not-a-virus:HEUR:AdWare.Win32.Generic (Kaspersky), Gen:Variant.Application.Bundler.AirInstaller.4 (AdAware), Trojan.Win32.Swrort.3.FD, PUPAirInstaller.YR (Lavasoft MAS)Behaviour: Trojan, Installer, PUP, Adware
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 996ce3227cf7936d27210e482be556ee
SHA1: 953beb34b965ff5a89e7d94fdf8a1000334c33ce
SHA256: ab0926cb86fc6742878a1b3a92e234bff5e6b124b152e58310bd4a11361f2fbb
SSDeep: 24576:uvoi3q3kzOpJOfedKl3b0MDCBHyRXYVW M9OKbmOKm/9yeQQsH79IJNqerv:uvPqJpJOn0M2BHyRXYxAOAKOsfDH79I1
Size: 1113736 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: AirInstaller Inc.
Created at: 2013-04-16 21:06:30
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):No processes have been created.The Trojan injects its code into the following process(es):
%original file name%.exe:1756
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process %original file name%.exe:1756 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CP67GTAF\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WPEJ8LQ7\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\81IVWL2N\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\s34ftK367r\intro_page.html (1371 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KXM74HMF\desktop.ini (67 bytes)
Registry activity
The process %original file name%.exe:1756 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015082420150825]
"CacheOptions" = "11"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015082420150825]
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012015082420150825\"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015082420150825]
"CacheRepair" = "0"
"CachePrefix" = ":2015082420150825:"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "66 8A 1C 61 9D C9 81 5F CE 82 BD 4D 36 B7 AE 5E"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015082420150825]
"CacheLimit" = "8192"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following registry key(s):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014031720140318]
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
Dropped PE files
There are no dropped PE files.
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):No processes have been created.
- Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CP67GTAF\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WPEJ8LQ7\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\81IVWL2N\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\s34ftK367r\intro_page.html (1371 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KXM74HMF\desktop.ini (67 bytes) - Reboot the computer.
Static Analysis
VersionInfo
Company Name: AirInstaller Inc.
Product Name: Download Manager
Product Version: 2.0.3.87
Legal Copyright: (c) AirInstaller. All rights reserved.
Legal Trademarks:
Original Filename: AirInstaller.exe
Internal Name: AirInstaller.exe
File Version: 2.0.3.87
File Description: Download Manager
Comments:
Language: English (United States)
Company Name: AirInstaller Inc.Product Name: Download Manager Product Version: 2.0.3.87Legal Copyright: (c) AirInstaller. All rights reserved.Legal Trademarks: Original Filename: AirInstaller.exeInternal Name: AirInstaller.exeFile Version: 2.0.3.87File Description: Download ManagerComments: Language: English (United States)
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| UPX0 | 4096 | 1314816 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
| UPX1 | 1318912 | 1097728 | 1094144 | 5.39033 | 47107099e5f7e3dd82f8d8ba2eb3e0a0 |
| .rsrc | 2416640 | 12288 | 11776 | 3.10401 | e935f1032de178ef197a46c70cff643b |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Total found: 26
34de9b991382ef4c0cd3708b536f0080
3d0525dd014cbcf1cff0030cb17c2632
7a3b4ab12bfbc9b9b59a9185eff66134
c105dfc036e0823fecf99041368e7448
064619c46e63b48d026dc2d6449dd5a2
ea6d66202dbac1363a8eb510ec66a41b
a949e62902336f5bb96a8efeebfe6e48
cea5fd68938f58c20be1d82424b15f9d
6df3cfcddbafca54cafc6e774c93eed3
f81184c64d968825a1ecd49c0675de8d
d3817e7ad78300630b995c5bfe495a8e
670177268f2d24ecb6cf6c4e2fb35e97
c2b94371ca5db789e25650326ddeea85
d91fa818bef526f7fef9b5f76352f5e0
f4f2de3320e1c515cc87a3df84e0c3cb
a4e25a27a94b68b5ac5fd7431ba9b635
2b969d6d7d8c88d55417a083db4c4c15
0f97b06e0b6fd0031d748211eb8ea95c
1d43dbbbe03f2cbed31de9429d616e3b
ba250df43cb9d340c738a165cf033f4f
c7e0533939d37ee06440ad072cb641ba
25d8c19b88931de565ae85cbe090d3a9
d0035673a4e5b98540cda3768dafe346
c4b3637acaefbb95fc10f2ddea887744
04e6d1a0c9e36a5be79e233c7a6d640d
Network Activity
URLs
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
%original file name%.exe_1756:
`.rsrc
`.rsrc
f;T$.uBf
f;T$.uBf
t.hHXY
t.hHXY
t'SShl
t'SShl
tFHt:Ht.Ht"Hu`
tFHt:Ht.Ht"Hu`
j%XtL9E
j%XtL9E
u$SShe
u$SShe
FTCP
FTCP
u.PhT
u.PhT
SSSSh
SSSSh
tAHt.HHt
tAHt.HHt
SSh@B
SSh@B
FtPW
FtPW
tl9_ tgSSh
tl9_ tgSSh
s%j.Zf
s%j.Zf
xSSSh
xSSSh
FTPjKS
FTPjKS
FtPj;S
FtPj;S
C.PjRV
C.PjRV
X;
X;
%s>
%s>
%s='%s'
%s='%s'
%s="%s"
%s="%s"
standalone="%s"
standalone="%s"
encoding="%s"
encoding="%s"
version="%s"
version="%s"
CNotSupportedException
CNotSupportedException
CCmdTarget
CCmdTarget
RegDeleteKeyTransactedW
RegDeleteKeyTransactedW
CHttpConnection
CHttpConnection
CHttpFile
CHttpFile
RegDeleteKeyExW
RegDeleteKeyExW
TaskDialogIndirect
TaskDialogIndirect
CMDITabProxyWnd
CMDITabProxyWnd
CMDIChildWndEx
CMDIChildWndEx
CMDIFrameWndEx
CMDIFrameWndEx
CMDIClientAreaWnd
CMDIClientAreaWnd
CMFCToolBarsKeyboardPropertyPage
CMFCToolBarsKeyboardPropertyPage
GetProcessWindowStation
GetProcessWindowStation
portuguese-brazilian
portuguese-brazilian
Visual C CRT: Not enough memory to complete call to strerror.
