsoRegListKeyKeys

irsoRegListKeyKeys

irsoRegSearchKeyKeys

irsoRegSearchKeyKeys

irsoRegCopyKey

irsoRegCopyKey

irsoHttpGetData

irsoHttpGetData

irsoHttpGetDataInThread

irsoHttpGetDataInThread

irsoLibraryExecuteProc

irsoLibraryExecuteProc

irsoLibraryExecuteProcW

irsoLibraryExecuteProcW

irsoLibraryExecuteProcWithResult

irsoLibraryExecuteProcWithResult

!irsoLibraryExecuteProcWithResultW

!irsoLibraryExecuteProcWithResultW

irsoExecute

irsoExecute

irsoIsMutexExists

irsoIsMutexExists

irsoCreatePipeServer

irsoCreatePipeServer

irsoStopPipeServer

irsoStopPipeServer

irsoSendDataToPipeServer

irsoSendDataToPipeServer

irsoGetWebBrowserHandle

irsoGetWebBrowserHandle

irsoGetCurExeCheckSum

irsoGetCurExeCheckSum

irsoGetExeInjection

irsoGetExeInjection

irsoSetSQLiteDll

irsoSetSQLiteDll

irsoGetSQLiteDll

irsoGetSQLiteDll

irsoLocateSQLiteDll

irsoLocateSQLiteDll

TExecArgsX

TExecArgsX

.html

.html

H-4,njBdi-2,o-4,r.vY

H-4,njBdi-2,o-4,r.vY

-4,fhxXahcxgw.rg

-4,fhxXahcxgw.rg

gghYcjrf.ae

gghYcjrf.ae

jehGbeags.qB

jehGbeags.qB

PIPE_DATA

PIPE_DATA

PIPE

PIPE

-0,cnyzgcEi.Tc

-0,cnyzgcEi.Tc

LNYCD_^.eP

LNYCD_^.eP

HMVH9>.PE

HMVH9>.PE

-3,1 T-1,`-4,b-4,w37 P,abov=.vN

-3,1 T-1,`-4,b-4,w37 P,abov=.vN

IE WebBrowser docRendMode:

IE WebBrowser docRendMode:

IE WebBrowser docRendMode is not 7 (

IE WebBrowser docRendMode is not 7 (

THtmlUIExeAppU

THtmlUIExeAppU

Pipe [

Pipe [

HtmlUIExeApp

HtmlUIExeApp

Pipe command unknown:

Pipe command unknown:

