not-a-virus:AdWare.MSIL.DomaIQ.ahty (Kaspersky), Application.Bundler.DomaIQ.Q (AdAware), SearchProtectToolbar_pcap.YR (Lavasoft MAS)Behaviour: Adware
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: ce54353defcd2a3e31e25c8ecf6c484e
SHA1: bde28f477d07f36d0c5dbcc8332b25dcbc0af138
SHA256: 44a0f5545202e252701b8bc3117305d27887bca0888306e6ed0d9ab43647853e
SSDeep: 12288:duudwYcGL//JWM01Vfby4QQvRO4mqPeQ9HXD4AQf4CR5TqOM:duewYT/hmflRBmqPeQ93D4AQPjM
Size: 560504 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: download manager
Created at: 2009-12-06 00:50:41
Analyzed on: WindowsXPESX SP3 32-bit
Summary: Adware. Delivers advertising content in a manner or context that may be unexpected and unwanted by users. Many adware applications also perform tracking functions. Users may want to remove adware if they object to such tracking, do not wish to see the advertising caused by the program or are frustrated by its effects on system performance.
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Application creates the following process(es):
rstart.exe:688
%original file name%.exe:1232
The Application injects its code into the following process(es):
e%original file name%.exe:1576
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process e%original file name%.exe:1576 makes changes in the file system.
The Application creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\temp\Browser app shoppinginfo.dfe (734 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\bullet-shortw.gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\screen-olivebrowser.png (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\check.png (398 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\position3C.css (638 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\exe\finish.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\percentage-bg.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\base.css (471 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\vuupc.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\logo-win.jpg (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\temp\Media Player Enhanceinfo.dfe (723 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\doma[1].js (73 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\position1A.css (421 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\bullet-short.gif (54 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\TheBestDeals\info.html (1217 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\temp\TheBestDealsinfo.dfe (750 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\Media Player Enhance\info.html (1219 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\screen-zipper.png (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\config.dll (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\optimizerpro2.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\boton_xl.jpg (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\butplay.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\bg_app.png (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\SM Mystart\info.html (1217 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\more.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\screen-gevideoconverter.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\exe\instalando.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\cross.jpg (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\screen-vafmusic.png (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\temp\SM Mystartinfo.dfe (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\exe\box.html (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\mypcbackup.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\Browser app shopping\info.html (296 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\aartemis.css (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin.dll (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\exe\close.html (384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\progress_small.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\position2B.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\check-close.png (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\Catchall Revizer\info.html (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\butpause.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\temp\Dockings.dfe (2597 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\position3B.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\screen-ifish.png (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\screen-geaudioconverter.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\position2A.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\temp\Browser appinfo.dfe (734 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\temp\templateDisplays.dfe (606 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\Vuupc\info.html (1919 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\temp\templateStyle.dfe (6081 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\browserapp.css (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\temp\PPI OptimizerProinfo.dfe (1902 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\bullet.gif (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\exe\options.html (965 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\MyBackupPc\info.html (1217 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\progress.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\temp\Vuupcinfo.dfe (741 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\screen-printpdf.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\boton.jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\position3A.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\check.jpg (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\mystart.css (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\temp\MyBackupPcinfo.dfe (606 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\optimizerpro-img.png (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\Browser app\info.html (1217 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\screen-vafplayer.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\position4A.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\optimizerpro-logo.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\style.css (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\jquery.min.js (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\screen-miul.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\feven.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\mystart-toolbar-gris.jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\show.png (235 bytes)
%System%\wbem\Logs\wbemprox.log (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\position2C.css (578 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\less.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\progress_small_bg.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\PPI OptimizerPro\info.html (1219 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\thebestdeals.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\position3D.css (539 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\exe\welcome.html (151 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\hide.png (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\mypcbackup.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\temp\Catchall Revizerinfo.dfe (979 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\optimizerpro-logo-big.png (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\exe\group.html (10 bytes)
The process %original file name%.exe:1232 makes changes in the file system.
The Application creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\e%original file name%.exe (5918 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\rstart.exe.config (359 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\installer.exe (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\rstart.exe (1568 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\%original file name%.exe.config (690 bytes)
The Application deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\rstart.exe.config (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsrB2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\rstart.exe (0 bytes)
Registry activity
The process e%original file name%.exe:1576 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 14 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp3res.dll,-20001" = "Diagnose Connection Problems..."
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "e%original file name%.exe"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1376923655"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A2 48 66 1E FC 4F 96 28 60 F7 A4 0B BC FC 54 F6"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
The Application modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Application modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Application modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Application deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process rstart.exe:688 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FA F8 0A A2 FD 99 A6 9D E3 81 AA 9F 69 9F 6C 45"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
The process %original file name%.exe:1232 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D6 1F 4E 09 31 F1 7E CC D8 0A 6B 3C BD F4 A1 4D"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
Dropped PE files
| MD5 | File path |
|---|---|
| a626437b4821f5b37ddc89f479d11a7f | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\e%original file name%.exe |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
rstart.exe:688
%original file name%.exe:1232 - Delete the original Application file.
- Delete or disinfect the following files created/modified by the Application:
