Skip to main content

Gen.Variant.Application.Bundler.AirInstaller.4_ad90282585


not-a-virus:AdWare.Win32.AirAdInstaller.emlr (Kaspersky), Gen:Variant.Application.Bundler.AirInstaller.4 (AdAware), Trojan.Win32.Swrort.3.FD, PUPAirInstaller.YR (Lavasoft MAS)Behaviour: Trojan, Installer, PUP, Adware

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

MD5: ad9028258507fa101bd6ee61648079b8

SHA1: 19f8e9626d7d05674c3ea68bf461c38381e7f248

SHA256: 89159ee3700e800c22254a7d86188f5a6d7a162bc974cd2fd93b20b9109cae45

SSDeep: 24576:Jvq1g6y9SD2WZmDSbF2ZNaFegKbOq/F0rTLX/Blr:JkQ9jWZmDSbKQFecq/FkL

Size: 833960 bytes

File type: EXE

Platform: WIN32

Entropy: Packed

PEID: UPolyXv05_v6

Company: no certificate found

Created at: 2013-10-16 19:58:11

Analyzed on: WindowsXP SP3 32-bit

Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Dynamic Analysis

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

dwwin.exe:1528

The Trojan injects its code into the following process(es):

%original file name%.exe:452

Mutexes

The following mutexes were created/opened:

RasPbFileWininetProxyRegistryMutexWininetConnectionMutexWininetStartupMutexc:!documents and settings!adm!local settings!history!history.ie5!c:!documents and settings!adm!cookies!c:!documents and settings!adm!local settings!temporary internet files!content.ie5!_!MSFTHISTORY!_INSTALLER-238EA140-C13E-31F2-E1C5-106067709672AirInstaller-AdminShimCacheMutexZonesLockedCacheCounterMutexZonesCacheCounterMutexZonesCounterMutexoleacc-msaa-loaded

File activity

The process dwwin.exe:1528 makes changes in the file system.


The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\2507CC.dmp (137335 bytes)

The process %original file name%.exe:452 makes changes in the file system.


The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\50a_appcompat.txt (6214 bytes)

Registry activity

The process dwwin.exe:1528 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7F 63 C5 B4 78 31 27 9F 22 BA 42 1F 92 5A C0 2F"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process %original file name%.exe:452 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "79 F6 8F DB B9 F8 70 1C FE 8D 1B B3 DF F8 3C 65"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following registry key(s):

[HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

[HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW]
"DWFileTreeRoot"

Dropped PE files

There are no dropped PE files.

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

Removals

Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.

Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    dwwin.exe:1528

  2. Delete the original Trojan file.
  3. Delete or disinfect the following files created/modified by the Trojan:

    %Documents and Settings%\%current user%\Local Settings\Temp\2507CC.dmp (137335 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\50a_appcompat.txt (6214 bytes)

  4. Reboot the computer.
*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Static Analysis

VersionInfo

Company Name: AirInstaller
Product Name: Google Chrome
Product Version: 2.0.4.53
Legal Copyright: (c) AirInstaller
Legal Trademarks:
Original Filename: setup.exe
Internal Name: setup.exe
File Version: 2.0.4.53
File Description: Google Chrome
Comments:
Language: English

Company Name: AirInstaller Product Name: Google ChromeProduct Version: 2.0.4.53Legal Copyright: (c) AirInstaller Legal Trademarks: Original Filename: setup.exeInternal Name: setup.exeFile Version: 2.0.4.53File Description: Google ChromeComments: Language: English

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
UPX04096167936000d41d8cd98f00b204e9800998ecf8427e
UPX116834567946247941125.49488f1d9aa3682ca0a29f3728d02f8e9f9d8
.rsrc247808036864337922.85771fd1facab73b786f3c8a3086e638cbc63

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:


Total found: 81
c5e7a47edd51d6af06974d7a989e7db5
ab7a4ad347f7900a83971e52ee1cfeec
9ba67b7405de866d27299424b66b11cc
47e948180d0f9baeafd0d3d169c6a446
157faf62f396598be6444fcfbf46c94f
73fb7bf3a15ff1537bc7eb190b37a029
6307000f5a77b6543024548069771936
c44307110ce740a165cf049866f90512
8b3615fd6fc5a1ecdc32996a112b19b3
ddea1a6adeeda02211049bc681a8bed6
96a53ab311ef027863f0a264aad451c6
ca8c15edfe777ee06d0e1a8c4d11ad8b
088fcebe2e569dcf7966efa364c5273d
cd3c401b5912ede4534bf307c8c75ba9
76e40346a3e8774f9b908d2673d261fe
b2447cefe8dcae2640ff5278300c203b
cc389acebf16263fe5aa96888193c531
82174c16751f5557db6d71eb6ae24d89
86a49b3f6d4f9f9ec2c5cc6051a55f52
2747cb378d86ce8327e87d5a4af9fa2f
f4a8fa52398dced5d9c6e455b870e0bd
4b60bc21df40e1c1357be4253c84d5a8
006cf4967db4f5cf8edd51cafb11f1b3
95bb9b9e2e172ed6a75e468181c012be
a520eef7f5b9f3e145687f6d17208570

Network Activity

URLs

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

Map

The Trojan connects to the servers at the folowing location(s):

Strings from Dumps

%original file name%.exe_452:

`.rsrc

`.rsrc

f;T$.uBf

f;T$.uBf

t.hd2Z

t.hd2Z

t.ht?Z

t.ht?Z

t'SShl

t'SShl

QSShh_\

QSShh_\

tFHt:Ht.Ht"Hu`

tFHt:Ht.Ht"Hu`

j%XtL9E

j%XtL9E

u$SShe

u$SShe

FTCP

FTCP

SSSSh

SSSSh

tAHt.HHt

tAHt.HHt

SSh@B

SSh@B

FtPW

FtPW

tl9_ tgSSh

tl9_ tgSSh

s%j.Zf

s%j.Zf

xSSSh

xSSSh

FTPjKS

FTPjKS

FtPj;S

FtPj;S

C.PjRV

C.PjRV

CNotSupportedException

CNotSupportedException

CCmdTarget

CCmdTarget

RegDeleteKeyTransactedW

RegDeleteKeyTransactedW

CHttpConnection

CHttpConnection

CHttpFile

CHttpFile

RegDeleteKeyExW

RegDeleteKeyExW

TaskDialogIndirect

TaskDialogIndirect

CMDITabProxyWnd

CMDITabProxyWnd

CMDIChildWndEx

CMDIChildWndEx

CMDIFrameWndEx

CMDIFrameWndEx

CMDIClientAreaWnd

CMDIClientAreaWnd

CMFCToolBarsKeyboardPropertyPage

CMFCToolBarsKeyboardPropertyPage

cmd.exe

cmd.exe

GetProcessWindowStation

GetProcessWindowStation

portuguese-brazilian

portuguese-brazilian

operator

operator

Visual C CRT: Not enough memory to complete call to strerror.

Visual C CRT: Not enough memory to complete call to strerror.