gbo`dhfm.cV

gbo`dhfm.cV

irsoExecutePackage

irsoExecutePackage

irsoReportPackageError

irsoReportPackageError

irsoReportPackageSkip

irsoReportPackageSkip

irsoReportPackageQuit

irsoReportPackageQuit

irsoReportPackageSuccess

irsoReportPackageSuccess

irsoReportPackageInfo

irsoReportPackageInfo

irsoGetPackageFilenameFromHttp

irsoGetPackageFilenameFromHttp

irsoGetPackageExecExitCode

irsoGetPackageExecExitCode

irsoGetPackageExecResult

irsoGetPackageExecResult

irsoGetPackageDwnldUrls

irsoGetPackageDwnldUrls

irsoSetPackageRelProgressShare

irsoSetPackageRelProgressShare

irsoIsFireFoxInstalled

irsoIsFireFoxInstalled

irsoIsChromeInstalled

irsoIsChromeInstalled

irsoIsOperaInstalled

irsoIsOperaInstalled

irsoGetFireFoxHomePage

irsoGetFireFoxHomePage

irsoGetChromeHomePage

irsoGetChromeHomePage

irsoGetOperaHomePage

irsoGetOperaHomePage

irsoSetFireFoxHomePage

irsoSetFireFoxHomePage

irsoSetChromeHomePage

irsoSetChromeHomePage

irsoSetOperaHomePage

irsoSetOperaHomePage

irsoSetChromeOnStartup

irsoSetChromeOnStartup

irsoAddChromeUrlToStartupPages

irsoAddChromeUrlToStartupPages

irsoGetFireFoxDefaultSP

irsoGetFireFoxDefaultSP

irsoGetChromeDefaultSP

irsoGetChromeDefaultSP

irsoGetOperaDefaultSP

irsoGetOperaDefaultSP

irsoAddFireFoxDefaultSPFromXML

irsoAddFireFoxDefaultSPFromXML

irsoAddFireFoxDefaultSP

irsoAddFireFoxDefaultSP

irsoSetFireFoxAddressBar

irsoSetFireFoxAddressBar

irsoAddOperaDefaultSP

irsoAddOperaDefaultSP

irsoAddChromeDefaultSP

irsoAddChromeDefaultSP

irsoGetFireFoxEXE

irsoGetFireFoxEXE

irsoGetIEEXE

irsoGetIEEXE

irsoGetChromeEXE

irsoGetChromeEXE

irsoGetOperaEXE

irsoGetOperaEXE

irsoGetFireFoxVer

irsoGetFireFoxVer

irsoGetChromeVer

irsoGetChromeVer

irsoGetOperaVer

irsoGetOperaVer

irsoLocateSQLite

irsoLocateSQLite

irsoGetFireFoxCookie

irsoGetFireFoxCookie

irsoGetChromeCookie

irsoGetChromeCookie

irsoIsFireFoxExtensionInstalled

irsoIsFireFoxExtensionInstalled

irsoInstallFireFoxAddon

irsoInstallFireFoxAddon

irsoInstallChromeAddon

irsoInstallChromeAddon

irsoUninstallAddExeCmd

irsoUninstallAddExeCmd

irsoUninstallAddOpenBrowserCmd

irsoUninstallAddOpenBrowserCmd

irsoUninstallAddRegistryKey

irsoUninstallAddRegistryKey

irsoUninstallExecute

irsoUninstallExecute

irsoReportStart

irsoReportStart

irsoReportInfo

irsoReportInfo

irsoSetExclusiveExec

irsoSetExclusiveExec

isroSetReportUrl

isroSetReportUrl

-11,jycmjaOaahDgvyc-11.Pg

-11,jycmjaOaahDgvyc-11.Pg

An attempt to download bundle data was denied: adServer domain name must remain the same! Url:

An attempt to download bundle data was denied: adServer domain name must remain the same! Url:

_moCjx^cJbh.VJ

_moCjx^cJbh.VJ

Report Url changed dynamically from:

Report Url changed dynamically from:

\fuj-1,w U,P\O U,qah`k,.nlvcbqff,-U>

\fuj-1,w U,P\O U,qah`k,.nlvcbqff,-U>

\GCAPMA][.oj

\GCAPMA][.oj

TcUlue.PL

TcUlue.PL

W`mmqzeon,.wvamaff P,4.]

W`mmqzeon,.wvamaff P,4.]

z`o1caig2,.hf5b Q,0cfh)914`,,34`6;ia2f=ae-3,L1

z`o1caig2,.hf5b Q,0cfh)914`,,34`6;ia2f=ae-3,L1

[eckbn R-2,a, kgg-4,khbbxl,.blzzjneky R,N[B,,-G.9

[eckbn R-2,a, kgg-4,khbbxl,.blzzjneky R,N[B,,-G.9

FbghLbtaYhe.AU

FbghLbtaYhe.AU

1.2.1

1.2.1

inflate 1.2.1 Copyright 1995-2003 Mark Adler

inflate 1.2.1 Copyright 1995-2003 Mark Adler

?456789:;

?456789:;

!"#$%&'()* ,-./0123

!"#$%&'()* ,-./0123

TBv}.Bv

TBv}.Bv

333333333333333333

333333333333333333

33333833

33333833

3333339

3333339

3333333333333338

3333333333333338

:*"*"$3338

:*"*"$3338

33333333

33333333

33333333333

33333333333

3333333333338

3333333333338

33338?383

33338?383

333333333333

333333333333

:*3:"$3338

:*3:"$3338

333333333333333

333333333333333

.xOuk

.xOuk

F

F

.s6%u

.s6%u

]%ZI%s

]%ZI%s

5ñ1

5ñ1

.xXoX

.xXoX

z.gvPT

z.gvPT

z.qq4?

z.qq4?