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\temp\Browser app shoppinginfo.dfe (734 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\bullet-shortw.gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\screen-olivebrowser.png (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\check.png (398 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\position3C.css (638 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\exe\finish.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\percentage-bg.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\base.css (471 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\vuupc.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\logo-win.jpg (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\temp\Media Player Enhanceinfo.dfe (723 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\doma[1].js (73 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\position1A.css (421 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\bullet-short.gif (54 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\TheBestDeals\info.html (1217 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\temp\TheBestDealsinfo.dfe (750 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\Media Player Enhance\info.html (1219 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\screen-zipper.png (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\config.dll (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\optimizerpro2.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\boton_xl.jpg (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\butplay.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\bg_app.png (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\SM Mystart\info.html (1217 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\more.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\screen-gevideoconverter.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\exe\instalando.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\cross.jpg (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\screen-vafmusic.png (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\temp\SM Mystartinfo.dfe (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\exe\box.html (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\mypcbackup.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\Browser app shopping\info.html (296 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\aartemis.css (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin.dll (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\exe\close.html (384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\progress_small.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\position2B.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\check-close.png (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\Catchall Revizer\info.html (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\butpause.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\temp\Dockings.dfe (2597 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\position3B.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\screen-ifish.png (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\screen-geaudioconverter.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\position2A.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\temp\Browser appinfo.dfe (734 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\temp\templateDisplays.dfe (606 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\Vuupc\info.html (1919 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\temp\templateStyle.dfe (6081 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\browserapp.css (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\temp\PPI OptimizerProinfo.dfe (1902 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\bullet.gif (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\exe\options.html (965 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\MyBackupPc\info.html (1217 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\progress.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\temp\Vuupcinfo.dfe (741 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\screen-printpdf.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\boton.jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\position3A.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\check.jpg (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\mystart.css (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\temp\MyBackupPcinfo.dfe (606 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\optimizerpro-img.png (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\Browser app\info.html (1217 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\screen-vafplayer.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\position4A.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\optimizerpro-logo.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\style.css (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\jquery.min.js (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\screen-miul.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\feven.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\mystart-toolbar-gris.jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\show.png (235 bytes)
%System%\wbem\Logs\wbemprox.log (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\position2C.css (578 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\less.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\progress_small_bg.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\PPI OptimizerPro\info.html (1219 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\thebestdeals.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\position3D.css (539 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\exe\welcome.html (151 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\hide.png (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\mypcbackup.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\temp\Catchall Revizerinfo.dfe (979 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\css\images\optimizerpro-logo-big.png (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\bin\exe\group.html (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\e%original file name%.exe (5918 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\rstart.exe.config (359 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\installer.exe (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\efcbea222c7a44a0adc609f06e3defab\%original file name%.exe.config (690 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| .text | 4096 | 22738 | 23040 | 4.45908 | c69726ed422d3dcfdec9731986daa752 |
| .rdata | 28672 | 4496 | 4608 | 3.59034 | a2c7710fa66fcbb43c7ef0ab9eea5e9a |
| .data | 36864 | 110456 | 1024 | 3.20082 | e59cdcb732e4bfbc84cc61dd68354f78 |
| .ndata | 147456 | 61440 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
| .rsrc | 208896 | 25648 | 26112 | 4.29742 | d25af015f1b708d62c89977f8bfe9711 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Total found: 790
1fd64b26c08904cbfcf8b8d8d94b5ecb
8e9725c08b4fea5755b35de3c0752c9c
20f5b49a961e65250fbaef73347c98ca
1e7ecb4ace87a3c204da95e07f26cd1b
2b315801224cbe96b29fceb936167632
319f55f5dab95ee90e6418c2a40f5055
592f83f8055b37841bd040c6c604d04d
1185a5a79cc9a9ea89c23de5d23f8c08
5d4004f44d76aa93528903ab90bec2bf
ef77ef37fd7829464973f49beca0a831
9ea06e2438e54c943a75fd71de204ed8
67960c3acd5b64cb6355d789d617f15f
7b11b9ef4db26eed8460fb926973ccba
1dff57ecc097f9ce4ca510e55f303498
3e5c113fa8048b7911aec1b768dda33c
0c291eab5c90a35c2c709f028a0b585d
71f00956c175405cf836e32ddf23bda3
5ec787acfd62b8d01a846205b2f473d4
6bc08206e4f327713dded823a41f6e0f
fad41b412733f1e1c1226c4bdcb51d49
8d529db46da0e06a80527e40ffc2251c
10c2e83b145fdc2728c72b2f17491d34
def5024f673c2b72d61da065c4fded80
76d6e290e280e4da6cdb9677621a53e9
f26dea89cd64973e336eb7eab2ee42e7
18d80bc4cb482e19aed3868541fc855e
Network Activity
URLs
| URL | IP |
|---|---|
| hxxp://api.v2.sslsecure1.com/test.html | 204.11.56.26 |
| hxxp://API-XML-1918203848.us-west-2.elb.amazonaws.com/test.html | |
| hxxp://staticrr.tgusrv.com/test.html | |
| hxxp://Track-903226030.us-west-2.elb.amazonaws.com/test.html | |
| hxxp://API-XML-1918203848.us-west-2.elb.amazonaws.com/index.php/api/151/Setup/477/545/English.xml | |
| hxxp://staticrr.tgusrv.com//Dictionaries/English.xml | |
| hxxp://staticrr.tgusrv.com//Styles/Templates/e9c1a9ca_Win_A_Banner_DeclineLink.zip | |
| hxxp://staticrr.tgusrv.com//Displays/Templates/8a204893_Win_A_Banner_DeclineLink.zip | |
| hxxp://staticrr.tgusrv.com//Docking/Docking.zip | |
| hxxp://staticrr.tgusrv.com//Styles/Softwares/70e7b9d8_mystart.zip | |
| hxxp://staticrr.tgusrv.com//Displays/Softwares/222ac0df_display.html | |
| hxxp://staticrr.tgusrv.com//Styles/Softwares/844a2c3b_browserapp.zip | |
| hxxp://staticrr.tgusrv.com//Displays/Softwares/9103144e_display (1).html | |
| hxxp://staticrr.tgusrv.com//Styles/Softwares/9c04a3ed_thebestdeals.zip | |
| hxxp://staticrr.tgusrv.com//Displays/Softwares/c9c92824_display.html | |
| hxxp://staticrr.tgusrv.com//Styles/Softwares/e7bf26c3_mypcbackup.zip | |
| hxxp://staticrr.tgusrv.com//Displays/Softwares/16220985_display.html | |
| hxxp://staticrr.tgusrv.com//Styles/Softwares/db393704_vuupc.zip | |
| hxxp://staticrr.tgusrv.com//Displays/Softwares/1d58e78d_display.html | |
| hxxp://staticrr.tgusrv.com//Styles/Softwares/0ba5df4c_optimizerpro2.zip | |
| hxxp://staticrr.tgusrv.com//Displays/Softwares/7f3e6cee_display.html | |
| hxxp://staticrr.tgusrv.com//Styles/Softwares/03652e13_aartemis.zip | |
| hxxp://staticrr.tgusrv.com//Displays/Softwares/ac80703b_display.html | |
| hxxp://staticrr.tgusrv.com//Styles/Softwares/a616773d_feven.zip | |
| hxxp://staticrr.tgusrv.com//Displays/Softwares/217ec6eb_display.html | |
| hxxp://staticrr.tgusrv.com/sdb/doma.js | |
| hxxp://api.v2.sslsecure2.com/test.html | 204.11.56.26 |
| hxxp://staticrr.paleokits.net//Styles/Softwares/e7bf26c3_mypcbackup.zip | 85.12.5.27 |
| hxxp://staticrr.paleokits.net//Styles/Softwares/9c04a3ed_thebestdeals.zip | 85.12.5.27 |
| hxxp://staticrr.paleokits.net//Styles/Softwares/844a2c3b_browserapp.zip | 85.12.5.27 |
| hxxp://track.v2.sslsecure3.com/test.html | 204.11.56.26 |
| hxxp://api.v2.sslsecure3.com/test.html | 204.11.56.26 |
| hxxp://staticrr.paleokits.net//Displays/Softwares/16220985_display.html | 85.12.5.27 |
| hxxp://staticrr.paleokits.net//Displays/Softwares/222ac0df_display.html | 85.12.5.27 |
| hxxp://staticrr.paleokits.net//Displays/Softwares/217ec6eb_display.html | 85.12.5.27 |
| hxxp://staticrr.paleokits.net//Docking/Docking.zip | 85.12.5.27 |
| hxxp://staticrr.paleokits.net//Styles/Softwares/03652e13_aartemis.zip | 85.12.5.27 |
| hxxp://staticrr.paleokits.net//Displays/Softwares/1d58e78d_display.html | 85.12.5.27 |
| hxxp://staticrr.paleokits.net//Displays/Softwares/9103144e_display (1).html | 85.12.5.27 |
| hxxp://staticrr.paleokits.net//Displays/Softwares/c9c92824_display.html | 85.12.5.27 |
| hxxp://track.v2.sslsecure1.com/test.html | 204.11.56.26 |
| hxxp://staticrr.paleokits.net//Displays/Softwares/7f3e6cee_display.html | 85.12.5.27 |
| hxxp://staticrr.paleokits.net//Styles/Softwares/a616773d_feven.zip | 85.12.5.27 |
| hxxp://staticrr.paleokits.net/test.html | 85.12.5.27 |
| hxxp://staticrr.paleokits.net//Styles/Templates/e9c1a9ca_Win_A_Banner_DeclineLink.zip | 85.12.5.27 |
| hxxp://staticrr.paleokits.net//Displays/Softwares/ac80703b_display.html | 85.12.5.27 |
| hxxp://staticrr.paleokits.net//Styles/Softwares/70e7b9d8_mystart.zip | 85.12.5.27 |
| hxxp://staticrr.paleokits.net//Displays/Templates/8a204893_Win_A_Banner_DeclineLink.zip | 85.12.5.27 |
| hxxp://api.v2.sslsecure4.com/test.html | 54.213.138.138 |
| hxxp://api.v2.sslsecure4.com/index.php/api/151/Setup/477/545/English.xml | 54.213.138.138 |
| hxxp://staticrr.paleokits.net/sdb/doma.js | 85.12.5.27 |
| hxxp://staticrr.paleokits.net//Styles/Softwares/0ba5df4c_optimizerpro2.zip | 85.12.5.27 |
| hxxp://track.v2.sslsecure4.com/test.html | 54.186.105.91 |
| hxxp://staticrr.paleokits.net//Styles/Softwares/db393704_vuupc.zip | 85.12.5.27 |
| hxxp://staticrr.paleokits.net//Dictionaries/English.xml | 85.12.5.27 |
| hxxp://track.v2.sslsecure2.com/test.html | 204.11.56.26 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /sdb/doma.js HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: staticrr.paleokits.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 11 Nov 2014 20:05:16 GMT
Content-Type: application/x-javascript
Content-Length: 2184
Last-Modified: Wed, 07 Aug 2013 11:37:26 GMT
Connection: keep-alive
ETag: "52023176-888"
Accept-Ranges: bytes
.. //muestra una capa y oculta otra.. function changeVisibility(capamostrar,capaocultar) {.. div = document.getElementById(capamostrar);.. div.style.display = "";.. div = document.getElementById(capaocultar);.. div.style.display = "none";.. }.. // funcion para mostrar u ocultar el progreso de la instalacion separado por ofertas.. function mostrardiv() {.. div = document.getElementById('multipleProgress');.. div.sty..
