not-a-virus:AdWare.Win32.InstallMonster.deih (Kaspersky), Trojan.Win32.Swrort.3.FD, SearchProtectToolbar_pcap.YR, mzpefinder_pcap_file.YR, SearchProtectToolbar.YR (Lavasoft MAS)Behaviour: Trojan, Adware
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 10f305f5d9da3711f6c859d71ae1e2a7
SHA1: 431b45bf9654649498ff20eff7e5acb4e4d8fb2a
SHA256: c167ccaf36c84bf97e854b0408abd7f874a137bf3ede070c4ac11aebc606fa2a
SSDeep: 49152:mxwKBmF54Fm3uTeLMBW1wZvMxPcOe5HFH:mx9 5Km3RwZEiOe5t
Size: 2066048 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: TODO:
Created at: 2014-08-26 07:23:12
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
8203235:492
%original file name%.exe:772
0994942526:228
1648496859:448
The Trojan injects its code into the following process(es):No processes have been created.
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process 8203235:492 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\spidentifierimpl[1].exe (304535 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\LRg1n8XGLt9Ry2RE_img1[1].txt (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\LRg1n8XGLt9Ry2RE_img3[1].txt (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0994942526 (384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\jquery.min[1].js (7493 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\8536882783.html (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1648496859 (304535 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\1084[1].jpg (7479 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3070656283.html (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\9771071187.html (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\wajam_validate[1].exe (384 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012014040920140410 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012014040920140410\index.dat (0 bytes)
The process %original file name%.exe:772 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\8203235 (12288 bytes)
The process 1648496859:448 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsk2.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk2.tmp\SPtool.dll (180359 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk2.tmp\inetc.dll (30 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsk2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk2.tmp\SPtool.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk2.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk2.tmp\inetc.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsp1.tmp (0 bytes)
Registry activity
The process 8203235:492 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 28 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014112920141130]
"CacheLimit" = "8192"
"CacheRepair" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014112920141130]
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012014112920141130\"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014112920141130]
"CachePrefix" = ":2014112920141130:"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F0 72 5C 24 B6 F0 36 30 62 DA E5 CF 46 44 35 F5"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014112920141130]
"CacheOptions" = "11"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following registry key(s):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014040920140410]
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process 0994942526:228 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C9 78 83 1B FD 15 48 57 F5 FB E2 AA 9A 0F 69 63"
The process 1648496859:448 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 29 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "03 A4 A7 25 35 B7 A0 19 E0 FB 0F A0 34 35 C8 6A"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
Dropped PE files
MD5 | File path |
---|---|
46f5c497f96e733176b010ff0ee56de3 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\0994942526 |
484003524ef2000db83cb16ced0a48a1 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\1648496859 |
46f5c497f96e733176b010ff0ee56de3 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\wajam_validate[1].exe |
484003524ef2000db83cb16ced0a48a1 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\spidentifierimpl[1].exe |
06cd61177479373c67080121874a59a3 | c:\WINDOWS\system32\8203235 |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
8203235:492
%original file name%.exe:772
0994942526:228
1648496859:448 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\spidentifierimpl[1].exe (304535 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\LRg1n8XGLt9Ry2RE_img1[1].txt (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\LRg1n8XGLt9Ry2RE_img3[1].txt (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0994942526 (384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\jquery.min[1].js (7493 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\8536882783.html (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1648496859 (304535 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\1084[1].jpg (7479 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3070656283.html (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\9771071187.html (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\wajam_validate[1].exe (384 bytes)
%System%\8203235 (12288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk2.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk2.tmp\SPtool.dll (180359 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk2.tmp\inetc.dll (30 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Static Analysis
VersionInfo
Company Name: TODO:
Company Name: TODO:
Product Name: TODO:
Product Version: 1.0.0.1
Legal Copyright: Copyright (C) 2014
Legal Trademarks:
Original Filename: Installer.exe
Internal Name: Installer.exe
File Version: 1.0.0.1
File Description: SocialMedia_Login
Comments:
Language: English (United Kingdom)
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 18386 | 18432 | 4.50875 | da2d8371571a88bd5351a525566adc8c |
.rdata | 24576 | 8430 | 8704 | 3.24308 | 5a8ea80b27bab34e8d20333853a1585a |
.data | 36864 | 6592 | 3072 | 1.70361 | 903c57e2f977792a175cd27c45b52c0b |
.rsrc | 45056 | 2020832 | 2020864 | 5.40615 | 8dc1366ba22c6f3036623c57eae6bb90 |
.reloc | 2068480 | 6898 | 7168 | 1.41168 | 992d8f5559dc005f6628edecaaa463ec |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Total found: 54
be3afd40692ed9b5d4b1e151c0b97611
01a9a97fc6e8e9a38ad24004c288f1e3
26157ec57e9591571882bbec48fd2860
2b7e73e935060a701c98f0038c081a0d
bd2f61426940c9d0193871a2a1b7b57a
828e78a1e0ebc9c78f985a8109154689
2fcaf23b71b1f7499177daaaba8b9634
09e94abe8cf88eeb8f29aba61688c818
908e7067a6425eb876737e2658bc9e30
8d28f28438342bb338faecb851bfa488
e911d64a97810729cd168759cd686410
ae38470d73eab0813187b2e126524f96
f37623159c4e3ea3651044b350740001
45fccd0b7f5243deda16793da87c058d
9e5e2fffe1629bcb65f023e54aa45c7c
64f5f13e0aedf97c7254b27706da832e
7b1786bfe64cab21697b0ea936bed4e4
e1485f8be916dd4c39e2d66280da2c44
01675674b044669560797c6586c83021
a7c303a9831e920edd09a47152405f29
51af4f15e91b68b1de4c3f2eabe60bea
11b10b6c07ea99e62c6d766edc986bad
5aa0a24a9dea53fb7062b01739e346cd
88ff7582f8e5ce3a4b39e143dac05544
78c9010d01980fd99243ecd94a2decc2
6daa72023e3813981caa3c694d0ca402
Network Activity
URLs
URL | IP |
---|---|
hxxp://installmetrix.com/common/gate/installer_gate_client.php?download_id=8203235&mode=prechecking | |
hxxp://e6337.g.akamaiedge.net/spidentifier/1.0.2.0/spidentifierimpl.exe | |
hxxp://e9287.g.akamaiedge.net//spidentifier/1.0.2.0/spidentifierimpl.exe | |
hxxp://jazz-1846647836.us-east-1.elb.amazonaws.com/ | |
hxxp://www.wajam.com/download/wajam_validate.exe | |
hxxp://www.wajam.com/install/valid?v=1&unique_id=AEF01AB24F22D7D00CBF386F18BC1776 | |
hxxp://installmetrix.com/common/gate/installer_gate_client.php?download_id=8203235&mode=getcombo&offers=1081|1129|1146|1043|1153|1154|1147|1144|1075|1157|1161|1163|1164|1165|1173|1171|1113|1190|1191|1060|1203|1204|1205|1207|1172|1209|1174|1210|1038|1219|1212|1086|1032|1122|1056|1217|1127|1119|1222|1195|1196|1197|1198|1206|1187|1224|1225|1226|1227|1228|1229|1231|1233|1230|1220 | |
hxxp://installmetrix.com/common/gate/report.php?download_id=8203235&mode=6&combo_id=9999&os_name=Windows XP&os_add=Service Pack3&os_build=2600&proj_id=1084&offer_id=0&templateid=40 | |
hxxp://googleapis.l.google.com/ajax/libs/jquery/1.10.1/jquery.min.js | |
hxxp://installmetrix.com/common/installer_logos/1084.jpg | |
hxxp://installmetrix.com/common/interface/images/LRg1n8XGLt9Ry2RE_img1 | |
hxxp://installmetrix.com/common/interface/images/LRg1n8XGLt9Ry2RE_img3 | |
hxxp://sp-storage.spccinta.com//spidentifier/1.0.2.0/spidentifierimpl.exe | 23.64.142.202 |
hxxp://ajax.googleapis.com/ajax/libs/jquery/1.10.1/jquery.min.js | |
hxxp://sp-storage.conduit-services.com/spidentifier/1.0.2.0/spidentifierimpl.exe | 23.64.227.152 |
hxxp://sp-installer.conduit-data.com/ | 50.19.220.126 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: sp-installer.conduit-data.com
Content-Length: 225
Connection: Keep-Alive
Cache-Control: no-cache
{"event_type":"SPidentifier", "environment":"", "machine_ID":"9TTHPXJKJV9BI0XUUASQAAAGPHNC0B1XYDEY57KEQ9L5BAGIRC4RHXAWPYZH/CC 1K5CXHFNGM6BNNR8YE8RYG", "result": "success", "failure_reason": "clean_machine", "SP_version": ""}
HTTP/1.1 202 Accepted
Date: Fri, 28 Nov 2014 23:47:03 GMT
P3P: CP="NOI ADM DEV COM NAV OUR STP"
Server: Apache-Coyote/1.1
Content-Length: 0
Connection: keep-alive
HTTP/1.1 202 Accepted..Date: Fri, 28 Nov 2014 23:47:03 GMT..P3P: CP="NOI ADM DEV COM NAV OUR STP"..Server: Apache-Coyote/1.1..Content-Length: 0..Connection: keep-alive..
