Application.Bundler.DomaIQ.Q_8517aba1e5 – Adaware

Dynamic Analysis

Payload

No specific payload has been found.

Process activity

The Application creates the following process(es):

%original file name%.exe:668

The Application injects its code into the following process(es):

%original file name%.exe:676

Mutexes

The following mutexes were created/opened:No objects were found.

File activity

The process %original file name%.exe:676 makes changes in the file system.

The Application creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\progress_small_bg.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\wajam-logo.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\temp\Browser appinfo.dfe (734 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\temp\Vuupcinfo.dfe (741 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\less.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\screen-zipper.png (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\mystart.css (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\wajam-img1-small.png (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\position4A.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\Vuupc\info.html (1287 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\MyBackupPc\info.html (1419 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\mypcbackup.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\position3B.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\DHD6E441\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\PIIAQQ9Y\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\bg_app.png (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\show.png (235 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\jquery.min.js (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\Wajam\info.html (2473 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\browserapp.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\SM Mystart\info.html (686 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\screen-gevideoconverter.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\position2A.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\temp\HQVideo-Proinfo.dfe (725 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\optimizerpro2.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\percentage-bg.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\mypcbackup.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\check-close.png (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\cross.jpg (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\HQVideo-Pro\info.html (1089 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\bullet-shortw.gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\position3A.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\more.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\screen-miul.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\logo-win.jpg (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\exe\close.html (384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\screen-vafmusic.png (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\screen-geaudioconverter.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\exe\options.html (965 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\screen-vafplayer.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\boton_xl.jpg (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\wajam-img2-gris.png (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\wajam-img1-gris.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\PPI OptimizerPro\info.html (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\position2B.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\boton.jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\temp\Dockings.dfe (2617 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\wajam-logo3.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\exe\group.html (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\temp\templateStyle.dfe (6468 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\PIIAQQ9Y\doma[1].js (73 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\bullet-short.gif (54 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\wajam-img2-gris-small.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\optimizerpro-logo.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\hq-videopro.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\mystart-toolbar-gris.jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\wajam-logo2.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\exe\finish.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\exe\welcome.html (151 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\base.css (445 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\temp\PPI OptimizerProinfo.dfe (2613 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\temp\Wajaminfo.dfe (2823 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\config.dmc (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\position2C.css (578 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\U4QB9L07\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\butpause.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\screen-printpdf.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\progress.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\position1A.css (421 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\screen-ifish.png (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\bullet.gif (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\temp\MyBackupPcinfo.dfe (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\optimizerpro-logo-big.png (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\position3D.css (539 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\temp\templateDisplays.dfe (611 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\wajam-big.png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\wajam-img1a.png (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\5UWC4R3L\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\exe\instalando.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\screen-olivebrowser.png (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin.dmc (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\progress_small.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\wajam-img2.png (9 bytes)
%System%\wbem\Logs\wbemprox.log (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\butplay.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\exe\box.html (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\check.jpg (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\hide.png (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\check.png (398 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\vuupc.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\position3C.css (638 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\temp\SM Mystartinfo.dfe (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\style.css (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\Browser app\info.html (1497 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\wajam.css (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\wajam-img1.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\optimizerpro-img.png (1552 bytes)

The process %original file name%.exe:668 makes changes in the file system.

The Application creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsv7E.tmp\nsisdl.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\%original file name%.exe (1431 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\res.txt (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\%original file name%.exe.config (767 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\09ac72b88ef140aa8ee609de7640785e.txt (8027 bytes)

The Application deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsv7E.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\res.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa7D.tmp (0 bytes)

Registry activity

The process %original file name%.exe:676 makes changes in the system registry.

The Application creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp3res.dll,-20001" = "Diagnose Connection Problems..."

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "%original file name%.exe"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1381415142"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FD BE FD 00 A1 E4 C1 44 65 3C C7 6E 41 68 94 F1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Application modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Application modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Application modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Application deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process %original file name%.exe:668 makes changes in the system registry.

The Application creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E5 45 93 5E 12 7D B6 BF 33 7D E2 21 97 2C B4 09"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

Dropped PE files

MD5	File path
6c1fa3fd9e135ec4a98cc3deb7b6e90d	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\%original file name%.exe
1dadb63a5dfaa0679485c5dbaf96033f	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsv7E.tmp\nsisdl.dll

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

Removals

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):
%original file name%.exe:668
Delete the original Application file.
Delete or disinfect the following files created/modified by the Application:
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\progress_small_bg.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\wajam-logo.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\temp\Browser appinfo.dfe (734 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\temp\Vuupcinfo.dfe (741 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\less.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\screen-zipper.png (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\mystart.css (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\wajam-img1-small.png (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\position4A.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\Vuupc\info.html (1287 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\MyBackupPc\info.html (1419 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\mypcbackup.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\position3B.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\DHD6E441\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\PIIAQQ9Y\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\bg_app.png (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\show.png (235 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\jquery.min.js (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\Wajam\info.html (2473 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\browserapp.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\SM Mystart\info.html (686 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\screen-gevideoconverter.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\position2A.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\temp\HQVideo-Proinfo.dfe (725 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\optimizerpro2.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\percentage-bg.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\mypcbackup.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\check-close.png (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\cross.jpg (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\HQVideo-Pro\info.html (1089 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\bullet-shortw.gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\position3A.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\more.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\screen-miul.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\logo-win.jpg (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\exe\close.html (384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\screen-vafmusic.png (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\screen-geaudioconverter.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\exe\options.html (965 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\screen-vafplayer.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\boton_xl.jpg (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\wajam-img2-gris.png (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\wajam-img1-gris.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\PPI OptimizerPro\info.html (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\position2B.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\boton.jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\temp\Dockings.dfe (2617 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\wajam-logo3.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\exe\group.html (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\temp\templateStyle.dfe (6468 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\PIIAQQ9Y\doma[1].js (73 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\bullet-short.gif (54 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\wajam-img2-gris-small.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\optimizerpro-logo.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\hq-videopro.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\mystart-toolbar-gris.jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\wajam-logo2.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\exe\finish.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\exe\welcome.html (151 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\base.css (445 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\temp\PPI OptimizerProinfo.dfe (2613 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\temp\Wajaminfo.dfe (2823 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\config.dmc (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\position2C.css (578 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\U4QB9L07\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\butpause.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\screen-printpdf.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\progress.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\position1A.css (421 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\screen-ifish.png (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\bullet.gif (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\temp\MyBackupPcinfo.dfe (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\optimizerpro-logo-big.png (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\position3D.css (539 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\temp\templateDisplays.dfe (611 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\wajam-big.png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\wajam-img1a.png (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\5UWC4R3L\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\exe\instalando.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\screen-olivebrowser.png (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin.dmc (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\progress_small.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\wajam-img2.png (9 bytes)
%System%\wbem\Logs\wbemprox.log (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\butplay.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\exe\box.html (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\check.jpg (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\hide.png (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\check.png (398 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\vuupc.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\position3C.css (638 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\temp\SM Mystartinfo.dfe (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\style.css (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\Browser app\info.html (1497 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\wajam.css (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\wajam-img1.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\bin\css\images\optimizerpro-img.png (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv7E.tmp\nsisdl.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\%original file name%.exe (1431 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\res.txt (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\%original file name%.exe.config (767 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\09ac72b88ef140aa8ee609de7640785e.txt (8027 bytes)
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Static Analysis

VersionInfo

No information is available.

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	23148	23552	4.44633	1c619949741a76b63a54c1e6c4d6b2f8
.rdata	28672	4558	4608	3.62955	6c31e0693072284f258d2c4a271de506
.data	36864	110520	1024	3.36948	78f5760d9fafb71fdbc88c3497afef46
.ndata	147456	61440	0	0	d41d8cd98f00b204e9800998ecf8427e
.rsrc	208896	17000	17408	3.5656	7fae611f3f73978e9992534a50a87055

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 1515
24dfc5735ffdc44ab04ecaf68c5c37c0
023e74bd64ebc99619c93b4b3d1549f9
578f66559828a9654c22b53e8922aaf3
24eaff8e36cf4c7dc3ec8ab617c96f72
c7a40961a60a30f5111e76b42bb876fb
91ac5454066fc45f94900f08326adbac
53a66efed7616a5f1edfddf2107cc06a
25b37a1d04449c97a3f4394cc7780e7f
d4de0ed3e5316de52c3fa462920671d9
5b5065a38d2f3b44ad1164ecde53a627
ff803c25f93d4519c56f550504707d01
bcd0a2f3979274cf627b5eb65e3d8bd3
390337ee47db95c1ad190a1ab76f7bb2
7194e0e4f8d47d821228baf267eda916
65cc752553b88d03ffd7741d80d5c1f1
e726975f7da8a420dce486ff812589e1
53b30d9ead31925cab1ed0c3056e4083
738eccb8e0f31ec64912d068cf29eb1d
3f00e0fad23e2a181804a527e71acbdf
4c1db3a2072077eeab9e7fd5ebf2bee0
2321f4af5c7414581ec0212f000788a0
403915c3810b587dd3bc647f87a0f36f
8e623b806e29721a02600c9a6a4f58fd
741d472facacad7638aa813d24b9baea
450ac58039e89da51df25d55cd8a1b99
35a3c356b5e513775f42448575e25796