Visual C CRT: Not enough memory to complete call to strerror.
Broken pipe
Broken pipe
Inappropriate I/O control operation
Inappropriate I/O control operation
Operation not permitted
Operation not permitted
Keys
Keys
RegOpenKeyTransactedW
RegOpenKeyTransactedW
run_cmd
run_cmd
RegCreateKeyTransactedW
RegCreateKeyTransactedW
background: url('hXXp://cdn.airdlrstatic.com/themes/images/modal-overlay.png') repeat;
background: url('hXXp://cdn.airdlrstatic.com/themes/images/modal-overlay.png') repeat;
overlay = document.getElementById('modal-overlay');
overlay = document.getElementById('modal-overlay');
if (overlay.style.display === 'none' && !display) {
if (overlay.style.display === 'none' && !display) {
overlay.style.display = display;
overlay.style.display = display;
if(document.getElementById('page0')){
if(document.getElementById('page0')){
document.getElementById('page0').style.visibility = 'visible';
document.getElementById('page0').style.visibility = 'visible';
document.getElementById('page0').style.display = 'block';
document.getElementById('page0').style.display = 'block';
document.getElementById('page' currentPage).style.visibility = 'hidden';
document.getElementById('page' currentPage).style.visibility = 'hidden';
document.getElementById('page' currentPage).style.display = 'none';
document.getElementById('page' currentPage).style.display = 'none';
document.getElementById('page' currentPage).style.visibility = 'visible';
document.getElementById('page' currentPage).style.visibility = 'visible';
document.getElementById('page' currentPage).style.display = 'block';
document.getElementById('page' currentPage).style.display = 'block';
var formsCollection = document.getElementsByTagName("form");
var formsCollection = document.getElementsByTagName("form");
for (var i = 0; i
for (var i = 0; i
var formName = formsCollection[i].name;
var formName = formsCollection[i].name;
//alert('formName: ' formName ' ' document.forms[formName].elements);
//alert('formName: ' formName ' ' document.forms[formName].elements);
if( typeof document.forms[formName].elements !== 'undefined' ){
if( typeof document.forms[formName].elements !== 'undefined' ){
for (var e = 0; e
for (var e = 0; e
if (document.forms[formName].elements[e].type == "button") {
if (document.forms[formName].elements[e].type == "button") {
if (document.forms[formName].elements[e].value == "Next" ||
if (document.forms[formName].elements[e].value == "Next" ||
document.forms[formName].elements[e].value == "Done" ||
document.forms[formName].elements[e].value == "Done" ||
document.forms[formName].elements[e].name == "Next"
document.forms[formName].elements[e].name == "Next"
document.forms[formName].elements[e].focus();
document.forms[formName].elements[e].focus();
for (var e = 0; e
for (var e = 0; e
if (offerForm.elements[e].type == "checkbox") {
if (offerForm.elements[e].type == "checkbox") {
offerForm.elements[e].disabled = 'disabled';
offerForm.elements[e].disabled = 'disabled';
for (var e = 0; e
for (var e = 0; e
if (offerForm.elements[e].type == "checkbox"
if (offerForm.elements[e].type == "checkbox"
&& offerForm.elements[e].name != "main" ) {
&& offerForm.elements[e].name != "main" ) {
offerForm.elements[e].checked = true;
offerForm.elements[e].checked = true;
var all = document.getElementsByTagName('*');
var all = document.getElementsByTagName('*');
for(var i=0; i
for(var i=0; i
var hide_options_element = document.getElementById('hidden_options');
var hide_options_element = document.getElementById('hidden_options');
hide_options_element.style.visibility = 'hidden';
hide_options_element.style.visibility = 'hidden';
if (offerForm.elements[e].type == "checkbox" && offerForm.elements[e].name != "main" ) {
if (offerForm.elements[e].type == "checkbox" && offerForm.elements[e].name != "main" ) {
offerForm.elements[e].disabled = '';
offerForm.elements[e].disabled = '';
for(var i=0; i
for(var i=0; i
var hide_options_element = document.getElementById('hidden_options');
