Installer.Win32.InnoSetup.2.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)Behaviour: Installer
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 89a77d5cfff2583a2ae15184f87c21a1
SHA1: 5306e1411f6a6b339abdf4ab28c39e644e39a555
SHA256: d6204fc983e0fe44a83f4be48dfebfce6715844c9ee8ea12c28feadcd52dcab0
SSDeep: 12288:a6SpDW OU1StANn98qEz7jgFLB1KPTHSbfkTDyQ0LExaTbBTb:a6SdW OUvn9XEH8Ff48s33yRb
Size: 798040 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: BorlandDelphi30, UPolyXv05_v6
Company: no certificate found
Created at: 1992-06-20 01:22:17
Analyzed on: WindowsXP SP3 32-bit
Summary: Installer. An installation package.
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Installer creates the following process(es):
89a77d5cfff2583a2ae15184f87c21a1.tmp:1688
89a77d5cfff2583a2ae15184f87c21a1.tmp:1956
%original file name%.exe:1792
The Installer injects its code into the following process(es):No processes have been created.
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process 89a77d5cfff2583a2ae15184f87c21a1.tmp:1956 makes changes in the file system.
The Installer creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\is-7PQ9C.tmp\89a77d5cfff2583a2ae15184f87c21a1.tmp (54 bytes)
The process %original file name%.exe:1792 makes changes in the file system.
The Installer creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\is-DKDQP.tmp\89a77d5cfff2583a2ae15184f87c21a1.tmp (85 bytes)
Registry activity
The process 89a77d5cfff2583a2ae15184f87c21a1.tmp:1688 makes changes in the system registry.
The Installer creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "45 91 39 30 75 9C BE E5 3A 07 08 1C AB 3A 64 F9"
The process 89a77d5cfff2583a2ae15184f87c21a1.tmp:1956 makes changes in the system registry.
The Installer creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "28 A6 44 A4 7F E8 21 07 42 9E B4 39 D2 D3 0E 28"
The process %original file name%.exe:1792 makes changes in the system registry.
The Installer creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E4 6B D7 4C CF 33 85 45 88 C1 12 5E 75 DC 4D 0B"
Dropped PE files
MD5 | File path |
---|---|
f78940628eb76ab6e654c19ee33f2f89 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\is1738232922\6C7EB1DE_stp.DAT |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
89a77d5cfff2583a2ae15184f87c21a1.tmp:1688
89a77d5cfff2583a2ae15184f87c21a1.tmp:1956
%original file name%.exe:1792 - Delete the original Installer file.
- Delete or disinfect the following files created/modified by the Installer:
%Documents and Settings%\%current user%\Local Settings\Temp\is-7PQ9C.tmp\89a77d5cfff2583a2ae15184f87c21a1.tmp (54 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-DKDQP.tmp\89a77d5cfff2583a2ae15184f87c21a1.tmp (85 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Static Analysis
VersionInfo
Company Name:
Product Name:
Product Version: 1.5
Legal Copyright:
Legal Trademarks:
Original Filename:
Internal Name:
File Version:
File Description:
Comments: This installation was built with Inno Setup.
Language: Language Neutral
Company Name: Product Name: Product Version: 1.5 Legal Copyright: Legal Trademarks: Original Filename: Internal Name: File Version: File Description: Comments: This installation was built with Inno Setup.Language: Language Neutral
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
CODE | 4096 | 37732 | 37888 | 4.63786 | bd2164094c09ca1891dd0a8be7e89508 |
DATA | 45056 | 588 | 1024 | 1.8986 | d5ea23d4ecf110fd2591314cbaa84278 |
BSS | 49152 | 3720 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
.idata | 53248 | 2384 | 2560 | 3.07115 | bb5485bf968b970e5ea81292af2acdba |
.tls | 57344 | 8 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
.rdata | 61440 | 24 | 512 | 0.14174 | 9ba824905bf9c7922b6fc87a38b74366 |
.reloc | 65536 | 2228 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
.rsrc | 69632 | 38228 | 38400 | 2.21635 | 946d1f63257f436c83fa682e5550b9e3 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Total found: 14
4694a924f7445dbd501d856006060cc3
6b7327fa6162b1d617d0840e49307178
efd05eb55a49f9e734032cd1276ea538
f6a9712c15478578d313a889377402a9
f45523b35b23ac7b95ef4d8df6a52b05
c71d916e35be637e6f406efb32ee5ee4
b6eb5b4a8697c449bc468f67963f85f9
2c3671066918b2f51eb2b3dffc70344f
888c4feaab4e6b1ff3806594596d4f82
a4ca44923723653c2c17cdb9b11a8879
2d2f6d1f4117b1db01df3332ec863d39
926ea01e39746bc2ba1f0259dc399838
9b9254926a2eb776a4da6f50588d96a7
f13362bdd6f8d048b88d08761774a4b8
Network Activity
URLs
URL | IP |
---|---|
hxxp://rp.holipiheh.com/?pcrc=1196996250&v=2.0 | 176.34.251.10 |
hxxp://info.holipiheh.com/?v=1.02&c=4fb13fa6&at=1738232922&cntr=0 | 176.34.130.130 |
hxxp://rp.holipiheh.com/?pcrc=866590918&v=2.0 | 176.34.251.10 |