Network Activity

URLs

URL	IP
hxxp://204.11.56.26/debug/Version/4_0_6_25/Nsis/CopyFiles
hxxp://204.11.56.26/debug/Version/4_0_6_25/Nsis/GetParameters
hxxp://204.11.56.26/debug/Version/4_0_6_25/Nsis/PreRun
hxxp://staticrr.tgusrv.com/test.html
hxxp://track.v2.sslsecure1.com/test.html	204.11.56.26
hxxp://Track-903226030.us-west-2.elb.amazonaws.com/test.html
hxxp://API-XML-1918203848.us-west-2.elb.amazonaws.com/test.html
hxxp://API-XML-1918203848.us-west-2.elb.amazonaws.com/index.php/api/283/google-chrome/291/679/English.xml
hxxp://staticrr.tgusrv.com//Dictionaries/English.xml
hxxp://betatest.vmn.net/betatest/mystart/mystartTb_5.4.1.4_sambamedia.exe	66.115.174.144
hxxp://cds.c5z6s5a3.hwcdn.net/ba/full/mon/setup.exe
hxxp://www.wajam-download.com/download/wajam_download.exe	54.208.23.129
hxxp://dl.softservers.net/111001464/OptimizerPro.exe	198.20.70.75
hxxp://s3-website-us-east-1.amazonaws.com/7f1df2ad776e148c4007facb815b9b4a/Cloud_Backup_Setup.exe
hxxp://cds.c5z6s5a3.hwcdn.net/21/all/hqv/ca/setup.exe
hxxp://staticrr.tgusrv.com//Styles/Templates/e9c1a9ca_Win_A_Banner_DeclineLink.zip
hxxp://staticrr.tgusrv.com//Displays/Templates/4934e143_Win_A_Banner-NoLink-DeclineLink.zip
hxxp://staticrr.tgusrv.com//Docking/Docking.zip
hxxp://staticrr.tgusrv.com//Styles/Softwares/70e7b9d8_mystart.zip
hxxp://staticrr.tgusrv.com//Displays/Softwares/222ac0df_display.html
hxxp://staticrr.tgusrv.com//Styles/Softwares/844a2c3b_browserapp.zip
hxxp://staticrr.tgusrv.com//Displays/Softwares/9103144e_display (1).html
hxxp://staticrr.tgusrv.com//Styles/Softwares/67423fe2_wajam.zip
hxxp://staticrr.tgusrv.com//Displays/Softwares/1f76ab55_display.html
hxxp://staticrr.tgusrv.com//Styles/Softwares/0ba5df4c_optimizerpro2.zip
hxxp://staticrr.tgusrv.com//Displays/Softwares/7f3e6cee_display.html
hxxp://staticrr.tgusrv.com//Styles/Softwares/e7bf26c3_mypcbackup.zip
hxxp://staticrr.tgusrv.com//Displays/Softwares/16220985_display.html
hxxp://staticrr.tgusrv.com//Styles/Softwares/06a50625_hq-videopro.zip
hxxp://staticrr.tgusrv.com//Displays/Softwares/cb3d709d_display.html
hxxp://staticrr.paleokits.net//Displays/Templates/4934e143_Win_A_Banner-NoLink-DeclineLink.zip	85.12.8.28
hxxp://api.v2.sslsecure4.com/index.php/api/283/google-chrome/291/679/English.xml	54.200.36.178
hxxp://api.v2.sslsecure2.com/test.html	204.11.56.26
hxxp://staticrr.paleokits.net//Styles/Softwares/e7bf26c3_mypcbackup.zip	85.12.8.28
hxxp://staticrr.paleokits.net//Displays/Softwares/9103144e_display (1).html	85.12.8.28
hxxp://track.v2.sslsecure3.com/test.html	204.11.56.26
hxxp://api.v2.sslsecure3.com/test.html	204.11.56.26
hxxp://staticrr.paleokits.net//Styles/Softwares/844a2c3b_browserapp.zip	85.12.8.28
hxxp://aff-software.s3-website-us-east-1.amazonaws.com/7f1df2ad776e148c4007facb815b9b4a/Cloud_Backup_Setup.exe	54.231.2.20
hxxp://staticrr.paleokits.net//Displays/Softwares/16220985_display.html	85.12.8.28
hxxp://dtrack.sslsecure1.com/debug/Version/4_0_6_25/Nsis/CopyFiles
hxxp://staticrr.paleokits.net//Dictionaries/English.xml	85.12.8.28
hxxp://staticrr.paleokits.net//Displays/Softwares/cb3d709d_display.html	85.12.8.28
hxxp://staticrr.paleokits.net//Docking/Docking.zip	85.12.8.28
hxxp://dl.newonlinedemoserv.com/21/all/hqv/ca/setup.exe	69.16.175.10
hxxp://staticrr.paleokits.net//Displays/Softwares/222ac0df_display.html	85.12.8.28
hxxp://staticrr.paleokits.net/test.html	85.12.8.28
hxxp://staticrr.paleokits.net//Styles/Softwares/67423fe2_wajam.zip	85.12.8.28
hxxp://staticrr.paleokits.net//Styles/Templates/e9c1a9ca_Win_A_Banner_DeclineLink.zip	85.12.8.28
hxxp://api.v2.sslsecure1.com/test.html	204.11.56.26
hxxp://staticrr.paleokits.net//Displays/Softwares/7f3e6cee_display.html	85.12.8.28
hxxp://staticrr.paleokits.net//Styles/Softwares/70e7b9d8_mystart.zip	85.12.8.28
hxxp://staticrr.paleokits.net//Styles/Softwares/06a50625_hq-videopro.zip	85.12.8.28
hxxp://staticrr.paleokits.net//Displays/Softwares/1f76ab55_display.html	85.12.8.28
hxxp://api.v2.sslsecure4.com/test.html	54.200.36.178
hxxp://staticrr.paleokits.net//Styles/Softwares/0ba5df4c_optimizerpro2.zip	85.12.8.28
hxxp://track.v2.sslsecure4.com/test.html	54.186.105.91
hxxp://dtrack.sslsecure1.com/debug/Version/4_0_6_25/Nsis/GetParameters
hxxp://dl.newonlinedemoserv.com/ba/full/mon/setup.exe	69.16.175.10
hxxp://dtrack.sslsecure1.com/debug/Version/4_0_6_25/Nsis/PreRun
hxxp://track.v2.sslsecure2.com/test.html	204.11.56.26
s3.amazonaws.com	54.231.2.152

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /test.html HTTP/1.1

Host: track.v2.sslsecure1.com

Connection: Close

HTTP/1.0 500 Internal Server Error

Date: Wed, 19 Nov 2014 18:12:22 GMT

Server: Apache

Set-Cookie: vsid=912vr1639663426406766; expires=Mon, 18-Nov-2019 18:12:22 GMT; path=/; domain=track.v2.sslsecure1.com; httponly

Vary: Accept-Encoding,User-Agent

Content-Length: 0

Connection: close

Content-Type: text/html; charset=UTF-8

GET /index.php/api/283/google-chrome/291/679/English.xml HTTP/1.1

Accept-Encoding: gzip, deflate,gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Host: api.v2.sslsecure4.com

Connection: Close

HTTP/1.1 200 OK

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Content-Encoding: gzip

Content-Type: text/xml; charset=utf-8

Date: Wed, 19 Nov 2014 18:12:30 GMT

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Pragma: no-cache

Server: nginx

Set-Cookie: symfony=s28oriin477t5gh1negh78ijf2; path=/

transfer-encoding: chunked

Connection: Close

1ac7..............ks.H....;b...D....X.._f...MnoK..T....P@$$aD.l......~......E.U.dgOx....B.....J.....I...b?.~..r$.....p..W?.e.\J._....?..j.N....z5..K.j.......z._.....;g....d[Q..1...m....y...H.7h...-.!..li.....?..*[.i[........K.&.O....Oe.4.Og....d.,..f..4..._.RI.*,.C!.\)......F..1.4..\.j.......i..#KQ,YUd[.5.^........i ...gY.:........@2.IM..L........j,...{u.F..;K...8o..j..z.Q8..wa...n.......N.._..8q...EG.{.%........(...B........$.'..k&P.2...ny.u.MzK.y...........Ap5...#...aY....7.M...5........g..q[w4.St.....w..n.x...<......&~...G...e].....l......~..Y...o..sF....\..EY.De.3.G7....my....p3.}......M.3.i.....g7y./....`...L.W....'.?.x]7.7...e..|..ux...'.xSe..<.{.....^.6`z:a..6o.H.p..<.>.M...(......0./.W.6.p......^]E.M%..B.....jwwwwG.>.....(..?......}...../.......,y.@'.T......!.....a.x.')...<s.6...}...$;..7K.P..>....w..l.bI65'....7Q8..Zkw.$....W....Y8.G.....';.u.L.?,No.Zv%kv..w..Q...................A{.....P.....]Y.Y.i=......=...!.V-K..^...`.U...k.#U.X.\].1 .x.i.^............... .....q.E..r.z.....b...*..E...cFv....M....<...q....t...?.u.,..`>}............Y.$.k.....[.Z&Z.-Z .......D......{.f....N.a0.E......_$o..//...u9q....K.cy..C......Iktu.]...6....R..^.C..K2.r.}.3..RT......<._.3.M.....h]!?.6...![..ie."..`.|o...yo..Ny.O.d.#._."...._...^........o.W...4.......G..}.I.../..x.8./.;7.V...}...I..W...{..=.......YY..Y......x..<._..Q{..C/......._K.. .[.j.~.N.V..U.F. H...6.z(o.L...}..e.=.(.;.C.......t....c...E.Xt6S..&.`.v...:^..l....n..jH.NdJ.<..m.N..<.z.usH....7>......../.B...xt.?.(?........m

<<< skipped >>>

GET /download/wajam_download.exe HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1

Host: VVV.wajam-download.com

Connection: Close

HTTP/1.1 200 OK

Date: Wed, 19 Nov 2014 18:12:41 GMT

Server: Apache/2.2.14 (Ubuntu)

Last-Modified: Wed, 21 May 2014 20:10:53 GMT

ETag: "66d4e-f0c0-4f9ee97e8ed40"

Accept-Ranges: bytes

Content-Length: 61632

Connection: close

Content-Type: application/x-msdos-program

Set-Cookie: APPSESSID=w1|VGzdn|VGzdn; path=/

Cache-control: private

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1p.:u..iu..iu..i...iw..iu..i...i...id..i!2.i...i...it..iRichu..i........PE..L...^..K.................b...........6............@..................................`..............................................................P...p............................................................................................text....a.......b.................. ..`.rdata...............f..............@..@.data................x..............@....ndata...0...p...........................rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H.....cB..H.P.u..u..u...T.@..B...SV.5.cB..E.WP.u...X.@..e...E..E.P.u...\.@..}..e....D.@........FR..VV..U... M.......M....3.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...H.@..E...E.P.E.P.u...`.@..u....E..9}...w....~X.te.v4..L.@....E.tU.}.j.W.E......E.......P.@..vXW..T.@..u..5X.@.W...E..E.h ...Pj.h.[B.W..d.@..u.W...u....E.P.u...h.@._^3.[.....L$..(cB...Si.....VW.T.....tO.q.3.;5,cB.sB..i......D.......t.G.....t...O..t .....u...3....3...F.....;5,cB.r._^[...U..QQ.U.SV..i....

<<< skipped >>>

GET /ba/full/mon/setup.exe HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1

Host: dl.newonlinedemoserv.com

Connection: Close

HTTP/1.1 200 OK

Date: Wed, 19 Nov 2014 18:12:31 GMT

Connection: close

Accept-Ranges: bytes

ETag: "1416410780"

Last-Modified: Wed, 19 Nov 2014 15:26:20 GMT

Cache-Control: max-age=836

Content-Length: 11715336

Content-Type: application/x-msdownload

X-HW: 1416420751.dop008.ny2.t,1416420751.cds007.ny2.c

Content-Disposition: attachment; filename="setup.exe"

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......P.....................n......-A............@........................................... ..............................p......................h................................................................................................text...<........................... .0`.data...............................@.0..rdata..8$.......&..................@.0@.bss..................................0..idata.......p......................@.0..ndata...`....... ..................@.0..rsrc...............................@.0.................................................................................................................................................................................................................................................................................................................................................................................U..WVS.......U..E....t...F........T.D..H...H.......M..E..5..D..D$...$...tE..M..E.....SS...E...$.D$... uE..M..E......M.WW......M.)..M..NT....NP........E.....}...VT........FP..E........}..VP........U.......FT.............}..........E..M...$..|sE..E..R...D$..E..D$...$...uE.....<$...sE..E..Q.}.;}...Q....~X........F4..$...sE...W..........$.E......E......D$........sE.RR.FX..$.D$....sE..5.sE.QQ..$.|$...RR...E...$..|....D$. ....D$..D$......D$.\.D....tE...|.......T$...$..QQ.<$...sE.S.M..E..D$...$...uE.PP1..