GET /test.html HTTP/1.1
Host: api.v2.sslsecure4.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/html
Date: Tue, 11 Nov 2014 20:04:45 GMT
Server: nginx
Content-Length: 8
Connection: keep-alive
correct.HTTP/1.1 200 OK..Content-Type: text/html..Date: Tue, 11 Nov 2014 20:04:45 GMT..Server: nginx..Content-Length: 8..Connection: keep-alive..correct.....
GET /index.php/api/151/Setup/477/545/English.xml HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: api.v2.sslsecure4.com
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type: text/xml; charset=utf-8
Date: Tue, 11 Nov 2014 20:05:01 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: nginx
Set-Cookie: symfony=rmp3ekhtj5e6t3eeppksdr0sn5; path=/
transfer-encoding: chunked
Connection: keep-alive
371f..<?xml version="1.0" encoding="utf-8"?>...<doma>... <config>... . <time><![CDATA[0.05463695526123]]></time>... . <time3><![CDATA[[0.012609958648682][0.17381596565247][-11-] [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] ]]></time3>... . <time4><![CDATA[52]]></time4>... . <time5><![CDATA[ [0.18646693229675] [0.44606113433838] [0.00013494491577148] [1.0013580322266E-5] [0.049944877624512] ]]></time5>... <formCaption><![CDATA[New Player]]></formCaption>.... <server><![CDATA[hXXp://staticrr.safetydownload.net/]]></server>.... <formControlBox><![CDATA[1]]></formControlBox> ... <urlConfig><![CDATA[Dictionaries/English.xml]]></urlConfig>... <templateUrl><![CDATA[Displays/Templates/8a204893_Win_A_Banner_DeclineLink.zip]]></templateUrl><templateApp></templateApp><styles><![CDATA[Styles/Templates/e9c1a9ca_Win_A_Banner_DeclineLink.zip]]></styles> ... <dockingUrl><![CDATA[Docking/Docking.zip]]></dockingUrl>... <DownloadPath><![CDATA[temp]]></DownloadPath>... <DeleteOnEnd><![CDATA[]]></DeleteOnEnd>... <MultipleBars><![CDATA[]]></MultipleBars>... <declineShowChilds><![CDATA[1]]></declineShowChilds>... <hideWhenInstalling><![CDATA[1]]></hideWhenInstalling>..
<<< skipped >>>
GET /test.html HTTP/1.1
Host: track.v2.sslsecure1.com
Connection: Keep-Alive
HTTP/1.0 500 Internal Server Error
Date: Tue, 11 Nov 2014 20:04:48 GMT
Server: Apache
Set-Cookie: vsid=902vr1632818885129735; expires=Sun, 10-Nov-2019 20:04:48 GMT; path=/; domain=track.v2.sslsecure1.com; httponly
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET /test.html HTTP/1.1
Host: track.v2.sslsecure4.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/html
Date: Tue, 11 Nov 2014 20:04:51 GMT
Server: nginx
Content-Length: 8
Connection: keep-alive
correct...
GET /test.html HTTP/1.1
Host: api.v2.sslsecure1.com
Connection: Keep-Alive
HTTP/1.0 500 Internal Server Error
Date: Tue, 11 Nov 2014 20:04:41 GMT
Server: Apache
Set-Cookie: vsid=918vr1632818814416723; expires=Sun, 10-Nov-2019 20:04:41 GMT; path=/; domain=api.v2.sslsecure1.com; httponly
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET /test.html HTTP/1.1
Host: api.v2.sslsecure3.com
Connection: Keep-Alive
HTTP/1.0 500 Internal Server Error
Date: Tue, 11 Nov 2014 20:04:43 GMT
Server: Apache
Set-Cookie: vsid=924vr1632818837002987; expires=Sun, 10-Nov-2019 20:04:43 GMT; path=/; domain=api.v2.sslsecure3.com; httponly
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET /test.html HTTP/1.1
Host: track.v2.sslsecure3.com
Connection: Keep-Alive
HTTP/1.0 500 Internal Server Error
Date: Tue, 11 Nov 2014 20:04:50 GMT
Server: Apache
Set-Cookie: vsid=917vr1632818906521954; expires=Sun, 10-Nov-2019 20:04:50 GMT; path=/; domain=track.v2.sslsecure3.com; httponly
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET /test.html HTTP/1.1
Host: staticrr.paleokits.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 11 Nov 2014 20:04:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
8..correct...0......