hxxp://os.holipiheh.com/FileHippo/?v=5.0&c=1528865781 | 52.31.134.147 |
hxxp://filehippo.com/download/file/f11a7ca119ea15ae9b82179394df822a4d8134da9a2696efc72f4281fc724946/ | |
hxxp://filehippocache.lmgmedialtd.netdna-cdn.com/img/ex/108__vlc.png | |
hxxp://vip0x08b.ssl.hwcdn.net/9b27e3a87a8d4816aa88d6be934266b9/vlc-2.1.5-win32.exe?ttl=1462497114&token=09412570c9c5457bda50c6c5f17d3105 | |
hxxp://os2.holipiheh.com/FileHippo/?v=5.0&c=1528865781 | 54.93.97.68 |
hxxp://dl1.filehippo.com/9b27e3a87a8d4816aa88d6be934266b9/vlc-2.1.5-win32.exe?ttl=1462497114&token=09412570c9c5457bda50c6c5f17d3105 | 205.185.208.139 |
hxxp://cache.filehippo.com/img/ex/108__vlc.png | 108.161.189.5 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /9b27e3a87a8d4816aa88d6be934266b9/vlc-2.1.5-win32.exe?ttl=1462497114&token=09412570c9c5457bda50c6c5f17d3105 HTTP/1.1
Range: bytes=0-24743105
Accept: */*
Host: dl1.filehippo.com
User-Agent: download_manager
Connection: Keep-Alive
HTTP/1.1 206 Partial Content
Date: Thu, 05 May 2016 21:11:51 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1460597987"
Cache-Control: max-age=86400
Content-Length: 24743106
Content-Range: bytes 0-24743105/24743106
Content-Type: application/octet-stream
X-HW: 1462482712.dop010.fr7.t,1462482711.cds029.fr7.c
Last-Modified: Thu, 14 Apr 2016 01:39:47 GMT
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#..O.....................P......'C............@........................................... ......................................0...a...........................................................................................................text...D........................... .0`.data...............................@.0..rdata...#.......$..................@.0@.bss..................................0..idata..............................@.0..ndata..............................@.0..rsrc....a...0...b..................@.0.................................................................................................................................................................................................................................................................................................................................................................................U..WVS.......U..E....t...F.........{B..H...H.......M..E..5H{B..D$...$....B..M..E.....SS...E...$.D$... .B..M..E......M.WW......M.)..M..NT....NP........E.....}...VT........FP..E........}..VP........U.......FT.............}..........E..M...$..|.B..E..R...D$..E..D$...$....B.....<$....B..E..Q.}.;}...Q....~X........F4..$....B...W..........$.E......E......D$.........B.RR.FX..$.D$.....B..5..B.QQ..$.|$...RR...E...$..|....D$. ....D$..D$......D$..{B.....B...|.......T$...$..QQ.<$....B.S.M..E..D$...$....B.PP1....D
<<< skipped >>>
GET /img/ex/108__vlc.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cache.filehippo.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 05 May 2016 21:11:52 GMT
Content-Type: image/png
Content-Length: 1245
Connection: keep-alive
x-amz-id-2: bEPxrIQjuW2p6lWf/Tw4iNxJo8NH0j 2BcHRbKtErdRqeQ p8m4p2 iwthW4/mPgVY9uT44CUNY=
x-amz-request-id: A396A68EF138ACC4
x-amz-version-id: lh.EMCtW6svAscxjjkHNu9.j4voCgoAa
Expires: Sat, 04 Jun 2016 21:11:52 GMT
Cache-Control: max-age=2592000
Last-Modified: Tue, 08 Apr 2014 12:01:32 GMT
ETag: "544e323e54f3baf821cb7d9c276578c5"
Server: NetDNA-cache/2.2
X-Cache: HIT
Accept-Ranges: bytes
.PNG........IHDR... ... .............sBIT.....O.....IDATx....oTU............Nwh.I.0.....`.D.|........O>..j.....`..S.PB..&...2]...,.....>......!..x.....`.@....W...z|..g~..b.Mj...o..._...o~.....$.....2w...8.\X.7i.:..)&.. .....#..F..-.8 ..r.o.1.8..........f..(8J..|}.}...FRJ..z.U..M...".u....Rnsc...0nMh#.oa...6....B.!.a.a........mc...]..c...KF.Z.p4..v.....*.l..XT........R_..E.....7\^.i..$..W.......}._.<p....@...e...;...M..$..=4(Q..d?O(c\.....9....F.4.P%..] T....%E.=......{...a.N.....b....\..D..yCNu..~fb\..:.....HQ...n.4.......1.v..P.U....(*..Y.....bwL..|...X.C=..J.......;._.. w...^...D.Qw......].=..j......]...QZ(.xH......J.oG..|.fD.~.J.g.P..&...xW....B.k...I......HI.P<`.Q...A.q.m.....u\....( Z..(. ..S..B5..,G.q@..,...F..m..<RZzb.....|...Vw.E....t..&...0 .qp".....@..y... U.X0.|2?....E.=..|.\%..k...kj\....M..@.;|.?...(.b.M6.. ....".1....=..G..?../...6.R...&cU..N...QH..J...)-U.t.j.....g/}v....H...N.....o...7.Jm...f(.....F...e....p%......Z.br*...3..^..Q.j.!....im.....eY.}..C......hOHm...(..E.. ....E.E.IOuf.......m...K..K.1.t.;.1MSQ.......;..-^L.bM...YE..5%....~............L&.J.......R..e...*.....{.O.3$..@......Sv6.....f..L...#..i/..J..X.4..M..4.......R.d..m....}}}....e%.IUU.... ...7.\......e.....eY.m...3c1EQ......h...Vl .....IEND.B`...