<<< skipped >>>

GET //Displays/Softwares/9103144e_display (1).html HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Host: staticrr.paleokits.net

Accept-Encoding: gzip, deflate

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Wed, 19 Nov 2014 18:12:46 GMT

Content-Type: text/html

Last-Modified: Tue, 01 Jul 2014 09:28:50 GMT

Transfer-Encoding: chunked

Connection: close

Content-Encoding: gzip

2215...............r..q...*..D.;R.I.....*.9.`C....y...CbV .......6o.T%O.7.'...>gf..k..l.....s.....t....?>N....]o.\U.}.W.z..............go4.s:..G..K..~..w.*...{1 W..X..q.z...Y]..b]...(W...u...v.?.g..?..wo..I..w/6.f./^.../g.m.l.d..........^g.......O...e.M.......6....:.R.9..o^/~.......,..../~...7.*...\..{..@h=..|...zSmg..N..f.......N.m...q.riw......j.I....(.V..*_...&....$N..6y.oy..Vy.h.v=...6.".E`y}.W'o^k....o[..>...s..K..|....r...."(../..r.?..].. v$..\....I.%.Gx.[....b....` ...pmQ,s..J..]gweUl.nSV.(..Z.....b..v_.t)./6....u*..9EB...v.WG..En.r...Y^.Y.....Yg...m.Y....V"( ....6.....s..<0V....\.&.3...^B.?o..3[...;.^3./.Te..|..7...i..?l.*...?..f.z..f.Z2..[..:...........v.,f...H/.....^~_.....w.O?.Ww..~..W.M...5.X......#.........>..G..)'|........_-.l......o.:........f.[=\j..u.....c....a...z....;$.Lz`w.1..l..,V..v..^m.OttY.....`n...>J..zs.......m....Js..v.r/.......C.nWs.b.55<Jn.M..n..#...Y...Q".*..G...)..\.zs..LAF..O?.g...].{@....j....%......X....*/._q..[...l......a.]V,. ......oW....._.wI^s._Q............l.,...y9...x......l.WI......|H^.P....oZ.s.....3....HUN.)L..>.bc.2.A.@,.R..np6"......A..L...TGZ....e.x..:..S./.....eYeI.u.....A.Dy.......`o..z.E...*....a......;.g5._......f.'...3#..v'M..<...!Vsx.B...Q..~d..V.{.7..........D.!.O.w..0E.7d...V@.j.g.$!hf-.pL...H..!....|......J..]V.....-.....{.. ..*.j ...p.5....E2I...9Q.9t...P. P@...k=..M.X@...y..kU...J.......:..Eb.G.%....RQq..k0...3.........0C..I......7..>H........:)...p...'....l..G...a......#....I2z.\L...|..&i2.....~..g...........7<K.|L.i2N....

<<< skipped >>>

GET /test.html HTTP/1.1

Host: api.v2.sslsecure3.com

Connection: Close

HTTP/1.0 500 Internal Server Error

Date: Wed, 19 Nov 2014 18:12:24 GMT

Server: Apache

Set-Cookie: vsid=921vr1639663443705083; expires=Mon, 18-Nov-2019 18:12:24 GMT; path=/; domain=api.v2.sslsecure3.com; httponly

Vary: Accept-Encoding,User-Agent

Content-Length: 0

Connection: close

Content-Type: text/html; charset=UTF-8

GET /test.html HTTP/1.1

Host: track.v2.sslsecure3.com

Connection: Close

HTTP/1.0 500 Internal Server Error

Date: Wed, 19 Nov 2014 18:12:23 GMT

Server: Apache

Set-Cookie: vsid=915vr1639663431904681; expires=Mon, 18-Nov-2019 18:12:23 GMT; path=/; domain=track.v2.sslsecure3.com; httponly

Vary: Accept-Encoding,User-Agent

Content-Length: 0

Connection: close

Content-Type: text/html; charset=UTF-8

GET /debug/Version/4_0_6_25/Nsis/GetParameters HTTP/1.0

Host: dtrack.sslsecure1.com

User-Agent: NSISDL/1.2 (Mozilla)

Accept: */*

HTTP/1.1 200 OK

Date: Wed, 19 Nov 2014 18:11:58 GMT

Server: Apache

Set-Cookie: vsid=913vr1639663183724887; expires=Mon, 18-Nov-2019 18:11:58 GMT; path=/; domain=dtrack.sslsecure1.com; httponly

Vary: Accept-Encoding,User-Agent

Connection: close

Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "hXXp://VVV.w3.org/TR/html4/strict.dtd">..<html>..<head><meta name="tids" content="a='471' b='1912' c='sslsecure1.com' d='manual_mapped'" /><title>sslsecure1.com</title>..<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">..<style type="text/css">../*RESET*/..body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,pre,form,fieldset,input,textarea,p,blockquote,th,td{margin:0;padding:0;}table{border-collapse:collapse;border-spacing:0;}fieldset,img{border:0;}address,caption,cite,code,dfn,th,var{font-style:normal;font-weight:normal;}ol,ul {list-style:none;}caption,th {text-align:left;}h1,h2,h3,h4,h5,h6{font-size:100%;font-weight:normal;}q:before,q:after{content:'';}abbr,acronym {border:0;}../*COMMON*/...wrapper {text-align: center;}...img {margin:0px; margin-bottom:-11px !important;}...wrapper table { text-align: left; margin: 0 auto; font-family: arial, sans-serif; color: #515151; font-size: 12px;.}...h-list {background: url(hXXp://i2.cdn-image.com/__media__/pics/471/top-nav-bg.gif) repeat-x left top;}...h-list li {display: inline; text-align:left;}...h-list li strong {color: #358a35;}..h2 {color: #63ad63; font-size: 14px; font-weight: bold;}../*HEADER*/..#header {border-top: 4px solid #358a35; padding-top: 8px;}..#header .cufondiv h1 a {...color: #63ad63;...font-weight: bold;...font-size: 35px;...text-decoration: none;...font-family: "ChunkFive", arial, serif;...font-weight:bold;...}..#header .normalfondiv h1 a

<<< skipped >>>

GET /test.html HTTP/1.1

Host: staticrr.paleokits.net

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Wed, 19 Nov 2014 18:12:21 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

8..correct...0..

GET /test.html HTTP/1.1

Host: api.v2.sslsecure4.com

Connection: Close

HTTP/1.1 200 OK

Content-Type: text/html

Date: Wed, 19 Nov 2014 18:12:24 GMT

Server: nginx

Content-Length: 8

Connection: Close

correct...

GET /test.html HTTP/1.1

Host: track.v2.sslsecure2.com

Connection: Close

HTTP/1.0 500 Internal Server Error

Date: Wed, 19 Nov 2014 18:12:22 GMT

Server: Apache

Set-Cookie: vsid=921vr1639663429504924; expires=Mon, 18-Nov-2019 18:12:22 GMT; path=/; domain=track.v2.sslsecure2.com; httponly

Vary: Accept-Encoding,User-Agent

Content-Length: 0

Connection: close

Content-Type: text/html; charset=UTF-8

GET //Styles/Softwares/70e7b9d8_mystart.zip HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Host: staticrr.paleokits.net

Accept-Encoding: gzip, deflate

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Wed, 19 Nov 2014 18:12:45 GMT

Content-Type: application/zip

Content-Length: 4152

Last-Modified: Tue, 03 Jun 2014 10:06:47 GMT

Connection: close

ETag: "538d9e37-1038"

Accept-Ranges: bytes

PK.........Y.D................images/PK.........Y.D,...I...........images/mystart-toolbar-gris.jpg}T.<........%.K....m63..f.h.s;..e...6.J.....".....R!....pR.RBEr ...?.s......]..y...}..}~?.3q...&....(.M......@.:< $......E...#...........9..T.......1(.4@......0.0.F..M..W..a.@"...j@....L....5..- &$.4.ni.#D.E..,......e.......f......-Q.!D8i1.....#sx......`....x..g..c.....,.@r........k....d6^.n3.....$...mQ....HC...........b........E!.|......... `r..E..... ........?.......SY.?.|.....l.[4...1..p^.CB.Y.s..<....s.pB...s0G...s.0. ......d/:.K.*..........5......@3 .....1..........`.lm0VV.F.&x........b......j..U..._...3..h...`K.6c.C-F&$#kc.Sk[..?......Z.iI..EK.A..Q.wI.gq.G.Z..l}.[..<Ic........E...$.....?.^.....o....@ZV...Y99yy99...$...H.....).C... I.|.R..Ka... ...P@....).R. .2H.....'.......I.B.2Pi9...K....,.[..........2...z....sYm.D<....;...k.*H.........'O..R.....]...$)...X..=.N<.!.o...%.<.A.Zg...D...J..e...8N........QkU...2..f .b?..W..........edO.....B.=.1.....d......6.7..*=.%m9.?.L.;.u ..D...a....6.......PB,ag.3...Z...9.n..kX...t.r.%..M.EBM8.>.lj1..9.....q&.FP.y..7..>.........@....B.0..|.}`......X..; ..6....L.J.".I.F'4.#..%......e.{.mK.14.A.r..uf.f*.N.."..g..-{z.Vm.....|.f.!..}.THn.v[AZMr.L.sg.../.Uk:`s.f...8...b.......4.j43_X.K.<f....P..E.....'3.X'....Zi......M.S..{d.a..O..6&3.%%8.......;F...%l9.. F.S..^..g.....[...GE<......e?..8#u.C..B7.}...}.S.yJ.v...zR...<...>........t.E|.4"..<.p..MIY....~.......g..6....6.=..\R....lp.......*.;..c...h.............7.S....S}......3 t=.U.a.....t..l.