var hide_options_element = document.getElementById('hidden_options');
hide_options_element.style.visibility = 'visible';
hide_options_element.style.visibility = 'visible';
if (requiredCheckbox.checked == true) {
if (requiredCheckbox.checked == true) {
for (var e = 0; e
for (var e = 0; e
if (requiredCheckbox.form.elements[e] != requiredCheckbox
if (requiredCheckbox.form.elements[e] != requiredCheckbox
&& requiredCheckbox.form.elements[e].type == "checkbox"
&& requiredCheckbox.form.elements[e].type == "checkbox"
&& requiredCheckbox.form.elements[e].name != "main"
&& requiredCheckbox.form.elements[e].name != "main"
&& ( "required" in requiredCheckbox.form.elements[e] && requiredCheckbox.form.elements[e].required.indexOf("false") > -1)
&& ( "required" in requiredCheckbox.form.elements[e] && requiredCheckbox.form.elements[e].required.indexOf("false") > -1)
requiredCheckbox.form.elements[e].checked = true;
requiredCheckbox.form.elements[e].checked = true;
requiredCheckbox.form.elements[e].checked = false;
requiredCheckbox.form.elements[e].checked = false;
if (nonRequiredCheckbox.checked == true) {
if (nonRequiredCheckbox.checked == true) {
for (var e = 0; e
for (var e = 0; e
if (nonRequiredCheckbox.form.elements[e] != nonRequiredCheckbox
if (nonRequiredCheckbox.form.elements[e] != nonRequiredCheckbox
&& nonRequiredCheckbox.form.elements[e].type == "checkbox"
&& nonRequiredCheckbox.form.elements[e].type == "checkbox"
&& nonRequiredCheckbox.form.elements[e].name != "main"
&& nonRequiredCheckbox.form.elements[e].name != "main"
&& ( "required" in nonRequiredCheckbox.form.elements[e] && nonRequiredCheckbox.form.elements[e].required.indexOf("true") > -1)
&& ( "required" in nonRequiredCheckbox.form.elements[e] && nonRequiredCheckbox.form.elements[e].required.indexOf("true") > -1)
nonRequiredCheckbox.form.elements[e].checked = true;
nonRequiredCheckbox.form.elements[e].checked = true;
e = nonRequiredCheckbox.form.elements.length; // done
e = nonRequiredCheckbox.form.elements.length; // done
function clickIE() {if (document.all) {(message);return false;}}
function clickIE() {if (document.all) {(message);return false;}}
(document.layers||(document.getElementById&&!document.all)) {
(document.layers||(document.getElementById&&!document.all)) {
if (e.which==2||e.which==3) {(message);return false;}}}
if (e.which==2||e.which==3) {(message);return false;}}}
if (document.layers)
if (document.layers)
{document.captureEvents(Event.MOUSEDOWN);document.onmousedown=clickNS;}
{document.captureEvents(Event.MOUSEDOWN);document.onmousedown=clickNS;}
else{document.onmouseup=clickNS;document.oncontextmenu=clickIE;}
else{document.onmouseup=clickNS;document.oncontextmenu=clickIE;}
document.oncontextmenu=new Function("return false")
document.oncontextmenu=new Function("return false")
document.onselectstart=new Function ("return false")
document.onselectstart=new Function ("return false")
if (window.sidebar){
if (window.sidebar){
document.onmousedown=disableselect
document.onmousedown=disableselect
document.onclick=reEnable
document.onclick=reEnable
span.advanced { color:#AAAAAA; padding:0px; }
span.advanced { color:#AAAAAA; padding:0px; }
inflate 1.1.3 Copyright 1995-1998 Mark Adler
inflate 1.1.3 Copyright 1995-1998 Mark Adler
CMDIChildWnd
CMDIChildWnd
CMDIFrameWnd
CMDIFrameWnd
lX-X-x-XX-XXXXXX
lX-X-x-XX-XXXXXX
hXXp://
hXXp://
DWININET.DLL
DWININET.DLL
GHTTP/1.0
GHTTP/1.0
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp
kernel32.dll
kernel32.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
Hf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
Hf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp
mfcm100u.dll
mfcm100u.dll
Hf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
Hf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
SHELL32.DLL
SHELL32.DLL
lXXxXXXXXXXX
lXXxXXXXXXXX
%sMFCToolBar-%d%x
%sMFCToolBar-%d%x
%sMFCToolBar-%d
%sMFCToolBar-%d
%sMFCToolBarParameters