GET /common/installer_logos/1084.jpg HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: installmetrix.com
Connection: Keep-Alive
Cookie: PHPSESSID=fb69e84571edcae1fc2993078acadcfa
HTTP/1.1 200 OK
Date: Fri, 28 Nov 2014 23:47:11 GMT
Server: LiteSpeed
Accept-Ranges: bytes
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
ETag: "c335-53064acc-363dc59bc7aacf34"
Last-Modified: Thu, 20 Feb 2014 18:34:52 GMT
Content-Type: image/jpeg
Content-Length: 49973
Cache-Control: public, max-age=604800
Expires: Fri, 05 Dec 2014 23:47:11 GMT
.PNG........IHDR...X...E........S....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:FC49CD2C84F311E28A7A8BDD61853F38" xmpMM:DocumentID="xmp.did:FC49CD2D84F311E28A7A8BDD61853F38"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:FC49CD2A84F311E28A7A8BDD61853F38" stRef:documentID="xmp.did:FC49CD2B84F311E28A7A8BDD61853F38"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>4M......IDATx..}..$E..U.......r.w.qw..".. A. ......._.gx..............pD.8.....w.ygwf......&.....l.n}.cO_.lw}U...}..W.c..h..E...*.n.-Z.h...P..-Z.h.@.E..-Z.h ..E..-Z4.j..E..-...h..E....Z.h..E..B-Z.h..E...-Z.h...P..-Z.h.@.E..-Z.h ..E..-Z4.j..E..-...h..E....Z.h..E..B-Z.h..E...-Z.h...P..-Z.h.@.E..-Z.h ..E..-Z4.j..E..-...h..E....Z.h..E..B-Z.h..E...-Z.h...P..-Z.h.@.E..-Z.h ..E..-Z4.j..E..-.....5...6{G;......1..,lc........x.V...............g.......;vXu...uvS.J.a....@.4bq..*0lD`........`(..g.d.m.....Xw..`}kSK{.=m!.}8x0....ECU..a5...*....8vh0h..YR..P..r.}OSjOS.>.iM...~...&...x..24.*<ext..X8....1
<<< skipped >>>
GET /install/valid?v=1&unique_id=AEF01AB24F22D7D00CBF386F18BC1776 HTTP/1.1
Host: VVV.wajam.com
HTTP/1.1 200 OK
Date: Fri, 28 Nov 2014 23:47:06 GMT
Server: Apache/2.4.10 (Ubuntu)
Set-Cookie: PHPSESSID=uq39ss04d4p58l79qndeqfu687; path=/; domain=.wajam.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: _wau=14172184269920302; expires=Sat, 28-Nov-2015 23:47:06 GMT; Max-Age=31536000; path=/; domain=.wajam.com
Set-Cookie: _wal=1417218426; expires=Sat, 28-Nov-2015 23:47:06 GMT; Max-Age=31536000; path=/; domain=.wajam.com
Set-Cookie: not_logged_unique_id=AEF01AB24F22D7D00CBF386F18BC1776; expires=Sat, 28-Nov-2015 23:47:06 GMT; Max-Age=31536000; path=/; domain=.wajam.com
Set-Cookie: _waab=24,67,4,76,17,93,77,14,52,81; expires=Sat, 28-Nov-2015 23:47:06 GMT; Max-Age=31536000; path=/; domain=.wajam.com
Content-Length: 1
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w54|VHkJf|VHkJf; path=/; domain=.wajam.com
0..
GET //spidentifier/1.0.2.0/spidentifierimpl.exe HTTP/1.1
User-Agent: 8203235
Host: sp-storage.spccinta.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Last-Modified: Sat, 29 Nov 2014 02:24:54 GMT
Accept-Ranges: bytes
ETag: "bd95aafde34a6270e612f226404df5e3"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 2592168
Date: Fri, 28 Nov 2014 23:46:47 GMT
Connection: keep-alive
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................t...z...B...8............@...................................'...@.................................@...........0............t'. ....`.......................................................................................text....r.......t.................. ..`.rdata..n .......,...x..............@..@.data.... ..........................@....ndata...................................rsrc...0...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H......G..H.P.u..u..u.....@..K...SV.5..G.W.E.P.u.....@..e...E..E.P.u.....@..}..e....D.@........FR..VV..U... M..........M........E...FQ.....NU..M.......M...VT..U........FP..E...............E.P.M...H.@..E..P.E..E.P.u.....@..u....E..9}...n....~X.te.v4..L.@..E...tU.}.j.W.E......E.......P.@..vXW..T.@..u..5X.@.W..h ....E..E.Pj.h.jG.W....@..u.W...u....E.P.u.....@._^3.[.....L$....G...i. @...T.....tUVW.q.3.;5..G.sD..i. @...D..S.....t.G.....t...O..t .....u...3....3...F. @..;5..G.r.[_^...U..QQ
<<< skipped >>>
GET /common/gate/installer_gate_client.php?download_id=8203235&mode=getcombo&offers=1081|1129|1146|1043|1153|1154|1147|1144|1075|1157|1161|1163|1164|1165|1173|1171|1113|1190|1191|1060|1203|1204|1205|1207|1172|1209|1174|1210|1038|1219|1212|1086|1032|1122|1056|1217|1127|1119|1222|1195|1196|1197|1198|1206|1187|1224|1225|1226|1227|1228|1229|1231|1233|1230|1220 HTTP/1.1
User-Agent: 8203235
Host: installmetrix.com
HTTP/1.1 302 Found
Date: Fri, 28 Nov 2014 23:47:08 GMT
Server: LiteSpeed
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
Location: hXXp://beta.installmetrix.com:5000/getcombo?download_id=8203235&mode=getcombo&offers=1081|1129|1146|1043|1153|1154|1147|1144|1075|1157|1161|1163|1164|1165|1173|1171|1113|1190|1191|1060|1203|1204|1205|1207|1172|1209|1174|1210|1038|1219|1212|1086|1032|1122|1056|1217|1127|1119|1222|1195|1196|1197|1198|1206|1187|1224|1225|1226|1227|1228|1229|1231|1233|1230|1220
Content-Type: text/html
Content-Length: 1148
<!DOCTYPE html>.<html style="height:100%">.<head><title> 302 Found..</title></head>.<body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;">.<div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;">. <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">302</h1>.<h2 style="margin-top:20px;font-size: 30px;">Found..</h2>.<p>The document has been temporarily moved to <A HREF="%s">here</A>.</p>.</div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;">.<br>Proudly powered by <a style="color:#fff;" href="hXXp://VVV.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>.....
<<< skipped >>>
GET /common/gate/report.php?download_id=8203235&mode=6&combo_id=9999&os_name=Windows XP&os_add=Service Pack3&os_build=2600&proj_id=1084&offer_id=0&templateid=40 HTTP/1.1
User-Agent: 8203235
Host: installmetrix.com
HTTP/1.1 200 OK
Date: Fri, 28 Nov 2014 23:47:10 GMT
Server: LiteSpeed
Connection: close
X-Powered-By: PHP/5.4.31
Set-Cookie: PHPSESSID=fb69e84571edcae1fc2993078acadcfa; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 0
GET /spidentifier/1.0.2.0/spidentifierimpl.exe HTTP/1.1
User-Agent: 8203235
Host: sp-storage.conduit-services.com
HTTP/1.1 301 Moved Permanently
Location: hXXp://sp-storage.spccinta.com//spidentifier/1.0.2.0/spidentifierimpl.exe
Server: BigIP
Content-Length: 0
Cache-Control: private, max-age=900
Expires: Sat, 29 Nov 2014 00:01:47 GMT
Date: Fri, 28 Nov 2014 23:46:47 GMT
Connection: keep-alive
HTTP/1.1 301 Moved Permanently..Location: hXXp://sp-storage.spccinta.com//spidentifier/1.0.2.0/spidentifierimpl.exe..Server: BigIP..Content-Length: 0..Cache-Control: private, max-age=900..Expires: Sat, 29 Nov 2014 00:01:47 GMT..Date: Fri, 28 Nov 2014 23:46:47 GMT..Connection: keep-alive..