<<< skipped >>>

GET //Styles/Softwares/e7bf26c3_mypcbackup.zip HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Host: staticrr.paleokits.net

Accept-Encoding: gzip, deflate

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Wed, 19 Nov 2014 18:12:48 GMT

Content-Type: application/zip

Content-Length: 7774

Last-Modified: Tue, 15 Oct 2013 10:54:23 GMT

Connection: close

ETag: "525d1edf-1e5e"

Accept-Ranges: bytes

PK.........]OC................images/PK.........fJC..2.....T.......images/bullet-shortw.gifs.t..L.d.dh`d......#|..\.K....}EAbrvj.BRjzf........2Sl..M}.|..S32=..R...B....-S....l*.*r.rSK..*rs...*l..S..R..l.....XII...#HB.d.s~Q.....n...........................X..Y.. @......4. .7.]@..RFII...~yy.^..^~Q.....%..##]...........be......E..%..y. ~bR~i........pc......K....H,.7.3.GR..._in.\uqIPj.~..!....A....E..@.. ..V.E..%.E!..9.P..././../Pp.6S..ML....h.u..Zy...$.%.z..*.E.23S..L.,.M,..,....]....M....,......\.z.z]..KsS.J`zS.z-p..%............\....2q....yP.)..b.S.>.1.hQ........p...I?5............~......._>.......o^.z.....O.?z.....wn..y....W._.x....gN.:y....G..:x`...{v...c...[6o..a...kV.Z.b...K./Z.`...sf..9c...S&O.8................................ ?/7'; 3#=-5%9)1!>.6&:*2"<,4$8(0................................@_OWG[KSC]MUEYIQA^NVFZJRB\LTDXHP.................A.'..dd.a..P.........{...........PK.........N.C.U.?}...w.......images/mypcbackup.png}X.T.....CW....tH(...".wA..B.PBS..."H/"..).D:"E.*M.P..D@........[..Y_.9..=g...Y.....J......T.jJ..w(.f!'.?/....40...C.=.....P.C..@.n6.(...]......@t....c..%.D.......w...)2r..6H...d.rprG..Z:. ';.......PD9:.=.B.>.1B>rA...r. ..)<...c..wsu...G........!`._......A.j....^(.LHT...............@"Pa........I...D$@.,`|o^v.R.J*....B..1..)....O.OT.........8DD..........Awo....P.H/'.......mc... ......./Zw.....0....DX..._...........1.(.....(...1@y.}..........R.B.`.^Fh...Y.sDc...h....8.G.........B[[J...c..D. !.x.......TY...S.T.... .((....%....I...%..*..>n(w..X..cU. .....Fy9...T..n...-...b

<<< skipped >>>

GET //Styles/Softwares/0ba5df4c_optimizerpro2.zip HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Host: staticrr.paleokits.net

Accept-Encoding: gzip, deflate

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Wed, 19 Nov 2014 18:12:47 GMT

Content-Type: application/zip

Content-Length: 65688

Last-Modified: Tue, 08 Jul 2014 14:49:06 GMT

Connection: close

ETag: "53bc04e2-10098"

Accept-Ranges: bytes

PK.........i.D................images/PK.........N.C..mT............images/optimizerpro-img.png....~.PNG........IHDR..............L......pHYs................OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...........Q,......!.........{.k........>...........H3Q5...B..........@..$p....d!s.#...~<< ".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I. .6a.a.@..y..2.4..............x.....6..._-...."bb.....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<......$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?....D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/.@.4.Qh..p...U..=p..a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., .......3...!.[..b@q..S.(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._... .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).)..4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.n.....^..Lo..y....}/.T.m...G.X...$...

<<< skipped >>>

GET /test.html HTTP/1.1

Host: api.v2.sslsecure1.com

Connection: Close

HTTP/1.0 500 Internal Server Error

Date: Wed, 19 Nov 2014 18:12:23 GMT

Server: Apache

Set-Cookie: vsid=903vr1639663438121596; expires=Mon, 18-Nov-2019 18:12:23 GMT; path=/; domain=api.v2.sslsecure1.com; httponly

Vary: Accept-Encoding,User-Agent

Content-Length: 0

Connection: close

Content-Type: text/html; charset=UTF-8

GET /betatest/mystart/mystartTb_5.4.1.4_sambamedia.exe HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1

Host: betatest.vmn.net

Connection: Close

HTTP/1.1 200 OK

Date: Wed, 19 Nov 2014 18:12:32 GMT

Server: Apache/1.3.41 (Unix)

Last-Modified: Wed, 04 Jun 2014 14:56:26 GMT

ETag: "8fbd-5362b8-538f339a"

Accept-Ranges: bytes

Content-Length: 5464760

Connection: close

Content-Type: application/octet-stream

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................\..........<2.......p....@..........................@........S......................................s..........hI...........KS..............................................................p...............................text...ZZ.......\.................. ..`.rdata.......p.......`..............@..@.data................r..............@....ndata.......@...........................rsrc...hI.......J...v..............@..@........................................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H.....>B..H.P.u..u..u...Hr@..B...SV.5.>B..E.WP.u...Lr@..e...E..E.P.u...Pr@..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..Tp@..u..5Xp@.W...E..E.h ...Pj.h.6B.W..Xr@..u.W...u....E.P.u...\r@._^3.[.....L$...>B...Si.....VW.T.....tO.q.3.;5.>B.sB..i......D.......t.G.....t...O..t .....u...3....3...F.....;5.>B.r._^[..

<<< skipped >>>

GET //Displays/Templates/4934e143_Win_A_Banner-NoLink-DeclineLink.zip HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Host: staticrr.paleokits.net

Accept-Encoding: gzip, deflate

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Wed, 19 Nov 2014 18:12:45 GMT

Content-Type: application/zip

Content-Length: 7828

Last-Modified: Mon, 03 Mar 2014 12:56:47 GMT

Connection: close

ETag: "53147c0f-1e94"

Accept-Ranges: bytes

PK.........gcD...qV...........box.html.V.n.8.}v......&E%...4.e q..@.x.e/O.%..k.TI*...'.?.P..q.d...F3g...R.....G.....\..........?..Ap.]._..O...?.HSi..JR...k.$..h..l6.gg... .......n.....S.....n.q..i.=8'...ux..h..?.....E#o.......4...@..:.\G!..Kh..*,g.......?....e.z..`...*$..m..u ..6...(...............Jc.....2....o....i6.....1AL..qA@3..c....1K.b.&k... .m..p.m..B..I4/0..d.)$ay.._P...[.Kf...A.r..1...j.... .x.....P..e.4Vs.E.D.....P.I.o.\.(sI........j<f..)...V..g,..m....6.xj....?7....`I.....2V...D.4$.J....O.......az..Rbs...ct0.G...ZH.R...)..R...@].n.. ......).L......V..6...-'hu..^.*[......u.../;.p..f..n..V.j...>e&.zBW....h..M.....V.....-/..w..j...q..X..$.m8=..........F.(`$.......)....(...<Y.i..#..h........X....`.B_R.....4.E qIy....I.w.7.p8.2U3.5.4.1G.v..:...}-...B.E[............s....t.S...u....Y9....6.C.A5#'../.&.......R".3...ZM4.....x.f2.....hd........,..7..!..vI.|...SNZ....;..,V..a.......=..L.".D^..Vfx.o..R.U..c.%.eQZ..Eh.......QXl...U...>....q.-i..Ty..1.@E.j..E.....T..u.j..U.[jC.*E...{......C.......>..-...u../..$a.....$k..z..z..6g....5.)].l.I.|=..H.V....T:..y.My..B.|&...g.&..{I?.......8<x!..P.=.p3.=.O~....W........H..B..6.....P.......?PK.........F.C.2..............close.html]PAN.0.</..09p }.f.x.G.M.."8U.".=N.E .....L2>.....'..4d.:..p..v...E.n0 .a...^2D.....u>z.Q@..N.q[ryK....].c...)...E.f.F.K.#..e..D@6R.9s..EH..8.a.W........x-KN.S...A.....G.....f.....U.3M...77.~.....fB........Eiw..9t........z.~.PK..........$C~...h...........finish.html.TM..0.=.R.....!...R.I..Jp.".8p....1....4._......j.d%.y

<<< skipped >>>

GET //Displays/Softwares/16220985_display.html HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Host: staticrr.paleokits.net

Accept-Encoding: gzip, deflate

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Wed, 19 Nov 2014 18:12:48 GMT

Content-Type: text/html

Last-Modified: Thu, 03 Oct 2013 10:28:07 GMT

Transfer-Encoding: chunked

Connection: close

Content-Encoding: gzip

1f87...............r..u...W....UEB..{..\.!..`...@i.?.!0$g.`..@.}...\`..t.L..j7UIU*.dE.3.O....>3..rp.....7..;.xq..t..vy..?w.......;8x.s...........?._N..n....w'.b....:(..n2.....eY...\.....b=w....*.|Z/................*V..v...|6)..[.nu..aqU/.8...",.u.Y..i^O..&.}}.L..v.|.^...?.jz.........?../....O.^.....I9..wZ..c=..|..E.....].r....).rYQ.;#/.t]6......}...{\y.~...b...E~]..uU.]$6.Vy.wy.ZWy.t.z9.....mV....:.:...S6.....I.O.O./&oL.|.'.>\.....Y..$ci....{Q..m.>..p.EU.......r]..b.....gF,%YVhe1-..}w.M...X...DO..;-. e....Y.....a..PV.,.\.....j.9.g...K&...Sz.3.|..*.......w{.J.Z._VY.c.H.i.yi......\..^.y...$_Lr..a..|.....^.........=vG.a..r0.......b{......V..r{.F..w...m..b(en..d3...1.....c.v{y.WTh.;gg.t......,V...........U9.V.'...U...k.....?*.....;.g~.f.....iU...,[...|.mc..Fj...Ww.X.2 &.Y.....-&.n....d..rM].....J>-.}....}....fX..(m...e.`.......t.......].WnQ....."...U.H..q.)qd.i....|.kj...L...{.^.V......V..*..6..JTb1R.Bz.......3.....}.b..UW....f.&m...v...n.....'..^.Pp.....>c.H.S..........4..$.-.$ru....2........5:1.W..Rh...|t....;.................y..>t..z......;....?.G=wi_..].../...........z.8....._..k.]5..OG.....Q".A..w.=...w6.....:>wg....C*.=v.....w.a....H<$......._...j......;.w~...%\%.:;.e....B...TX.7..gv.z.^9.............s.W.{.v.b...75/...r6..<...C..d...I..0ay../.4.......C..q..5..L6..E..Z..0...]...Y...b......!S..56G.-...#...*......0=.yg..A.]........8;..y..Ir.~.r..W.eU.....P.....Kp@s..a-.S.S..'.).".bv.q.|...=yM......<H...p$8 I...*....ky$N.FU.........s.p........7.._...?....u...q"...............BHk. t.E

<<< skipped >>>

GET //Styles/Softwares/844a2c3b_browserapp.zip HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Host: staticrr.paleokits.net

Accept-Encoding: gzip, deflate

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Wed, 19 Nov 2014 18:12:46 GMT

Content-Type: application/zip

Content-Length: 734

Last-Modified: Tue, 01 Jul 2014 09:26:57 GMT

Connection: close

ETag: "53b27ee1-2de"

Accept-Ranges: bytes

PK........YE.D...=....=.......browserapp.css.S.N.1.='R.aJ......j.\@TH\z.U........l.."...I..JI.:....y...}U..:.p...- Nf....n....U......q...ki.(-u..0.>V}8..A.....w_......\'GF.H....?.4.:..e..}?.X.Y....E..._L..>..!..... .......C...R(,/...o.Hx.p.B....s.. ..0KY.=s.'...m...o..8}..Fd.$....b...... b....Y>..<&...%...Jjd....p...XQK.g... ...F.......fp.E..7S>b......"..>.it.W......k..4.E....,).<...H.dk....p.d.....^..'....=.U.v3Q5L......6B...//l.....^........R..t^...fp<I.!....Eb...G............#`/.../PK.........k3C................images/PK..........YE.D...=....=.....$....... .......browserapp.css.. .................\.5.....\.5.....PK...........k3C..............$...............images/.. .........x..,3.....7.......7.....PK......................