%sMFCToolBarParameters
TOOLBAR_RESETKEYBAORD
TOOLBAR_RESETKEYBAORD
&%d %s
&%d %s
COMCTL32.DLL
COMCTL32.DLL
%sPane-%d%x
%sPane-%d%x
%sPane-%d
%sPane-%d
USER32.DLL
USER32.DLL
%sBasePane-%d%x
%sBasePane-%d%x
%sBasePane-%d
%sBasePane-%d
MSG_CHECKEMPTYMINIFRAME
MSG_CHECKEMPTYMINIFRAME
windows
windows
KeyboardManager
KeyboardManager
ShowCmd
ShowCmd
O%c%d%c%s
O%c%d%c%s
%sDockingManager-%d
%sDockingManager-%d
%sDockablePaneAdapter-%d%x
%sDockablePaneAdapter-%d%x
%sDockablePaneAdapter-%d
%sDockablePaneAdapter-%d
OHex={X,X,X}
OHex={X,X,X}
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleipfrm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleipfrm.cpp
%sMDIClientArea-%d
%sMDIClientArea-%d
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\viewcore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\viewcore.cpp
Rf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledrop2.cpp
Rf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledrop2.cpp
RIH%sMFCOutlookBar-%d%x
RIH%sMFCOutlookBar-%d%x
%sMFCOutlookBar-%d
%sMFCOutlookBar-%d
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olestrm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olestrm.cpp
TRICHED20.DLL
TRICHED20.DLL
RGB(%d, %d, %d)
RGB(%d, %d, %d)
ENABLE_KEYS
ENABLE_KEYS
KEYS_MENU
KEYS_MENU
KEYS
KEYS
mscoree.dll
mscoree.dll
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
D%Program Files% (x86)\Microsoft Visual Studio 10.0\VC\atlmfc\include\afxwin1.inl
D%Program Files% (x86)\Microsoft Visual Studio 10.0\VC\atlmfc\include\afxwin1.inl
%s (%s:%d)
%s (%s:%d)
UxTheme.dll
UxTheme.dll
dwmapi.dll
dwmapi.dll
d%s:%x:%x:%x:%x
d%s:%x:%x:%x:%x
Shell32.dll
Shell32.dll
Download Url:
Download Url:
theme w: %d h: %d window w: %d h: %d
theme w: %d h: %d window w: %d h: %d
intro_page.html
intro_page.html
feed.xml
feed.xml
installer.html
installer.html
.html
.html
block.html
block.html
download_page.html
download_page.html
cancel_page.html
cancel_page.html
offer_0.html
offer_0.html
_USER_PASSWORD_
_USER_PASSWORD_
Command succeded. Calling conversion URL.
Command succeded. Calling conversion URL.
summary_page.html
summary_page.html
%Program Files% (x86)
%Program Files% (x86)
%Program Files%
%Program Files%
%.2f %s
%.2f %s
hXXp://cdn.airdlrstatic.com/uninstaller/Uninstaller.zip
hXXp://cdn.airdlrstatic.com/uninstaller/Uninstaller.zip
INPUT_PASSWORD_FIELD
INPUT_PASSWORD_FIELD
Choose a password
Choose a password
INPUT_PASSWORD_REQUIRED
INPUT_PASSWORD_REQUIRED
hXXp://trk.airinstaller.com/get/event/?name=user_input
hXXp://trk.airinstaller.com/get/event/?name=user_input
&data[password]=
&data[password]=
$password
$password
password=
password=
userInputForm.html
userInputForm.html
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Referer: hXXp://VVV.mypcbackup.com/
Referer: hXXp://VVV.mypcbackup.com/
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
" onclick="disableOfferOptions(this.form)" > Quick Installation (recomended)
" onclick="disableOfferOptions(this.form)" > Quick Installation (recomended)
" onclick="enableOfferOptions(this.form)" > Custom Installation (advanced)
" onclick="enableOfferOptions(this.form)" > Custom Installation (advanced)
, you are hereby agreeing to their
' onclick='disableOfferOptions(this.form)' >
' onclick='enableOfferOptions(this.form)' >
' onclick='enableOfferOptions(this.form)' >
installer_temp.html
installer_temp.html
theme\software\software.html
theme\software\software.html
onblur="if(this.value==''){this.value='Email address';this.style.color='#AAAAAA';}"
onblur="if(this.value==''){this.value='Email address';this.style.color='#AAAAAA';}"
onfocus="if(this.value=='Email address'){this.value='';this.style.color='#333333';}"
onfocus="if(this.value=='Email address'){this.value='';this.style.color='#333333';}"
onclick="if(this.value=='Email address'){this.value='';this.style.color='#333333';}"
onclick="if(this.value=='Email address'){this.value='';this.style.color='#333333';}"