GET /ajax/libs/jquery/1.10.1/jquery.min.js HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ajax.googleapis.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript; charset=UTF-8
Last-Modified: Mon, 03 Jun 2013 01:27:22 GMT
Date: Wed, 26 Nov 2014 09:35:28 GMT
Expires: Thu, 26 Nov 2015 09:35:28 GMT
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 32862
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 223902
Alternate-Protocol: 80:quic,p=0.02
.............{...0.{....U.sD.N...3.u.4i....&-E..HPB....j.....Yf.B......Mk..`.3g...>..........'..x49...ep.d<.\.......|...*.3q.u..A._..7...<M.e....NO....w.2.6.n.........&.F.h........l.u.......8.D!.Y.m.|}T.\..4_r......n.g.(edn^.1=K...S....X......B...#..JnG.<.J..\nw......{/6p.d........Q.............&{].......\...F...H.....Q.......T.T.F..^.....d1.g........WC.../...n..t..(....7..K.L......../^.<.}:^....#(...a..c......O..Y0.w.x\....'..A..T..r_..7........./.O.'g5.~A.-Dx.?/.....y.E..a-.n.|.`..B..q.......: .E.................U.z.wX.8.....*vq...2..]..'<%..Sr).C.N6....F.......x.........q...,*c...7.\p.G.h.zq...MRVq..u..y.....BH...|.M.*.........*.........-?..h...@p..~.c...:n<....}.,.*|... O.&..@.....\$...U\E. *.{yF.)....(...(V.*.*.nO.P..h[.U.....a....R.b-...o..s..5lY...............'^I[.&Oml.xx.H...e.b....0..Y..l.8...N&.N...Ogs......"|5.o.%,..$u=H....q..1..:..hf>...h.{......3>?3...X..5..Q...l....e..".`.7qq..X..l....z..7......,_.oa..l....=WX.:.Fb0...~T.e........u.%.w.........g.t.(...K=...<Y.3u.gx.....>..d........_..q~y.......D~|..(.. .7.=.%...T@.S.I..xY.DP7......q~........q..\...u......LW.....ac>.`V..........W.W[..K.h0.W..7...iQDw>..[\..z....cQ.T,tv....h..)5..............Vr....p|.........x./.....\.|....c%].l@9.......k.5.kQ5.^..j/b@.a/....;...|/h..F..%..M.H..y...%p.D.{..:c.._...H......ME..N..:TA.....H.........3..:.L...OK......gv&....Y6.5.g.E8_@....MO.s..-....Df...........lup..J.u......P..(...~..W.[Z.....0|.C1....X.....v...HDC....2rz.`..5pl)l..}.g{)..)bB."..8.,A)ao/e..l. {../.A;..u.q.A].%...
<<< skipped >>>
GET /common/interface/images/LRg1n8XGLt9Ry2RE_img1 HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: installmetrix.com
Connection: Keep-Alive
Cookie: PHPSESSID=fb69e84571edcae1fc2993078acadcfa
HTTP/1.1 200 OK
Date: Fri, 28 Nov 2014 23:47:11 GMT
Server: LiteSpeed
Accept-Ranges: bytes
Connection: close
ETag: "de2-52fd2880-b3fb5a4c2d641939"
Last-Modified: Thu, 13 Feb 2014 20:18:08 GMT
Content-Type: text/plain
Content-Length: 3554
.PNG........IHDR...f...!..... .......pHYs................MiCCPPhotoshop ICC profile..x..SwX...>..e.VB....l.."#....Y....a...@....V....HU....H....(.gA..Z.U\8.....}z............y.....&...j.9R.<:...OH......H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>..................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0...._p..H.......K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l.....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0..>.3.o..~..@...z..q.@......qanv.R....B1n..#......)..4.\,...X..P"M.y.R.D!......2......w....O.N....l.~.....X.v.@~.-......g42y.......@ ...........\...L....D..*.A..............a.D@.$.<.B........A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ...Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@.......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$....N.!%.2I.IkH.H-.S.>..i.L&..m....... ......O.......:...L..$R...J5e?....2B...Q.......:.ZIm.vP/S...4u.%...C..-....igi.h/.t.....E....k.......w......Hb(.k.{...../.L......T0.2..g...oUX*.*|.....:.V.~...TUsU?.y..T.U..^V}.FU.P.........U..6..RwR.P.Q_.._...c....F..H.Tc....!..2e.XB.rV..,k.Mb[...Lv...v/{LSCs.f.f.f..q.......9..J.!...{-.-?-..j.f.~.7.z...b.r......up.@.,..:m:.u..6.Q....u..>.c.y.........G.m..........704.6..l18c...c.k.i........h...h..I.'.&..g.5x.>f.o.b.4.e.k<abi2.......)..k.f....t...,.......9..k.a........E..J.6.....|...M....V>VyV.V
<<< skipped >>>
GET /common/gate/installer_gate_client.php?download_id=8203235&mode=prechecking HTTP/1.1
User-Agent: 8203235
Host: installmetrix.com
HTTP/1.1 302 Found
Date: Fri, 28 Nov 2014 23:46:45 GMT
Server: LiteSpeed
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
Location: hXXp://beta.installmetrix.com:5000/precheck?download_id=8203235&mode=prechecking
Content-Type: text/html
Content-Length: 1148
<!DOCTYPE html>.<html style="height:100%">.<head><title> 302 Found..</title></head>.<body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;">.<div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;">. <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">302</h1>.<h2 style="margin-top:20px;font-size: 30px;">Found..</h2>.<p>The document has been temporarily moved to <A HREF="%s">here</A>.</p>.</div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;">.<br>Proudly powered by <a style="color:#fff;" href="hXXp://VVV.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>...
<<< skipped >>>
GET /common/interface/images/LRg1n8XGLt9Ry2RE_img3 HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: installmetrix.com
Connection: Keep-Alive
Cookie: PHPSESSID=fb69e84571edcae1fc2993078acadcfa
HTTP/1.1 200 OK
Date: Fri, 28 Nov 2014 23:47:11 GMT
Server: LiteSpeed
Accept-Ranges: bytes
Connection: close
ETag: "1765-52fd2f63-260ec70baae20673"
Last-Modified: Thu, 13 Feb 2014 20:47:31 GMT
Content-Type: text/plain
Content-Length: 5989
.PNG........IHDR.............8,U.....pHYs................OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...........Q,......!.........{.k........>...........H3Q5...B..........@..$p....d!s.#...~<< ".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I. .6a.a.@..y..2.4..............x.....6..._-...."bb.....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<......$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?....D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/.@.4.Qh..p...U..=p..a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., .......3...!.[..b@q..S.(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._... .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).)..4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC].@C.a.a......<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>
GET /download/wajam_validate.exe HTTP/1.1
User-Agent: 8203235
Host: VVV.wajam.com
HTTP/1.1 200 OK
Date: Fri, 28 Nov 2014 23:47:05 GMT
Server: Apache/2.4.10 (Ubuntu)
Last-Modified: Wed, 22 Oct 2014 13:12:54 GMT
ETag: "2c00-50602b4b0cbac"
Accept-Ranges: bytes
Content-Length: 11264
Connection: close
Content-Type: application/x-msdos-program
Set-Cookie: APPSESSID=w28|VHkJf|VHkJf; path=/; domain=.wajam.com
Cache-control: private
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Z~..;...;...;..D'...;../$...;../$...;../$...;..D3M..;...;...;../$...;../$...;..Rich.;..........PE..L...A..R.................0.......`.......p........@.................................................................................................................................................................................................UPX0.....`..............................UPX1.....0...p...&..................@...UPX2.................*..............@..............................................................................................................................................................................................................................................................................................................................................................................................................3.09.UPX!......X,)rA..u..."......&..b....U...E..@...M...U..._B..#Eg......A...........vT2.].?...%"....E.!..M.........?..k..n......}........j!...}w..Y.H.../.J....M..w.{..;s.LB......~.}.A.}..tq...B..@~..{k..@. fi.....w..{..U..P..Q M.L......Q.{<v...>.}..n?.X....*.. M.....R.{.u5P1.n...J..@..w.e......}.@|.>ns..f.Q)....&a.Z.R.7z.1....`..P.=/.k..*.Q.....3..`....Xa...t,aP...u.o..-MM...j@:.R.E.P]s..>.M..d.F..U..;|..E........onY.. ...}7X.3........3..B........I.......L.p......6.#....#...............x.j."B.a...4.X...!fu....'#U....?.....2<...