Broken pipe

Broken pipe

Inappropriate I/O control operation

Inappropriate I/O control operation

Operation not permitted

Operation not permitted

taskkill /f /im iexplore.exe

taskkill /f /im iexplore.exe

taskkill /f /im chrome.exe

taskkill /f /im chrome.exe

taskkill /F /IM firefox.exe

taskkill /F /IM firefox.exe

Keys

Keys

RegOpenKeyTransactedW

RegOpenKeyTransactedW

RegCreateKeyTransactedW

RegCreateKeyTransactedW

background: url('hXXp://cdn.airdlrstatic.com/themes/images/modal-overlay.png') repeat;

background: url('hXXp://cdn.airdlrstatic.com/themes/images/modal-overlay.png') repeat;

overlay = document.getElementById('modal-overlay');

overlay = document.getElementById('modal-overlay');

if (overlay.style.display === 'none' && !display) {

if (overlay.style.display === 'none' && !display) {

overlay.style.display = display;

overlay.style.display = display;

if(document.getElementById('page0')){

if(document.getElementById('page0')){

document.getElementById('page0').style.visibility = 'visible';

document.getElementById('page0').style.visibility = 'visible';

document.getElementById('page0').style.display = 'block';

document.getElementById('page0').style.display = 'block';

document.getElementById('page' currentPage).style.visibility = 'hidden';

document.getElementById('page' currentPage).style.visibility = 'hidden';

document.getElementById('page' currentPage).style.display = 'none';

document.getElementById('page' currentPage).style.display = 'none';

document.getElementById('page' currentPage).style.visibility = 'visible';

document.getElementById('page' currentPage).style.visibility = 'visible';

document.getElementById('page' currentPage).style.display = 'block';

document.getElementById('page' currentPage).style.display = 'block';

var formsCollection = document.getElementsByTagName("form");

var formsCollection = document.getElementsByTagName("form");

for (var i = 0; i

for (var i = 0; i

var formName = formsCollection[i].name;

var formName = formsCollection[i].name;

//alert('formName: ' formName ' ' document.forms[formName].elements);

//alert('formName: ' formName ' ' document.forms[formName].elements);

if( typeof document.forms[formName].elements !== 'undefined' ){

if( typeof document.forms[formName].elements !== 'undefined' ){

for (var e = 0; e

for (var e = 0; e

if (document.forms[formName].elements[e].type == "button") {

if (document.forms[formName].elements[e].type == "button") {

if (document.forms[formName].elements[e].value == "Next" ||

if (document.forms[formName].elements[e].value == "Next" ||

document.forms[formName].elements[e].value == "Done" ||

document.forms[formName].elements[e].value == "Done" ||

document.forms[formName].elements[e].name == "Next"

document.forms[formName].elements[e].name == "Next"

document.forms[formName].elements[e].focus();

document.forms[formName].elements[e].focus();

for (var e = 0; e

for (var e = 0; e

if (offerForm.elements[e].type == "checkbox") {

if (offerForm.elements[e].type == "checkbox") {

offerForm.elements[e].disabled = 'disabled';

offerForm.elements[e].disabled = 'disabled';

for (var e = 0; e

for (var e = 0; e

if (offerForm.elements[e].type == "checkbox"

if (offerForm.elements[e].type == "checkbox"

&& offerForm.elements[e].name != "main" ) {

&& offerForm.elements[e].name != "main" ) {

offerForm.elements[e].checked = true;

offerForm.elements[e].checked = true;

var all = document.getElementsByTagName('*');

var all = document.getElementsByTagName('*');

for(var i=0; i

for(var i=0; i

var hide_options_element = document.getElementById('hidden_options');

var hide_options_element = document.getElementById('hidden_options');

hide_options_element.style.visibility = 'hidden';

hide_options_element.style.visibility = 'hidden';

if (offerForm.elements[e].type == "checkbox" && offerForm.elements[e].name != "main" ) {

if (offerForm.elements[e].type == "checkbox" && offerForm.elements[e].name != "main" ) {

offerForm.elements[e].disabled = '';

offerForm.elements[e].disabled = '';

for(var i=0; i

for(var i=0; i

var hide_options_element = document.getElementById('hidden_options');

var hide_options_element = document.getElementById('hidden_options');

hide_options_element.style.visibility = 'visible';

hide_options_element.style.visibility = 'visible';

if (requiredCheckbox.checked == true) {

if (requiredCheckbox.checked == true) {

for (var e = 0; e

for (var e = 0; e

if (requiredCheckbox.form.elements[e] != requiredCheckbox

if (requiredCheckbox.form.elements[e] != requiredCheckbox

&& requiredCheckbox.form.elements[e].type == "checkbox"

&& requiredCheckbox.form.elements[e].type == "checkbox"

&& requiredCheckbox.form.elements[e].name != "main"

&& requiredCheckbox.form.elements[e].name != "main"

&& ( "required" in requiredCheckbox.form.elements[e] && requiredCheckbox.form.elements[e].required.indexOf("false") > -1)

&& ( "required" in requiredCheckbox.form.elements[e] && requiredCheckbox.form.elements[e].required.indexOf("false") > -1)

requiredCheckbox.form.elements[e].checked = true;

requiredCheckbox.form.elements[e].checked = true;

requiredCheckbox.form.elements[e].checked = false;

requiredCheckbox.form.elements[e].checked = false;

if (nonRequiredCheckbox.checked == true) {

if (nonRequiredCheckbox.checked == true) {

for (var e = 0; e

for (var e = 0; e

if (nonRequiredCheckbox.form.elements[e] != nonRequiredCheckbox

if (nonRequiredCheckbox.form.elements[e] != nonRequiredCheckbox

&& nonRequiredCheckbox.form.elements[e].type == "checkbox"

&& nonRequiredCheckbox.form.elements[e].type == "checkbox"

&& nonRequiredCheckbox.form.elements[e].name != "main"

&& nonRequiredCheckbox.form.elements[e].name != "main"

&& ( "required" in nonRequiredCheckbox.form.elements[e] && nonRequiredCheckbox.form.elements[e].required.indexOf("true") > -1)

&& ( "required" in nonRequiredCheckbox.form.elements[e] && nonRequiredCheckbox.form.elements[e].required.indexOf("true") > -1)

nonRequiredCheckbox.form.elements[e].checked = true;

nonRequiredCheckbox.form.elements[e].checked = true;

e = nonRequiredCheckbox.form.elements.length; // done

e = nonRequiredCheckbox.form.elements.length; // done

function clickIE() {if (document.all) {(message);return false;}}

function clickIE() {if (document.all) {(message);return false;}}

(document.layers||(document.getElementById&&!document.all)) {

(document.layers||(document.getElementById&&!document.all)) {

if (e.which==2||e.which==3) {(message);return false;}}}

if (e.which==2||e.which==3) {(message);return false;}}}

if (document.layers)

if (document.layers)

{document.captureEvents(Event.MOUSEDOWN);document.onmousedown=clickNS;}

{document.captureEvents(Event.MOUSEDOWN);document.onmousedown=clickNS;}

else{document.onmouseup=clickNS;document.oncontextmenu=clickIE;}

else{document.onmouseup=clickNS;document.oncontextmenu=clickIE;}

document.oncontextmenu=new Function("return false")

document.oncontextmenu=new Function("return false")

document.onselectstart=new Function ("return false")

document.onselectstart=new Function ("return false")

if (window.sidebar){

if (window.sidebar){

document.onmousedown=disableselect

document.onmousedown=disableselect

document.onclick=reEnable

document.onclick=reEnable

span.advanced { color:#AAAAAA; padding:0px; }

span.advanced { color:#AAAAAA; padding:0px; }

inflate 1.1.3 Copyright 1995-1998 Mark Adler

inflate 1.1.3 Copyright 1995-1998 Mark Adler

CMDIChildWnd

CMDIChildWnd

CMDIFrameWnd

CMDIFrameWnd

Setup has finished installing %s on your computer.

Setup has finished installing %s on your computer.

      Please wait while %s is being installed.

      Please wait while %s is being installed.

Downloading %s.

Downloading %s.

style="width:80px; font-size:13; height:25px;" id="DeclineOffer" offer="%s" />

style="width:80px; font-size:13; height:25px;" id="DeclineOffer" offer="%s" />

style="width:160px; font-size:13; height:25px;" id="AcceptOffer" offer="%s" />

style="width:160px; font-size:13; height:25px;" id="AcceptOffer" offer="%s" />

%s

%s

%s Setup Wizard

%s Setup Wizard

Welcome to the %s Setup Wizard. This wizard will guide you through the installation of %s.