GET //Dictionaries/English.xml HTTP/1.1
Host: staticrr.paleokits.net
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 11 Nov 2014 20:05:05 GMT
Content-Type: text/xml
Content-Length: 626
Last-Modified: Fri, 12 Apr 2013 09:51:55 GMT
Connection: keep-alive
ETag: "5167d93b-272"
Accept-Ranges: bytes
<dictionary>. <installed> Installed </installed> . <installing>Installing</installing> . <installingetc>Installing...</installingetc> . <downloadError>An Error has occurred</downloadError> . <takeFewMinutes>It may take a few seconds</takeFewMinutes> . <confirmExit>Are you sure you want to exit?</confirmExit> . <installClose>Do you want to install the remaining offers?</installClose> . <welcome>Welcome</welcome> . <license>Welcome</license> . <options>Additional Options</options> . <instalando>Installing</instalando> . <finish>Finished</finish>. <downloadingetc>Downloading...</downloadingetc> .</dictionary>HTTP/1.1 200 OK..Server: nginx..Date: Tue, 11 Nov 2014 20:05:05 GMT..Content-Type: text/xml..Content-Length: 626..Last-Modified: Fri, 12 Apr 2013 09:51:55 GMT..Connection: keep-alive..ETag: "5167d93b-272"..Accept-Ranges: bytes..<dictionary>. <installed> Installed </installed> . <installing>Installing</installing> . <installingetc>Installing...</installingetc> . <downloadError>An Error has occurred</downloadError> . <takeFewMinutes>It may take a few seconds</takeFewMinutes> . <confirmExit>Are you sure you want to exit?</confirmExit> . <installClose>Do you want to install the remaining offers?</installClose> . <welcome>Welcome</w
<<< skipped >>>
GET //Styles/Templates/e9c1a9ca_Win_A_Banner_DeclineLink.zip HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 11 Nov 2014 20:05:06 GMT
Content-Type: application/zip
Content-Length: 344899
Last-Modified: Fri, 07 Mar 2014 11:17:00 GMT
Connection: keep-alive
ETag: "5319aaac-54343"
Accept-Ranges: bytes
PK.........YgD..l>9....c......style.css..ko......?....M-G.#q...m...p.-..^...D.... ..w....S")JvrIp-b#.I.3...p.....\....,Z.PZ.......Q..._D.,*.%h.K..a.*..r8......R.s]....<.*T............^.Sx?,QD....A..<._..$.>_..|;<..`........#..!(s...:.....< VC..|].A.6.,.... X,p:u..A.......!.......u...3.}.D...eIVL...9}...j9=;w..-..^,.i0.e.8..... j]..,......,.S.k:....Q...Q1O.....1Jy......y..t...I.rX@.g)*@....J~. F....-.U..,&.P......arr.>%.1..W..........l%..p.W..h.........LJ....<....m..U..........!H..vN`:s........D....{D4..e.i.........%..t...!~\......F..^..Sgt...."...x...<.-.`...t..w..@..8....X.. (."=U.....(....(.....JL-..@...=...W..1.p..2.j..y...rlK.l..{|D....s.%.2....3.\ 'H3.... ......'.....iu....D..D....D!..A.....Q....@..y(`>.3b0?;..1..CW... ..V.W.gd.......R1..2.P.|.......^..p.."...5..L."mF.......R..8...[.PB..#]}F8- .....%E.......F#.D.!....."..:.,.:R\Y...g>...R.u].....B...B....@C./.DP.Zc.....g.d#i.2.A......af.D.4;.@~WW.......&..Srfk.8--.....n..s..b....d).......e..W.d......?l=...5...GG...G......$&..=.......tV.W....p...1........p...xF. ..1..pL.sD....;......._,....3..,....a.....s<.L...<..`.....)9.4...x(...P2...w...e......a....wqIe...6.8.....5..mx.gD.1G.....`.IA...>.X.<.... .~..b..dq..8.^...uN>.d..!...8*.2.W.. .....H.U........7. ...w..D.O_r.W....9....0.F..._..L.........V.VI5Y.s..sZ ]` #%Z..p ..Z .;olx.........M.C..^.....7.......p.....O.6.m.....zd.<..G.,g...Y.j.|..TP...|...d2.r.....K.6......b....vu..|..s.. ... 7.....9'.c..[...sD0C........F..,I..R....IcL._...I ...(ZB....LZ.m.2.....;h
<<< skipped >>>
GET //Displays/Templates/8a204893_Win_A_Banner_DeclineLink.zip HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 11 Nov 2014 20:05:11 GMT
Content-Type: application/zip
Content-Length: 8012
Last-Modified: Mon, 03 Mar 2014 12:55:03 GMT
Connection: keep-alive
ETag: "53147ba7-1f4c"
Accept-Ranges: bytes
PK.........fcDg...............box.html.V.n.6....}.......\.!..E..h.6....~..tl..H..b{E.y..CI.;E2t./...|.J6....D...$u.$..7..:...}>.0v...?.F....p.D. ...K...........x...Cm.,..&^......[.......'...$......?>>.. f.........(...?./>.h..a.).|....Q.*..<N....q...p[....h.@. ..@I\.....c..).Sn,...:8:zu..S...'......K.hC. MVQq[.5"..A..!..e}n!..%.d.Z7.`S.G.C......@.W....hy....66"G!k.y.....1a.%..p6T..M.,....X.n.J_.........^..-:....'..$C...X .V..~...e.)n..V........Kl..!_ ...Rsw"a.N...H\z....5.[.....u.^\.u2%Z...E....&(...J..7..d.....y........RRjk..0V.........J..f".H,..j.i.B...9..O...]...V.H........g......'._z..\.M........L!.M.6.f...dEsl...2.K.J],=X...^.<.F......5.X.b...r..ON......:......c.....jD..l..yOK.O..6m..;.OIEj2>..oj ..=.."....W...c.1....y..f. =......;3....'.c..{..)G.mP.o.m_..J.j.7p5......=.3].....MH..).....<....,....eWE?.n..[........B....A.D9Ae`.......$..JPX...@.Y........V.......|P......~.o1..8..%.15.....q.T...d............1.z..H..'...5B...Y.m1..as..'..6....-..%..s...N.........../q<...F..@R..?..?....V.h....}<R_.......0.%A.l...(..1...~'...........ln....g..5w.....^..b}.0.v.s.?..!.].....i.)....n....fg...T...*/...EHj.K..../..E..!6~...$......t.78...,..A~1.....-......]T...5......oxB1)....E.\ZX.~. .WbX..#......rw...).. U*.U.4.s%...&...Y...3.H."%.s...Ii.q.0.F"'gR>>'..ws......7.......^.y$..............|...Z.yt.k...^.BO.,S......~.O'\..PK.........F.C.2..............close.html]PAN.0.</..09p }.f.x.G.M.."8U.".=N.E .....L2>.....'..4d.:..p..v...E.n0 .a...^2D.....u>z.Q@..N.q[ryK....].c...)...E.f.F.