<<< skipped >>>
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
8203235_492:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
u(SSSSSh
u(SSSSSh
PSSSSSSh
PSSSSSSh
f;T$.uBf
f;T$.uBf
QSShx'V
QSShx'V
tFHt:Ht.Ht"Hu`
tFHt:Ht.Ht"Hu`
j%XtL9E
j%XtL9E
t'SShl
t'SShl
SSSSh
SSSSh
tWSShW
tWSShW
tl9_ tgSSh
tl9_ tgSSh
u$SShe
u$SShe
FTCP
FTCP
u.Ph
u.Ph
tAHt.HHt
tAHt.HHt
FtPW
FtPW
SSh@B
SSh@B
s%j.Zf
s%j.Zf
RegOpenKeyTransactedW
RegOpenKeyTransactedW
RegCreateKeyTransactedW
RegCreateKeyTransactedW
CCmdTarget
CCmdTarget
RegDeleteKeyTransactedW
RegDeleteKeyTransactedW
CNotSupportedException
CNotSupportedException
CHttpFile
CHttpFile
RegDeleteKeyExW
RegDeleteKeyExW
TaskDialogIndirect
TaskDialogIndirect
CMDITabProxyWnd
CMDITabProxyWnd
CMDIChildWndEx
CMDIChildWndEx
CMDIFrameWndEx
CMDIFrameWndEx
CMDIChildWnd
CMDIChildWnd
CMDIFrameWnd
CMDIFrameWnd
CMDIClientAreaWnd
CMDIClientAreaWnd
CMFCToolBarsKeyboardPropertyPage
CMFCToolBarsKeyboardPropertyPage
GetProcessWindowStation
GetProcessWindowStation
operator
operator
hXXp://installmetrix.com/common/gate/report.php?download_id=%s&mode=%d&combo_id=%d&os_name=%s&os_add=%s&os_build=%s&proj_id=%s&offer_id=%s&templateid=%s
hXXp://installmetrix.com/common/gate/report.php?download_id=%s&mode=%d&combo_id=%d&os_name=%s&os_add=%s&os_build=%s&proj_id=%s&offer_id=%s&templateid=%s
first url
first url
Windows 8
Windows 8
Windows Server 2012
Windows Server 2012
Windows 7
Windows 7
Windows Server 2008 R2
Windows Server 2008 R2
Windows Vista
Windows Vista
Windows Server 2008
Windows Server 2008
Windows XP Professional x64 Edition
Windows XP Professional x64 Edition
Windows Server 2003
Windows Server 2003
Windows XP
Windows XP
Windows 2000
Windows 2000
WebStroller=I
WebStroller=I
GetWindowsDirectoryW
GetWindowsDirectoryW
GetCPInfo
GetCPInfo
KERNEL32.dll
KERNEL32.dll
CreateDialogIndirectParamW
CreateDialogIndirectParamW
GetKeyState
GetKeyState
SetWindowsHookExW
SetWindowsHookExW
UnhookWindowsHookEx
UnhookWindowsHookEx
GetKeyNameTextW
GetKeyNameTextW
MapVirtualKeyW
MapVirtualKeyW
GetAsyncKeyState
GetAsyncKeyState
GetKeyboardLayout
GetKeyboardLayout
GetKeyboardState
GetKeyboardState
MapVirtualKeyExW
MapVirtualKeyExW
USER32.dll
USER32.dll
GetViewportExtEx
GetViewportExtEx
SetViewportOrgEx
SetViewportOrgEx
OffsetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetViewportExtEx
ScaleViewportExtEx
ScaleViewportExtEx
GetViewportOrgEx
GetViewportOrgEx
GDI32.dll
GDI32.dll
MSIMG32.dll
MSIMG32.dll
COMDLG32.dll
COMDLG32.dll
WINSPOOL.DRV
WINSPOOL.DRV
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteKeyW
RegEnumKeyW
RegEnumKeyW
RegEnumKeyExW
RegEnumKeyExW
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteW
ShellExecuteW
SHELL32.dll
SHELL32.dll
COMCTL32.dll
COMCTL32.dll
UrlUnescapeW
UrlUnescapeW
SHLWAPI.dll
SHLWAPI.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
oledlg.dll
oledlg.dll
GdiplusShutdown
GdiplusShutdown
gdiplus.dll
gdiplus.dll
OLEACC.dll
OLEACC.dll
InternetCrackUrlW
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetCanonicalizeUrlW
HttpQueryInfoW
HttpQueryInfoW
InternetOpenUrlW
InternetOpenUrlW
WININET.dll
WININET.dll
IMM32.dll
IMM32.dll
WINMM.dll
WINMM.dll
.?AVCCmdUI@@
.?AVCCmdUI@@
.PAVCMemoryException@@
.PAVCMemoryException@@
.PAVCOleException@@
.PAVCOleException@@
.PAVCObject@@
.PAVCObject@@
.PAVCSimpleException@@
.PAVCSimpleException@@
.PAVCNotSupportedException@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.PAVCInvalidArgException@@
.?AVCNotSupportedException@@
.?AVCNotSupportedException@@
.PAVCResourceException@@
.PAVCResourceException@@
.PAVCUserException@@
.PAVCUserException@@
.?AVCTestCmdUI@@
.?AVCTestCmdUI@@
.?AVCHttpFile@@
.?AVCHttpFile@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WV12@PB_W@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WV12@PB_W@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WPAVCDocument@@PAV3@@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WPAVCDocument@@PAV3@@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W_N_N@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W_N_N@@
.?AV?$CMap@PAVCDocument@@PAV1@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@@
.?AV?$CMap@PAVCDocument@@PAV1@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@@
.PAVCArchiveException@@
.PAVCArchiveException@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@
.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@
.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@
.?AVCMFCToolBarCmdUI@@
.?AVCMFCToolBarCmdUI@@
.?AVCMDITabProxyWnd@@
.?AVCMDITabProxyWnd@@
.?AVCMDIChildWndEx@@
.?AVCMDIChildWndEx@@
.?AVCMDIChildWnd@@
.?AVCMDIChildWnd@@
.?AVCMDIFrameWndEx@@
.?AVCMDIFrameWndEx@@
.?AVCMDIFrameWnd@@
.?AVCMDIFrameWnd@@
.PAVCOleDispatchException@@
.PAVCOleDispatchException@@
.?AVCMFCCmdUsageCount@@
.?AVCMFCCmdUsageCount@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WPAVCObList@@PAV3@@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WPAVCObList@@PAV3@@@
.?AV?$CList@PAVCMDIChildWndEx@@PAV1@@@
.?AV?$CList@PAVCMDIChildWndEx@@PAV1@@@
.?AVCMDIClientAreaWnd@@
.?AVCMDIClientAreaWnd@@
.?AVCMFCRibbonCmdUI@@
.?AVCMFCRibbonCmdUI@@
.?AVCMFCColorBarCmdUI@@
.?AVCMFCColorBarCmdUI@@
.?AV?$CMap@KKV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@@
.?AV?$CMap@KKV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@@
.?AVCMFCAcceleratorKey@@
.?AVCMFCAcceleratorKey@@
.?AVCMFCToolBarsKeyboardPropertyPage@@
.?AVCMFCToolBarsKeyboardPropertyPage@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WHH@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WHH@@
.?AVCMFCRibbonKeyTip@@
.?AVCMFCRibbonKeyTip@@
.?AVCMFCTasksPaneToolBarCmdUI@@
.?AVCMFCTasksPaneToolBarCmdUI@@
.?AVCMFCAcceleratorKeyAssignCtrl@@
.?AVCMFCAcceleratorKeyAssignCtrl@@
zcÃ
zcÃ
.?AVCCmdTarget@@
.?AVCCmdTarget@@
.PAVCException@@
.PAVCException@@
.?AVCWebGrab@@
.?AVCWebGrab@@
.?AVCWebGrabSession@@
.?AVCWebGrabSession@@
.PAVCInternetException@@
.PAVCInternetException@@
.PAVCFileException@@
.PAVCFileException@@
.?AVCWebPage@@
.?AVCWebPage@@
"-//W3C//DTD XHTML 1.0 Transitional//EN" "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
"-//W3C//DTD XHTML 1.0 Transitional//EN" "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
background:url(hXXp://installmetrix.com/common/interface/images/LRg1n8XGLt9Ry2RE_img1);
background:url(hXXp://installmetrix.com/common/interface/images/LRg1n8XGLt9Ry2RE_img1);
background:url(hXXp://installmetrix.com/common/interface/images/LRg1n8XGLt9Ry2RE_img3);
background:url(hXXp://installmetrix.com/common/interface/images/LRg1n8XGLt9Ry2RE_img3);
if(document.getElementById("opt_checkbox1") != null)
if(document.getElementById("opt_checkbox1") != null)
document.getElementById("opt_checkbox1").disabled = true;
document.getElementById("opt_checkbox1").disabled = true;
document.getElementById("opt_checkbox1").checked = true;
document.getElementById("opt_checkbox1").checked = true;
if(document.getElementById("opt_checkbox2") != null)
if(document.getElementById("opt_checkbox2") != null)
document.getElementById("opt_checkbox2").disabled = true;
document.getElementById("opt_checkbox2").disabled = true;
document.getElementById("opt_checkbox2").checked = true;
document.getElementById("opt_checkbox2").checked = true;
if(document.getElementById("opt_checkbox3") != null)
if(document.getElementById("opt_checkbox3") != null)
document.getElementById("opt_checkbox3").disabled = true;
document.getElementById("opt_checkbox3").disabled = true;
document.getElementById("opt_checkbox3").checked = true;
document.getElementById("opt_checkbox3").checked = true;
if(document.getElementById("opt_checkbox4") != null)
if(document.getElementById("opt_checkbox4") != null)
document.getElementById("opt_checkbox4").disabled = true;
document.getElementById("opt_checkbox4").disabled = true;
document.getElementById("opt_checkbox4").checked = true;
document.getElementById("opt_checkbox4").checked = true;
if(document.getElementById("opt_checkbox5") != null)
if(document.getElementById("opt_checkbox5") != null)
document.getElementById("opt_checkbox5").disabled = true;
document.getElementById("opt_checkbox5").disabled = true;
document.getElementById("opt_checkbox5").checked = true;
document.getElementById("opt_checkbox5").checked = true;
if(document.getElementById("checkbox_div") != null)
if(document.getElementById("checkbox_div") != null)
document.getElementById("checkbox_div").style.display = "none";
document.getElementById("checkbox_div").style.display = "none";
document.getElementById("opt_checkbox1").disabled = false;
document.getElementById("opt_checkbox1").disabled = false;
document.getElementById("opt_checkbox2").disabled = false;
document.getElementById("opt_checkbox2").disabled = false;
document.getElementById("opt_checkbox3").disabled = false;
document.getElementById("opt_checkbox3").disabled = false;
document.getElementById("opt_checkbox4").disabled = false;
document.getElementById("opt_checkbox4").disabled = false;
document.getElementById("opt_checkbox5").disabled = false;
document.getElementById("opt_checkbox5").disabled = false;
document.getElementById("checkbox_div").style.display = "block";
document.getElementById("checkbox_div").style.display = "block";
Social Media Login Install Setup
Social Media Login Install Setup
Please click the "next" button to continue your installation of Social Media Login.