GET //Displays/Softwares/222ac0df_display.html HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Host: staticrr.paleokits.net

Accept-Encoding: gzip, deflate

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Wed, 19 Nov 2014 18:12:46 GMT

Content-Type: text/html

Last-Modified: Tue, 03 Jun 2014 10:09:14 GMT

Transfer-Encoding: chunked

Connection: close

Content-Encoding: gzip

16e1..............]s.H...._.C.l."(j........d[...|..W..d.).......}...`.z...lK.....y..<....n....`.n_.]R....\8..D.....E.\c...I...]4.......M.K{Q..$...c...b.T./.mQe...?.^.i.......3..Z.?..~t........U...]/.M.v...........j...*...../.j...I.....^.I..o.]...\..Z.x.r....W..0......|[..W.z]<k.....L..ey. ...\.b.[......*.l.K8.K.k.:O..SZV|......M....y....CYl\3.:.....d./..i.~...?6.*.$`......O.....h..k.].k.M......7.............K.4.....[...E1.....?3..g.l.../.Y,.Jb.....n..{$L...-.....E..]......[fe...X..K7/..*-;.*Y.....q..d?O;n.*..,...t.d.z>../VnS....j.*\l.....rC.)<..{C..t..t....~R&....'..|j_... ..ol..@n....a0..8..nz...x0..j.n..o'..r3...qx5......M4q..8.o.....m...4v.h4.._.....]0..x8..........p.%............>..W.;Vr.q......^....Y.....4.z4.]GC~..cn....E...Om..h..z...........XW..h.L.mp..C..&.qt9..}..GA?t.. .....]../.$.......I.ug..!s.M.d...`..jz......ff&I....j.~|7.....qA..L.W4.bHo..'....K.f.G.llvA..x....~.....O._...L...t.5...i8....E....V..U.a..F%.l.......P v..........*....|.C....}.I.....W.yR..e_........n..{.....2-........^....%...G.m.K...{q...<....O.........agk.,...gY/..On.........z...9..c.P.............E.{0...x..... .........nCsN.[.#.........&L..a8u.....i.\..[..x{$W....E..^h."........a..!X.K......>X....l......W.`.&...3...6.a.....vgv...8@.m.M.'8Z....|.?.SGJ..P....#9yCF....=.2@S.-..|]$K..zGu].`o../..~a......^"J...RFF^...q"4.....:...i..sO".Q.2c...9.l.\f;..%...(...s..Z..[.G....Ks#u....X....(H...I..;..r> .......'..e..lY..M...l......W...d.!..H.\.Md........0......F.f.l...7.....6...-~.....q?."..$.p*.1p..n..........N\8..V.

<<< skipped >>>

GET //Dictionaries/English.xml HTTP/1.1

Host: staticrr.paleokits.net

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Wed, 19 Nov 2014 18:12:31 GMT

Content-Type: text/xml

Content-Length: 626

Last-Modified: Fri, 12 Apr 2013 09:51:55 GMT

Connection: close

ETag: "5167d93b-272"

Accept-Ranges: bytes

<dictionary>. <installed> Installed </installed> . <installing>Installing</installing> . <installingetc>Installing...</installingetc> . <downloadError>An Error has occurred</downloadError> . <takeFewMinutes>It may take a few seconds</takeFewMinutes> . <confirmExit>Are you sure you want to exit?</confirmExit> . <installClose>Do you want to install the remaining offers?</installClose> . <welcome>Welcome</welcome> . <license>Welcome</license> . <options>Additional Options</options> . <instalando>Installing</instalando> . <finish>Finished</finish>. <downloadingetc>Downloading...</downloadingetc> .</dictionary>..

GET //Displays/Softwares/7f3e6cee_display.html HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Host: staticrr.paleokits.net

Accept-Encoding: gzip, deflate

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Wed, 19 Nov 2014 18:12:48 GMT

Content-Type: text/html

Last-Modified: Tue, 08 Jul 2014 14:47:05 GMT

Transfer-Encoding: chunked

Connection: close

Content-Encoding: gzip

f06.............._o......O1....(.u....b.I.8.`.5..`....-w7.G4.1......3K.....8.E...?..{............_.u.7..~x...o...k...|...W..w....WZ...o...~.>.z.>,....6<;[.U.c...X..e....YSw..uu...P.[W7}.._C......K...?..<q.xv........P..mp}..M..Zt.WW]..|..........k.6....s...C.>._}[\]n...;...W./X..........o...w:.af.lC.\.......s....U.).b.v....:_..t.v.>....z.....*."Ta.{.j...7 }.:>.....9-..B....7....j....Ky.._..?".JZNP..u....D1.s-P......*w..8..~......;.O.v._.y(...U...D.........nU........l......v.../..n_...y!.....w...?Zv..j.N<........|.gvh.... ...}.e...?....:\.%......}..j.wW..`.\V.l......%.MX.M.....GZ_...#)y.m...'..@...G.`...24..)......&.......{...{..2P..Z.....Ca."...%..&(..jg........`..RB.......F..Vv....... f.]...[n|....M...."../Ff.F[a...,u...|VC..-...|jf..>.,.F(.z....=......X.a.z..(i.hU..\...v..P ....C.....V..~.V.....~-$r.=.b*bKTS.,.f..#..!.p...a..#.....o..R.A..e_;Y9S..T...._..."..nXla..c..6f...)..beU..Y..J..Wl..3......r;sa..._.^....e{..M-.=. F.0`....a.4.6T.{y..vu[X....\.........Q)}p.aS.O.....Y.....4U..%.E........o....~. ...0.E.r.a.r..O.ai.JQ\..li.9....l...#.)...thA.H..$..:8.G.......U..N...n..............,.>...P...j....dmr9.5....0.h....O.....N@o)..!...... Z.1cjsC.]...%..wUY...L.T3.T?..@W.....15B.]...........e;...V.|....^!..'U.:......:%\.>|..AE...* ?KUQ/.C2m..E....#.e\.~o...D.cx.Q..w0K.H..Q>)... .. ......YP.D........,....Ci...w..8A.Nz......%JB.-..0^....@ ..h..}.....hH.$h.D.;zB.QY.co...t..j.8.......{.W<=.4..4.#..I..u....%..6...Z..^q...$R1.k.3)i.{C,....;......%&m.R..q_..X.r.>J,....$..F...?..M@.

<<< skipped >>>

GET /debug/Version/4_0_6_25/Nsis/PreRun HTTP/1.0

Host: dtrack.sslsecure1.com

User-Agent: NSISDL/1.2 (Mozilla)

Accept: */*

HTTP/1.1 200 OK

Date: Wed, 19 Nov 2014 18:12:08 GMT

Server: Apache

Set-Cookie: vsid=905vr1639663281509643; expires=Mon, 18-Nov-2019 18:12:08 GMT; path=/; domain=dtrack.sslsecure1.com; httponly

Vary: Accept-Encoding,User-Agent

Connection: close

Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "hXXp://VVV.w3.org/TR/html4/strict.dtd">..<html>..<head><meta name="tids" content="a='471' b='1912' c='sslsecure1.com' d='manual_mapped'" /><title>sslsecure1.com</title>..<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">..<style type="text/css">../*RESET*/..body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,pre,form,fieldset,input,textarea,p,blockquote,th,td{margin:0;padding:0;}table{border-collapse:collapse;border-spacing:0;}fieldset,img{border:0;}address,caption,cite,code,dfn,th,var{font-style:normal;font-weight:normal;}ol,ul {list-style:none;}caption,th {text-align:left;}h1,h2,h3,h4,h5,h6{font-size:100%;font-weight:normal;}q:before,q:after{content:'';}abbr,acronym {border:0;}../*COMMON*/...wrapper {text-align: center;}...img {margin:0px; margin-bottom:-11px !important;}...wrapper table { text-align: left; margin: 0 auto; font-family: arial, sans-serif; color: #515151; font-size: 12px;.}...h-list {background: url(hXXp://i3.cdn-image.com/__media__/pics/471/top-nav-bg.gif) repeat-x left top;}...h-list li {display: inline; text-align:left;}...h-list li strong {color: #358a35;}..h2 {color: #63ad63; font-size: 14px; font-weight: bold;}../*HEADER*/..#header {border-top: 4px solid #358a35; padding-top: 8px;}..#header .cufondiv h1 a {...color: #63ad63;...font-weight: bold;...font-size: 35px;...text-decoration: none;...font-family: "ChunkFive", arial, serif;...font-weight:bold;...}..#header .normalfondiv h1 a

<<< skipped >>>

GET /7f1df2ad776e148c4007facb815b9b4a/Cloud_Backup_Setup.exe HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1

Host: aff-software.s3-website-us-east-1.amazonaws.com

Connection: Close

HTTP/1.1 200 OK

x-amz-id-2: wgcmSekBETb0nbN v9J08dVMcyPuhtEsezW2SLhqp02ifjh15UxVtFK2K2hYd4QEZOG7TnT3oR0=

x-amz-request-id: 02EFF118D334B900

Date: Wed, 19 Nov 2014 18:12:43 GMT

Last-Modified: Tue, 08 Jul 2014 14:34:06 GMT

ETag: "af37247590f4e4b8a8a214a091ea6067"

Content-Type: application/octet-stream

Content-Length: 73816

Server: AmazonS3

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................^...........0.......p....@.................................|........................................t..........0m..............p............................................................p...............................text...L\.......^.................. ..`.rdata.......p.......b..............@..@.data...X\...........v..............@....ndata...................................rsrc...0m.......n...z..............@..@........................................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H....h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G.....t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....