<<< skipped >>>
HEAD /9b27e3a87a8d4816aa88d6be934266b9/vlc-2.1.5-win32.exe?ttl=1462497114&token=09412570c9c5457bda50c6c5f17d3105 HTTP/1.1
Accept: */*
Host: dl1.filehippo.com
User-Agent: download_manager
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 05 May 2016 21:11:51 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1460597987"
Cache-Control: max-age=86400
Content-Length: 24743106
Content-Type: application/octet-stream
X-HW: 1462482712.dop015.fr7.t,1462482711.cds029.fr7.c
Last-Modified: Thu, 14 Apr 2016 01:39:47 GMT
POST /?v=1.02&c=4fb13fa6&at=1738232922&cntr=0 HTTP/1.1
Accept: */*
Host: info.holipiheh.com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Content-Length: 172
Cache-Control: no-cache
6l7GU7LYt04pVHc/00d7Jk OPdt4A9XGXhOhdKo6W9lSbPks/cQ3fdsaVdhYvj3CGZDSnJQS3 EmYBVI6umWQKy/BlkwmlH/ 3ENbfFLVB1xoWfMl2qXKz2f3y FU7pbiaRqfteFuLpR5dhQW cikc zjcbKY01zOWsIU YSURE=
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Date: Thu, 05 May 2016 21:11:51 GMT
Content-Length: 748
Connection: keep-alive
qkL62KPkRL1KuUEFlCuFHQcNW2EQy7S6/PE0jrAdO9i9flMwd4GxHwYRYwTTdfFWDKAPs3fNzkPLliSBwEFHMJiVjUUoZ0i09pC0bL2Po6wJbBoKAG29D9rWXMFrYPwt H 4cw2AGoSfdTQlYS/QIjlrmQmohYoqFmE07/Pd6SEL dyH1kxTGVZaRdtNOHwiCGaXH3neKa/sPmkTuRY39g7Oaxz0HBH4Q9sslk405bM6a MhqWeFrSworPx6z8lNVi4PHAy7uZk1Im3vbausnbVGMcva9k CJ8/rdycEqvq5dzi1poJ1Zrq67DO0LQPSI3yM3ZLqO/ZEbkpP3OgTW3ckXRmMI7gWoAv6nMPcAaqdpBy7ZeUY3BblOa Z XiixBVIsaEj9/Z2M/Jp4lE FFZTlKqy eTCO50Gt3YtLixBbVelLG9yWKD/ FZRHIvy7P4EFphAeETHUPXZiSlgyBXBNlzYdpLSOxwDfntC5tCSph0SD7J0qnYySBQCvdk9fDYyUJc1tbJfEHTtBjytp Ds3RMidhTpQjuR19cYTfyWTkkkz3w6m6n8SYHXl7I4i6Omj9C40N8wKAMTfnnyjeOa7apX3OC/aMc6oSVisO/F2EFk5H3k4K6p8UsXAME3Qocg0QHqgFbUt0Jqyjxuy5ojJrX8CBWfqqrgAKSdpOW XXUV/BPM/FixKLZ6OpY8A5DNJAeXdgmMhBgn8qZJCCdbCZGzXcryeZz2aK3JlLE=HTTP/1.1 200 OK..Access-Control-Allow-Origin: *..Date: Thu, 05 May 2016 21:11:51 GMT..Content-Length: 748..Connection: keep-alive..qkL62KPkRL1KuUEFlCuFHQcNW2EQy7S6/PE0jrAdO9i9flMwd4GxHwYRYwTTdfFWDKAPs3fNzkPLliSBwEFHMJiVjUUoZ0i09pC0bL2Po6wJbBoKAG29D9rWXMFrYPwt H 4cw2AGoSfdTQlYS/QIjlrmQmohYoqFmE07/Pd6SEL dyH1kxTGVZaRdtNOHwiCGaXH3neKa/sPmkTuRY39g7Oaxz0HBH4Q9sslk405bM6a MhqWeFrSworPx6z8lNVi4PHAy7uZk1Im3vbausnbVGMcva9k CJ8/rdycEqvq5dzi1poJ1Zrq67DO0LQPSI3yM3ZLqO/ZEbkpP3OgTW3ckXRmMI7gWoAv6nMPcAaqdpBy7ZeUY3BblOa Z XiixBVIsaEj9/Z2M/Jp4lE FFZTlKqy eTCO50Gt3YtLixBbVelLG9yWKD/ FZRHIvy7P4EFphAeETHUPXZiSlgyBXBNlzYdpLSOxwDfntC5tCSph0SD7J0qnYySBQCvdk9fDYyUJc1tbJfEHTtBjytp Ds3RMidhTpQjuR19cYTfyWTkkkz3w6m6n8SYHXl7I4i6Omj9C40N8wKAMTfnnyjeOa7apX3OC/aMc6oSVisO/F2EFk5H3k4K6p8UsXAME3Qocg0QHqgFbUt0Jqy
<<< skipped >>>
POST /FileHippo/?v=5.0&c=1528865781 HTTP/1.1
Accept: */*
Host: os.holipiheh.com
User-Agent: ICAS
Content-Length: 1232
Cache-Control: no-cache