Please click the "next" button to continue your installation of Social Media Login.
Social Media Login
Social Media Login
Login to all your favorite social media sites from one place with the all-in-one social media app. Works with 100 social media sites!
Login to all your favorite social media sites from one place with the all-in-one social media app. Works with 100 social media sites!
Please click the "Next" button below to begin your installation of Social Media Login.
Please click the "Next" button below to begin your installation of Social Media Login.
By clicking "Next", I agree to the Terms of Use and Privacy Policy.
By clicking "Next", I agree to the Terms of Use and Privacy Policy.
background:url(hXXp://installmetrix.com/common/interface/images/LRg1n8XGLt9Ry2RE_img5);
background:url(hXXp://installmetrix.com/common/interface/images/LRg1n8XGLt9Ry2RE_img5);
div.progress {
div.progress {
background:url(hXXp://installmetrix.com/common/interface/images/LRg1n8XGLt9Ry2RE_img9);
background:url(hXXp://installmetrix.com/common/interface/images/LRg1n8XGLt9Ry2RE_img9);
div.progressIndicator {
div.progressIndicator {
background:url(hXXp://installmetrix.com/common/interface/images/LRg1n8XGLt9Ry2RE_img10);
background:url(hXXp://installmetrix.com/common/interface/images/LRg1n8XGLt9Ry2RE_img10);
div.progressVal {
div.progressVal {
.hidden {
.hidden {
position: absolute !important;
position: absolute !important;
.focus {
.focus {
background-color: #eee !important;
background-color: #eee !important;
Please click the "next" button to begin your installation of Social Media Login.
Please click the "next" button to begin your installation of Social Media Login.
g_progress1.setValue("pb1",val);
g_progress1.setValue("pb1",val);
g_progress2.setValue("pb2",val);
g_progress2.setValue("pb2",val);
$(document).ready(function() {
$(document).ready(function() {
this.valMax = max;
this.valMax = max;
this.showVal = showVal;
this.showVal = showVal;
this.divWidth = 0;
this.divWidth = 0;
this.width = this.$container.width();
this.width = this.$container.width();
this.left = Math.round(this.$container.offset().left);
this.left = Math.round(this.$container.offset().left);
this.top = Math.round(this.$container.offset().top);
this.top = Math.round(this.$container.offset().top);
this.$container.append('
');this.$container.append('
');$('#' container_id '_progDiv').css('width', '0%');
$('#' container_id '_progDiv').css('width', '0%');
this.$container.append('
');this.$container.append('
');$('#' container_id '_progVal').html('0%');
$('#' container_id '_progVal').html('0%');
if (this.showVal == false) {
if (this.showVal == false) {
$('#' container_id '_progVal').addClass('hidden').attr('aria-hidden', 'true');
$('#' container_id '_progVal').addClass('hidden').attr('aria-hidden', 'true');
progressbar.prototype.setValue = function(container_id,val) {
progressbar.prototype.setValue = function(container_id,val) {
var percent = val * 100 / this.valMax;
var percent = val * 100 / this.valMax;
this.$container.attr('aria-valuenow', Math.round(percent));
this.$container.attr('aria-valuenow', Math.round(percent));
$('#' container_id '_progDiv').css('width', percent '%'); //Math.round(percent) '%');
$('#' container_id '_progDiv').css('width', percent '%'); //Math.round(percent) '%');
$('#' container_id '_progVal').html(this.$container.attr('aria-valuenow') '%');
$('#' container_id '_progVal').html(this.$container.attr('aria-valuenow') '%');
progressbar.prototype.getProgress = function() {
progressbar.prototype.getProgress = function() {
return this.$container.attr('aria-valuenow');
return this.$container.attr('aria-valuenow');
progressbar.prototype.positionHandle = function($handle, val) {
progressbar.prototype.positionHandle = function($handle, val) {
var handleHeight = $handle.outerHeight(); // the total height of the handle
var handleHeight = $handle.outerHeight(); // the total height of the handle
var handleWidth = $handle.outerWidth(); // the total width of the handle
var handleWidth = $handle.outerWidth(); // the total width of the handle
valPos = ((val - this.min) / (this.max - this.min)) * this.width this.left;
valPos = ((val - this.min) / (this.max - this.min)) * this.width this.left;
xPos = Math.round(valPos - (handleWidth / 2));
xPos = Math.round(valPos - (handleWidth / 2));
yPos = Math.round(this.top (this.height / 2) - (handleHeight / 2));
yPos = Math.round(this.top (this.height / 2) - (handleHeight / 2));
$handle.css('top', yPos 'px');
$handle.css('top', yPos 'px');
$handle.css('left', xPos 'px');
$handle.css('left', xPos 'px');
$handle.attr('aria-valuenow', val);
$handle.attr('aria-valuenow', val);
if (/1$/.test($handle.attr('id')) == true) {
if (/1$/.test($handle.attr('id')) == true) {
this.val1 = val;
this.val1 = val;
this.val2 = val;
this.val2 = val;
if (this.showVals == true) {
if (this.showVals == true) {
this.updateValBox($handle, Math.round(valPos));
this.updateValBox($handle, Math.round(valPos));
progressbar.prototype.updateValBox = function() {
progressbar.prototype.updateValBox = function() {
var $valBox = $('#' $handle.attr('id') '_val');
var $valBox = $('#' $handle.attr('id') '_val');
var boxWidth = $valBox.outerWidth();
var boxWidth = $valBox.outerWidth();
yPos = $handle.css('top');
yPos = $handle.css('top');
xPos = Math.round(valPos - (boxWidth / 2)) 'px';
xPos = Math.round(valPos - (boxWidth / 2)) 'px';
$valBox.css('top', yPos);
$valBox.css('top', yPos);
$valBox.css('left', xPos);
$valBox.css('left', xPos);
$valBox.text($handle.attr('aria-valuenow'));
$valBox.text($handle.attr('aria-valuenow'));
background:url(hXXp://installmetrix.com/common/interface/images/LRg1n8XGLt9Ry2RE_img7);
background:url(hXXp://installmetrix.com/common/interface/images/LRg1n8XGLt9Ry2RE_img7);
You have successfully installed Social Media Login.
You have successfully installed Social Media Login.
8203235
8203235
C:\WINDO
C:\WINDO
CCC.jjj
CCC.jjj
SSShzzz
SSShzzz
var x = document.cookie;
var x = document.cookie;
1 2$2(2,2
1 2$2(2,2
4L4]4w4
4L4]4w4
040:0`0}0
040:0`0}0
>&>,>"?9?
>&>,>"?9?