<<< skipped >>>
GET //Docking/Docking.zip HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 11 Nov 2014 20:05:12 GMT
Content-Type: application/zip
Content-Length: 37048
Last-Modified: Tue, 26 Nov 2013 13:00:11 GMT
Connection: keep-alive
ETag: "52949b5b-90b8"
Accept-Ranges: bytes
PK........1Q.A..T.............position1A.css.....0.D..W\.n....H.Q... .~@l...Ii"*..k.......9..]..t.jp.../.......6.<7Th...5L....}..E.. ....L.S...........V*...8.;r...,6..r..'.?WC......yX.'c............&.XHA...PK........,g.B^P.]............position2A.css.S.N.0.}n..b.K...m$p^v.j%^...~..............!.RB....c.9s.L~f...[r.....y.x..\.V.7d.-..L..}o.3k.........Dp.....99....x...P)3....(..V........EL..I..B.G.A..{.y........en....<.&.l...[..~.U..'..7..sCC.....O.Z....H.J..G.p;...`.>.....-V ..g6R.......qQ%.Ua....E.7>..o...W.....f..k.L.ME.....cTSF.....s|....#..%....| ..hBv...Lqf(..@.w=...~P$<p.E...y.u..........W.k0[...w.Z......fye.../...&Q.....c.q........1.0.g..ay......|.gI....W.4...GJ...R..e...;.....}b.5.3.^\...A[..O.FX..'5o.%r......F..:....PK.........H.@....Z...........position2B.css.Q.N.0.....D..a..Fp.1B............]....mA......$=.|?=.uF.U.....[ot..~...9Ld.Y.......N.y`~................#.||..j)y.(/..n.....^....45.....\.."..k$. ...0..@C'.$....Q..V.:k&.Z%.U ?.X.-..F..E.Ra.<u..;($g...}.......Ah...)...L.*5.Q0(.M.v.....t`....ho..........d/4.p...A.7.....Ee.$*J...S..r.=.<.... l..%.|!j..6..c"...%:.d.......Hen.[xK...O./....U.}fuV..PK.........lMBjre.....B.......position2C.css.....0....S...bL/....A...P}....h3%....nE.*..Y...}.]..FZ.m7s:.%..0MS...PIm.g....7...U..,VK..}....c..c..-b.g.FS...(.P.x.0.\.?\.'TS...k.2!WG4.....#G%l.. .'.{.....ix...B.}a..m..R.v......(.........,..#E.3'8.._....?...z.PK........VG.@! h.............position3A.css..Qo.0....S.:...-..R.........}..N.f|..k...}6Ic.%.:x;.......TT.l....._..Y._]..r._.x..Ppq.C
<<< skipped >>>
GET //Styles/Softwares/70e7b9d8_mystart.zip HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 11 Nov 2014 20:05:12 GMT
Content-Type: application/zip
Content-Length: 4152
Last-Modified: Tue, 03 Jun 2014 10:06:47 GMT
Connection: keep-alive
ETag: "538d9e37-1038"
Accept-Ranges: bytes
PK.........Y.D................images/PK.........Y.D,...I...........images/mystart-toolbar-gris.jpg}T.<........%.K....m63..f.h.s;..e...6.J.....".....R!....pR.RBEr ...?.s......]..y...}..}~?.3q...&....(.M......@.:< $......E...#...........9..T.......1(.4@......0.0.F..M..W..a.@"...j@....L....5..- &$.4.ni.#D.E..,......e.......f......-Q.!D8i1.....#sx......`....x..g..c.....,.@r........k....d6^.n3.....$...mQ....HC...........b........E!.|......... `r..E..... ........?.......SY.?.|.....l.[4...1..p^.CB.Y.s..<....s.pB...s0G...s.0. ......d/:.K.*..........5......@3 .....1..........`.lm0VV.F.&x........b......j..U..._...3..h...`K.6c.C-F&$#kc.Sk[..?......Z.iI..EK.A..Q.wI.gq.G.Z..l}.[..<Ic........E...$.....?.^.....o....@ZV...Y99yy99...$...H.....).C... I.|.R..Ka... ...P@....).R. .2H.....'.......I.B.2Pi9...K....,.[..........2...z....sYm.D<....;...k.*H.........'O..R.....]...$)...X..=.N<.!.o...%.<.A.Zg...D...J..e...8N........QkU...2..f .b?..W..........edO.....B.=.1.....d......6.7..*=.%m9.?.L.;.u ..D...a....6.......PB,ag.3...Z...9.n..kX...t.r.%..M.EBM8.>.lj1..9.....q&.FP.y..7..>.........@....B.0..|.}`......X..; ..6....L.J.".I.F'4.#..%......e.{.mK.14.A.r..uf.f*.N.."..g..-{z.Vm.....|.f.!..}.THn.v[AZMr.L.sg.../.Uk:`s.f...8...b.......4.j43_X.K.<f....P..E.....'3.X'....Zi......M.S..{d.a..O..6&3.%%8.......;F...%l9.. F.S..^..g.....[...GE<......e?..8#u.C..B7.}...}.S.yJ.v...zR...<...>........t.E|.4"..<.p..MIY....~.......g..6....6.=..\R....lp.......*.;..c...h.............7.S....S}......3 t=.U.a.....t..l.
<<< skipped >>>
GET //Displays/Softwares/222ac0df_display.html HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 11 Nov 2014 20:05:12 GMT
Content-Type: text/html
Content-Length: 12475
Last-Modified: Tue, 03 Jun 2014 10:09:14 GMT
Connection: keep-alive
ETag: "538d9eca-30bb"
Accept-Ranges: bytes
<!-- TOOLBAR Mystart v1 ENGLISH -->.<!-- VERSION WIN -->.<div name="container-in" class="position-typenum mystart-win">...<h2 id="titleh">Welcome to the <span name="titulo_descarga"></span> Setup Wizard</h2>. . <h3></h3>. <h4><pre>Follow the on-screen instructions outlined in this wizard to install the new version of <span name="titulo_descarga"></span> and benefit from all the latest features and updates <span name="titulo_descarga"></span> has to offer.</pre></h4>....<div class="imagen-01"></div> . <p>Get the best of the Web delivered to you!</p> . <p>Instantly access tons of apps, games, video and social network directly in your browser, Facebook, Youtube, Shopping, email and so much more!</p>..<div class="options-form">. <div class="options-check">. </div>. <div class="options-radio">. </div>. </div>. . . <div class="textarea">.. PLEASE READ THE FOLLOWING TERMS OF USE CAREFULLY..THIS AGREEMENT IS MEANT TO APPLY TO ANY AND ALL ONLINE CONTENT AND SERVICES, INCLUDING ANY SOFTWARE PRODUCTS OF ANY KIND SUCH AS TOOLBARS, PLUGINS, EXTENSIONS, WIDGETS AND APPS (COLLECTIVELY "Tools") THAT MAY BE DISTRIBUTED OR MADE AVAILABLE BY VISICOM MEDIA INC. ("VISICOM") IN ASSOCIATION WITH THIS DOCUMENT AND THE FOLLOWING TERMS OF USE. BY DOWNLOADING, ACCESSING, INSTALLING AND/OR ACTIVATING ANY O
<<< skipped >>>
GET //Styles/Softwares/844a2c3b_browserapp.zip HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 11 Nov 2014 20:05:12 GMT
Content-Type: application/zip
Content-Length: 734
Last-Modified: Tue, 01 Jul 2014 09:26:57 GMT
Connection: keep-alive
ETag: "53b27ee1-2de"
Accept-Ranges: bytes
PK........YE.D...=....=.......browserapp.css.S.N.1.='R.aJ......j.\@TH\z.U........l.."...I..JI.:....y...}U..:.p...- Nf....n....U......q...ki.(-u..0.>V}8..A.....w_......\'GF.H....?.4.:..e..}?.X.Y....E..._L..>..!..... .......C...R(,/...o.Hx.p.B....s.. ..0KY.=s.'...m...o..8}..Fd.$....b...... b....Y>..<&...%...Jjd....p...XQK.g... ...F.......fp.E..7S>b......"..>.it.W......k..4.E....,).<...H.dk....p.d.....^..'....=.U.v3Q5L......6B...//l.....^........R..t^...fp<I.!....Eb...G............#`/.../PK.........k3C................images/PK..........YE.D...=....=.....$....... .......browserapp.css.. .................\.5.....\.5.....PK...........k3C..............$...............images/.. .........x..,3.....7.......7.....PK........................