0A0Czu0F1L1I1P0H1L1E1E1FtN0U0I0DzutDtDtD0CtBzyzz0Azz0BtAyByB0AtByDtN0W0VzuyDtFtCtN0W0S0PzutAtN0O0S0L1T1G1Nzu1P1GtN0E2V1P0C1M1J0S2Y1HzutAtCyEzyyByCzztDtByDtN1L1B0A1Q1H1L1GzutCtN0T0KzuyEyCzytByCyDtN0U0I0DzutDtDtD0CtBzyzz0Azz0BtAyByB0AtByDtN0U0I0D0N1P2WzutDtDtD0CtBzyzz0Azz0BtAyByB0AtByDtN0M0G0U0I0DzuyByD1P1QzyyDyCyBtG1T1TyDzztGyE1Rzz1PtG1Tzz1P1TtGtA1R1T1QyB1RyEyB1T1StDtAtN0M0S0I0DzutCzzyEyEtBtAyByCtCyDtGtCzyyCtDyEtDzzzyyCtCtGtCzztDtCyCyByEyDtAtCtN0S0I0D0U0I0DzuyC0D0E0C0DyDtB0FyByE0DzyyByBzztCyC0ByCtAyD0FtBtA0Azz0AyCyB0AtByDtN0M0A0C1V0LzutDtDtD0CtBzyzz0Azz0BtAyBtOtA0AtCzytBtFtCyCzztFtCtCtFtCtAtCtOtA0AyCtOtA0AtCtN0S0D0TzutBtDtCyCtDyDtDyCtDtDtCtCtAyEzytAyEtN0V0M0Czu0V0M0WtN1L1B0V0M0D1P1OzutCtN0P0E1V0M0O0D0Ezu0D0L0LtN1I1L2ZzuyEyEtCtCzzyBtN1L1Q1B1RzutByCtN0D0E0P1V0M0O0DzutBtN1L1B0A1Q1H1L1GzutCtN1L1B0U1T1R0O1GzutDtN1L1B0U1B1P1C0A1Q1H1L1GzutCtN0R0N1T1H1Pzu1RtOtA0AtOyD0Czzzy1TyByB1QyD1R1O1O1OtByDzztA1TtB1T1PtCyDtCzzyE1OzzyB1RtBtC1TtCtF1P2V1PtN0O0S0L1T1G1Nzu1P1GtN0O0S0V1P1CzuyDtFtCtN0O0S0S0P0V1P1CzutAtN0O0S2VyCyEzutDtN0P0P0Nzu1B1T1G1Q1S1F2V1V1B2X1RtF1P2V1PtN0M1P1H0P1M0AzutAtCtAtN0M1P1H0P1M0TzuyDtCtCtN0M1P1H0V1L1C0AzutBtDtCtCtN0M1P1H0V1L1C0TzutBtDyEyBtN0P0R0O0D0U0C0T1V0T0I0T0L0Ezu2X1I1R1V1H1P1Q1L1T1V1E1I1T2U1P1C1VtAtBtG1S1L2Z
HTTP/1.1 404 Not Found
Content-Type: text/html
Date: Thu, 05 May 2016 21:11:52 GMT
Server: nginx
Content-Length: 0
Connection: keep-alive
HTTP/1.1 404 Not Found..Content-Type: text/html..Date: Thu, 05 May 2016 21:11:52 GMT..Server: nginx..Content-Length: 0..Connection: keep-alive......
POST /FileHippo/?v=5.0&c=1528865781 HTTP/1.1
Accept: */*
Host: os.holipiheh.com
User-Agent: ICAS
Content-Length: 1232
Cache-Control: no-cache
0A0Czu0F1L1I1P0H1L1E1E1FtN0U0I0DzutDtDtD0CtBzyzz0Azz0BtAyByB0AtByDtN0W0VzuyDtFtCtN0W0S0PzutAtN0O0S0L1T1G1Nzu1P1GtN0E2V1P0C1M1J0S2Y1HzutAtCyEzyyByCzztDtByDtN1L1B0A1Q1H1L1GzutCtN0T0KzuyEyCzytByCyDtN0U0I0DzutDtDtD0CtBzyzz0Azz0BtAyByB0AtByDtN0U0I0D0N1P2WzutDtDtD0CtBzyzz0Azz0BtAyByB0AtByDtN0M0G0U0I0DzuyByD1P1QzyyDyCyBtG1T1TyDzztGyE1Rzz1PtG1Tzz1P1TtGtA1R1T1QyB1RyEyB1T1StDtAtN0M0S0I0DzutCzzyEyEtBtAyByCtCyDtGtCzyyCtDyEtDzzzyyCtCtGtCzztDtCyCyByEyDtAtCtN0S0I0D0U0I0DzuyC0D0E0C0DyDtB0FyByE0DzyyByBzztCyC0ByCtAyD0FtBtA0Azz0AyCyB0AtByDtN0M0A0C1V0LzutDtDtD0CtBzyzz0Azz0BtAyBtOtA0AtCzytBtFtCyCzztFtCtCtFtCtAtCtOtA0AyCtOtA0AtCtN0S0D0TzutBtDtCyCtDyDtDyCtDtDtCtCtAyEzytAyEtN0V0M0Czu0V0M0WtN1L1B0V0M0D1P1OzutCtN0P0E1V0M0O0D0Ezu0D0L0LtN1I1L2ZzuyEyEtCtCzzyBtN1L1Q1B1RzutByCtN0D0E0P1V0M0O0DzutBtN1L1B0A1Q1H1L1GzutCtN1L1B0U1T1R0O1GzutDtN1L1B0U1B1P1C0A1Q1H1L1GzutCtN0R0N1T1H1Pzu1RtOtA0AtOyD0Czzzy1TyByB1QyD1R1O1O1OtByDzztA1TtB1T1PtCyDtCzzyE1OzzyB1RtBtC1TtCtF1P2V1PtN0O0S0L1T1G1Nzu1P1GtN0O0S0V1P1CzuyDtFtCtN0O0S0S0P0V1P1CzutAtN0O0S2VyCyEzutDtN0P0P0Nzu1B1T1G1Q1S1F2V1V1B2X1RtF1P2V1PtN0M1P1H0P1M0AzutAtCtAtN0M1P1H0P1M0TzuyDtCtCtN0M1P1H0V1L1C0AzutBtDtCtCtN0M1P1H0V1L1C0TzutBtDyEyBtN0P0R0O0D0U0C0T1V0T0I0T0L0Ezu2X1I1R1V1H1P1Q1L1T1V1E1I1T2U1P1C1VtAtBtG1S1L2Z
HTTP/1.1 404 Not Found
Content-Type: text/html
Date: Thu, 05 May 2016 21:11:54 GMT
Server: nginx
Content-Length: 0
Connection: keep-alive
HTTP/1.1 404 Not Found..Content-Type: text/html..Date: Thu, 05 May 2016 21:11:54 GMT..Server: nginx..Content-Length: 0..Connection: keep-alive..