Welcome to the %s Setup Wizard. This wizard will guide you through the installation of %s.

&& requiredCheckbox.form.elements[e].name != "main" ) {

&& requiredCheckbox.form.elements[e].name != "main" ) {

&& requiredCheckbox.form.elements[e].type == "checkbox"

&& requiredCheckbox.form.elements[e].type == "checkbox"

e = requiredCheckbox.form.elements.length; // done

e = requiredCheckbox.form.elements.length; // done

span.advanced { color:#AAAAAA; padding:0px; }

span.advanced { color:#AAAAAA; padding:0px; }

C:\Users\jon\Documents\GitHub\Air-APP\Release\AirInstallerDistributed.pdb

C:\Users\jon\Documents\GitHub\Air-APP\Release\AirInstallerDistributed.pdb

.PAVCMemoryException@@

.PAVCMemoryException@@

.PAVCSimpleException@@

.PAVCSimpleException@@

.PAVCObject@@

.PAVCObject@@

.PAVCNotSupportedException@@

.PAVCNotSupportedException@@

.PAVCInvalidArgException@@

.PAVCInvalidArgException@@

.?AVCNotSupportedException@@

.?AVCNotSupportedException@@

.?AVCTestCmdUI@@

.?AVCTestCmdUI@@

.?AVCCmdUI@@

.?AVCCmdUI@@

.PAVCUserException@@

.PAVCUserException@@

.PAVCOleException@@

.PAVCOleException@@

.PAVCResourceException@@

.PAVCResourceException@@

.?AVCHttpConnection@@

.?AVCHttpConnection@@

.?AVCHttpFile@@

.?AVCHttpFile@@

.PAVCArchiveException@@

.PAVCArchiveException@@

.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@

.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@

.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@

.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@

.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WV12@PB_W@@

.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WV12@PB_W@@

.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WPAVCDocument@@PAV3@@@

.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WPAVCDocument@@PAV3@@@

.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W_N_N@@

.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W_N_N@@

.?AV?$CMap@PAVCDocument@@PAV1@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@@

.?AV?$CMap@PAVCDocument@@PAV1@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@@

.?AVCMFCToolBarCmdUI@@

.?AVCMFCToolBarCmdUI@@

.PAVCOleDispatchException@@

.PAVCOleDispatchException@@

.?AVCMFCCmdUsageCount@@

.?AVCMFCCmdUsageCount@@

.?AVCMDITabProxyWnd@@

.?AVCMDITabProxyWnd@@

.?AVCMDIChildWndEx@@

.?AVCMDIChildWndEx@@

.?AVCMDIFrameWndEx@@

.?AVCMDIFrameWndEx@@

.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WPAVCObList@@PAV3@@@

.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WPAVCObList@@PAV3@@@

.?AVCMFCColorBarCmdUI@@

.?AVCMFCColorBarCmdUI@@

.?AV?$CMap@KKV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@@

.?AV?$CMap@KKV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@@

.?AV?$CList@PAVCMDIChildWndEx@@PAV1@@@

.?AV?$CList@PAVCMDIChildWndEx@@PAV1@@@

.?AVCMDIClientAreaWnd@@

.?AVCMDIClientAreaWnd@@

.?AVCMFCRibbonCmdUI@@

.?AVCMFCRibbonCmdUI@@

.?AVCMFCToolBarsKeyboardPropertyPage@@

.?AVCMFCToolBarsKeyboardPropertyPage@@

.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WHH@@

.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WHH@@

.?AVCMFCAcceleratorKey@@

.?AVCMFCAcceleratorKey@@

.?AVCMFCRibbonKeyTip@@

.?AVCMFCRibbonKeyTip@@

.?AVCMFCAcceleratorKeyAssignCtrl@@

.?AVCMFCAcceleratorKeyAssignCtrl@@

zcÁ

zcÁ

.PAVCException@@

.PAVCException@@

.?AVCCmdTarget@@

.?AVCCmdTarget@@

.PAVCFileException@@

.PAVCFileException@@

.PAVCInternetException@@

.PAVCInternetException@@

.?AVCWebGrab@@

.?AVCWebGrab@@

.?AVCWebGrabSession@@

.?AVCWebGrabSession@@

.?AVCMDIChildWnd@@

.?AVCMDIChildWnd@@

.?AVCMDIFrameWnd@@

.?AVCMDIFrameWnd@@

@(69@(69@(69@(69@(69

@(69@(69@(69@(69@(69

GetProcessHeap

GetProcessHeap

GetCPInfo

GetCPInfo

RegOpenKeyExW

RegOpenKeyExW

RegCloseKey

RegCloseKey

RegEnumKeyW

RegEnumKeyW

RegDeleteKeyW

RegDeleteKeyW

RegEnumKeyExW

RegEnumKeyExW

RegQueryInfoKeyW

RegQueryInfoKeyW

RegCreateKeyExW

RegCreateKeyExW

SetViewportOrgEx

SetViewportOrgEx

OffsetViewportOrgEx

OffsetViewportOrgEx

SetViewportExtEx

SetViewportExtEx

ScaleViewportExtEx

ScaleViewportExtEx

GetViewportExtEx

GetViewportExtEx

GetViewportOrgEx

GetViewportOrgEx

GdiplusShutdown

GdiplusShutdown

ShellExecuteExW

ShellExecuteExW

ShellExecuteW

ShellExecuteW

UrlUnescapeW

UrlUnescapeW

IsValidURL

IsValidURL

URLDownloadToFileW

URLDownloadToFileW

CreateDialogIndirectParamW

CreateDialogIndirectParamW

SetWindowsHookExW

SetWindowsHookExW

UnhookWindowsHookEx

UnhookWindowsHookEx

GetKeyState

GetKeyState

GetKeyNameTextW

GetKeyNameTextW

MapVirtualKeyW

MapVirtualKeyW

GetKeyboardLayout

GetKeyboardLayout

GetKeyboardState

GetKeyboardState

MapVirtualKeyExW

MapVirtualKeyExW

GetAsyncKeyState

GetAsyncKeyState

HttpOpenRequestW

HttpOpenRequestW

HttpSendRequestW

HttpSendRequestW

HttpAddRequestHeadersW

HttpAddRequestHeadersW

InternetCanonicalizeUrlW

InternetCanonicalizeUrlW

InternetCrackUrlW

InternetCrackUrlW

HttpQueryInfoW

HttpQueryInfoW

InternetOpenUrlW

InternetOpenUrlW

DeleteUrlCacheEntryW

DeleteUrlCacheEntryW

$/$/$/$/

$/$/$/$/

2;%SK

2;%SK

]

]