GET //Displays/Softwares/9103144e_display (1).html HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 11 Nov 2014 20:05:12 GMT
Content-Type: text/html
Content-Length: 21047
Last-Modified: Tue, 01 Jul 2014 09:28:50 GMT
Connection: keep-alive
ETag: "53b27f52-5237"
Accept-Ranges: bytes
<!-- TOOLBAR browserapp INGL..S -->..<!-- VERSION WIN -->..<div name="container-in" class="position-typenum browserapp-win">...<h2 id="titleh">Welcome to the <span name="titulo_descarga"></span> Setup Wizard</h2>.. .. <h3></h3>.. <h4><pre>Follow the on-screen instructions outlined in this wizard to install the new version of <span name="titulo_descarga"></span> and benefit from all the latest features and updates <span name="titulo_descarga"></span> has to offer.</pre></h4> .. .. <p>Browser-app helps you save time & money on your online shopping. We'll help you find attractive offers while you browse your favorite store.</p>.. <p>You can use your Browser-app with any browser installed on your computer, it is not necessary to install any particular browser just for saving money during online shopping.</p>.. .. <div class="options-form">.. <div class="options-check">.. </div>.. <div class="options-radio">.. </div>.. </div>.. .. <div class="textarea">..Acceptance of Terms of Use..The following license and terms of use (jointly: ...Terms of Use...) govern your access and use of the Browser-app.com.com website (...Site...) and your download, install, access and use of the Browser-app.com Browser Add-On (...Browser-app.com Add-On...) and all Site and Browser-app.com Add-On contained o
<<< skipped >>>
GET //Styles/Softwares/844a2c3b_browserapp.zip HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 11 Nov 2014 20:05:12 GMT
Content-Type: application/zip
Content-Length: 734
Last-Modified: Tue, 01 Jul 2014 09:26:57 GMT
Connection: keep-alive
ETag: "53b27ee1-2de"
Accept-Ranges: bytes
PK........YE.D...=....=.......browserapp.css.S.N.1.='R.aJ......j.\@TH\z.U........l.."...I..JI.:....y...}U..:.p...- Nf....n....U......q...ki.(-u..0.>V}8..A.....w_......\'GF.H....?.4.:..e..}?.X.Y....E..._L..>..!..... .......C...R(,/...o.Hx.p.B....s.. ..0KY.=s.'...m...o..8}..Fd.$....b...... b....Y>..<&...%...Jjd....p...XQK.g... ...F.......fp.E..7S>b......"..>.it.W......k..4.E....,).<...H.dk....p.d.....^..'....=.U.v3Q5L......6B...//l.....^........R..t^...fp<I.!....Eb...G............#`/.../PK.........k3C................images/PK..........YE.D...=....=.....$....... .......browserapp.css.. .................\.5.....\.5.....PK...........k3C..............$...............images/.. .........x..,3.....7.......7.....PK........................
GET //Displays/Softwares/9103144e_display (1).html HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 11 Nov 2014 20:05:13 GMT
Content-Type: text/html
Content-Length: 21047
Last-Modified: Tue, 01 Jul 2014 09:28:50 GMT
Connection: keep-alive
ETag: "53b27f52-5237"
Accept-Ranges: bytes
<!-- TOOLBAR browserapp INGL..S -->..<!-- VERSION WIN -->..<div name="container-in" class="position-typenum browserapp-win">...<h2 id="titleh">Welcome to the <span name="titulo_descarga"></span> Setup Wizard</h2>.. .. <h3></h3>.. <h4><pre>Follow the on-screen instructions outlined in this wizard to install the new version of <span name="titulo_descarga"></span> and benefit from all the latest features and updates <span name="titulo_descarga"></span> has to offer.</pre></h4> .. .. <p>Browser-app helps you save time & money on your online shopping. We'll help you find attractive offers while you browse your favorite store.</p>.. <p>You can use your Browser-app with any browser installed on your computer, it is not necessary to install any particular browser just for saving money during online shopping.</p>.. .. <div class="options-form">.. <div class="options-check">.. </div>.. <div class="options-radio">.. </div>.. </div>.. .. <div class="textarea">..Acceptance of Terms of Use..The following license and terms of use (jointly: ...Terms of Use...) govern your access and use of the Browser-app.com.com website (...Site...) and your download, install, access and use of the Browser-app.com Browser Add-On (...Browser-app.com Add-On...) and all Site and Browser-app.com Add-On contained o
<<< skipped >>>
GET //Styles/Softwares/9c04a3ed_thebestdeals.zip HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 11 Nov 2014 20:05:13 GMT
Content-Type: application/zip
Content-Length: 750
Last-Modified: Thu, 09 Jan 2014 10:45:27 GMT
Connection: keep-alive
ETag: "52ce7dc7-2ee"
Accept-Ranges: bytes
PK.........S)D6.lz............thebestdeals.css..QO.0....)..F.....F.:/cP.I.^.i.NrM,....-C.........v..........u..E.G...drT......s.R.m....(.{[.55J,>.>.......9.....I...p.....n...."z.9.D.......B..d.....0H....i...&..K.!o;G....w...8&].f.z3.~.;._#*.....r]... ...N'.....Kz...!.O?...J:b...E...he.g-J..Q..V.vO..x@:dJ;..%Ke.]..@....K.iJ(C.......Rp.....y..a.W`5...|,.b..\..h.4\.4.b..4`..G;wK.W...1.,..\.X...7.Q..........[.%Dtfx.#.V.AC!..U.70....@....Y.{...}.@.S..!...l.xz.p....t.i.p.:...^......x....A..>w._;..X|.-....PK.........^.B................images/PK...........S)D6.lz..........$....... .......thebestdeals.css.. ...........0.%.....Ts%.....Ts%...PK...........^.B..............$...............images/.. ............A.V....Ts%.....Ts%...PK........................
GET //Displays/Softwares/c9c92824_display.html HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 11 Nov 2014 20:05:13 GMT
Content-Type: text/html
Content-Length: 14037
Last-Modified: Thu, 09 Jan 2014 10:45:56 GMT
Connection: keep-alive
ETag: "52ce7de4-36d5"
Accept-Ranges: bytes
<!-- TOOLBAR DEALSCOMPARE INGL..S -->..<!-- VERSION WIN -->..<div name="container-in" class="position-typenum thebestdeals-win">..<h2 id="titleh">Welcome to the Installer Setup Wizard</h2>.. .. <h3></h3>.. <!--<h4><pre>Follow the on-screen instructions outlined in this wizard to install the new version of <span name="titulo_descarga"></span> and benefit from all the latest features and updates <span name="titulo_descarga"></span> has to offer.</pre></h4>--> ...<p><b>TheBest-Deals</b></p>...<p>TheBest-Deals will save you money and time while shopping online, delivering the best deal straight to your browser.</p>.. <p>Lowest price, effort free</p>...<div class="imagen-01"></div> .. .. .. <div class="options-form">.. <div class="options-check">.. </div>.. <div class="options-radio">.. </div>.. </div>..... <div class="textarea">....Terms of Service..Last Updated: October 1, 2013..Please read these terms of service as they constitute a legally binding agreement between BetterDeals (the ...Service...) and yourself. By accepting this agreement in the installation process, or by downloading or installing the TheBestDeals browser extension or by using any of the services included in it, you agree to be bound by the terms and conditions of this agreement, and you pro
<<< skipped >>>
GET //Styles/Softwares/e7bf26c3_mypcbackup.zip HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 11 Nov 2014 20:05:13 GMT