POST /?pcrc=1196996250&v=2.0 HTTP/1.1
Accept: */*
Host: rp.holipiheh.com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Content-Length: 816
Cache-Control: no-cache
...3E.Q)_l.y...K
ri.2......u....r....k.].W..-. .l.z.B..._vs....E.u3}...2t/ P...^.....vhLv!T.".....SC.[.G[.....".x..m..-....#lk...M...w.....".X....C....7*Qj..6..%.s..y....v.%}s.|.i.tm<*E..|..Rx../.;|...
n....Q.BQ........j...VJ.v...#.).....q.7........a.A.5`M.xQ.M.;.Eh.....=..e.>j.XY..k..y.[..y.......N7OZ(.9F=.0..L0.}.E<............l........M.{..%..5.......e..,".H.V.....d..X..d.X..l. ;.."P.........T.Z..`.h.....9n^.7.....iJ....U7d.iF:x......2..h.3O"e...[..@(....o.$.\3...f....'.......G.,x...
..e..O.<..=...Y.a.Xr..D0.29.BE,......'.f.l..ez.=......m.f...q.../G.......L.a.U.yQv...R....Q.(....i.P......L$\.n6......#........%.|....-.....b..~2x...&F7E.x..v..(..n
..y.md...[.....3.g...B"R.><...%./..U......-R.l!.\.X6........9.*..X.'.c..rb.%..v2...)X.`.n..QE...h..lD....07....T..;/.....rO.........,&E........(.
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Thu, 05 May 2016 21:11:50 GMT
Server: TornadoServer/4.0.2
Content-Length: 4
Connection: keep-alive
DONEHTTP/1.1 200 OK..Content-Type: text/html; charset=UTF-8..Date: Thu, 05 May 2016 21:11:50 GMT..Server: TornadoServer/4.0.2..Content-Length: 4..Connection: keep-alive..DONE....
POST /?pcrc=866590918&v=2.0 HTTP/1.1
Accept: */*
Host: rp.holipiheh.com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Content-Length: 1232
Cache-Control: no-cache
.I..~...$$.........D?.....2$^.....(.... l...e.[.C.
..kB.q.k..X.OG.M........1."....\.A...3_....P...?n...H.....2..p.^$"J..*#p...Y.......Xs.xt.....`..m.....mQ.......`......).k..k/ K..zsz<Z...'4!L.....gK..9C.d.4v.M...6?...l....I..S.$.v.........P.....!m.5...E.....
!.s9P:...g-.W.@.|......x...[.g.Q....*G.uRHn...yQ..X.......U....2... \.`.}.\..W.S..<..}?.pN..D..
.... k}...2.....}...].-....r..o!i..x.....i>A.....<.9.o......H.Z...I..Q[.f.g......R..D...fmXh$...@.,..V.......n.h8..A.sV..uW.&}....dg)P....X.4M....R.......C...z.A...2....../P......h...i..Y......T..M.y..q6Fp..oX~..h.......a.....\....d..m.I...(..zyU...?...l. K.4..........*.......W0....?L..!Z[.u...0..}...@..9..d.H]$.M.f.-Q..)..........385..{.Z7.=.'.A0....J.`Z.........,..t..*....]..2.J.I.?...G.883M..8..x..I.58 d.h.e.....<J.5_.....o1Z..x.E.......gd...u..g..b...)*a.....*......mt....YH.<...mq....Q.f...D9........R......B.N..... ...L....N2....vuT0/-.=..@...a7lQ @...U.. ..bEZ.&..o$.}~$...!.q..1H..j`.H..qv3.......$....y.U..W......k.h'e~......'
...E...."..].)...,B]K{9....v.x...s..o,~z...R@Wn..`.D..}.a.b..V^l.f.Cd.../I..*...|Oj......2..N.[.XV....`....p.4T........M..&...q..[..>A(.... .....&BP.
..=.`AoKx?..... ....up..1...g....r....._.,..t......NSej[)}.vW......%..,g
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Thu, 05 May 2016 21:11:51 GMT
Server: TornadoServer/4.0.2
Content-Length: 4
Connection: keep-alive
DONEHTTP/1.1 200 OK..Content-Type: text/html; charset=UTF-8..Date: Thu, 05 May 2016 21:11:51 GMT..Server: TornadoServer/4.0.2..Content-Length: 4..Connection: keep-alive..DONE..