3&.#3 $-

3&.#3 $-

##0#3131%&

##0#3131%&

###$#-$

###$#-$

.QICN,=3-?W7P53.51; #;-[3-M?-36#M-a>-053 ##--

.QICN,=3-?W7P53.51; #;-[3-M?-36#M-a>-053 ##--

0 $$ 0 0 ,4$,0 0,

0 $$ 0 0 ,4$,0 0,

$$ $ $$844

$$ $ $$844

((,$$$,$$,

((,$$$,$$,

.text

.text

`.rdata

`.rdata

@.data

@.data

.rsrc

.rsrc

@.reloc

@.reloc

var btnStalled = document.getElementById("NavigateStalled");

var btnStalled = document.getElementById("NavigateStalled");

btnStalled.click();

btnStalled.click();

true

true

KERNEL32.DLL

KERNEL32.DLL

ADVAPI32.dll

ADVAPI32.dll

COMCTL32.dll

COMCTL32.dll

COMDLG32.dll

COMDLG32.dll

GDI32.dll

GDI32.dll

gdiplus.dll

gdiplus.dll

IMM32.dll

IMM32.dll

MSIMG32.dll

MSIMG32.dll

ole32.dll

ole32.dll

OLEACC.dll

OLEACC.dll

OLEAUT32.dll

OLEAUT32.dll

oledlg.dll

oledlg.dll

SHELL32.dll

SHELL32.dll

SHLWAPI.dll

SHLWAPI.dll

urlmon.dll

urlmon.dll

USER32.dll

USER32.dll

WININET.dll

WININET.dll

WINMM.dll

WINMM.dll

WINSPOOL.DRV

WINSPOOL.DRV

accKeyboardShortcut

accKeyboardShortcut

wuser32.dll

wuser32.dll

hhctrl.ocx

hhctrl.ocx

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl

Afx:%p:%x:%p:%p:%p

Afx:%p:%x:%p:%p:%p

Afx:%p:%x

Afx:%p:%x

commctrl_DragListMsg

commctrl_DragListMsg

Gcomctl32.dll

Gcomctl32.dll

Gcomdlg32.dll

Gcomdlg32.dll

Gshell32.dll

Gshell32.dll

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Software\Microsoft\Windows\CurrentVersion\Policies\Network

Software\Microsoft\Windows\CurrentVersion\Policies\Network

Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32

Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32

%s%s.dll

%s%s.dll

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp

lX-X-x-XX-XXXXXX

lX-X-x-XX-XXXXXX

res://%s/%s

res://%s/%s

res://%s/%d

res://%s/%d

hXXp://

hXXp://

@WININET.DLL

@WININET.DLL

HHTTP/1.0

HHTTP/1.0

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp

kernel32.dll

kernel32.dll

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp

Hf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp

Hf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp

mfcm100u.dll

mfcm100u.dll

If:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp

If:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp

SHELL32.DLL

SHELL32.DLL

lXXxXXXXXXXX

lXXxXXXXXXXX

%sMFCToolBar-%d%x

%sMFCToolBar-%d%x

%sMFCToolBar-%d

%sMFCToolBar-%d

%sMFCToolBarParameters

%sMFCToolBarParameters

TOOLBAR_RESETKEYBAORD

TOOLBAR_RESETKEYBAORD

&%d %s

&%d %s

COMCTL32.DLL

COMCTL32.DLL

%sPane-%d%x

%sPane-%d%x

%sPane-%d

%sPane-%d

USER32.DLL

USER32.DLL

%sBasePane-%d%x

%sBasePane-%d%x

%sBasePane-%d

%sBasePane-%d

MSG_CHECKEMPTYMINIFRAME

MSG_CHECKEMPTYMINIFRAME

windows

windows

KeyboardManager

KeyboardManager

ShowCmd

ShowCmd

I%c%d%c%s

I%c%d%c%s

%sDockingManager-%d

%sDockingManager-%d

%sDockablePaneAdapter-%d%x

%sDockablePaneAdapter-%d%x

%sDockablePaneAdapter-%d

%sDockablePaneAdapter-%d

OHex={X,X,X}

OHex={X,X,X}

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleipfrm.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleipfrm.cpp

%sMDIClientArea-%d

%sMDIClientArea-%d

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\viewcore.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\viewcore.cpp

Sf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledrop2.cpp

Sf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledrop2.cpp

L%sMFCOutlookBar-%d%x

L%sMFCOutlookBar-%d%x

%sMFCOutlookBar-%d

%sMFCOutlookBar-%d

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olestrm.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olestrm.cpp

TRICHED20.DLL

TRICHED20.DLL

RGB(%d, %d, %d)

RGB(%d, %d, %d)

ENABLE_KEYS

ENABLE_KEYS

KEYS_MENU

KEYS_MENU

KEYS

KEYS

mscoree.dll

mscoree.dll

- Attempt to initialize the CRT more than once.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- CRT not initialized

- floating point support not loaded

- floating point support not loaded

@%Program Files% (x86)\Microsoft Visual Studio 10.0\VC\atlmfc\include\afxwin1.inl

@%Program Files% (x86)\Microsoft Visual Studio 10.0\VC\atlmfc\include\afxwin1.inl

%s (%s:%d)

%s (%s:%d)

UxTheme.dll

UxTheme.dll

dwmapi.dll

dwmapi.dll

d%s:%x:%x:%x:%x

d%s:%x:%x:%x:%x

Shell32.dll

Shell32.dll

Download Url:

Download Url:

theme w: %d h: %d window w: %d h: %d

theme w: %d h: %d window w: %d h: %d

intro_page.html

intro_page.html

session.xml

session.xml

index.html

index.html

installer.html

installer.html

.html

.html

block.html

block.html

uninstaller.html

uninstaller.html

download_page.html

download_page.html

cancel_page.html

cancel_page.html

offer_0.html

offer_0.html

_USER_PASSWORD_

_USER_PASSWORD_

e Executed Offer Ok

e Executed Offer Ok

.msi"

.msi"

Command succeded. Calling conversion URL.

Command succeded. Calling conversion URL.

 

 

 

 

summary_page.html

summary_page.html

%Program Files% (x86)

%Program Files% (x86)

%Program Files%

%Program Files%

%.2f %s

%.2f %s

hXXp://cdn.airdlrstatic.com/uninstaller/Uninstaller.zip

hXXp://cdn.airdlrstatic.com/uninstaller/Uninstaller.zip

INPUT_PASSWORD_FIELD

INPUT_PASSWORD_FIELD

Choose a password

Choose a password

INPUT_PASSWORD_REQUIRED

INPUT_PASSWORD_REQUIRED

&data[password]=

&data[password]=

$password

$password

password=

password=

userInputForm.html

userInputForm.html

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Referer: hXXp://VVV.mypcbackup.com/

Referer: hXXp://VVV.mypcbackup.com/

Content-Type: application/x-www-form-urlencoded

Content-Type: application/x-www-form-urlencoded

" onclick="disableOfferOptions(this.form)" > Quick Installation (recomended)

" onclick="disableOfferOptions(this.form)" > Quick Installation (recomended)

" onclick="enableOfferOptions(this.form)" > Custom Installation (advanced)

" onclick="enableOfferOptions(this.form)" > Custom Installation (advanced)

, you are hereby agreeing to their

' onclick='disableOfferOptions(this.form)' >

' onclick='enableOfferOptions(this.form)' >

' onclick='enableOfferOptions(this.form)' >

installer_temp.html

installer_temp.html

theme\software\software.html

theme\software\software.html

onblur="if(this.value==''){this.value='Email address';this.style.color='#AAAAAA';}"

onblur="if(this.value==''){this.value='Email address';this.style.color='#AAAAAA';}"

onfocus="if(this.value=='Email address'){this.value='';this.style.color='#333333';}"

onfocus="if(this.value=='Email address'){this.value='';this.style.color='#333333';}"

onclick="if(this.value=='Email address'){this.value='';this.style.color='#333333';}"

onclick="if(this.value=='Email address'){this.value='';this.style.color='#333333';}"

onblur="if(this.value==''){this.value='Full name';this.style.color='#AAAAAA';}"

onblur="if(this.value==''){this.value='Full name';this.style.color='#AAAAAA';}"

onfocus="if(this.value=='Full name'){this.value='';this.style.color='#333333';}"

onfocus="if(this.value=='Full name'){this.value='';this.style.color='#333333';}"

onclick="if(this.value=='Full name'){this.value='';this.style.color='#333333';}"

onclick="if(this.value=='Full name'){this.value='';this.style.color='#333333';}"