<<< skipped >>>

GET /ba/full/mon/setup.exe HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1

Host: dl.newonlinedemoserv.com

Connection: Close

HTTP/1.1 200 OK

Date: Wed, 19 Nov 2014 18:12:31 GMT

Connection: close

Accept-Ranges: bytes

ETag: "1416410780"

Last-Modified: Wed, 19 Nov 2014 15:26:20 GMT

Cache-Control: max-age=836

Content-Length: 11715336

Content-Type: application/x-msdownload

X-HW: 1416420751.dop005.ny2.t,1416420751.cds007.ny2.c

Content-Disposition: attachment; filename="setup.exe"

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......P.....................n......-A............@........................................... ..............................p......................h................................................................................................text...<........................... .0`.data...............................@.0..rdata..8$.......&..................@.0@.bss..................................0..idata.......p......................@.0..ndata...`....... ..................@.0..rsrc...............................@.0.................................................................................................................................................................................................................................................................................................................................................................................U..WVS.......U..E....t...F........T.D..H...H.......M..E..5..D..D$...$...tE..M..E.....SS...E...$.D$... uE..M..E......M.WW......M.)..M..NT....NP........E.....}...VT........FP..E........}..VP........U.......FT.............}..........E..M...$..|sE..E..R...D$..E..D$...$...uE.....<$...sE..E..Q.}.;}...Q....~X........F4..$...sE...W..........$.E......E......D$........sE.RR.FX..$.D$....sE..5.sE.QQ..$.|$...RR...E...$..|....D$. ....D$..D$......D$.\.D....tE...|.......T$...$..QQ.<$...sE.S.M..E..D$...$...uE.PP1..

<<< skipped >>>

GET //Styles/Softwares/06a50625_hq-videopro.zip HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Host: staticrr.paleokits.net

Accept-Encoding: gzip, deflate

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Wed, 19 Nov 2014 18:12:49 GMT

Content-Type: application/zip

Content-Length: 725

Last-Modified: Wed, 12 Feb 2014 17:09:57 GMT

Connection: close

ETag: "52fbaae5-2d5"

Accept-Ranges: bytes

PK..........LD.GCw............hq-videopro.css.SMO"A.=C..(%\H....4.7nL........f:6]mO....nw.D\M@c.....{............Wlz:...}.....T...x.........]....H...n9::.N.[..._...!.CF?...O.....>...m...N..@.u..Z eX...<....N......y..m..L....H..F...|..7J.....y ..R.~..3..5<..%..j...hd.GP..zE.fKr..h..e....9.6..x7..X Um.x..he.-4...Q..T...&H..KM.s.....R*S.lOb.gQ%........[/...@sny/./Dq[:.7..!.....P...N.t.R.jr.....5i%.{.".....I6.....O.e.,...)^...8Vx\.*h..8..]w..:.L&.c..X..rc...W...Y....._.......z..3PK........Fv2C................images/PK............LD.GCw..........$....... .......hq-videopro.css.. ..............(../..W.(../..W.(..PK..........Fv2C..............$...............images/.. ..........O.`~...ao.W.(..ao.W.(..PK......................

GET /21/all/hqv/ca/setup.exe HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1

Host: dl.newonlinedemoserv.com

Connection: Close

HTTP/1.1 200 OK

Date: Wed, 19 Nov 2014 18:12:41 GMT

Connection: close

Accept-Ranges: bytes

ETag: "1416403573"

Last-Modified: Wed, 19 Nov 2014 13:26:13 GMT

Cache-Control: max-age=1065

Content-Length: 12531440

Content-Type: application/x-msdownload

X-HW: 1416420761.dop005.ny2.t,1416420761.cds045.ny2.c

Content-Disposition: attachment; filename="setup.exe"

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......P.....................n......-A............@.................................\:........ ..............................p......................X%...............................................................................................text...<........................... .0`.data...............................@.0..rdata..8$.......&..................@.0@.bss..................................0..idata.......p......................@.0..ndata...`....... ..................@.0..rsrc...............................@.0.................................................................................................................................................................................................................................................................................................................................................................................U..WVS.......U..E....t...F........T.D..H...H.......M..E..5..D..D$...$...tE..M..E.....SS...E...$.D$... uE..M..E......M.WW......M.)..M..NT....NP........E.....}...VT........FP..E........}..VP........U.......FT.............}..........E..M...$..|sE..E..R...D$..E..D$...$...uE.....<$...sE..E..Q.}.;}...Q....~X........F4..$...sE...W..........$.E......E......D$........sE.RR.FX..$.D$....sE..5.sE.QQ..$.|$...RR...E...$..|....D$. ....D$..D$......D$.\.D....tE...|.......T$...$..QQ.<$...sE.S.M..E..D$...$...uE.PP1..

<<< skipped >>>

GET //Displays/Softwares/cb3d709d_display.html HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Host: staticrr.paleokits.net

Accept-Encoding: gzip, deflate

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Wed, 19 Nov 2014 18:12:49 GMT

Content-Type: text/html

Last-Modified: Wed, 12 Feb 2014 17:10:19 GMT

Transfer-Encoding: chunked

Connection: close

Content-Encoding: gzip

21c6...............r.Ir..G.z....."HjOWc........\....D.h.=...n..........i.&.$....>...b...X.}....YYY......t4....]..~.?.>q...>........;>~....=.).O...........m.u...y....& ....7_.U...mQ.........f.v.............2..g..Y.....^...*[.x.9[..u.v..-...\U..}Sm.M.......EV...&}...k.}.&.n.u.........o......7... ......7.2{{^.V..frPZ..,..|S...\.W...V...*......D..KW {{......x.....(N7.w.m..|...b..`.t.U\.....*......~........uV..y-N...ok.|#.o.....~.Ijq.%"/...]..].3z.K...F...-.&....\K..Y.=..|...t.z.H...2]..S/..........]Zf....#..<.....%_.iV.Q...U..gS4.mF.on.*.g.*3...s{.....7.........=..?.. wS..../..K...*.E..q..|.}.....``.......m.Eq.Y...(...W...y.9.z<....y..z&Y..6n.y.E.^..t.....{s.)=...U~fe....|3_.....~.6.....aa..No...U......9.J....e... =vS..e>..6......faC..f~Gn...]z..........~..Kg...UqS.....g0..A/...?.g.n....P..(..c.Y.BZ...]..c..,....w.....m.....y...6.W..*.v ...... d.t9.K.....U.......R....`Q.<o.b._g`n.B.x0.lT..2.B/.{.r.ygL|..4S.....&a..L "....M.P..Q.\.Uv.............4...A1.#.?~0......vQ....H..[.....c.*...7....8..#....__..... .=^...2..........7:.3.._.....w..'.I.1pb..W2g..\...>.^..6H.\......w$.......jyaC.l'9.2.0J.P.'..j2...5.m...XT...x....9P.Y.T.@]."7....'.s...Yy...W.7K.l.L77.Z......*0h..Xi...y..b....9sO.]..X5.....X..&.G..s.i......K 3l&P.m.L....0....G.%/...2PI.G..S...f......5.0B..A..b.q..tO?d`._....K..k.............GS.{?N..)7..?.......l....A..$n2.]...wt...19........g...d..q2H>..S7....io08Q.*-tu..S.k..2..D>,.C......z.q.!.ee...),.ZVC...q. .?i..l..;....*B].....?.1...E7.....Y..a......".$....xi....e....... .1&l

<<< skipped >>>

GET /test.html HTTP/1.1

Host: track.v2.sslsecure4.com

Connection: Close

HTTP/1.1 200 OK

Content-Type: text/html

Date: Wed, 19 Nov 2014 18:12:23 GMT

Server: nginx

Content-Length: 8

Connection: Close

correct...

GET /111001464/OptimizerPro.exe HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1

Host: dl.softservers.net

Connection: Close

HTTP/1.1 200 OK

Server: nginx/1.6.0

Date: Wed, 19 Nov 2014 18:08:49 GMT

Content-Type: application/octet-stream

Content-Length: 6160376

Last-Modified: Wed, 19 Nov 2014 16:07:25 GMT

Connection: close

ETag: "546cc03d-5dfff8"

Content-Disposition: attachment; filename=OptimizerPro.exe

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........A...A...A.....x.Q.....M.t.....L.?...H.u.H...A.........I.C.....|.@.....{.@...RichA...........................PE..L...KncT.................F....\.....ih.......`....@..........................@^.......^...@.....................................P.......,.[...........].......]......a..............................@...@............`..d............................text....D.......F.................. ..`.rdata...Q...`...R...J..............@..@.data....4..........................@....rsrc...,.[.......[.................@..@.reloc..4W....]..X....].............@..B.................................................................................................................................................................................................................................................................................................................................................. bA...E.......U..V.... bA...E...E..t.V.jC.......^]............U..V...dE...E..t.V.@C.......^]...................:E.............U..j.h.PA.d.....P...SV...A.3.P.E.d......u.3.S...m>...]..^..^..^..^..^..^..^..^ .E..;.u(.E.P.M..E...A..iD..hp.A..M.Q.E..bA...[..WV.e;........M.d......Y^[..].....U..j.hTPA.d.....PVW...A.3.P.E.d......u.V.E.......:...F.3....;.t.P.KH......~..F.;.t.P.8H......~..F.;.t.P.%H......~..F.;.t.P..H........~..E.......=...M.d......Y_^..].............U...E.VP... D.....bA...^].......U..QV..j..M..

<<< skipped >>>

GET /debug/Version/4_0_6_25/Nsis/CopyFiles HTTP/1.0

Host: dtrack.sslsecure1.com

User-Agent: NSISDL/1.2 (Mozilla)

Accept: */*

HTTP/1.1 200 OK

Date: Wed, 19 Nov 2014 18:11:57 GMT

Server: Apache

Set-Cookie: vsid=922vr1639663172813827; expires=Mon, 18-Nov-2019 18:11:57 GMT; path=/; domain=dtrack.sslsecure1.com; httponly

Vary: Accept-Encoding,User-Agent

Connection: close

Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "hXXp://VVV.w3.org/TR/html4/strict.dtd">..<html>..<head><meta name="tids" content="a='471' b='1912' c='sslsecure1.com' d='manual_mapped'" /><title>sslsecure1.com</title>..<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">..<style type="text/css">../*RESET*/..body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,pre,form,fieldset,input,textarea,p,blockquote,th,td{margin:0;padding:0;}table{border-collapse:collapse;border-spacing:0;}fieldset,img{border:0;}address,caption,cite,code,dfn,th,var{font-style:normal;font-weight:normal;}ol,ul {list-style:none;}caption,th {text-align:left;}h1,h2,h3,h4,h5,h6{font-size:100%;font-weight:normal;}q:before,q:after{content:'';}abbr,acronym {border:0;}../*COMMON*/...wrapper {text-align: center;}...img {margin:0px; margin-bottom:-11px !important;}...wrapper table { text-align: left; margin: 0 auto; font-family: arial, sans-serif; color: #515151; font-size: 12px;.}...h-list {background: url(hXXp://i2.cdn-image.com/__media__/pics/471/top-nav-bg.gif) repeat-x left top;}...h-list li {display: inline; text-align:left;}...h-list li strong {color: #358a35;}..h2 {color: #63ad63; font-size: 14px; font-weight: bold;}../*HEADER*/..#header {border-top: 4px solid #358a35; padding-top: 8px;}..#header .cufondiv h1 a {...color: #63ad63;...font-weight: bold;...font-size: 35px;...text-decoration: none;...font-family: "ChunkFive", arial, serif;...font-weight:bold;...}..#header .normalfondiv h1 a