POST /FileHippo/?v=5.0&c=1528865781 HTTP/1.1
Accept: */*
Host: os2.holipiheh.com
User-Agent: ICAS
Content-Length: 1232
Cache-Control: no-cache
0A0Czu0F1L1I1P0H1L1E1E1FtN0U0I0DzutDtDtD0CtBzyzz0Azz0BtAyByB0AtByDtN0W0VzuyDtFtCtN0W0S0PzutAtN0O0S0L1T1G1Nzu1P1GtN0E2V1P0C1M1J0S2Y1HzutAtCyEzyyByCzztDtByDtN1L1B0A1Q1H1L1GzutCtN0T0KzuyEyCzytByCyDtN0U0I0DzutDtDtD0CtBzyzz0Azz0BtAyByB0AtByDtN0U0I0D0N1P2WzutDtDtD0CtBzyzz0Azz0BtAyByB0AtByDtN0M0G0U0I0DzuyByD1P1QzyyDyCyBtG1T1TyDzztGyE1Rzz1PtG1Tzz1P1TtGtA1R1T1QyB1RyEyB1T1StDtAtN0M0S0I0DzutCzzyEyEtBtAyByCtCyDtGtCzyyCtDyEtDzzzyyCtCtGtCzztDtCyCyByEyDtAtCtN0S0I0D0U0I0DzuyC0D0E0C0DyDtB0FyByE0DzyyByBzztCyC0ByCtAyD0FtBtA0Azz0AyCyB0AtByDtN0M0A0C1V0LzutDtDtD0CtBzyzz0Azz0BtAyBtOtA0AtCzytBtFtCyCzztFtCtCtFtCtAtCtOtA0AyCtOtA0AtCtN0S0D0TzutBtDtCyCtDyDtDyCtDtDtCtCtAyEzytAyEtN0V0M0Czu0V0M0WtN1L1B0V0M0D1P1OzutCtN0P0E1V0M0O0D0Ezu0D0L0LtN1I1L2ZzuyEyEtCtCzzyBtN1L1Q1B1RzutByCtN0D0E0P1V0M0O0DzutBtN1L1B0A1Q1H1L1GzutCtN1L1B0U1T1R0O1GzutDtN1L1B0U1B1P1C0A1Q1H1L1GzutCtN0R0N1T1H1Pzu1RtOtA0AtOyD0Czzzy1TyByB1QyD1R1O1O1OtByDzztA1TtB1T1PtCyDtCzzyE1OzzyB1RtBtC1TtCtF1P2V1PtN0O0S0L1T1G1Nzu1P1GtN0O0S0V1P1CzuyDtFtCtN0O0S0S0P0V1P1CzutAtN0O0S2VyCyEzutDtN0P0P0Nzu1B1T1G1Q1S1F2V1V1B2X1RtF1P2V1PtN0M1P1H0P1M0AzutAtCtAtN0M1P1H0P1M0TzuyDtCtCtN0M1P1H0V1L1C0AzutBtDtCtCtN0M1P1H0V1L1C0TzutBtDyEyBtN0P0R0O0D0U0C0T1V0T0I0T0L0Ezu2X1I1R1V1H1P1Q1L1T1V1E1I1T2U1P1C1VtAtBtG1S1L2Z
HTTP/1.1 404 Not Found
Content-Type: text/html
Date: Thu, 05 May 2016 21:11:53 GMT
Server: nginx
Content-Length: 0
Connection: keep-alive
HTTP/1.1 404 Not Found..Content-Type: text/html..Date: Thu, 05 May 2016 21:11:53 GMT..Server: nginx..Content-Length: 0..Connection: keep-alive......
POST /FileHippo/?v=5.0&c=1528865781 HTTP/1.1
Accept: */*
Host: os2.holipiheh.com
User-Agent: ICAS
Content-Length: 1232
Cache-Control: no-cache
0A0Czu0F1L1I1P0H1L1E1E1FtN0U0I0DzutDtDtD0CtBzyzz0Azz0BtAyByB0AtByDtN0W0VzuyDtFtCtN0W0S0PzutAtN0O0S0L1T1G1Nzu1P1GtN0E2V1P0C1M1J0S2Y1HzutAtCyEzyyByCzztDtByDtN1L1B0A1Q1H1L1GzutCtN0T0KzuyEyCzytByCyDtN0U0I0DzutDtDtD0CtBzyzz0Azz0BtAyByB0AtByDtN0U0I0D0N1P2WzutDtDtD0CtBzyzz0Azz0BtAyByB0AtByDtN0M0G0U0I0DzuyByD1P1QzyyDyCyBtG1T1TyDzztGyE1Rzz1PtG1Tzz1P1TtGtA1R1T1QyB1RyEyB1T1StDtAtN0M0S0I0DzutCzzyEyEtBtAyByCtCyDtGtCzyyCtDyEtDzzzyyCtCtGtCzztDtCyCyByEyDtAtCtN0S0I0D0U0I0DzuyC0D0E0C0DyDtB0FyByE0DzyyByBzztCyC0ByCtAyD0FtBtA0Azz0AyCyB0AtByDtN0M0A0C1V0LzutDtDtD0CtBzyzz0Azz0BtAyBtOtA0AtCzytBtFtCyCzztFtCtCtFtCtAtCtOtA0AyCtOtA0AtCtN0S0D0TzutBtDtCyCtDyDtDyCtDtDtCtCtAyEzytAyEtN0V0M0Czu0V0M0WtN1L1B0V0M0D1P1OzutCtN0P0E1V0M0O0D0Ezu0D0L0LtN1I1L2ZzuyEyEtCtCzzyBtN1L1Q1B1RzutByCtN0D0E0P1V0M0O0DzutBtN1L1B0A1Q1H1L1GzutCtN1L1B0U1T1R0O1GzutDtN1L1B0U1B1P1C0A1Q1H1L1GzutCtN0R0N1T1H1Pzu1RtOtA0AtOyD0Czzzy1TyByB1QyD1R1O1O1OtByDzztA1TtB1T1PtCyDtCzzyE1OzzyB1RtBtC1TtCtF1P2V1PtN0O0S0L1T1G1Nzu1P1GtN0O0S0V1P1CzuyDtFtCtN0O0S0S0P0V1P1CzutAtN0O0S2VyCyEzutDtN0P0P0Nzu1B1T1G1Q1S1F2V1V1B2X1RtF1P2V1PtN0M1P1H0P1M0AzutAtCtAtN0M1P1H0P1M0TzuyDtCtCtN0M1P1H0V1L1C0AzutBtDtCtCtN0M1P1H0V1L1C0TzutBtDyEyBtN0P0R0O0D0U0C0T1V0T0I0T0L0Ezu2X1I1R1V1H1P1Q1L1T1V1E1I1T2U1P1C1VtAtBtG1S1L2Z
HTTP/1.1 404 Not Found
Content-Type: text/html
Date: Thu, 05 May 2016 21:11:56 GMT
Server: nginx
Content-Length: 0
Connection: keep-alive
HTTP/1.1 404 Not Found..Content-Type: text/html..Date: Thu, 05 May 2016 21:11:56 GMT..Server: nginx..Content-Length: 0..Connection: keep-alive..