>

>

onblur="if(this.value==''){this.value='Choose a password';this.style.color='#AAAAAA';}"

onblur="if(this.value==''){this.value='Choose a password';this.style.color='#AAAAAA';}"

onfocus="if(this.value=='Choose a password'){this.value='';this.style.color='#333333';}"

onfocus="if(this.value=='Choose a password'){this.value='';this.style.color='#333333';}"

onclick="if(this.value=='Choose a password'){this.value='';this.style.color='#333333';}"

onclick="if(this.value=='Choose a password'){this.value='';this.style.color='#333333';}"

%_INPUT_PASSWORD_%

%_INPUT_PASSWORD_%

DOWNLOAD_URL>

DOWNLOAD_URL>

src="theme/images/btn_next.png"

src="theme/images/btn_next.png"

hXXp://trk.airinstaller.com/get/event/?name=started_without_admin&data[click_id]=

hXXp://trk.airinstaller.com/get/event/?name=started_without_admin&data[click_id]=

hXXp://trk.airinstaller.com/get/event/?name=admin_after_prompt&data[click_id]=

hXXp://trk.airinstaller.com/get/event/?name=admin_after_prompt&data[click_id]=

hXXp://trk.airinstaller.com/get/event/?name=admin_prompt_decline&data[click_id]=

hXXp://trk.airinstaller.com/get/event/?name=admin_prompt_decline&data[click_id]=

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

%s%s%s

%s%s%s

FhXXp://testcdn.com

FhXXp://testcdn.com

/bundle.xml

/bundle.xml

hXXp://testcdn.com/bundle/

hXXp://testcdn.com/bundle/

bundle.xml

bundle.xml

build.js

build.js

page-*.js

page-*.js

\settings.xml

\settings.xml

session_key

session_key

Install session key:

Install session key:

thankyou_url

thankyou_url

Install thank you URL:

Install thank you URL:

cancel_url

cancel_url

download_url

download_url

exe_cmd

exe_cmd

image_url

image_url

impression_url

impression_url

conversion_url

conversion_url

privacy_url

privacy_url

terms_url

terms_url

uninstaller_pre_cmd

uninstaller_pre_cmd

uninstaller_post_cmd

uninstaller_post_cmd

uninstaller_url

uninstaller_url

input_post_url

input_post_url

purl

purl

turl

turl

Reg Keys

Reg Keys

regkeys

regkeys

Offer check: passed: does not exist at:

Offer check: passed: does not exist at:

" onclick="disableOfferOptions(this.form)" > Quick (recommended)

" onclick="disableOfferOptions(this.form)" > Quick (recommended)

" onclick="enableOfferOptions(this.form)" > Advanced

" onclick="enableOfferOptions(this.form)" > Advanced

c:\%original file name%.exe

c:\%original file name%.exe

DEFAULTs

DEFAULTs

hXXp://trk.airinstaller.com 0525f07344a7b2

hXXp://trk.airinstaller.com 0525f07344a7b2

chrome

chrome

2.0.4.12

2.0.4.12

kGoogle Chrome

kGoogle Chrome

AGoogle Chrome

AGoogle Chrome

All Files (*.*)

All Files (*.*)

No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.

No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.

Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.

Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.

Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.

Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.

!#Unable to load mail system support.

!#Unable to load mail system support.

Note that if you choose to recover the auto-saved documents, you must explicitly save them to overwrite the original documents. If you choose to not recover the auto-saved versions, they will be deleted.fRecover the auto-saved documents

Note that if you choose to recover the auto-saved documents, you must explicitly save them to overwrite the original documents. If you choose to not recover the auto-saved versions, they will be deleted.fRecover the auto-saved documents

%s [Recovered]

%s [Recovered]

Google Chrome

Google Chrome

2.0.4.53

2.0.4.53

setup.exe

setup.exe

Google Chrome

Google Chrome

%original file name%.exe_452_rwx_00401000_0025B000:

f;T$.uBf

f;T$.uBf

t.hd2Z

t.hd2Z

t.ht?Z

t.ht?Z

t'SShl

t'SShl

QSShh_\

QSShh_\

tFHt:Ht.Ht"Hu`

tFHt:Ht.Ht"Hu`

j%XtL9E

j%XtL9E

u$SShe

u$SShe

FTCP

FTCP

SSSSh

SSSSh

tAHt.HHt

tAHt.HHt

SSh@B

SSh@B

FtPW

FtPW

tl9_ tgSSh

tl9_ tgSSh

s%j.Zf

s%j.Zf

xSSSh

xSSSh

FTPjKS

FTPjKS

FtPj;S

FtPj;S

C.PjRV

C.PjRV

CNotSupportedException

CNotSupportedException

CCmdTarget

CCmdTarget

RegDeleteKeyTransactedW

RegDeleteKeyTransactedW

CHttpConnection

CHttpConnection

CHttpFile

CHttpFile

RegDeleteKeyExW

RegDeleteKeyExW

TaskDialogIndirect

TaskDialogIndirect

CMDITabProxyWnd

CMDITabProxyWnd

CMDIChildWndEx

CMDIChildWndEx

CMDIFrameWndEx

CMDIFrameWndEx

CMDIClientAreaWnd

CMDIClientAreaWnd

CMFCToolBarsKeyboardPropertyPage

CMFCToolBarsKeyboardPropertyPage

cmd.exe

cmd.exe

GetProcessWindowStation

GetProcessWindowStation

portuguese-brazilian

portuguese-brazilian

operator

operator

Visual C CRT: Not enough memory to complete call to strerror.

Visual C CRT: Not enough memory to complete call to strerror.

Broken pipe

Broken pipe

Inappropriate I/O control operation

Inappropriate I/O control operation

Operation not permitted

Operation not permitted

taskkill /f /im iexplore.exe

taskkill /f /im iexplore.exe

taskkill /f /im chrome.exe

taskkill /f /im chrome.exe

taskkill /F /IM firefox.exe

taskkill /F /IM firefox.exe

Keys

Keys

RegOpenKeyTransactedW

RegOpenKeyTransactedW

RegCreateKeyTransactedW

RegCreateKeyTransactedW

background: url('hXXp://cdn.airdlrstatic.com/themes/images/modal-overlay.png') repeat;

background: url('hXXp://cdn.airdlrstatic.com/themes/images/modal-overlay.png') repeat;

overlay = document.getElementById('modal-overlay');

overlay = document.getElementById('modal-overlay');

if (overlay.style.display === 'none' && !display) {

if (overlay.style.display === 'none' && !display) {

overlay.style.display = display;

overlay.style.display = display;

if(document.getElementById('page0')){

if(document.getElementById('page0')){

document.getElementById('page0').style.visibility = 'visible';

document.getElementById('page0').style.visibility = 'visible';

document.getElementById('page0').style.display = 'block';

document.getElementById('page0').style.display = 'block';

document.getElementById('page' currentPage).style.visibility = 'hidden';

document.getElementById('page' currentPage).style.visibility = 'hidden';

document.getElementById('page' currentPage).style.display = 'none';

document.getElementById('page' currentPage).style.display = 'none';

document.getElementById('page' currentPage).style.visibility = 'visible';

document.getElementById('page' currentPage).style.visibility = 'visible';

document.getElementById('page' currentPage).style.display = 'block';

document.getElementById('page' currentPage).style.display = 'block';

var formsCollection = document.getElementsByTagName("form");

var formsCollection = document.getElementsByTagName("form");

for (var i = 0; i

for (var i = 0; i

var formName = formsCollection[i].name;

var formName = formsCollection[i].name;

//alert('formName: ' formName ' ' document.forms[formName].elements);