<<< skipped >>>

GET //Styles/Templates/e9c1a9ca_Win_A_Banner_DeclineLink.zip HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip, deflate,gzip, deflate

Host: staticrr.paleokits.net

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Wed, 19 Nov 2014 18:12:44 GMT

Content-Type: application/zip

Content-Length: 344899

Last-Modified: Fri, 07 Mar 2014 11:17:00 GMT

Connection: close

ETag: "5319aaac-54343"

Accept-Ranges: bytes

PK.........YgD..l>9....c......style.css..ko......?....M-G.#q...m...p.-..^...D.... ..w....S")JvrIp-b#.I.3...p.....\....,Z.PZ.......Q..._D.,*.%h.K..a.*..r8......R.s]....<.*T............^.Sx?,QD....A..<._..$.>_..|;<..`........#..!(s...:.....< VC..|].A.6.,.... X,p:u..A.......!.......u...3.}.D...eIVL...9}...j9=;w..-..^,.i0.e.8..... j]..,......,.S.k:....Q...Q1O.....1Jy......y..t...I.rX@.g)*@....J~. F....-.U..,&.P......arr.>%.1..W..........l%..p.W..h.........LJ....<....m..U..........!H..vN`:s........D....{D4..e.i.........%..t...!~\......F..^..Sgt...."...x...<.-.`...t..w..@..8....X.. (."=U.....(....(.....JL-..@...=...W..1.p..2.j..y...rlK.l..{|D....s.%.2....3.\ 'H3.... ......'.....iu....D..D....D!..A.....Q....@..y(`>.3b0?;..1..CW... ..V.W.gd.......R1..2.P.|.......^..p.."...5..L."mF.......R..8...[.PB..#]}F8- .....%E.......F#.D.!....."..:.,.:R\Y...g>...R.u].....B...B....@C./.DP.Zc.....g.d#i.2.A......af.D.4;.@~WW.......&..Srfk.8--.....n..s..b....d).......e..W.d......?l=...5...GG...G......$&..=.......tV.W....p...1........p...xF. ..1..pL.sD....;......._,....3..,....a.....s<.L...<..`.....)9.4...x(...P2...w...e......a....wqIe...6.8.....5..mx.gD.1G.....`.IA...>.X.<.... .~..b..dq..8.^...uN>.d..!...8*.2.W.. .....H.U........7. ...w..D.O_r.W....9....0.F..._..L.........V.VI5Y.s..sZ ]` #%Z..p ..Z .;olx.........M.C..^.....7.......p.....O.6.m.....zd.<..G.,g...Y.j.|..TP...|...d2.r.....K.6......b....vu..|..s.. ... 7.....9'.c..[...sD0C........F..,I..R....IcL._...I ...(ZB....LZ.m.2.....;h

<<< skipped >>>

GET /21/all/hqv/ca/setup.exe HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1

Host: dl.newonlinedemoserv.com

Connection: Close

HTTP/1.1 200 OK

Date: Wed, 19 Nov 2014 18:12:41 GMT

Connection: close

Accept-Ranges: bytes

ETag: "1416403573"

Last-Modified: Wed, 19 Nov 2014 13:26:13 GMT

Cache-Control: max-age=1065

Content-Length: 12531440

Content-Type: application/x-msdownload

X-HW: 1416420761.dop002.ny2.t,1416420761.cds045.ny2.c

Content-Disposition: attachment; filename="setup.exe"

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......P.....................n......-A............@.................................\:........ ..............................p......................X%...............................................................................................text...<........................... .0`.data...............................@.0..rdata..8$.......&..................@.0@.bss..................................0..idata.......p......................@.0..ndata...`....... ..................@.0..rsrc...............................@.0.................................................................................................................................................................................................................................................................................................................................................................................U..WVS.......U..E....t...F........T.D..H...H.......M..E..5..D..D$...$...tE..M..E.....SS...E...$.D$... uE..M..E......M.WW......M.)..M..NT....NP........E.....}...VT........FP..E........}..VP........U.......FT.............}..........E..M...$..|sE..E..R...D$..E..D$...$...uE.....<$...sE..E..Q.}.;}...Q....~X........F4..$...sE...W..........$.E......E......D$........sE.RR.FX..$.D$....sE..5.sE.QQ..$.|$...RR...E...$..|....D$. ....D$..D$......D$.\.D....tE...|.......T$...$..QQ.<$...sE.S.M..E..D$...$...uE.PP1..

<<< skipped >>>

GET /betatest/mystart/mystartTb_5.4.1.4_sambamedia.exe HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1

Host: betatest.vmn.net

Connection: Close

HTTP/1.1 200 OK

Date: Wed, 19 Nov 2014 18:12:32 GMT

Server: Apache/1.3.41 (Unix)

Last-Modified: Wed, 04 Jun 2014 14:56:26 GMT

ETag: "8fbd-5362b8-538f339a"

Accept-Ranges: bytes

Content-Length: 5464760

Connection: close

Content-Type: application/octet-stream

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................\..........<2.......p....@..........................@........S......................................s..........hI...........KS..............................................................p...............................text...ZZ.......\.................. ..`.rdata.......p.......`..............@..@.data................r..............@....ndata.......@...........................rsrc...hI.......J...v..............@..@........................................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H.....>B..H.P.u..u..u...Hr@..B...SV.5.>B..E.WP.u...Lr@..e...E..E.P.u...Pr@..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..Tp@..u..5Xp@.W...E..E.h ...Pj.h.6B.W..Xr@..u.W...u....E.P.u...\r@._^3.[.....L$...>B...Si.....VW.T.....tO.q.3.;5.>B.sB..i......D.......t.G.....t...O..t .....u...3....3...F.....;5.>B.r._^[..

<<< skipped >>>

GET /download/wajam_download.exe HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1

Host: VVV.wajam-download.com

Connection: Close

HTTP/1.1 200 OK

Date: Wed, 19 Nov 2014 18:12:41 GMT

Server: Apache/2.2.14 (Ubuntu)

Last-Modified: Wed, 21 May 2014 20:10:51 GMT

ETag: "7015d-f0c0-4f9ee97ca68c0"

Accept-Ranges: bytes

Content-Length: 61632

Connection: close

Content-Type: application/x-msdos-program

Set-Cookie: APPSESSID=w2|VGzdn|VGzdn; path=/

Cache-control: private

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1p.:u..iu..iu..i...iw..iu..i...i...id..i!2.i...i...it..iRichu..i........PE..L...^..K.................b...........6............@..................................`..............................................................P...p............................................................................................text....a.......b.................. ..`.rdata...............f..............@..@.data................x..............@....ndata...0...p...........................rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H.....cB..H.P.u..u..u...T.@..B...SV.5.cB..E.WP.u...X.@..e...E..E.P.u...\.@..}..e....D.@........FR..VV..U... M.......M....3.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...H.@..E...E.P.E.P.u...`.@..u....E..9}...w....~X.te.v4..L.@....E.tU.}.j.W.E......E.......P.@..vXW..T.@..u..5X.@.W...E..E.h ...Pj.h.[B.W..d.@..u.W...u....E.P.u...h.@._^3.[.....L$..(cB...Si.....VW.T.....tO.q.3.;5,cB.sB..i......D.......t.G.....t...O..t .....u...3....3...F.....;5,cB.r._^[...U..QQ.U.SV..i....

<<< skipped >>>

GET //Displays/Softwares/1f76ab55_display.html HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Host: staticrr.paleokits.net

Accept-Encoding: gzip, deflate

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Wed, 19 Nov 2014 18:12:47 GMT

Content-Type: text/html

Last-Modified: Thu, 17 Jul 2014 09:13:47 GMT

Transfer-Encoding: chunked

Connection: close

Content-Encoding: gzip

28a3...............r.......i..-E.Two;foI....$. ..@....;.@...P.W.......y.....7.'...2..p.Zrx..8l.(de.:........p...A.Mg..;..........k....~.Z_...G........iYeE.......OK?l...<..?.M.|.dyZ.d.......aoQT.......4_..C.s2?Xr.....~.;.......{.M..[f.Yz.wt..&.<u..-..?......j..aQ..f..O.j..............j....'.......lzQ...Z.......Z[....E...-f..A.:..&e.....e...........\eXV..[O...d6.........7.....Sw...M.t7e1wq.Y.L ...rU.....b.._6.]Ri...MZ..~!J....j..3i.........d.r..,_=d.......?....,.....O.[.g.....A......n....M..*.{.......J.X<.~q..].2E..4..c....>........5*...........*.).l6......../.d...j.....m2I.....p..-.i.e.%l.wEq;K.......}V.......kC0.^................>:.M....A[..N4V..K.6.J.rrw.n.'.....d:=(.}7 &P.(.O..n:....Dfi.....tf:...TT.t.4A....}O'.H.z...vq.....oL...m.).@7..?O.....D..Of.i...=B.4_j.4....%$.d.'.I.........FI=.bMK..o.l.....-.tv.E..V.7...DU..%.e.gl...R.vy.}......b.vW.e.....r..^.(/.y.....:...2....u.........r.........).!:..&...[b;.......%....>..M.^.H..__........[..m1$...Y.\.=.^,....V._.p[&sd=K.........C.P...<.f..%..).[....TzP.y6.J..E..x......W2....@...?..L....6c^0O...Y.d...oy.....u.<...#...Kin..G...xx1........#.#.....,....."|;i....@..oH..).....Z..U.m..<z.......Y..R.E....*z..[6s..g.....#.mB.eI>..\/...T'Co...m.%&.Fc.@D2.. ..:.e.q.0. ....BQc.......u.h.............R..R..62M......u..........~...b. .?..(<.\...g.(p.9N.;..Yq......bu ...f`$DV.d.-..Y.......*U1[.l..g.y1...W.|'.a..E...&A......A.t..?}....hy.Op..e.......v..b.(20..*.N'.............<.&...I*k...B...).....U.\.dBa..v../...B...q#....T.....Q.&. .@R..#....