Content-Type: application/zip
Content-Length: 7774
Last-Modified: Tue, 15 Oct 2013 10:54:23 GMT
Connection: keep-alive
ETag: "525d1edf-1e5e"
Accept-Ranges: bytes
PK.........]OC................images/PK.........fJC..2.....T.......images/bullet-shortw.gifs.t..L.d.dh`d......#|..\.K....}EAbrvj.BRjzf........2Sl..M}.|..S32=..R...B....-S....l*.*r.rSK..*rs...*l..S..R..l.....XII...#HB.d.s~Q.....n...........................X..Y.. @......4. .7.]@..RFII...~yy.^..^~Q.....%..##]...........be......E..%..y. ~bR~i........pc......K....H,.7.3.GR..._in.\uqIPj.~..!....A....E..@.. ..V.E..%.E!..9.P..././../Pp.6S..ML....h.u..Zy...$.%.z..*.E.23S..L.,.M,..,....]....M....,......\.z.z]..KsS.J`zS.z-p..%............\....2q....yP.)..b.S.>.1.hQ........p...I?5............~......._>.......o^.z.....O.?z.....wn..y....W._.x....gN.:y....G..:x`...{v...c...[6o..a...kV.Z.b...K./Z.`...sf..9c...S&O.8................................ ?/7'; 3#=-5%9)1!>.6&:*2"<,4$8(0................................@_OWG[KSC]MUEYIQA^NVFZJRB\LTDXHP.................A.'..dd.a..P.........{...........PK.........N.C.U.?}...w.......images/mypcbackup.png}X.T.....CW....tH(...".wA..B.PBS..."H/"..).D:"E.*M.P..D@........[..Y_.9..=g...Y.....J......T.jJ..w(.f!'.?/....40...C.=.....P.C..@.n6.(...]......@t....c..%.D.......w...)2r..6H...d.rprG..Z:. ';.......PD9:.=.B.>.1B>rA...r. ..)<...c..wsu...G........!`._......A.j....^(.LHT...............@"Pa........I...D$@.,`|o^v.R.J*....B..1..)....O.OT.........8DD..........Awo....P.H/'.......mc... ......./Zw.....0....DX..._...........1.(.....(...1@y.}..........R.B.`.^Fh...Y.sDc...h....8.G.........B[[J...c..D. !.x.......TY...S.T.... .((....%....I...%..*..>n(w..X..cU. .....Fy9...T..n...-...b
<<< skipped >>>
GET //Displays/Softwares/16220985_display.html HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 11 Nov 2014 20:05:13 GMT
Content-Type: text/html
Content-Length: 19650
Last-Modified: Thu, 03 Oct 2013 10:28:07 GMT
Connection: keep-alive
ETag: "524d46b7-4cc2"
Accept-Ranges: bytes
<!-- TOOLBAR MYPC BACKUP V1 ENGLISH -->.<!-- VERSION WIN -->.<div name="container-in" class="position-typenum mypcbackup-win">...<h2 id="titleh">Welcome to the <span name="titulo_descarga"></span> Setup Wizard</h2>. . <h3></h3>. <h4><pre>Follow the on-screen instructions outlined in this wizard to install the new version of <span name="titulo_descarga"></span> and benefit from all the latest features and updates <span name="titulo_descarga"></span> has to offer.</pre></h4>....<h6>MyPcBackup</h6>..<ul>...<li>Fast and Easy to Install</li>...<li>Protect all your files</li>..</ul>..<ul>...<li>For Windows, Mac and Linux</li>...<li>Free Mobile and Tablet app</li>..</ul>. <div class="options-form">. <div class="options-check">. </div>. <div class="options-radio">. </div>. </div>. . <div class="textarea">...MyPCBackup EULA - End User Licence Agreement..IMPORTANT-READ CAREFULLY: This MyPCBackup ("MyPCBackup") License Agreement ("License" or "Agreement") is a legal agreement between You (either an individual or an entity, who will be referred to in this License as "You" or "Your") and MyPCBackup for the use of desktop, laptop, and mobile device software applications, and which may include associated media, printed materials, and other component
<<< skipped >>>
GET //Styles/Softwares/db393704_vuupc.zip HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 11 Nov 2014 20:05:13 GMT
Content-Type: application/zip
Content-Length: 741
Last-Modified: Fri, 10 Jan 2014 15:21:49 GMT
Connection: keep-alive
ETag: "52d0100d-2e5"
Accept-Ranges: bytes
PK.........^.B................images/PK........op*D.r.8....C.......vuupc.css.S.N.0.=7R.a......@.:.].B...@{v.7.p<...e .}mC.[....!q2~o.....53-.pr.wM.'y.......~b.5\Y8..._...Pb.u.....G....Q..o~..........YD9g...Q...... ...f.....A#....jK.T...h4....}.....t7{.<P..3C.h..I..Dik:..>..J(z.8.H......*KZ...4...EF.a.W$IC.R.Z.G.P..8.V.j..M. ...]aN......DC...$../........c:. .B..rb..B".T.E.@...........>.=On...5-_[f8.}..^.K..x..v......k.,..A).,..!.n4%7...iQ...W!.....u."........37..a...)`........b..E.E..^.'=.......I.....,\.............[.....>.k..11......PK...........^.B..............$...............images/.. ............A.V...B]......B].....PK..........op*D.r.8....C.....$....... ...%...vuupc.css.. ...........k.....R.[.....R.[.....PK........................
GET //Displays/Softwares/1d58e78d_display.html HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 11 Nov 2014 20:05:13 GMT
Content-Type: text/html
Content-Length: 15298
Last-Modified: Fri, 10 Jan 2014 15:52:57 GMT
Connection: keep-alive
ETag: "52d01759-3bc2"
Accept-Ranges: bytes
<!-- TOOLBAR VUUPC INGL..S -->.<!-- VERSION WIN -->.<div name="container-in" class="position-typenum vuupc-win">..<h2 id="titleh">Welcome to the Installer Setup Wizard</h2>. . <h3></h3>. <!--<h4><pre>Follow the on-screen instructions outlined in this wizard to install the new version of <span name="titulo_descarga"></span> and benefit from all the latest features and updates <span name="titulo_descarga"></span> has to offer.</pre></h4>--> ..<p><b>VuuPC</b></p>..<p>Access your PC rom anywhere!</p>. <ul>. <li>Remote Access to your Home or Office PC remotely. Work on your PC from any internet computer or mobile</li>. <li>Access All Your Files transfer them between computers (copy and paste, no need to send)</li>. <li>Invite friends to view your LiveScreen and share presentations</li>.. </ul>...<div class="imagen-01"></div> . . . <div class="options-form">. <div class="options-check">. </div>. <div class="options-radio">. </div>. </div>... <div class="textarea">..End User License Agreement..NOTICE TO USER: THE TERMS BELOW ARE A BINDING AGREEMENT. BY CLICKING "I ACCEPT" BELOW OR BY DOWNLOADING, INSTALLING OR ACTIVATING OR USING THIS SOFTWARE, YOU ACKNOWLEDGE THAT YOU HAVE READ THIS LICENSE AGREEMENT, TH
<<< skipped >>>
GET //Styles/Softwares/0ba5df4c_optimizerpro2.zip HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 11 Nov 2014 20:05:13 GMT
Content-Type: application/zip
Content-Length: 65688
Last-Modified: Tue, 08 Jul 2014 14:49:06 GMT
Connection: keep-alive
ETag: "53bc04e2-10098"
Accept-Ranges: bytes
PK.........i.D................images/PK.........N.C..mT............images/optimizerpro-img.png....~.PNG........IHDR..............L......pHYs................OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...........Q,......!.........{.k........>...........H3Q5...B..........@..$p....d!s.#...~<< ".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I. .6a.a.@..y..2.4..............x.....6..._-...."bb.....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<......$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?....D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/.@.4.Qh..p...U..=p..a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., .......3...!.[..b@q..S.(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._... .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).)..4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.n.....^..Lo..y....}/.T.m...G.X...$...