onblur="if(this.value==''){this.value='Full name';this.style.color='#AAAAAA';}"
onblur="if(this.value==''){this.value='Full name';this.style.color='#AAAAAA';}"
onfocus="if(this.value=='Full name'){this.value='';this.style.color='#333333';}"
onfocus="if(this.value=='Full name'){this.value='';this.style.color='#333333';}"
onclick="if(this.value=='Full name'){this.value='';this.style.color='#333333';}"
onclick="if(this.value=='Full name'){this.value='';this.style.color='#333333';}"
>
>
onblur="if(this.value==''){this.value='Choose a password';this.style.color='#AAAAAA';}"
onblur="if(this.value==''){this.value='Choose a password';this.style.color='#AAAAAA';}"
onfocus="if(this.value=='Choose a password'){this.value='';this.style.color='#333333';}"
onfocus="if(this.value=='Choose a password'){this.value='';this.style.color='#333333';}"
onclick="if(this.value=='Choose a password'){this.value='';this.style.color='#333333';}"
onclick="if(this.value=='Choose a password'){this.value='';this.style.color='#333333';}"
%_INPUT_PASSWORD_%
%_INPUT_PASSWORD_%
DOWNLOAD_URL>
DOWNLOAD_URL>
src="theme/images/btn_next.png"
src="theme/images/btn_next.png"
installed.ini
installed.ini
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
\Uninstaller.exe
\Uninstaller.exe
%s%s%s
%s%s%s
Offer exe_cmd:
Offer exe_cmd:
Offer exe_eval:
Offer exe_eval:
Offer download_url:
Offer download_url:
Offer impression_url:
Offer impression_url:
Offer conversion_url:
Offer conversion_url:
Offer check: passed: does not exist at:
Offer check: passed: does not exist at:
" onclick="disableOfferOptions(this.form)" > Quick (recommended)
" onclick="disableOfferOptions(this.form)" > Quick (recommended)
" onclick="enableOfferOptions(this.form)" > Advanced
" onclick="enableOfferOptions(this.form)" > Advanced
c:\%original file name%.exe
c:\%original file name%.exe
hXXp://airinstaller.com
hXXp://airinstaller.com
DEFAULTs h hXXp://trk.airinstaller.com 051703a20f2ff4
DEFAULTs h hXXp://trk.airinstaller.com 051703a20f2ff4
hXXp://trk.airinstaller.com q a
hXXp://trk.airinstaller.com q a
chrome
chrome
2.0.3.87
2.0.3.87
ADownload Manager
ADownload Manager
All Files (*.*)
All Files (*.*)
No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.
No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.
#Unable to load mail system support.
#Unable to load mail system support.
Note that if you choose to recover the auto-saved documents, you must explicitly save them to overwrite the original documents. If you choose to not recover the auto-saved versions, they will be deleted.fRecover the auto-saved documents
Note that if you choose to recover the auto-saved documents, you must explicitly save them to overwrite the original documents. If you choose to not recover the auto-saved versions, they will be deleted.fRecover the auto-saved documents
%s [Recovered]
%s [Recovered]
AirInstaller.exe
AirInstaller.exe
%original file name%.exe_1756_rwx_00401000_0024B000:
f;T$.uBf
f;T$.uBf
t.hHXY
t.hHXY
t'SShl
t'SShl
tFHt:Ht.Ht"Hu`
tFHt:Ht.Ht"Hu`
j%XtL9E
j%XtL9E
u$SShe
u$SShe
FTCP
FTCP
u.PhT
u.PhT
SSSSh
SSSSh
tAHt.HHt
tAHt.HHt
SSh@B
SSh@B
FtPW
FtPW
tl9_ tgSSh
tl9_ tgSSh
s%j.Zf
s%j.Zf
xSSSh
xSSSh
FTPjKS
FTPjKS
FtPj;S
FtPj;S
C.PjRV
C.PjRV
X;
X;
%s>
%s>
%s='%s'
%s='%s'
%s="%s"
%s="%s"
standalone="%s"
standalone="%s"
encoding="%s"
encoding="%s"
version="%s"
version="%s"
CNotSupportedException
CNotSupportedException
CCmdTarget
CCmdTarget
RegDeleteKeyTransactedW
RegDeleteKeyTransactedW
CHttpConnection
CHttpConnection
CHttpFile
CHttpFile
RegDeleteKeyExW
RegDeleteKeyExW
TaskDialogIndirect
TaskDialogIndirect
CMDITabProxyWnd
CMDITabProxyWnd
CMDIChildWndEx
CMDIChildWndEx
CMDIFrameWndEx
CMDIFrameWndEx
CMDIClientAreaWnd
CMDIClientAreaWnd
CMFCToolBarsKeyboardPropertyPage
CMFCToolBarsKeyboardPropertyPage
GetProcessWindowStation
GetProcessWindowStation
portuguese-brazilian
portuguese-brazilian
Visual C CRT: Not enough memory to complete call to strerror.
Visual C CRT: Not enough memory to complete call to strerror.