U.mlv

U.mlv

-.uRE{EI

-.uRE{EI

..kSQ

..kSQ

YnE%DM

YnE%DM

.bU|>"QQ

.bU|>"QQ

WaitNamedPipeA

WaitNamedPipeA

PeekNamedPipe

PeekNamedPipe

GetWindowsDirectoryW

GetWindowsDirectoryW

GetCPInfo

GetCPInfo

DisconnectNamedPipe

DisconnectNamedPipe

CreatePipe

CreatePipe

CreateNamedPipeA

CreateNamedPipeA

ConnectNamedPipe

ConnectNamedPipe

RegQueryInfoKeyA

RegQueryInfoKeyA

RegOpenKeyExW

RegOpenKeyExW

RegOpenKeyExA

RegOpenKeyExA

RegFlushKey

RegFlushKey

RegEnumKeyW

RegEnumKeyW

RegEnumKeyExA

RegEnumKeyExA

RegDeleteKeyW

RegDeleteKeyW

RegDeleteKeyA

RegDeleteKeyA

RegCreateKeyExW

RegCreateKeyExW

RegCreateKeyExA

RegCreateKeyExA

RegCloseKey

RegCloseKey

SetViewportOrgEx

SetViewportOrgEx

ShellExecuteExW

ShellExecuteExW

UnhookWindowsHookEx

UnhookWindowsHookEx

SetWindowsHookExA

SetWindowsHookExA

MapVirtualKeyA

MapVirtualKeyA

LoadKeyboardLayoutA

LoadKeyboardLayoutA

GetKeyboardState

GetKeyboardState

GetKeyboardLayoutList

GetKeyboardLayoutList

GetKeyboardLayout

GetKeyboardLayout

GetKeyState

GetKeyState

GetKeyNameTextA

GetKeyNameTextA

GetAsyncKeyState

GetAsyncKeyState

EnumWindows

EnumWindows

EnumThreadWindows

EnumThreadWindows

EnumChildWindows

EnumChildWindows

ActivateKeyboardLayout

ActivateKeyboardLayout

GetKeyboardType

GetKeyboardType

"$ %),'8

"$ %),'8

38000=344

38000=344

&W%%C)1

&W%%C)1

.AF{H)

.AF{H)

H.JXA

H.JXA

1 0 .'7(2':

1 0 .'7(2':

- /*-( ,'.-!$$$&'('/*) ,*/.)*72-7)

- /*-( ,'.-!$$$&'('/*) ,*/.)*72-7)

&)"%&$&'&",,/- '

&)"%&$&'&",,/- '

944(@32%2u8

944(@32%2u8

.PMDF

.PMDF

&&'%%'%'%

&&'%%'%'%

.idata

.idata

.edata

.edata

P.reloc

P.reloc

P.rsrc

P.rsrc

'.-!6&'(' )

'.-!6&'(' )

#-**(-#,

#-**(-#,

&",,/- '

&",,/- '

p.PMDF

p.PMDF

CP.re

CP.re

Attempt to access registry key: "

Attempt to access registry key: "

supported by OS for "HKEY_CURRENT_USER\Software\"; access directly under "HKEY_CURRENT_USER\Software\Wow6432Node".

supported by OS for "HKEY_CURRENT_USER\Software\"; access directly under "HKEY_CURRENT_USER\Software\Wow6432Node".

SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

!Found Firefox sqlite dll at:

!Found Firefox sqlite dll at:

!Reading firefox cookies without sqlite.dll support

!Reading firefox cookies without sqlite.dll support

!Reading Chrome cookies without sqlite.dll support

!Reading Chrome cookies without sqlite.dll support

DoAddChromeStartupPage

DoAddChromeStartupPage

GetChromeDefaultSearchProviderFromDb - failed to get spid, returning default!