<<< skipped >>>
GET //Displays/Softwares/7f3e6cee_display.html HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 11 Nov 2014 20:05:14 GMT
Content-Type: text/html
Content-Length: 8445
Last-Modified: Tue, 08 Jul 2014 14:47:05 GMT
Connection: keep-alive
ETag: "53bc0469-20fd"
Accept-Ranges: bytes
<!-- TOOLBAR OPTIMIZER PRO 2 ENGLISH -->.<!-- VERSION WIN -->.<div name="container-in" class="position-typenum optimizerpro2-win">...<h2 id="titleh">Welcome to the <span name="titulo_descarga"></span> Setup Wizard</h2>. . <h3></h3>. <h4><pre>Follow the on-screen instructions outlined in this wizard to install the new version of <span name="titulo_descarga"></span> and benefit from all the latest features and updates <span name="titulo_descarga"></span> has to offer.</pre></h4>....<div class="imagen-02"></div>... <p>Optimizer Pro will automatically:</p>. . ....<ul>...<li>Diagnose and Scan for System Errors.</li>. <li>Optimize your PC to reach Peak Performance.</li>. <li>Maintain and Manage for extended PC Health.</li>..</ul>. . <!--<div class="imagen-01"></div>-->. . <!--<div class="options-form">. <div class="options-check">. </div>. <div class="options-radio">. </div>. </div>-->. . <div class="textarea">...The Acceptance of the Terms and Conditions:...By selecting to use our site PCUtilititesPro.com, you the user express your agreement to these Terms, (as well as to future changes which can be made to the Terms in the process of your further usage of our services offered). The Terms in
<<< skipped >>>
GET //Styles/Softwares/03652e13_aartemis.zip HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 11 Nov 2014 20:05:14 GMT
Content-Type: application/zip
Content-Length: 979
Last-Modified: Tue, 01 Apr 2014 16:23:37 GMT
Connection: keep-alive
ETag: "533ae809-3d3"
Accept-Ranges: bytes
PK.........OgC/w..............aartemis.css.U.O.0.~.........&..5/.`H<l....n.....9.-T....B..5.u.p.&=...}w..9.`UP..?o..........__..L.3*4..[....[..`......k..w.0[.7......1.4....)(....K(q....|.Ud..0V.f..fLDn%,........ .3F............e..F.8..'..Ri,......Io}...CL9.....X.#..F....s4.....1..k...1o.A......8.Yf>.!U.y.p&]X4.q..&Rg.i(9...*r,.SUH...H`.WSi.\3).hd6..%.. ....l1$..5OOO........Lp&h4.2....,..@.r....#...1..sS.~....5...{.<XVJ^%9M.:/..... kM.....Q..J6..pY..TD...%r...F.XQ\:i=..C........uhNyN.."U.sW.......T.*..T..3..s7Vi.N|xf.{..Re..E.(...sL..c...o9y..$...f.D9.c.^.%\.!.$Yz..........W=..y&...qE?.g..P..4.....G.._Vh.C....p...6..k.P.yr.\r....t`pq.EV..Lf[e......0..Y...^V.qv' ....JHnG.R.V[CW...Zz.....].[....*8..b...$V..*8~.P.?;..j.o.....'.....PK..........*C................images/PK...........OgC/w............$....... .......aartemis.css.. ...........&.....................PK............*C..............$...............images/.. ..........tVdE....K.......K......PK........................
GET //Displays/Softwares/ac80703b_display.html HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 11 Nov 2014 20:05:14 GMT
Content-Type: text/html
Content-Length: 5460
Last-Modified: Tue, 01 Apr 2014 16:24:05 GMT
Connection: keep-alive
ETag: "533ae825-1554"
Accept-Ranges: bytes
<!-- TOOLBAR AARTEMIS ENGLISH -->..<!-- VERSION WIN - V RECOMMENDED -->..<div name="container-in" class="position-typenum aartemis-win-recom">..... <h2 id="titleh">Welcome to the <span name="titulo_descarga"></span> Setup Wizard</h2>......<h3></h3>...<h4><pre>Follow the on-screen instructions outlined in this wizard to install the new version of <span name="titulo_descarga"></span> and benefit from all the latest features and updates <span name="titulo_descarga"></span> has to offer.</pre></h4> ......<p>Express Installation Includes: Aartemis.com Homepage, Default Search and New Tab</p>...<p>Installation Options</p>......<h5><span id="spanRecomended" class="spanRecomended"> </span></h5>...<div class="imagen-01"></div>......<div class="textarea">.....Koyoter Technology Limited ("us" or "we") operate the website VVV.aartemis.com. We respects your privacy and we want you to be confident in sharing your information with us. This Website Privacy Statement is designed to inform you of the types of information we collect from users,how we use that information,and the circumstances under which we will share it with third parties. This Website Privacy Statement applies only to the Websites. It does not apply to your use of any other websites (whether or not operated by us),including any websites to which we provide links or websites of our partne
<<< skipped >>>
GET //Styles/Softwares/a616773d_feven.zip HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 11 Nov 2014 20:05:14 GMT
Content-Type: application/zip
Content-Length: 723
Last-Modified: Tue, 15 Oct 2013 09:27:22 GMT
Connection: keep-alive
ETag: "525d0a7a-2d3"
Accept-Ranges: bytes
PK.........k3C................images/PK........PSOC l..............feven.css.SMO.0.=.R..,..$.).(u/ .J{.....d.X...1m........~..9$.g..7..E^.[....w#...[...\...O......t...bgk..].....5..V.../.......x[z....#Rca...Lp...............S.Y....?.....SC....! ..l?......s...1.*@M....N......{......XE..Z.E.....e.*>..w1B....k6!;.........!.."..i...B.F.'.....XQ..w.7.V...6B{1.csv#.B..'k..8..........p..E..^.. X...........4.E..A.[R*:.....d......I...W1.....Z?..=.e...A0.....Z..B-_,\Ox.|..Cy^.*.....J.3Y;..y\....w.Mt..E....>..f..15.#........_.PK...........k3C..............$...............images/.. .........x..,3...x..,3...x..,3...PK..........PSOC l............$....... ...%...feven.css.. ...........{.....a..S....a..S....PK........................
GET //Displays/Softwares/217ec6eb_display.html HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 11 Nov 2014 20:05:14 GMT
Content-Type: text/html
Content-Length: 8927
Last-Modified: Thu, 03 Oct 2013 08:49:37 GMT
Connection: keep-alive
ETag: "524d2fa1-22df"
Accept-Ranges: bytes
<!-- TOOLBAR FEVEN INGL..S -->.<!-- VERSION WIN -->.<div name="container-in" class="position-typenum feven-win">...<h2 id="titleh">Welcome to the <span name="titulo_descarga"></span> Setup Wizard</h2>. . <h3></h3>. <h4><pre>Follow the on-screen instructions outlined in this wizard to install the new version of <span name="titulo_descarga"></span> and benefit from all the latest features and updates <span name="titulo_descarga"></span> has to offer.</pre></h4> . . <p>Feven helps you save time & money on your online shopping. We'll help you find attractive offers while you browse your favorite store.</p>. <p>You can use your Feven with any browser installed on your computer, it is not necessary to install any particular browser just for saving money during online shopping.</p>. . <div class="options-form">. <div class="options-check">. </div>. <div class="options-radio">. </div>. </div>. . <div class="textarea">. .General. This Privacy Policy is intended for those using the feven.com website (...Site...), the feven browser Add-On (...feven Add-On...) and all Site and feven Add-On contained or displayed information and material (including but not limited to images, software, text, information, articles, graphics, pictures, sounds, solutions, metatags, trademarks and other
<<< skipped >>>
GET /test.html HTTP/1.1
Host: track.v2.sslsecure2.com
Connection: Keep-Alive
HTTP/1.0 500 Internal Server Error
Date: Tue, 11 Nov 2014 20:04:49 GMT
Server: Apache
Set-Cookie: vsid=922vr1632818893303279; expires=Sun, 10-Nov-2019 20:04:49 GMT; path=/; domain=track.v2.sslsecure2.com; httponly
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET /test.html HTTP/1.1
Host: api.v2.sslsecure2.com
Connection: Keep-Alive
HTTP/1.0 500 Internal Server Error
Date: Tue, 11 Nov 2014 20:04:42 GMT
Server: Apache
Set-Cookie: vsid=908vr1632818827801948; expires=Sun, 10-Nov-2019 20:04:42 GMT; path=/; domain=api.v2.sslsecure2.com; httponly
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Map
The Application connects to the servers at the folowing location(s):