GET /9b27e3a87a8d4816aa88d6be934266b9/vlc-2.1.5-win32.exe?ttl=1462497114&token=09412570c9c5457bda50c6c5f17d3105 HTTP/1.1
Range: bytes=13004800-24743105
Accept: */*
Host: dl1.filehippo.com
User-Agent: download_manager
Connection: Keep-Alive
HTTP/1.1 206 Partial Content
Date: Thu, 05 May 2016 21:11:52 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1460597987"
Cache-Control: max-age=86400
Content-Length: 11738306
Content-Range: bytes 13004800-24743105/24743106
Content-Type: application/octet-stream
X-HW: 1462482713.dop012.fr7.t,1462482712.cds029.fr7.c
Last-Modified: Thu, 14 Apr 2016 01:39:47 GMT
..........b1{.8]..g ..1.1cs.9n...2Vt.v.....@.r..O..sht.z..P..6.K..}....l=.....z ..{B.*...#.Zc.Rg7?...#..Y.\v..n..O...U@.=./W'w...p...;...*[...&....Ik.E'..........T....^?.:.u.-*P..|e.2........E"$...'u........#....K]...`..2cF^rk.=.......Y.?....>G-d....)..H.."Bnow.nA.MB]../.7.....P.E...................... ..$..|.?......KY....m....6e5M....a%<..Z..!.\S...%s.J.<.kX...}Uyq..r..?.... FZ. f<.`..q~.........Y.G.1..L..........?.....4.%Q_;..e.8.N....R....F(.f...d5..^..Q*..... ......-.O.0.2...2i....#.y.Rs.-BK.....\..f.S..q<...Xi.m.|.h.6..W/P...#...,].b...~..............U~.,.<.0(K." !....~....7.$...esB...I..76.........*E......t....&%..W.......(.....cG..m..G}.hs3.*07.-._.%z.:Gh$...... .....y.!...l..Xw..u....Jj>......-(Th.L6.....S...............(..|;'|."..C.r...2..r&..)..6.\P.eH=#E.l..y.......;.|~...1...$.[.Cw..Q _..x..;b.I...\k.kk..z".....*...9....P^.xR..0T..$`...Ti..8b....U....D.Z...M...`M.h....{.b..#.'..t....H...%.."......~..1$v|.o ..C.y.y..I.HV..w...?..........$.l..zp.y.....r}......2....*G..A....K....?D.S...@.....'.r.e...43..'%I...K...`jS.G/..o.C .,rA.^...E.q...._.w..yw.....G.8.>4h .sD.d.`..<....=a..,.$1.b......T...x.....0be..yp...7r......../......7..I..l.....}~.j.A`..;.....q.@._...35p....z......|}o....#y..y.....,...g....B....jr.].3..&...K.7n!.I....26..1l._...1..Ny.j.W...Cq9.........bZ..%....._....kR...L|V.....^...M.0O...(...X^.. O.m....L....}......{.H.....z.. U@>.6R...Z....z"..4.....*...A.C.x...<K.._.].Fm.[.Q.OO!~3I..:,.pH.".&. ..V.43..K1.97.2.O..>(F.z.._..._.(. .>.DL.....Z.C.........
<<< skipped >>>
HEAD /download/file/f11a7ca119ea15ae9b82179394df822a4d8134da9a2696efc72f4281fc724946/ HTTP/1.1
Accept: */*
Host: filehippo.com
User-Agent: download_manager
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Location: hXXp://dl1.filehippo.com/9b27e3a87a8d4816aa88d6be934266b9/vlc-2.1.5-win32.exe?ttl=1462497114&token=09412570c9c5457bda50c6c5f17d3105
Accept-Ranges: bytes
Date: Thu, 05 May 2016 21:11:52 GMT
Via: 1.1 varnish
Connection: keep-alive
X-Served-By: cache-fra1221-FRA
X-Cache: MISS
X-Cache-Hits: 0
x-debug-output: filehippo.com
HTTP/1.1 301 Moved Permanently..Cache-Control: private..Content-Length: 0..Content-Type: text/html..Location: hXXp://dl1.filehippo.com/9b27e3a87a8d4816aa88d6be934266b9/vlc-2.1.5-win32.exe?ttl=1462497114&token=09412570c9c5457bda50c6c5f17d3105..Accept-Ranges: bytes..Date: Thu, 05 May 2016 21:11:52 GMT..Via: 1.1 varnish..Connection: keep-alive..X-Served-By: cache-fra1221-FRA..X-Cache: MISS..X-Cache-Hits: 0..x-debug-output: filehippo.com..