//alert('formName: ' formName ' ' document.forms[formName].elements);

if( typeof document.forms[formName].elements !== 'undefined' ){

if( typeof document.forms[formName].elements !== 'undefined' ){

for (var e = 0; e

for (var e = 0; e

if (document.forms[formName].elements[e].type == "button") {

if (document.forms[formName].elements[e].type == "button") {

if (document.forms[formName].elements[e].value == "Next" ||

if (document.forms[formName].elements[e].value == "Next" ||

document.forms[formName].elements[e].value == "Done" ||

document.forms[formName].elements[e].value == "Done" ||

document.forms[formName].elements[e].name == "Next"

document.forms[formName].elements[e].name == "Next"

document.forms[formName].elements[e].focus();

document.forms[formName].elements[e].focus();

for (var e = 0; e

for (var e = 0; e

if (offerForm.elements[e].type == "checkbox") {

if (offerForm.elements[e].type == "checkbox") {

offerForm.elements[e].disabled = 'disabled';

offerForm.elements[e].disabled = 'disabled';

for (var e = 0; e

for (var e = 0; e

if (offerForm.elements[e].type == "checkbox"

if (offerForm.elements[e].type == "checkbox"

&& offerForm.elements[e].name != "main" ) {

&& offerForm.elements[e].name != "main" ) {

offerForm.elements[e].checked = true;

offerForm.elements[e].checked = true;

var all = document.getElementsByTagName('*');

var all = document.getElementsByTagName('*');

for(var i=0; i

for(var i=0; i

var hide_options_element = document.getElementById('hidden_options');

var hide_options_element = document.getElementById('hidden_options');

hide_options_element.style.visibility = 'hidden';

hide_options_element.style.visibility = 'hidden';

if (offerForm.elements[e].type == "checkbox" && offerForm.elements[e].name != "main" ) {

if (offerForm.elements[e].type == "checkbox" && offerForm.elements[e].name != "main" ) {

offerForm.elements[e].disabled = '';

offerForm.elements[e].disabled = '';

for(var i=0; i

for(var i=0; i

var hide_options_element = document.getElementById('hidden_options');

var hide_options_element = document.getElementById('hidden_options');

hide_options_element.style.visibility = 'visible';

hide_options_element.style.visibility = 'visible';

if (requiredCheckbox.checked == true) {

if (requiredCheckbox.checked == true) {

for (var e = 0; e

for (var e = 0; e

if (requiredCheckbox.form.elements[e] != requiredCheckbox

if (requiredCheckbox.form.elements[e] != requiredCheckbox

&& requiredCheckbox.form.elements[e].type == "checkbox"

&& requiredCheckbox.form.elements[e].type == "checkbox"

&& requiredCheckbox.form.elements[e].name != "main"

&& requiredCheckbox.form.elements[e].name != "main"

&& ( "required" in requiredCheckbox.form.elements[e] && requiredCheckbox.form.elements[e].required.indexOf("false") > -1)

&& ( "required" in requiredCheckbox.form.elements[e] && requiredCheckbox.form.elements[e].required.indexOf("false") > -1)

requiredCheckbox.form.elements[e].checked = true;

requiredCheckbox.form.elements[e].checked = true;

requiredCheckbox.form.elements[e].checked = false;

requiredCheckbox.form.elements[e].checked = false;

if (nonRequiredCheckbox.checked == true) {

if (nonRequiredCheckbox.checked == true) {

for (var e = 0; e

for (var e = 0; e

if (nonRequiredCheckbox.form.elements[e] != nonRequiredCheckbox

if (nonRequiredCheckbox.form.elements[e] != nonRequiredCheckbox

&& nonRequiredCheckbox.form.elements[e].type == "checkbox"

&& nonRequiredCheckbox.form.elements[e].type == "checkbox"

&& nonRequiredCheckbox.form.elements[e].name != "main"

&& nonRequiredCheckbox.form.elements[e].name != "main"

&& ( "required" in nonRequiredCheckbox.form.elements[e] && nonRequiredCheckbox.form.elements[e].required.indexOf("true") > -1)

&& ( "required" in nonRequiredCheckbox.form.elements[e] && nonRequiredCheckbox.form.elements[e].required.indexOf("true") > -1)

nonRequiredCheckbox.form.elements[e].checked = true;

nonRequiredCheckbox.form.elements[e].checked = true;

e = nonRequiredCheckbox.form.elements.length; // done

e = nonRequiredCheckbox.form.elements.length; // done

function clickIE() {if (document.all) {(message);return false;}}

function clickIE() {if (document.all) {(message);return false;}}

(document.layers||(document.getElementById&&!document.all)) {

(document.layers||(document.getElementById&&!document.all)) {

if (e.which==2||e.which==3) {(message);return false;}}}

if (e.which==2||e.which==3) {(message);return false;}}}

if (document.layers)

if (document.layers)

{document.captureEvents(Event.MOUSEDOWN);document.onmousedown=clickNS;}

{document.captureEvents(Event.MOUSEDOWN);document.onmousedown=clickNS;}

else{document.onmouseup=clickNS;document.oncontextmenu=clickIE;}

else{document.onmouseup=clickNS;document.oncontextmenu=clickIE;}

document.oncontextmenu=new Function("return false")

document.oncontextmenu=new Function("return false")

document.onselectstart=new Function ("return false")

document.onselectstart=new Function ("return false")

if (window.sidebar){

if (window.sidebar){

document.onmousedown=disableselect

document.onmousedown=disableselect

document.onclick=reEnable

document.onclick=reEnable

span.advanced { color:#AAAAAA; padding:0px; }

span.advanced { color:#AAAAAA; padding:0px; }

inflate 1.1.3 Copyright 1995-1998 Mark Adler

inflate 1.1.3 Copyright 1995-1998 Mark Adler

CMDIChildWnd

CMDIChildWnd

CMDIFrameWnd

CMDIFrameWnd

Setup has finished installing %s on your computer.

Setup has finished installing %s on your computer.

      Please wait while %s is being installed.

      Please wait while %s is being installed.

Downloading %s.

Downloading %s.

style="width:80px; font-size:13; height:25px;" id="DeclineOffer" offer="%s" />

style="width:80px; font-size:13; height:25px;" id="DeclineOffer" offer="%s" />

style="width:160px; font-size:13; height:25px;" id="AcceptOffer" offer="%s" />

style="width:160px; font-size:13; height:25px;" id="AcceptOffer" offer="%s" />

%s

%s

%s Setup Wizard

%s Setup Wizard

Welcome to the %s Setup Wizard. This wizard will guide you through the installation of %s.

Welcome to the %s Setup Wizard. This wizard will guide you through the installation of %s.

&& requiredCheckbox.form.elements[e].name != "main" ) {

&& requiredCheckbox.form.elements[e].name != "main" ) {

&& requiredCheckbox.form.elements[e].type == "checkbox"

&& requiredCheckbox.form.elements[e].type == "checkbox"

e = requiredCheckbox.form.elements.length; // done

e = requiredCheckbox.form.elements.length; // done

span.advanced { color:#AAAAAA; padding:0px; }

span.advanced { color:#AAAAAA; padding:0px; }

C:\Users\jon\Documents\GitHub\Air-APP\Release\AirInstallerDistributed.pdb

C:\Users\jon\Documents\GitHub\Air-APP\Release\AirInstallerDistributed.pdb

.PAVCMemoryException@@

.PAVCMemoryException@@

.PAVCSimpleException@@

.PAVCSimpleException@@

.PAVCObject@@

.PAVCObject@@

.PAVCNotSupportedException@@

.PAVCNotSupportedException@@

.PAVCInvalidArgException@@

.PAVCInvalidArgException@@

.?AVCNotSupportedException@@

.?AVCNotSupportedException@@

.?AVCTestCmdUI@@

.?AVCTestCmdUI@@

.?AVCCmdUI@@

.?AVCCmdUI@@

.PAVCUserException@@

.PAVCUserException@@

.PAVCOleException@@

.PAVCOleException@@

.PAVCResourceException@@

.PAVCResourceException@@

.?AVCHttpConnection@@

.?AVCHttpConnection@@

.?AVCHttpFile@@

.?AVCHttpFile@@

.PAVCArchiveException@@

.PAVCArchiveException@@

.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@

.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@

.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@

.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@

.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WV12@PB_W@@

.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WV12@PB_W@@

.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WPAVCDocument@@PAV3@@@

.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WPAVCDocument@@PAV3@@@

.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W_N_N@@

.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W_N_N@@

.?AV?$CMap@PAVCDocument@@PAV1@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@@