Broken pipe
Broken pipe
Inappropriate I/O control operation
Inappropriate I/O control operation
Operation not permitted
Operation not permitted
Keys
Keys
RegOpenKeyTransactedW
RegOpenKeyTransactedW
run_cmd
run_cmd
RegCreateKeyTransactedW
RegCreateKeyTransactedW
background: url('hXXp://cdn.airdlrstatic.com/themes/images/modal-overlay.png') repeat;
background: url('hXXp://cdn.airdlrstatic.com/themes/images/modal-overlay.png') repeat;
overlay = document.getElementById('modal-overlay');
overlay = document.getElementById('modal-overlay');
if (overlay.style.display === 'none' && !display) {
if (overlay.style.display === 'none' && !display) {
overlay.style.display = display;
overlay.style.display = display;
if(document.getElementById('page0')){
if(document.getElementById('page0')){
document.getElementById('page0').style.visibility = 'visible';
document.getElementById('page0').style.visibility = 'visible';
document.getElementById('page0').style.display = 'block';
document.getElementById('page0').style.display = 'block';
document.getElementById('page' currentPage).style.visibility = 'hidden';
document.getElementById('page' currentPage).style.visibility = 'hidden';
document.getElementById('page' currentPage).style.display = 'none';
document.getElementById('page' currentPage).style.display = 'none';
document.getElementById('page' currentPage).style.visibility = 'visible';
document.getElementById('page' currentPage).style.visibility = 'visible';
document.getElementById('page' currentPage).style.display = 'block';
document.getElementById('page' currentPage).style.display = 'block';
var formsCollection = document.getElementsByTagName("form");
var formsCollection = document.getElementsByTagName("form");
for (var i = 0; i
for (var i = 0; i
var formName = formsCollection[i].name;
var formName = formsCollection[i].name;
//alert('formName: ' formName ' ' document.forms[formName].elements);
//alert('formName: ' formName ' ' document.forms[formName].elements);
if( typeof document.forms[formName].elements !== 'undefined' ){
if( typeof document.forms[formName].elements !== 'undefined' ){
for (var e = 0; e
for (var e = 0; e
if (document.forms[formName].elements[e].type == "button") {
if (document.forms[formName].elements[e].type == "button") {
if (document.forms[formName].elements[e].value == "Next" ||
if (document.forms[formName].elements[e].value == "Next" ||
document.forms[formName].elements[e].value == "Done" ||
document.forms[formName].elements[e].value == "Done" ||
document.forms[formName].elements[e].name == "Next"
document.forms[formName].elements[e].name == "Next"
document.forms[formName].elements[e].focus();
document.forms[formName].elements[e].focus();
for (var e = 0; e
for (var e = 0; e
if (offerForm.elements[e].type == "checkbox") {
if (offerForm.elements[e].type == "checkbox") {
offerForm.elements[e].disabled = 'disabled';
offerForm.elements[e].disabled = 'disabled';
for (var e = 0; e
for (var e = 0; e
if (offerForm.elements[e].type == "checkbox"
if (offerForm.elements[e].type == "checkbox"
&& offerForm.elements[e].name != "main" ) {
&& offerForm.elements[e].name != "main" ) {
offerForm.elements[e].checked = true;
offerForm.elements[e].checked = true;
var all = document.getElementsByTagName('*');
var all = document.getElementsByTagName('*');
for(var i=0; i
for(var i=0; i
var hide_options_element = document.getElementById('hidden_options');
var hide_options_element = document.getElementById('hidden_options');
hide_options_element.style.visibility = 'hidden';
hide_options_element.style.visibility = 'hidden';
if (offerForm.elements[e].type == "checkbox" && offerForm.elements[e].name != "main" ) {
if (offerForm.elements[e].type == "checkbox" && offerForm.elements[e].name != "main" ) {
offerForm.elements[e].disabled = '';
offerForm.elements[e].disabled = '';
for(var i=0; i
for(var i=0; i
var hide_options_element = document.getElementById('hidden_options');
var hide_options_element = document.getElementById('hidden_options');
hide_options_element.style.visibility = 'visible';
hide_options_element.style.visibility = 'visible';
if (requiredCheckbox.checked == true) {
if (requiredCheckbox.checked == true) {
for (var e = 0; e
for (var e = 0; e
if (requiredCheckbox.form.elements[e] != requiredCheckbox
if (requiredCheckbox.form.elements[e] != requiredCheckbox
&& requiredCheckbox.form.elements[e].type == "checkbox"
&& requiredCheckbox.form.elements[e].type == "checkbox"
&& requiredCheckbox.form.elements[e].name != "main"
&& requiredCheckbox.form.elements[e].name != "main"
&& ( "required" in requiredCheckbox.form.elements[e] && requiredCheckbox.form.elements[e].required.indexOf("false") > -1)
&& ( "required" in requiredCheckbox.form.elements[e] && requiredCheckbox.form.elements[e].required.indexOf("false") > -1)
requiredCheckbox.form.elements[e].checked = true;
requiredCheckbox.form.elements[e].checked = true;
requiredCheckbox.form.elements[e].checked = false;