Map
The Installer connects to the servers at the folowing location(s):
Strings from Dumps
%original file name%.exe_1792:
.idata
.idata
.rdata
.rdata
P.reloc
P.reloc
P.rsrc
P.rsrc
kernel32.dll
kernel32.dll
.DEFAULT\Control Panel\International
.DEFAULT\Control Panel\International
File I/O error %d
File I/O error %d
lzmadecompsmall: Compressed data is corrupted (%d)
lzmadecompsmall: Compressed data is corrupted (%d)
lzmadecompsmall: %s
lzmadecompsmall: %s
LzmaDecode failed (%d)
LzmaDecode failed (%d)
shell32.dll
shell32.dll
/SL5="$%x,%d,%d,
/SL5="$%x,%d,%d,
Inno Setup Setup Data (5.5.0)
Inno Setup Setup Data (5.5.0)
Inno Setup Messages (5.5.0)
Inno Setup Messages (5.5.0)
user32.dll
user32.dll
oleaut32.dll
oleaut32.dll
advapi32.dll
advapi32.dll
RegOpenKeyExA
RegOpenKeyExA
RegCloseKey
RegCloseKey
GetWindowsDirectoryA
GetWindowsDirectoryA
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
ExitWindowsEx
ExitWindowsEx
comctl32.dll
comctl32.dll
name="JR.Inno.Setup"
name="JR.Inno.Setup"
version="1.0.0.0"
version="1.0.0.0"
name="Microsoft.Windows.Common-Controls"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
publicKeyToken="6595b64144ccf1df"
true
true
!'%s' is not a valid integer value('%s' is not a valid floating point value
!'%s' is not a valid integer value('%s' is not a valid floating point value
'%s' is not a valid date
'%s' is not a valid date
'%s' is not a valid time!'%s' is not a valid date and time
'%s' is not a valid time!'%s' is not a valid date and time
I/O error %d
I/O error %d
Integer overflow Invalid floating point operation
Integer overflow Invalid floating point operation
Invalid pointer operation
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Invalid class typecast0Access violation at address %p. %s of address %p
Operation aborted%Exception %s in module %s at %p.
Operation aborted%Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'
No argument for format '%s'
Invalid variant operation"Variant method calls not supported
Invalid variant operation"Variant method calls not supported
External exception %x
External exception %x
89a77d5cfff2583a2ae15184f87c21a1.tmp_1956:
.idata
.idata
.rdata
.rdata
P.reloc
P.reloc
P.rsrc
P.rsrc
kernel32.dll
kernel32.dll
.DEFAULT\Control Panel\International
.DEFAULT\Control Panel\International
File I/O error %d
File I/O error %d
lzmadecompsmall: Compressed data is corrupted (%d)
lzmadecompsmall: Compressed data is corrupted (%d)
lzmadecompsmall: %s
lzmadecompsmall: %s
LzmaDecode failed (%d)
LzmaDecode failed (%d)
shell32.dll
shell32.dll
/SL5="$%x,%d,%d,
/SL5="$%x,%d,%d,
Inno Setup Setup Data (5.5.0)
Inno Setup Setup Data (5.5.0)
Inno Setup Messages (5.5.0)
Inno Setup Messages (5.5.0)
user32.dll
user32.dll
oleaut32.dll
oleaut32.dll
advapi32.dll
advapi32.dll
RegOpenKeyExA
RegOpenKeyExA
RegCloseKey
RegCloseKey
GetWindowsDirectoryA
GetWindowsDirectoryA
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
ExitWindowsEx
ExitWindowsEx
comctl32.dll
comctl32.dll
name="JR.Inno.Setup"
name="JR.Inno.Setup"
version="1.0.0.0"
version="1.0.0.0"
name="Microsoft.Windows.Common-Controls"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
publicKeyToken="6595b64144ccf1df"
true
true
!'%s' is not a valid integer value('%s' is not a valid floating point value
!'%s' is not a valid integer value('%s' is not a valid floating point value
'%s' is not a valid date
'%s' is not a valid date
'%s' is not a valid time!'%s' is not a valid date and time
'%s' is not a valid time!'%s' is not a valid date and time
I/O error %d
I/O error %d
Integer overflow Invalid floating point operation
Integer overflow Invalid floating point operation
Invalid pointer operation
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Invalid class typecast0Access violation at address %p. %s of address %p
Operation aborted%Exception %s in module %s at %p.
Operation aborted%Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'
No argument for format '%s'
Invalid variant operation"Variant method calls not supported
Invalid variant operation"Variant method calls not supported
External exception %x
External exception %x
89a77d5cfff2583a2ae15184f87c21a1.tmp_1688:
.idata
.idata
.rdata
.rdata
P.reloc
P.reloc
P.rsrc
P.rsrc
kernel32.dll
kernel32.dll
.DEFAULT\Control Panel\International
.DEFAULT\Control Panel\International
File I/O error %d
File I/O error %d
lzmadecompsmall: Compressed data is corrupted (%d)
lzmadecompsmall: Compressed data is corrupted (%d)
lzmadecompsmall: %s
lzmadecompsmall: %s
LzmaDecode failed (%d)
LzmaDecode failed (%d)
shell32.dll
shell32.dll
/SL5="$%x,%d,%d,
/SL5="$%x,%d,%d,
Inno Setup Setup Data (5.5.0)
Inno Setup Setup Data (5.5.0)
Inno Setup Messages (5.5.0)
Inno Setup Messages (5.5.0)
user32.dll
user32.dll
oleaut32.dll
oleaut32.dll
advapi32.dll
advapi32.dll
RegOpenKeyExA
RegOpenKeyExA
RegCloseKey
RegCloseKey
GetWindowsDirectoryA
GetWindowsDirectoryA
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
ExitWindowsEx
ExitWindowsEx
comctl32.dll
comctl32.dll
name="JR.Inno.Setup"
name="JR.Inno.Setup"
version="1.0.0.0"
version="1.0.0.0"
name="Microsoft.Windows.Common-Controls"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
publicKeyToken="6595b64144ccf1df"
true
true
!'%s' is not a valid integer value('%s' is not a valid floating point value
!'%s' is not a valid integer value('%s' is not a valid floating point value
'%s' is not a valid date
'%s' is not a valid date
'%s' is not a valid time!'%s' is not a valid date and time
'%s' is not a valid time!'%s' is not a valid date and time
I/O error %d
I/O error %d
Integer overflow Invalid floating point operation
Integer overflow Invalid floating point operation
Invalid pointer operation
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Invalid class typecast0Access violation at address %p. %s of address %p
Operation aborted%Exception %s in module %s at %p.
Operation aborted%Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'
No argument for format '%s'
Invalid variant operation"Variant method calls not supported
Invalid variant operation"Variant method calls not supported
External exception %x
External exception %x