.?AV?$CMap@PAVCDocument@@PAV1@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@@

.?AVCMFCToolBarCmdUI@@

.?AVCMFCToolBarCmdUI@@

.PAVCOleDispatchException@@

.PAVCOleDispatchException@@

.?AVCMFCCmdUsageCount@@

.?AVCMFCCmdUsageCount@@

.?AVCMDITabProxyWnd@@

.?AVCMDITabProxyWnd@@

.?AVCMDIChildWndEx@@

.?AVCMDIChildWndEx@@

.?AVCMDIFrameWndEx@@

.?AVCMDIFrameWndEx@@

.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WPAVCObList@@PAV3@@@

.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WPAVCObList@@PAV3@@@

.?AVCMFCColorBarCmdUI@@

.?AVCMFCColorBarCmdUI@@

.?AV?$CMap@KKV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@@

.?AV?$CMap@KKV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@@

.?AV?$CList@PAVCMDIChildWndEx@@PAV1@@@

.?AV?$CList@PAVCMDIChildWndEx@@PAV1@@@

.?AVCMDIClientAreaWnd@@

.?AVCMDIClientAreaWnd@@

.?AVCMFCRibbonCmdUI@@

.?AVCMFCRibbonCmdUI@@

.?AVCMFCToolBarsKeyboardPropertyPage@@

.?AVCMFCToolBarsKeyboardPropertyPage@@

.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WHH@@

.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WHH@@

.?AVCMFCAcceleratorKey@@

.?AVCMFCAcceleratorKey@@

.?AVCMFCRibbonKeyTip@@

.?AVCMFCRibbonKeyTip@@

.?AVCMFCAcceleratorKeyAssignCtrl@@

.?AVCMFCAcceleratorKeyAssignCtrl@@

zcÁ

zcÁ

.PAVCException@@

.PAVCException@@

.?AVCCmdTarget@@

.?AVCCmdTarget@@

.PAVCFileException@@

.PAVCFileException@@

.PAVCInternetException@@

.PAVCInternetException@@

.?AVCWebGrab@@

.?AVCWebGrab@@

.?AVCWebGrabSession@@

.?AVCWebGrabSession@@

.?AVCMDIChildWnd@@

.?AVCMDIChildWnd@@

.?AVCMDIFrameWnd@@

.?AVCMDIFrameWnd@@

@(69@(69@(69@(69@(69

@(69@(69@(69@(69@(69

GetProcessHeap

GetProcessHeap

GetCPInfo

GetCPInfo

RegOpenKeyExW

RegOpenKeyExW

RegCloseKey

RegCloseKey

RegEnumKeyW

RegEnumKeyW

RegDeleteKeyW

RegDeleteKeyW

RegEnumKeyExW

RegEnumKeyExW

RegQueryInfoKeyW

RegQueryInfoKeyW

RegCreateKeyExW

RegCreateKeyExW

SetViewportOrgEx

SetViewportOrgEx

OffsetViewportOrgEx

OffsetViewportOrgEx

SetViewportExtEx

SetViewportExtEx

ScaleViewportExtEx

ScaleViewportExtEx

GetViewportExtEx

GetViewportExtEx

GetViewportOrgEx

GetViewportOrgEx

GdiplusShutdown

GdiplusShutdown

ShellExecuteExW

ShellExecuteExW

ShellExecuteW

ShellExecuteW

UrlUnescapeW

UrlUnescapeW

IsValidURL

IsValidURL

URLDownloadToFileW

URLDownloadToFileW

CreateDialogIndirectParamW

CreateDialogIndirectParamW

SetWindowsHookExW

SetWindowsHookExW

UnhookWindowsHookEx

UnhookWindowsHookEx

GetKeyState

GetKeyState

GetKeyNameTextW

GetKeyNameTextW

MapVirtualKeyW

MapVirtualKeyW

GetKeyboardLayout

GetKeyboardLayout

GetKeyboardState

GetKeyboardState

MapVirtualKeyExW

MapVirtualKeyExW

GetAsyncKeyState

GetAsyncKeyState

HttpOpenRequestW

HttpOpenRequestW

HttpSendRequestW

HttpSendRequestW

HttpAddRequestHeadersW

HttpAddRequestHeadersW

InternetCanonicalizeUrlW

InternetCanonicalizeUrlW

InternetCrackUrlW

InternetCrackUrlW

HttpQueryInfoW

HttpQueryInfoW

InternetOpenUrlW

InternetOpenUrlW

DeleteUrlCacheEntryW

DeleteUrlCacheEntryW

$/$/$/$/

$/$/$/$/

2;%SK

2;%SK

]

]

3&.#3 $-

3&.#3 $-

##0#3131%&

##0#3131%&

###$#-$

###$#-$

.QICN,=3-?W7P53.51; #;-[3-M?-36#M-a>-053 ##--

.QICN,=3-?W7P53.51; #;-[3-M?-36#M-a>-053 ##--

0 $$ 0 0 ,4$,0 0,

0 $$ 0 0 ,4$,0 0,

$$ $ $$844

$$ $ $$844

((,$$$,$$,

((,$$$,$$,

.text

.text

`.rdata

`.rdata

@.data

@.data

.rsrc

.rsrc

@.reloc

@.reloc

accKeyboardShortcut

accKeyboardShortcut

wuser32.dll

wuser32.dll

hhctrl.ocx

hhctrl.ocx

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl

Afx:%p:%x:%p:%p:%p

Afx:%p:%x:%p:%p:%p

Afx:%p:%x

Afx:%p:%x

commctrl_DragListMsg

commctrl_DragListMsg

Gcomctl32.dll

Gcomctl32.dll

Gcomdlg32.dll

Gcomdlg32.dll

Gshell32.dll

Gshell32.dll

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Software\Microsoft\Windows\CurrentVersion\Policies\Network

Software\Microsoft\Windows\CurrentVersion\Policies\Network

Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32

Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32

KERNEL32.DLL

KERNEL32.DLL

%s%s.dll

%s%s.dll

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp

lX-X-x-XX-XXXXXX

lX-X-x-XX-XXXXXX

res://%s/%s

res://%s/%s

res://%s/%d

res://%s/%d

hXXp://

hXXp://

@WININET.DLL

@WININET.DLL

HHTTP/1.0

HHTTP/1.0

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp

kernel32.dll

kernel32.dll

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp

Hf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp

Hf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp

mfcm100u.dll

mfcm100u.dll

If:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp

If:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp

SHELL32.DLL

SHELL32.DLL

lXXxXXXXXXXX

lXXxXXXXXXXX

%sMFCToolBar-%d%x

%sMFCToolBar-%d%x

%sMFCToolBar-%d

%sMFCToolBar-%d

%sMFCToolBarParameters

%sMFCToolBarParameters

TOOLBAR_RESETKEYBAORD

TOOLBAR_RESETKEYBAORD

&%d %s

&%d %s

ole32.dll

ole32.dll

COMCTL32.DLL

COMCTL32.DLL

%sPane-%d%x

%sPane-%d%x

%sPane-%d

%sPane-%d

USER32.DLL

USER32.DLL

%sBasePane-%d%x

%sBasePane-%d%x

%sBasePane-%d

%sBasePane-%d

MSG_CHECKEMPTYMINIFRAME

MSG_CHECKEMPTYMINIFRAME

windows

windows

KeyboardManager

KeyboardManager

ShowCmd

ShowCmd

I%c%d%c%s

I%c%d%c%s

%sDockingManager-%d

%sDockingManager-%d

%sDockablePaneAdapter-%d%x

%sDockablePaneAdapter-%d%x

%sDockablePaneAdapter-%d

%sDockablePaneAdapter-%d

OHex={X,X,X}

OHex={X,X,X}

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleipfrm.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleipfrm.cpp