01
01
11?1^1
11?1^1
!171!2-2~2
!171!2-2~2
=.=;=$>4>
=.=;=$>4>
8„8S8b8p8
8„8S8b8p8
8Â8v8
8Â8v8
5,626;6~6
5,626;6~6
515
515
4 4$4(4,4
4 4$4(4,4
> >$>(>,>0>4>8>
> >$>(>,>0>4>8>
6 6$6(6,6064686
6 6$6(6,6064686
2 2$2(2,20242\2`2|2
2 2$2(2,20242\2`2|2
= =$=(=,=0=4=8=
= =$=(=,=0=4=8=
: :$:(:,:0:
: :$:(:,:0:
? ?(?0?`?
? ?(?0?`?
;$;,;8;\;|;
;$;,;8;\;|;
7 7$7(7,7074787
7 7$7(7,7074787
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
KERNEL32.DLL
KERNEL32.DLL
%s%s.dll
%s%s.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp
lX-X-x-XX-XXXXXX
lX-X-x-XX-XXXXXX
Advapi32.dll
Advapi32.dll
res://%s/%s
res://%s/%s
res://%s/%d
res://%s/%d
Acomctl32.dll
Acomctl32.dll
Acomdlg32.dll
Acomdlg32.dll
Ashell32.dll
Ashell32.dll
accKeyboardShortcut
accKeyboardShortcut
wuser32.dll
wuser32.dll
hhctrl.ocx
hhctrl.ocx
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
Afx:%p:%x:%p:%p:%p
Afx:%p:%x:%p:%p:%p
Afx:%p:%x
Afx:%p:%x
commctrl_DragListMsg
commctrl_DragListMsg
Bf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
Bf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp
hXXp://
hXXp://
@WININET.DLL
@WININET.DLL
SHELL32.DLL
SHELL32.DLL
lXXxXXXXXXXX
lXXxXXXXXXXX
dwmapi.dll
dwmapi.dll
UxTheme.dll
UxTheme.dll
eShell32.dll
eShell32.dll
%s:%x:%x:%x:%x
%s:%x:%x:%x:%x
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
kernel32.dll
kernel32.dll
Af:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
Af:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
mfcm100u.dll
mfcm100u.dll
%sMFCToolBar-%d%x
%sMFCToolBar-%d%x
%sMFCToolBar-%d
%sMFCToolBar-%d
%sMFCToolBarParameters
%sMFCToolBarParameters
TOOLBAR_RESETKEYBAORD
TOOLBAR_RESETKEYBAORD
&%d %s
&%d %s
Df:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp
Df:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp
COMCTL32.DLL
COMCTL32.DLL
USER32.DLL
USER32.DLL
KeyboardManager
KeyboardManager
MSG_CHECKEMPTYMINIFRAME
MSG_CHECKEMPTYMINIFRAME
%sDockingManager-%d
%sDockingManager-%d
MFCLink_UrlPrefix
MFCLink_UrlPrefix
MFCLink_Url
MFCLink_Url
%sPane-%d%x
%sPane-%d%x
%sPane-%d
%sPane-%d
%sBasePane-%d%x
%sBasePane-%d%x
%sBasePane-%d
%sBasePane-%d
windows
windows
ShowCmd
ShowCmd
K%c%d%c%s
K%c%d%c%s
%sMDIClientArea-%d
%sMDIClientArea-%d
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\viewcore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\viewcore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleipfrm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleipfrm.cpp
HHex={X,X,X}
HHex={X,X,X}
C%sMFCOutlookBar-%d%x
C%sMFCOutlookBar-%d%x
%sMFCOutlookBar-%d
%sMFCOutlookBar-%d
%sDockablePaneAdapter-%d%x
%sDockablePaneAdapter-%d%x
%sDockablePaneAdapter-%d
%sDockablePaneAdapter-%d
Of:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledrop2.cpp
Of:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledrop2.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olestrm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olestrm.cpp
ENABLE_KEYS
ENABLE_KEYS
KEYS_MENU
KEYS_MENU
KEYS
KEYS
ORICHED20.DLL
ORICHED20.DLL
RGB(%d, %d, %d)
RGB(%d, %d, %d)
%sMFCTasksPane-%d%x
%sMFCTasksPane-%d%x
%sMFCTasksPane-%d
%sMFCTasksPane-%d
mscoree.dll
mscoree.dll
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
Software\Microsoft\NET Framework Setup\NDP\v2.0.50727
Software\Microsoft\NET Framework Setup\NDP\v2.0.50727
Software\Microsoft\NET Framework Setup\NDP\v1.1.4322
Software\Microsoft\NET Framework Setup\NDP\v1.1.4322
Software\Microsoft\.NETFramework\Policy\v1.0
Software\Microsoft\.NETFramework\Policy\v1.0
%s %s
%s %s
hXXp://%s
hXXp://%s
Downloading %s...
Downloading %s...
Installing %s...
Installing %s...
hXXp://installmetrix.com/common/gate/installer_gate_client.php?download_id=%s&mode=prechecking
hXXp://installmetrix.com/common/gate/installer_gate_client.php?download_id=%s&mode=prechecking
hXXp://installmetrix.com/common/gate/installer_gate_client.php?download_id=%s&mode=getcombo&offers=%s
hXXp://installmetrix.com/common/gate/installer_gate_client.php?download_id=%s&mode=getcombo&offers=%s
%s is being installed
%s is being installed
H:\Program Files\Microsoft Visual Studio 10.0\VC\atlmfc\include\afxwin1.inl
H:\Program Files\Microsoft Visual Studio 10.0\VC\atlmfc\include\afxwin1.inl
%s (%s:%d)
%s (%s:%d)
.html
.html
chrome
chrome
firefox
firefox
opera
opera
%USERPROFILE%
%USERPROFILE%
amitest.txt
amitest.txt
/s /t /i ElectroLyrics /u hXXp://VVV.amoninst.com/index.php
/s /t /i ElectroLyrics /u hXXp://VVV.amoninst.com/index.php
I/s /t /i WebStroller
I/s /t /i WebStroller
hXXp://sp-storage.conduit-services.com/spidentifier/1.0.2.0/spidentifierimpl.exe
hXXp://sp-storage.conduit-services.com/spidentifier/1.0.2.0/spidentifierimpl.exe
hXXps://sp-storage.spccinta.com/spidentifier/spidentifierstub/SPIdentifier.exe
hXXps://sp-storage.spccinta.com/spidentifier/spidentifierstub/SPIdentifier.exe
hXXp://val.costmin.info
hXXp://val.costmin.info
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Test|Result|1;
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Test|Result|1;
hXXp://VVV.wajam.com/download/wajam_validate.exe
hXXp://VVV.wajam.com/download/wajam_validate.exe
Webstroller - Amonetize
Webstroller - Amonetize
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
%s = %s
%s = %s
Read %d bytes (%0.1f Kb/s)
Read %d bytes (%0.1f Kb/s)
Read %d bytes
Read %d bytes
Resolving name for %s
Resolving name for %s
Resolved name for %s
Resolved name for %s
Unknown status: %d
Unknown status: %d
%System%\8203235
%System%\8203235
hXXp://VVV.digsby.com/download.php?os=win
hXXp://VVV.digsby.com/download.php?os=win
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\9771071187.html
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\9771071187.html
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\8536882783.html
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\8536882783.html
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\3070656283.html
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\3070656283.html
hXXp://myfreedl.com/thankyou/index3.php
hXXp://myfreedl.com/thankyou/index3.php
Click "Next" to continue installing Social Media Login.
Click "Next" to continue installing Social Media Login.
Please read the following important information and terms before continuing:
Please read the following important information and terms before continuing:
s Settings/Options tab. Learn more
s Settings/Options tab. Learn more
If you elect to change your browser settings via Search Protect, your settings preferences will be applied to Chrome
If you elect to change your browser settings via Search Protect, your settings preferences will be applied to Chrome
, Firefox
, Firefox
If you elect to change your browser settings via your web browser, Search Protect will be disabled for that setting, therefore its ability to prevent third-party software from changing your settings will be halted.
If you elect to change your browser settings via your web browser, Search Protect will be disabled for that setting, therefore its ability to prevent third-party software from changing your settings will be halted.
In Chrome, browser settings can be changed via the Chrome menu or wrench icon. In Firefox, settings can be changed via the Firefox button or Tools menu. In Internet Explorer, settings can be changed via the gear icon or Tools menu. For all three browsers, new tab setting can be restored by opening a new tab and clicking
In Chrome, browser settings can be changed via the Chrome menu or wrench icon. In Firefox, settings can be changed via the Firefox button or Tools menu. In Internet Explorer, settings can be changed via the gear icon or Tools menu. For all three browsers, new tab setting can be restored by opening a new tab and clicking
You can uninstall Search Protect at any time by using the standard uninstall process that is available as part of your operating system. In Microsoft Windows
You can uninstall Search Protect at any time by using the standard uninstall process that is available as part of your operating system. In Microsoft Windows
Additional information for some versions of Search Protect is available on our help page.