requiredCheckbox.form.elements[e].checked = false;
if (nonRequiredCheckbox.checked == true) {
if (nonRequiredCheckbox.checked == true) {
for (var e = 0; e
for (var e = 0; e
if (nonRequiredCheckbox.form.elements[e] != nonRequiredCheckbox
if (nonRequiredCheckbox.form.elements[e] != nonRequiredCheckbox
&& nonRequiredCheckbox.form.elements[e].type == "checkbox"
&& nonRequiredCheckbox.form.elements[e].type == "checkbox"
&& nonRequiredCheckbox.form.elements[e].name != "main"
&& nonRequiredCheckbox.form.elements[e].name != "main"
&& ( "required" in nonRequiredCheckbox.form.elements[e] && nonRequiredCheckbox.form.elements[e].required.indexOf("true") > -1)
&& ( "required" in nonRequiredCheckbox.form.elements[e] && nonRequiredCheckbox.form.elements[e].required.indexOf("true") > -1)
nonRequiredCheckbox.form.elements[e].checked = true;
nonRequiredCheckbox.form.elements[e].checked = true;
e = nonRequiredCheckbox.form.elements.length; // done
e = nonRequiredCheckbox.form.elements.length; // done
function clickIE() {if (document.all) {(message);return false;}}
function clickIE() {if (document.all) {(message);return false;}}
(document.layers||(document.getElementById&&!document.all)) {
(document.layers||(document.getElementById&&!document.all)) {
if (e.which==2||e.which==3) {(message);return false;}}}
if (e.which==2||e.which==3) {(message);return false;}}}
if (document.layers)
if (document.layers)
{document.captureEvents(Event.MOUSEDOWN);document.onmousedown=clickNS;}
{document.captureEvents(Event.MOUSEDOWN);document.onmousedown=clickNS;}
else{document.onmouseup=clickNS;document.oncontextmenu=clickIE;}
else{document.onmouseup=clickNS;document.oncontextmenu=clickIE;}
document.oncontextmenu=new Function("return false")
document.oncontextmenu=new Function("return false")
document.onselectstart=new Function ("return false")
document.onselectstart=new Function ("return false")
if (window.sidebar){
if (window.sidebar){
document.onmousedown=disableselect
document.onmousedown=disableselect
document.onclick=reEnable
document.onclick=reEnable
span.advanced { color:#AAAAAA; padding:0px; }
span.advanced { color:#AAAAAA; padding:0px; }
inflate 1.1.3 Copyright 1995-1998 Mark Adler
inflate 1.1.3 Copyright 1995-1998 Mark Adler
CMDIChildWnd
CMDIChildWnd
CMDIFrameWnd
CMDIFrameWnd
lX-X-x-XX-XXXXXX
lX-X-x-XX-XXXXXX
hXXp://
hXXp://
DWININET.DLL
DWININET.DLL
GHTTP/1.0
GHTTP/1.0
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp
kernel32.dll
kernel32.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
Hf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
Hf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp
mfcm100u.dll
mfcm100u.dll
Hf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
Hf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
SHELL32.DLL
SHELL32.DLL
lXXxXXXXXXXX
lXXxXXXXXXXX
%sMFCToolBar-%d%x
%sMFCToolBar-%d%x
%sMFCToolBar-%d
%sMFCToolBar-%d
%sMFCToolBarParameters
%sMFCToolBarParameters
TOOLBAR_RESETKEYBAORD
TOOLBAR_RESETKEYBAORD
&%d %s
&%d %s
ole32.dll
ole32.dll
COMCTL32.DLL
COMCTL32.DLL
%sPane-%d%x
%sPane-%d%x
%sPane-%d
%sPane-%d
USER32.DLL
USER32.DLL
%sBasePane-%d%x
%sBasePane-%d%x
%sBasePane-%d
%sBasePane-%d
MSG_CHECKEMPTYMINIFRAME
MSG_CHECKEMPTYMINIFRAME
windows
windows
KeyboardManager
KeyboardManager
ShowCmd
ShowCmd
O%c%d%c%s
O%c%d%c%s
%sDockingManager-%d
%sDockingManager-%d
%sDockablePaneAdapter-%d%x
%sDockablePaneAdapter-%d%x
%sDockablePaneAdapter-%d
%sDockablePaneAdapter-%d
OHex={X,X,X}
OHex={X,X,X}
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleipfrm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleipfrm.cpp
%sMDIClientArea-%d
%sMDIClientArea-%d
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\viewcore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\viewcore.cpp
Rf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledrop2.cpp
Rf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledrop2.cpp
RIH%sMFCOutlookBar-%d%x
RIH%sMFCOutlookBar-%d%x
%sMFCOutlookBar-%d
%sMFCOutlookBar-%d
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olestrm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olestrm.cpp
TRICHED20.DLL
TRICHED20.DLL
RGB(%d, %d, %d)
RGB(%d, %d, %d)
ENABLE_KEYS
ENABLE_KEYS
KEYS_MENU
KEYS_MENU
KEYS
KEYS
mscoree.dll
mscoree.dll
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
D%Program Files% (x86)\Microsoft Visual Studio 10.0\VC\atlmfc\include\afxwin1.inl
D%Program Files% (x86)\Microsoft Visual Studio 10.0\VC\atlmfc\include\afxwin1.inl
%s (%s:%d)
%s (%s:%d)
UxTheme.dll
UxTheme.dll
dwmapi.dll
dwmapi.dll
d%s:%x:%x:%x:%x
d%s:%x:%x:%x:%x
Shell32.dll
Shell32.dll
Download Url:
Download Url:
theme w: %d h: %d window w: %d h: %d
theme w: %d h: %d window w: %d h: %d
intro_page.html
intro_page.html
feed.xml
feed.xml
installer.html
installer.html
.html
.html
block.html
block.html
download_page.html
download_page.html
cancel_page.html
cancel_page.html
offer_0.html
offer_0.html
_USER_PASSWORD_
_USER_PASSWORD_
Command succeded. Calling conversion URL.