<<< skipped >>>

GET //Styles/Softwares/67423fe2_wajam.zip HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Host: staticrr.paleokits.net

Accept-Encoding: gzip, deflate

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Wed, 19 Nov 2014 18:12:46 GMT

Content-Type: application/zip

Content-Length: 111525

Last-Modified: Thu, 17 Jul 2014 09:09:05 GMT

Connection: close

ETag: "53c792b1-1b3a5"

Accept-Ranges: bytes

PK.........P.D.........0......wajam.css.Z[o.H.~&R..l.H..b.`...lD.UW.V.t.gb...3.p...._f..xn....Rjl.e.|.;.....^....... }~......{w.^..~.G..M.w...(1q..........E//.qp....?/.*;../..%..g...^....'...._./..o.a..}.v.>....v..O'..=D.4....o...EHO.....vy...s...G.ez.|.....<...K6A..Y|.5.o.. ?...C.1 t....|..<..l...k...$.liYr..[.5>...k...........z.........e[J....C....k...P.".....Aw?.H.U...A.q....M....Z...a\Ci.EE.P....a......TD.....^K..(.....#Jv........F.a*.;.mL...]1...@....j.\.........L.(.Z.A..2n.g2..y..._.A.......l.xa......|.............n..Uc1}.d^....,.$..i..7....J;...I..Oap.B.F.......>...IR..#..%.2* 1eV..nhr..t.eQ..5wNFr..M..i..i.{....".........o. .6,{..*..}.2..L/...q...o........h2.;.r..........&..{.......H..:....7uCg.o..&..X.......o.C.)7.`.).p....)..0...... v....T.UQi..../......2.-....M.....z....d.Es....J...u`,......k..,.Q.QT.a......%..R.q..d...d.....}.fqk3.Q6F..1O.....2..B..wd.......=Um/.03H1......t......w.T$.......P.M.....v*y/Q.R.9.t.X..OFt.F...$..Zn..-.........\....d....rOg;...f..3...r.tw.p.....r.........6...:..%#......m..../....f....n.......tci.t.?.X.........z...y......'...K.vA..n.Z.....f>C, .P...O..D...D........s. ..kf...8^(....8 .qc6....0..NJ....../....Y..BW{.....c...f7....n...?.......,v.A.&L...#j.&.`/.v*...|)Nr..E.>..6 ....&_..I....af...:...V.*...h.......~6....=.ya.f.9;...Y|...:..$(.....6Lm-.7R5.... 4;......<f%..A..`.J......9..............<."3?:D!^......Go...QJ...2mV...>[g.?...O...^... PP.....=w#...n...}..~....P.[jx... ]g.......s...........Ti......@.JP.../^..\.....y..OQ......d..>.I..'..

<<< skipped >>>

GET /111001464/OptimizerPro.exe HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1

Host: dl.softservers.net

Connection: Close

HTTP/1.1 200 OK

Server: nginx/1.6.0

Date: Wed, 19 Nov 2014 18:08:49 GMT

Content-Type: application/octet-stream

Content-Length: 6160376

Last-Modified: Wed, 19 Nov 2014 16:07:25 GMT

Connection: close

ETag: "546cc03d-5dfff8"

Content-Disposition: attachment; filename=OptimizerPro.exe

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........A...A...A.....x.Q.....M.t.....L.?...H.u.H...A.........I.C.....|.@.....{.@...RichA...........................PE..L...KncT.................F....\.....ih.......`....@..........................@^.......^...@.....................................P.......,.[...........].......]......a..............................@...@............`..d............................text....D.......F.................. ..`.rdata...Q...`...R...J..............@..@.data....4..........................@....rsrc...,.[.......[.................@..@.reloc..4W....]..X....].............@..B.................................................................................................................................................................................................................................................................................................................................................. bA...E.......U..V.... bA...E...E..t.V.jC.......^]............U..V...dE...E..t.V.@C.......^]...................:E.............U..j.h.PA.d.....P...SV...A.3.P.E.d......u.3.S...m>...]..^..^..^..^..^..^..^..^ .E..;.u(.E.P.M..E...A..iD..hp.A..M.Q.E..bA...[..WV.e;........M.d......Y^[..].....U..j.hTPA.d.....PVW...A.3.P.E.d......u.V.E.......:...F.3....;.t.P.KH......~..F.;.t.P.8H......~..F.;.t.P.%H......~..F.;.t.P..H........~..E.......=...M.d......Y_^..].............U...E.VP... D.....bA...^].......U..QV..j..M..

<<< skipped >>>

GET /test.html HTTP/1.1

Host: api.v2.sslsecure2.com

Connection: Close

HTTP/1.0 500 Internal Server Error

Date: Wed, 19 Nov 2014 18:12:24 GMT

Server: Apache

Set-Cookie: vsid=903vr1639663440521855; expires=Mon, 18-Nov-2019 18:12:24 GMT; path=/; domain=api.v2.sslsecure2.com; httponly

Vary: Accept-Encoding,User-Agent

Content-Length: 0

Connection: close

Content-Type: text/html; charset=UTF-8

GET /7f1df2ad776e148c4007facb815b9b4a/Cloud_Backup_Setup.exe HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1

Host: aff-software.s3-website-us-east-1.amazonaws.com

Connection: Close

HTTP/1.1 200 OK

x-amz-id-2: yoJdAcWghu8e0GmsJ9T8ZneomMMaQo6EcXXnzIssdoDa3ZhPU5nuJRh7BYGTDMzJirhPD2at7OE=

x-amz-request-id: EBA71CAF9DECDF78

Date: Wed, 19 Nov 2014 18:12:43 GMT

Last-Modified: Tue, 08 Jul 2014 14:34:06 GMT

ETag: "af37247590f4e4b8a8a214a091ea6067"

Content-Type: application/octet-stream

Content-Length: 73816

Server: AmazonS3

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................^...........0.......p....@.................................|........................................t..........0m..............p............................................................p...............................text...L\.......^.................. ..`.rdata.......p.......b..............@..@.data...X\...........v..............@....ndata...................................rsrc...0m.......n...z..............@..@........................................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H....h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G.....t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....

<<< skipped >>>

GET //Docking/Docking.zip HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Host: staticrr.paleokits.net

Accept-Encoding: gzip, deflate

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Wed, 19 Nov 2014 18:12:45 GMT

Content-Type: application/zip

Content-Length: 37048

Last-Modified: Tue, 26 Nov 2013 13:00:11 GMT

Connection: close

ETag: "52949b5b-90b8"

Accept-Ranges: bytes

PK........1Q.A..T.............position1A.css.....0.D..W\.n....H.Q... .~@l...Ii"*..k.......9..]..t.jp.../.......6.<7Th...5L....}..E.. ....L.S...........V*...8.;r...,6..r..'.?WC......yX.'c............&.XHA...PK........,g.B^P.]............position2A.css.S.N.0.}n..b.K...m$p^v.j%^...~..............!.RB....c.9s.L~f...[r.....y.x..\.V.7d.-..L..}o.3k.........Dp.....99....x...P)3....(..V........EL..I..B.G.A..{.y........en....<.&.l...[..~.U..'..7..sCC.....O.Z....H.J..G.p;...`.>.....-V ..g6R.......qQ%.Ua....E.7>..o...W.....f..k.L.ME.....cTSF.....s|....#..%....| ..hBv...Lqf(..@.w=...~P$<p.E...y.u..........W.k0[...w.Z......fye.../...&Q.....c.q........1.0.g..ay......|.gI....W.4...GJ...R..e...;.....}b.5.3.^\...A[..O.FX..'5o.%r......F..:....PK.........H.@....Z...........position2B.css.Q.N.0.....D..a..Fp.1B............]....mA......$=.|?=.uF.U.....[ot..~...9Ld.Y.......N.y`~................#.||..j)y.(/..n.....^....45.....\.."..k$. ...0..@C'.$....Q..V.:k&.Z%.U ?.X.-..F..E.Ra.<u..;($g...}.......Ah...)...L.*5.Q0(.M.v.....t`....ho..........d/4.p...A.7.....Ee.$*J...S..r.=.<.... l..%.|!j..6..c"...%:.d.......Hen.[xK...O./....U.}fuV..PK.........lMBjre.....B.......position2C.css.....0....S...bL/....A...P}....h3%....nE.*..Y...}.]..FZ.m7s:.%..0MS...PIm.g....7...U..,VK..}....c..c..-b.g.FS...(.P.x.0.\.?\.'TS...k.2!WG4.....#G%l.. .'.{.....ix...B.}a..m..R.v......(.........,..#E.3'8.._....?...z.PK........VG.@! h.............position3A.css..Qo.0....S.:...-..R.........}..N.f|..k...}6Ic.%.:x;.......TT.l....._..Y._]..r._.x..Ppq.C

<<< skipped >>>

Map

The Application connects to the servers at the folowing location(s):

Strings from Dumps

%original file name%.exe_668:

.text

`.rdata

@.data

.ndata

.rsrc

uDSSh

.DEFAULT\Control Panel\International

Software\Microsoft\Windows\CurrentVersion

GetWindowsDirectoryA

KERNEL32.dll

ExitWindowsEx

USER32.dll

GDI32.dll

SHFileOperationA

ShellExecuteA

SHELL32.dll

RegEnumKeyA

RegCreateKeyExA

RegCloseKey

RegDeleteKeyA

RegOpenKeyExA

ADVAPI32.dll

COMCTL32.dll

ole32.dll

VERSION.dll

verifying installer: %d%%

hXXp://nsis.sf.net/NSIS_Error

... %d%%

~nsu.tmp

%u.%u%s%s

RegDeleteKeyExA

%s=%s

*?|/":

"C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\%original file name%.exe" /path="c:\%original file name%.exe" ""

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsv7E.tmp\nsisdl.dll

b151783808a.exe\accf2b3b9b5348daa94a4a85442bd38d\%original file name%.exe->C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d\parent.txt

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsv7E.tmp

989d5cc8701b151783808a.exe\accf2b3b9b5348daa94a4a85442bd38d\parent.txt

b151783808a.exe\accf2b3b9b5348daa94a4a85442bd38d\%original file name%.exe

D.MH;

v2.0.50727

setup.exe

CallUrl

.ctor

System.Resources

System.Reflection

System.Runtime.InteropServices

System.Runtime.CompilerServices

System.IO

System.Net

WebRequest

HttpWebRequest

IWebProxy

get_DefaultWebProxy

WebResponse

HttpWebResponse

Password

{653B694D-F0F9-46DC-9D9E-8009DAEE1127}

System.Security.Cryptography

PasswordDeriveBytes

set_Key

4.0.6.25

$a789a08e-b7be-465a-9659-4044b21e32a9

_CorExeMain

mscoree.dll

Ã‘[g

]]%uB

%original file name%.exe

8517AB~1.EXE

151783808a.exe\accf2b3b9b5348daa94a4a85442bd38d\parent.txt

\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsv7E.tmp

c:\%original file name%.exe

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\%original file name%.exe\accf2b3b9b5348daa94a4a85442bd38d

CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsa7D.tmp

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\

Nullsoft Install System v3.0a1

09ac72b88ef140aa8ee609de7640785e.txt

%original file name%.exe_676_rwx_675A6000_00003000:

.Qg

*Rg`.Rg|)RgL Rg

Summary

Dynamic Analysis

Removals

Static Analysis

Network Activity

Map

Strings from Dumps