GetChromeDefaultSearchProviderFromDb - failed to get spid, returning default!

AddChromeSP: no profiles

AddChromeSP: no profiles

DoSetChromeExistingSP:no sql lite

DoSetChromeExistingSP:no sql lite

DoRemoveOperaSearchProvider - cannot remove

DoRemoveOperaSearchProvider - cannot remove

" was sucessfully removed but references to its HexKey: "

" was sucessfully removed but references to its HexKey: "

Stopping default pipe server

Stopping default pipe server

There is no source with range support for connection, picking one without.

There is no source with range support for connection, picking one without.

None of our requests are passing in Proxy Mode - suspecting inability to download from current server, trying another HEAD request to make sure.

None of our requests are passing in Proxy Mode - suspecting inability to download from current server, trying another HEAD request to make sure.

File size seems to be changed from the same source after HEAD request, suspecting rare case of lack of HEAD support - disabling it.

File size seems to be changed from the same source after HEAD request, suspecting rare case of lack of HEAD support - disabling it.

Only HEAD requests are passing in Proxy Mode - unable to work with this server (probably no Range support)

Only HEAD requests are passing in Proxy Mode - unable to work with this server (probably no Range support)

TDownloadAccelerator.Run() was ignored, since another download is currently in progress.

TDownloadAccelerator.Run() was ignored, since another download is currently in progress.

Urls:

Urls:

Pause request ignored, servers without HTTP Range support will cause download restart.

Pause request ignored, servers without HTTP Range support will cause download restart.

The source dropped range support.

The source dropped range support.

The source does not have range support - ignored range request.

The source does not have range support - ignored range request.

UnregDLL executed: "

UnregDLL executed: "

ExecuteCmd: Exe:

ExecuteCmd: Exe:

Waiting for all the ongoing reports to complete...

Waiting for all the ongoing reports to complete...

; main package already reported

; main package already reported

InstallerName altered after at least one report already sent.

InstallerName altered after at least one report already sent.

package already reported

package already reported

Starting execute, exe:

Starting execute, exe:

MSI package detected. switching to synchronic package execution

MSI package detected. switching to synchronic package execution

errorUrl

errorUrl

Failed to launch htmlUI from the following url:

Failed to launch htmlUI from the following url:

Log server Url is not provided.

Log server Url is not provided.

Log Http request has timed out.

Log Http request has timed out.

Remote mask loading is currently not supported. mask:

Remote mask loading is currently not supported. mask:

Setting SQLite dll path to:

Setting SQLite dll path to:

Registry entry removed: HtmlUI Browser object's IE7 fallback support is now enabled.

Registry entry removed: HtmlUI Browser object's IE7 fallback support is now enabled.

There is a registry hack to prevent HtmlUI Browser object's IE7 fallback - failed to remove it (HKEY_CURRENT_USER).

There is a registry hack to prevent HtmlUI Browser object's IE7 fallback - failed to remove it (HKEY_CURRENT_USER).

There is a registry hack to prevent HtmlUI Browser object's IE7 fallback - failed to remove it (HKEY_LOCAL_MACHINE).

There is a registry hack to prevent HtmlUI Browser object's IE7 fallback - failed to remove it (HKEY_LOCAL_MACHINE).

Loading in stealth mode, url:

Loading in stealth mode, url:

Read form default pipe timed out, can't determine if there's another instance running

Read form default pipe timed out, can't determine if there's another instance running

Pipe server TIMED OUT , can't determine if there's another instance running. continuing..

Pipe server TIMED OUT , can't determine if there's another instance running. continuing..

CANNOT start default pipe server, possible reason is that another instance of this installer is stuck

CANNOT start default pipe server, possible reason is that another instance of this installer is stuck

Please login as administrator and try again.

Please login as administrator and try again.

Installer Account Name altered after at least one report already sent.

Installer Account Name altered after at least one report already sent.

isroSetReportUrl() was ignored due to lack of Privelege Mode.

isroSetReportUrl() was ignored due to lack of Privelege Mode.

Installer Report Url changed after at least one report already sent.