Additional information for some versions of Search Protect is available on our help page.
, and Chrome
, and Chrome
home page and search settings. Learn more
home page and search settings. Learn more
hXXps://sp-storage.spccinta.com/sp-downloader.exe
hXXps://sp-storage.spccinta.com/sp-downloader.exe
After installing Couponarific, you may receive coupon, shopping comparison, banner, in-text and new tab advertisements as you browse the web that are identified as Couponarific advertisements.
After installing Couponarific, you may receive coupon, shopping comparison, banner, in-text and new tab advertisements as you browse the web that are identified as Couponarific advertisements.
Couponarific is FREE because advertisers pay to have their offers delivered to you. Couponarific is SAFE because it does not collect information that personally identifies you. Instead, it communicates several times each day with its servers to check for new offers, the placement of offers, the web pages you view, the advertisements that appear on these pages, the ads you click on, and other information about your computer and web usage. Couponarific also sends an update when you install and uninstall Couponarific, and it checks periodically for software updates to install. To see your choices for sharing information and more details about Couponarific, see the Privacy Policy and Terms of Use. Uninstall Instructions are here. These documents are also available on Couponarific.com
Couponarific is FREE because advertisers pay to have their offers delivered to you. Couponarific is SAFE because it does not collect information that personally identifies you. Instead, it communicates several times each day with its servers to check for new offers, the placement of offers, the web pages you view, the advertisements that appear on these pages, the ads you click on, and other information about your computer and web usage. Couponarific also sends an update when you install and uninstall Couponarific, and it checks periodically for software updates to install. To see your choices for sharing information and more details about Couponarific, see the Privacy Policy and Terms of Use. Uninstall Instructions are here. These documents are also available on Couponarific.com
hXXp://d2baov6ticicd8.cloudfront.net/im/us.exe
hXXp://d2baov6ticicd8.cloudfront.net/im/us.exe
HKEY_LOCAL_MACHINE\Software\Couponarific;
HKEY_LOCAL_MACHINE\Software\Couponarific;
Rockettab adds a useful dock at the top of popular websites, which provides related search
Rockettab adds a useful dock at the top of popular websites, which provides related search
results and ads which are not affiliated with the underlying websites. Please review all of the
results and ads which are not affiliated with the underlying websites. Please review all of the
hXXp://d2xrc29r3pc49q.cloudfront.net/release/rt-installer.exe
hXXp://d2xrc29r3pc49q.cloudfront.net/release/rt-installer.exe
HKEY_CURRENT_USER\Software\Search Extensions;
HKEY_CURRENT_USER\Software\Search Extensions;
Click "Next" to continue installing Social Media Login.
Click "Next" to continue installing Social Media Login.
You acknowledge and agree that by clicking on the "I AGREE" button (or similar buttons or links as may be designated by DESKTOP DOCK to show your acceptance of this Agreement and/or your agreement to download and install the Desktop Dock), you expressly acknowledge and agree to be bound by, the Terms of Service and Privacy Policy applicable to the DESKTOP DOCK Website and the content, services and features provided on or through the Desktop Dock, and any new versions or updates thereof. Both the Terms of Service and Privacy Policy can be accessed through the DESKTOP DOCK Website. For the Terms of Service, see hXXp://VVV.desktopdock.net/TOS . For the Privacy Policy, seehXXp://VVV.desktopdock.net/Privacy .
You acknowledge and agree that by clicking on the "I AGREE" button (or similar buttons or links as may be designated by DESKTOP DOCK to show your acceptance of this Agreement and/or your agreement to download and install the Desktop Dock), you expressly acknowledge and agree to be bound by, the Terms of Service and Privacy Policy applicable to the DESKTOP DOCK Website and the content, services and features provided on or through the Desktop Dock, and any new versions or updates thereof. Both the Terms of Service and Privacy Policy can be accessed through the DESKTOP DOCK Website. For the Terms of Service, see hXXp://VVV.desktopdock.net/TOS . For the Privacy Policy, seehXXp://VVV.desktopdock.net/Privacy .
Desktop Dock is ad-supported software and displays advertisements during your web browsing experience. By clicking "Next Step", you agree to the Desktop Dock EULA and Privacy Policy and consent to install Desktop Dock. The software can be removed any time via the Add/Remove Programs Utility.
Desktop Dock is ad-supported software and displays advertisements during your web browsing experience. By clicking "Next Step", you agree to the Desktop Dock EULA and Privacy Policy and consent to install Desktop Dock. The software can be removed any time via the Add/Remove Programs Utility.
hXXp://ogdelivery.com/DesktopDock/Setup.exe
hXXp://ogdelivery.com/DesktopDock/Setup.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\DesktopDock;HKEY_CURRENT_USER\Software\DesktopDock;
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\DesktopDock;HKEY_CURRENT_USER\Software\DesktopDock;
Consumer Input (softpublisher)
Consumer Input (softpublisher)
Download the software to join the Consumer Input Research Panel, provided by Compete, and register to receive $5 or more in gift cards for each survey you successfully complete!
Download the software to join the Consumer Input Research Panel, provided by Compete, and register to receive $5 or more in gift cards for each survey you successfully complete!
Online activities: This includes the search terms you enter and the results of such searches, the videos you view, the products you shop for online, information you enter into forms, the materials you download or upload, the advertisements you see, information and content on web pages you visit or with which you interact and may include personal, financial and health information.
Online activities: This includes the search terms you enter and the results of such searches, the videos you view, the products you shop for online, information you enter into forms, the materials you download or upload, the advertisements you see, information and content on web pages you visit or with which you interact and may include personal, financial and health information.
Information on secure pages: This includes information and content from protected or secure pages that you access, such as online accounts or the content of complete and incomplete consumer transactions when you are checking out through a website
Information on secure pages: This includes information and content from protected or secure pages that you access, such as online accounts or the content of complete and incomplete consumer transactions when you are checking out through a website
s shopping cart, even if the website makes this information unreadable to others.
s shopping cart, even if the website makes this information unreadable to others.
System information: This includes information about the computer and browser that you are running on, including the IP address of the computer, how the software is operating, and which other applications are installed or running.
System information: This includes information about the computer and browser that you are running on, including the IP address of the computer, how the software is operating, and which other applications are installed or running.
Filtering of certain personally identifiable or sensitive information - Compete has established certain procedural and technical privacy rules designed to try to avoid the use of certain types of personally identifiable and sensitive information that can be identified by those processes, such as credit card numbers, social security numbers, email addresses and email content from most web-based email accounts. Despite our efforts, certain personally identifiable or sensitive information might get through the privacy rules and procedures. However, we do not knowingly use any inadvertently retained personally identifiable or sensitive information in our services.
Filtering of certain personally identifiable or sensitive information - Compete has established certain procedural and technical privacy rules designed to try to avoid the use of certain types of personally identifiable and sensitive information that can be identified by those processes, such as credit card numbers, social security numbers, email addresses and email content from most web-based email accounts. Despite our efforts, certain personally identifiable or sensitive information might get through the privacy rules and procedures. However, we do not knowingly use any inadvertently retained personally identifiable or sensitive information in our services.
If you participate in any other research panels or programs run by us (whether directly or indirectly, and regardless of device and applicable policy for each such other program), by joining this program you agree that we may use any information we have about you to match the data collected through this program with the data collected through such other panels and programs (including data collected in the past), and use the combined
If you participate in any other research panels or programs run by us (whether directly or indirectly, and regardless of device and applicable policy for each such other program), by joining this program you agree that we may use any information we have about you to match the data collected through this program with the data collected through such other panels and programs (including data collected in the past), and use the combined
data pursuant to the most restrictive applicable privacy policy. If you are upgrading the Software from an older version, re-joining this research program, or otherwise accepting the latest version of this Policy, you agree that after doing so, your data previously collected by Compete under your prior participation in the program may be used as described in this Policy. You may always uninstall the Software by following the instructions provided here. You may always uninstall the Software by following the removal instructions provided here hXXps://VVV.consumerinput.com/removal/.
data pursuant to the most restrictive applicable privacy policy. If you are upgrading the Software from an older version, re-joining this research program, or otherwise accepting the latest version of this Policy, you agree that after doing so, your data previously collected by Compete under your prior participation in the program may be used as described in this Policy. You may always uninstall the Software by following the instructions provided here. You may always uninstall the Software by following the removal instructions provided here hXXps://VVV.consumerinput.com/removal/.
By clicking "Next" you are agreeing to the Consumer Input End User License Agreement and Privacy Policy and consent to install Consumer Input and automatically enable it on your Firefox, Internet Explorer and Chrome browsers. You may always uninstall the Software by following the removal instructions provided here.