%sMDIClientArea-%d

%sMDIClientArea-%d

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\viewcore.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\viewcore.cpp

Sf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledrop2.cpp

Sf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledrop2.cpp

L%sMFCOutlookBar-%d%x

L%sMFCOutlookBar-%d%x

%sMFCOutlookBar-%d

%sMFCOutlookBar-%d

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olestrm.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olestrm.cpp

TRICHED20.DLL

TRICHED20.DLL

RGB(%d, %d, %d)

RGB(%d, %d, %d)

ENABLE_KEYS

ENABLE_KEYS

KEYS_MENU

KEYS_MENU

KEYS

KEYS

mscoree.dll

mscoree.dll

- Attempt to initialize the CRT more than once.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- CRT not initialized

- floating point support not loaded

- floating point support not loaded

@%Program Files% (x86)\Microsoft Visual Studio 10.0\VC\atlmfc\include\afxwin1.inl

@%Program Files% (x86)\Microsoft Visual Studio 10.0\VC\atlmfc\include\afxwin1.inl

%s (%s:%d)

%s (%s:%d)

UxTheme.dll

UxTheme.dll

dwmapi.dll

dwmapi.dll

d%s:%x:%x:%x:%x

d%s:%x:%x:%x:%x

Shell32.dll

Shell32.dll

Download Url:

Download Url:

theme w: %d h: %d window w: %d h: %d

theme w: %d h: %d window w: %d h: %d

intro_page.html

intro_page.html

session.xml

session.xml

index.html

index.html

installer.html

installer.html

.html

.html

block.html

block.html

uninstaller.html

uninstaller.html

download_page.html

download_page.html

cancel_page.html

cancel_page.html

offer_0.html

offer_0.html

_USER_PASSWORD_

_USER_PASSWORD_

e Executed Offer Ok

e Executed Offer Ok

.msi"

.msi"

Command succeded. Calling conversion URL.

Command succeded. Calling conversion URL.

 

 

 

 

summary_page.html

summary_page.html

%Program Files% (x86)

%Program Files% (x86)

%Program Files%

%Program Files%

%.2f %s

%.2f %s

hXXp://cdn.airdlrstatic.com/uninstaller/Uninstaller.zip

hXXp://cdn.airdlrstatic.com/uninstaller/Uninstaller.zip

INPUT_PASSWORD_FIELD

INPUT_PASSWORD_FIELD

Choose a password

Choose a password

INPUT_PASSWORD_REQUIRED

INPUT_PASSWORD_REQUIRED

&data[password]=

&data[password]=

$password

$password

password=

password=

userInputForm.html

userInputForm.html

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Referer: hXXp://VVV.mypcbackup.com/

Referer: hXXp://VVV.mypcbackup.com/

Content-Type: application/x-www-form-urlencoded

Content-Type: application/x-www-form-urlencoded

" onclick="disableOfferOptions(this.form)" > Quick Installation (recomended)

" onclick="disableOfferOptions(this.form)" > Quick Installation (recomended)

" onclick="enableOfferOptions(this.form)" > Custom Installation (advanced)

" onclick="enableOfferOptions(this.form)" > Custom Installation (advanced)

, you are hereby agreeing to their

' onclick='disableOfferOptions(this.form)' >

' onclick='enableOfferOptions(this.form)' >

' onclick='enableOfferOptions(this.form)' >

installer_temp.html

installer_temp.html

theme\software\software.html

theme\software\software.html

onblur="if(this.value==''){this.value='Email address';this.style.color='#AAAAAA';}"

onblur="if(this.value==''){this.value='Email address';this.style.color='#AAAAAA';}"

onfocus="if(this.value=='Email address'){this.value='';this.style.color='#333333';}"

onfocus="if(this.value=='Email address'){this.value='';this.style.color='#333333';}"

onclick="if(this.value=='Email address'){this.value='';this.style.color='#333333';}"

onclick="if(this.value=='Email address'){this.value='';this.style.color='#333333';}"

onblur="if(this.value==''){this.value='Full name';this.style.color='#AAAAAA';}"

onblur="if(this.value==''){this.value='Full name';this.style.color='#AAAAAA';}"

onfocus="if(this.value=='Full name'){this.value='';this.style.color='#333333';}"

onfocus="if(this.value=='Full name'){this.value='';this.style.color='#333333';}"

onclick="if(this.value=='Full name'){this.value='';this.style.color='#333333';}"

onclick="if(this.value=='Full name'){this.value='';this.style.color='#333333';}"

>

>

onblur="if(this.value==''){this.value='Choose a password';this.style.color='#AAAAAA';}"

onblur="if(this.value==''){this.value='Choose a password';this.style.color='#AAAAAA';}"

onfocus="if(this.value=='Choose a password'){this.value='';this.style.color='#333333';}"

onfocus="if(this.value=='Choose a password'){this.value='';this.style.color='#333333';}"

onclick="if(this.value=='Choose a password'){this.value='';this.style.color='#333333';}"

onclick="if(this.value=='Choose a password'){this.value='';this.style.color='#333333';}"

%_INPUT_PASSWORD_%

%_INPUT_PASSWORD_%

DOWNLOAD_URL>

DOWNLOAD_URL>

src="theme/images/btn_next.png"

src="theme/images/btn_next.png"

hXXp://trk.airinstaller.com/get/event/?name=started_without_admin&data[click_id]=

hXXp://trk.airinstaller.com/get/event/?name=started_without_admin&data[click_id]=

hXXp://trk.airinstaller.com/get/event/?name=admin_after_prompt&data[click_id]=

hXXp://trk.airinstaller.com/get/event/?name=admin_after_prompt&data[click_id]=

hXXp://trk.airinstaller.com/get/event/?name=admin_prompt_decline&data[click_id]=

hXXp://trk.airinstaller.com/get/event/?name=admin_prompt_decline&data[click_id]=

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

%s%s%s

%s%s%s

FhXXp://testcdn.com

FhXXp://testcdn.com

/bundle.xml

/bundle.xml

hXXp://testcdn.com/bundle/

hXXp://testcdn.com/bundle/

bundle.xml

bundle.xml

build.js

build.js

page-*.js

page-*.js

\settings.xml

\settings.xml

session_key

session_key

Install session key:

Install session key:

thankyou_url

thankyou_url

Install thank you URL:

Install thank you URL:

cancel_url

cancel_url

download_url

download_url

exe_cmd

exe_cmd

image_url

image_url

impression_url

impression_url

conversion_url

conversion_url

privacy_url

privacy_url

terms_url

terms_url

uninstaller_pre_cmd

uninstaller_pre_cmd

uninstaller_post_cmd

uninstaller_post_cmd

uninstaller_url

uninstaller_url

input_post_url

input_post_url

purl

purl

turl

turl

Reg Keys

Reg Keys

regkeys

regkeys

Offer check: passed: does not exist at:

Offer check: passed: does not exist at:

" onclick="disableOfferOptions(this.form)" > Quick (recommended)

" onclick="disableOfferOptions(this.form)" > Quick (recommended)

" onclick="enableOfferOptions(this.form)" > Advanced

" onclick="enableOfferOptions(this.form)" > Advanced

c:\%original file name%.exe

c:\%original file name%.exe