Installer Report Url changed after at least one report already sent.

OLE error %.8x%License information for %s is invalidPLicense information for %s not found. You cannot use this control in design modeNUnable to retrieve a pointer to a running object registered with OLE for %s/%s

OLE error %.8x%License information for %s is invalidPLicense information for %s not found. You cannot use this control in design modeNUnable to retrieve a pointer to a running object registered with OLE for %s/%s

No help found for %s#No context-sensitive help installed$No topic-based help system installed6Cipher has already been padded, cannot process message,Cipher is not in valid state for this action4Message length for %s must be a multiple of %d bytes1Keymaterial is too large for use (Security Issue)0Initvector is too large for use (Security Issue))Hash function have to many bits processed

No help found for %s#No context-sensitive help installed$No topic-based help system installed6Cipher has already been padded, cannot process message,Cipher is not in valid state for this action4Message length for %s must be a multiple of %d bytes1Keymaterial is too large for use (Security Issue)0Initvector is too large for use (Security Issue))Hash function have to many bits processed

OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters

OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters

Alt Clipboard does not support Icons/Menu '%s' is already being used by another form

Alt Clipboard does not support Icons/Menu '%s' is already being used by another form

!Control '%s' has no parent window

!Control '%s' has no parent window

Metafile is not valid!Cannot change the size of an icon Invalid operation on TOleGraphic

Metafile is not valid!Cannot change the size of an icon Invalid operation on TOleGraphic

Unsupported clipboard format

Unsupported clipboard format

Invalid data type for '%s' List capacity out of bounds (%d)

Invalid data type for '%s' List capacity out of bounds (%d)

List count out of bounds (%d)

List count out of bounds (%d)

List index out of bounds (%d) Out of memory while expanding memory stream

List index out of bounds (%d) Out of memory while expanding memory stream

Error reading %s%s%s: %s

Error reading %s%s%s: %s

Failed to get data for '%s'

Failed to get data for '%s'

Failed to set data for '%s'

Failed to set data for '%s'

Resource %s not found

Resource %s not found

%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group

%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group

Property %s does not exist

Property %s does not exist

Cannot assign a %s to a %s

Cannot assign a %s to a %s

Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread

Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread

Class %s not found

Class %s not found

A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates

A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates

Cannot create file %s

Cannot create file %s

Cannot open file %s

Cannot open file %s

Invalid stream format$''%s'' is not a valid component name

Invalid stream format$''%s'' is not a valid component name

Ancestor for '%s' not found

Ancestor for '%s' not found

External exception %x

External exception %x

Interface not supported

Interface not supported

%s (%s, line %d)

%s (%s, line %d)

Abstract Error?Access violation at address %p in module '%s'. %s of address %p

Abstract Error?Access violation at address %p in module '%s'. %s of address %p

System Error. Code: %d.

System Error. Code: %d.

Invalid variant operation!Invalid variant operation ($%.8x)

Invalid variant operation!Invalid variant operation ($%.8x)

Variant is not an array5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)

Variant is not an array5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)

Operation not supported

Operation not supported

Integer overflow Invalid floating point operation

Integer overflow Invalid floating point operation

Invalid pointer operation

Invalid pointer operation

Invalid class typecast0Access violation at address %p. %s of address %p

Invalid class typecast0Access violation at address %p. %s of address %p

Privileged instruction(Exception %s in module %s at %p.

Privileged instruction(Exception %s in module %s at %p.

Application Error1Format '%s' invalid or incompatible with argument

Application Error1Format '%s' invalid or incompatible with argument

No argument for format '%s'"Variant method calls not supported

No argument for format '%s'"Variant method calls not supported

!'%s' is not a valid integer value('%s' is not a valid floating point value"'%s' is not a valid currency value!'%g' is not a valid date and time

!'%s' is not a valid integer value('%s' is not a valid floating point value"'%s' is not a valid currency value!'%g' is not a valid date and time

'%s' is not a valid GUID value

'%s' is not a valid GUID value

I/O error %d

I/O error %d