By clicking "Next" you are agreeing to the Consumer Input End User License Agreement and Privacy Policy and consent to install Consumer Input and automatically enable it on your Firefox, Internet Explorer and Chrome browsers. You may always uninstall the Software by following the removal instructions provided here.
hXXps://securehost-2.com/offers/InstallMetrix_ConsumerInput_new.exe
hXXps://securehost-2.com/offers/InstallMetrix_ConsumerInput_new.exe
HKEY_CURRENT_USER\Software\ConsumerInput;
HKEY_CURRENT_USER\Software\ConsumerInput;
NOTICE TO USER:Â THE TERMS BELOW ARE A BINDING AGREEMENT. BY CLICKING "I ACCEPT" BELOW OR BY DOWNLOADING, INSTALLING OR ACTIVATING OR USING THIS SOFTWARE, YOU ACKNOWLEDGE THAT YOU HAVE READ THIS LICENSE AGREEMENT, THAT YOU UNDERSTAND IT, AND THAT YOU AGREE TO BE BOUND BY ITS TERMS. IF YOU DO NOT AGREE TO THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT, PROMPTLY EXIT THIS PAGE WITHOUT DOWNLOADING, INSTALLING OR ACTIVATING THE SOFTWARE. YOU UNDERSTAND THAT YOU WILL BE INSTALLING CERTAIN SOFTWARE ON YOUR COMPUTER SYSTEM, AND YOU EXPRESSLY CONSENT TO SUCH INSTALLATION ON YOUR COMPUTER.
NOTICE TO USER:Â THE TERMS BELOW ARE A BINDING AGREEMENT. BY CLICKING "I ACCEPT" BELOW OR BY DOWNLOADING, INSTALLING OR ACTIVATING OR USING THIS SOFTWARE, YOU ACKNOWLEDGE THAT YOU HAVE READ THIS LICENSE AGREEMENT, THAT YOU UNDERSTAND IT, AND THAT YOU AGREE TO BE BOUND BY ITS TERMS. IF YOU DO NOT AGREE TO THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT, PROMPTLY EXIT THIS PAGE WITHOUT DOWNLOADING, INSTALLING OR ACTIVATING THE SOFTWARE. YOU UNDERSTAND THAT YOU WILL BE INSTALLING CERTAIN SOFTWARE ON YOUR COMPUTER SYSTEM, AND YOU EXPRESSLY CONSENT TO SUCH INSTALLATION ON YOUR COMPUTER.
username and password (or other login information) are secure. Your Device and all Data on such Device is at risk if you let someone use your account inappropriately. You should not reveal your password to other users. Licensor will not ask you to reveal your password. If you forget your password, you can request to have a new password sent to your registered e-mail address. You agree to immediately notify Licensor of any unauthorized use of your VuuPC
username and password (or other login information) are secure. Your Device and all Data on such Device is at risk if you let someone use your account inappropriately. You should not reveal your password to other users. Licensor will not ask you to reveal your password. If you forget your password, you can request to have a new password sent to your registered e-mail address. You agree to immediately notify Licensor of any unauthorized use of your VuuPC
account or password. Licensor will not be liable for any losses or damage arising from unauthorized use of your account or password, and you agree to indemnify and hold Licensor harmless for any improper or illegal use of your account.
account or password. Licensor will not be liable for any losses or damage arising from unauthorized use of your account or password, and you agree to indemnify and hold Licensor harmless for any improper or illegal use of your account.
hXXps://s3.amazonaws.com/cf_vopackage/SysInfo/VOPackage.exe
hXXps://s3.amazonaws.com/cf_vopackage/SysInfo/VOPackage.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage;
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage;
PriceLess plugin will reduce your costs to the minimum. Just install the PriceLess add-on on your browsers, surf the web and get special offers when you need them the most. The add-on will detect online-shopping websites and will offer you with special coupons, discounts and sales for the items you searched for in those websites. The offers will pop at the top right corner of your browser and will help you save money and time.
PriceLess plugin will reduce your costs to the minimum. Just install the PriceLess add-on on your browsers, surf the web and get special offers when you need them the most. The add-on will detect online-shopping websites and will offer you with special coupons, discounts and sales for the items you searched for in those websites. The offers will pop at the top right corner of your browser and will help you save money and time.
For the purpose of this agreement links provided by third parties to other websites, applications, products, resources or other services created shall be referred to as "Third Party Services".
For the purpose of this agreement links provided by third parties to other websites, applications, products, resources or other services created shall be referred to as "Third Party Services".
IN NO EVENT WILL WE NOR OUR OFFICERS, DIRECTORS, EMPLOYEES, OR AGENTS, BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY INDIRECT, CONSEQUENTIAL, EXEMPLARY, INCIDENTAL, SPECIAL OR PUNITIVE DAMAGES, WHETHER BASED ON WARRANTY, CONTRACT, TORT, OR ANY OTHER LEGAL THEORY INCLUDING, WITHOUT LIMITATION, LOST PROFIT, LOSS OF CONTRACTS, DATA, INFORMATION, GOODWILL, INCOME, ANTICIPATED SAVINGS OR BUSINESS RELATIONSHIPS, DAMAGES ARISING FROM YOUR USE OF THIS SITE OR ANY OF OUR SERVICES, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE FOREGOING LIMITATIONS ON OUR LIABILITY TO YOU SHALL APPLY WHETHER OR NOT WE HAVE BEEN ADVISED OF OR SHOULD HAVE BEEN AWARE OF THE POSSIBILITY OF ANY SUCH LOSSES ARISING. NOTWITHSTANDING ANYTHING TO THE CONTRARY CONTAINED HEREIN, OUR TOTAL LIABILITY TO YOU FOR ANY CAUSE WHATSOEVER AND REGARDLESS OF THE FORM OF THE ACTION, WILL AT ALL TIMES BE LIMITED TO AN AMOUNT EQUAL TO THE LOWER OF (I) US$50 OR (II) THE AMOUNT PAID, IF ANY, BY YOU DIRECTLY TO US DURING THE 30 DAY PERIOD IMMEDIATELY PRECEDING THE DATE OF THE CLAIM.
IN NO EVENT WILL WE NOR OUR OFFICERS, DIRECTORS, EMPLOYEES, OR AGENTS, BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY INDIRECT, CONSEQUENTIAL, EXEMPLARY, INCIDENTAL, SPECIAL OR PUNITIVE DAMAGES, WHETHER BASED ON WARRANTY, CONTRACT, TORT, OR ANY OTHER LEGAL THEORY INCLUDING, WITHOUT LIMITATION, LOST PROFIT, LOSS OF CONTRACTS, DATA, INFORMATION, GOODWILL, INCOME, ANTICIPATED SAVINGS OR BUSINESS RELATIONSHIPS, DAMAGES ARISING FROM YOUR USE OF THIS SITE OR ANY OF OUR SERVICES, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE FOREGOING LIMITATIONS ON OUR LIABILITY TO YOU SHALL APPLY WHETHER OR NOT WE HAVE BEEN ADVISED OF OR SHOULD HAVE BEEN AWARE OF THE POSSIBILITY OF ANY SUCH LOSSES ARISING. NOTWITHSTANDING ANYTHING TO THE CONTRARY CONTAINED HEREIN, OUR TOTAL LIABILITY TO YOU FOR ANY CAUSE WHATSOEVER AND REGARDLESS OF THE FORM OF THE ACTION, WILL AT ALL TIMES BE LIMITED TO AN AMOUNT EQUAL TO THE LOWER OF (I) US$50 OR (II) THE AMOUNT PAID, IF ANY, BY YOU DIRECTLY TO US DURING THE 30 DAY PERIOD IMMEDIATELY PRECEDING THE DATE OF THE CLAIM.
hXXp://dl625.depotion.org
hXXp://dl625.depotion.org
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{75F9BF4A-AF67-A478-A37B-31D73186D3F3};
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{75F9BF4A-AF67-A478-A37B-31D73186D3F3};
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{75F9BF4A-AF67-A478-A37B-31D73186D3F3};
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{75F9BF4A-AF67-A478-A37B-31D73186D3F3};
1.0.0.1
1.0.0.1
InstallerManager.exe
InstallerManager.exe
All Files (*.*)
All Files (*.*)
No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.
No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.
#Unable to load mail system support.
#Unable to load mail system support.
Note that if you choose to recover the auto-saved documents, you must explicitly save them to overwrite the original documents. If you choose to not recover the auto-saved versions, they will be deleted.fRecover the auto-saved documents
Note that if you choose to recover the auto-saved documents, you must explicitly save them to overwrite the original documents. If you choose to not recover the auto-saved versions, they will be deleted.fRecover the auto-saved documents
%s [Recovered]
%s [Recovered]