Command succeded. Calling conversion URL.
summary_page.html
summary_page.html
%Program Files% (x86)
%Program Files% (x86)
%Program Files%
%Program Files%
%.2f %s
%.2f %s
hXXp://cdn.airdlrstatic.com/uninstaller/Uninstaller.zip
hXXp://cdn.airdlrstatic.com/uninstaller/Uninstaller.zip
INPUT_PASSWORD_FIELD
INPUT_PASSWORD_FIELD
Choose a password
Choose a password
INPUT_PASSWORD_REQUIRED
INPUT_PASSWORD_REQUIRED
hXXp://trk.airinstaller.com/get/event/?name=user_input
hXXp://trk.airinstaller.com/get/event/?name=user_input
&data[password]=
&data[password]=
$password
$password
password=
password=
userInputForm.html
userInputForm.html
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Referer: hXXp://VVV.mypcbackup.com/
Referer: hXXp://VVV.mypcbackup.com/
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
" onclick="disableOfferOptions(this.form)" > Quick Installation (recomended)
" onclick="disableOfferOptions(this.form)" > Quick Installation (recomended)
" onclick="enableOfferOptions(this.form)" > Custom Installation (advanced)
" onclick="enableOfferOptions(this.form)" > Custom Installation (advanced)
, you are hereby agreeing to their
' onclick='disableOfferOptions(this.form)' >
' onclick='enableOfferOptions(this.form)' >
' onclick='enableOfferOptions(this.form)' >
installer_temp.html
installer_temp.html
theme\software\software.html
theme\software\software.html
onblur="if(this.value==''){this.value='Email address';this.style.color='#AAAAAA';}"
onblur="if(this.value==''){this.value='Email address';this.style.color='#AAAAAA';}"
onfocus="if(this.value=='Email address'){this.value='';this.style.color='#333333';}"
onfocus="if(this.value=='Email address'){this.value='';this.style.color='#333333';}"
onclick="if(this.value=='Email address'){this.value='';this.style.color='#333333';}"
onclick="if(this.value=='Email address'){this.value='';this.style.color='#333333';}"
onblur="if(this.value==''){this.value='Full name';this.style.color='#AAAAAA';}"
onblur="if(this.value==''){this.value='Full name';this.style.color='#AAAAAA';}"
onfocus="if(this.value=='Full name'){this.value='';this.style.color='#333333';}"
onfocus="if(this.value=='Full name'){this.value='';this.style.color='#333333';}"
onclick="if(this.value=='Full name'){this.value='';this.style.color='#333333';}"
onclick="if(this.value=='Full name'){this.value='';this.style.color='#333333';}"
>
>
onblur="if(this.value==''){this.value='Choose a password';this.style.color='#AAAAAA';}"
onblur="if(this.value==''){this.value='Choose a password';this.style.color='#AAAAAA';}"
onfocus="if(this.value=='Choose a password'){this.value='';this.style.color='#333333';}"
onfocus="if(this.value=='Choose a password'){this.value='';this.style.color='#333333';}"
onclick="if(this.value=='Choose a password'){this.value='';this.style.color='#333333';}"
onclick="if(this.value=='Choose a password'){this.value='';this.style.color='#333333';}"
%_INPUT_PASSWORD_%
%_INPUT_PASSWORD_%
DOWNLOAD_URL>
DOWNLOAD_URL>
src="theme/images/btn_next.png"
src="theme/images/btn_next.png"
installed.ini
installed.ini
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
\Uninstaller.exe
\Uninstaller.exe
%s%s%s
%s%s%s
Offer exe_cmd:
Offer exe_cmd:
Offer exe_eval:
Offer exe_eval:
Offer download_url:
Offer download_url:
Offer impression_url:
Offer impression_url:
Offer conversion_url:
Offer conversion_url:
Offer check: passed: does not exist at:
Offer check: passed: does not exist at:
" onclick="disableOfferOptions(this.form)" > Quick (recommended)
" onclick="disableOfferOptions(this.form)" > Quick (recommended)
" onclick="enableOfferOptions(this.form)" > Advanced
" onclick="enableOfferOptions(this.form)" > Advanced
c:\%original file name%.exe
c:\%original file name%.exe
hXXp://airinstaller.com
hXXp://airinstaller.com
DEFAULTs h hXXp://trk.airinstaller.com 051703a20f2ff4
DEFAULTs h hXXp://trk.airinstaller.com 051703a20f2ff4
hXXp://trk.airinstaller.com q a
hXXp://trk.airinstaller.com q a
chrome
chrome
2.0.3.87
2.0.3.87
ADownload Manager
ADownload Manager
All Files (*.*)
All Files (*.*)
No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.
No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.
#Unable to load mail system support.
#Unable to load mail system support.
Note that if you choose to recover the auto-saved documents, you must explicitly save them to overwrite the original documents. If you choose to not recover the auto-saved versions, they will be deleted.fRecover the auto-saved documents
Note that if you choose to recover the auto-saved documents, you must explicitly save them to overwrite the original documents. If you choose to not recover the auto-saved versions, they will be deleted.fRecover the auto-saved documents
%s [Recovered]
%s [Recovered]