Application.Bundler.DomaIQ.Q_b50a979a4b

Dynamic Analysis

Payload

No specific payload has been found.

Process activity

The Application creates the following process(es):

mscorsvw.exe:172
spidentifierimpl.exe:528
%original file name%.exe:940

The Application injects its code into the following process(es):

%original file name%.exe:1600

Mutexes

The following mutexes were created/opened:

ShimCacheMutexRasPbFile_!MSFTHISTORY!_c:!documents and settings!adm!local settings!temporary internet files!content.ie5!c:!documents and settings!adm!cookies!c:!documents and settings!adm!local settings!history!history.ie5!WininetStartupMutexWininetConnectionMutexWininetProxyRegistryMutexZonesCounterMutexZonesCacheCounterMutexZonesLockedCacheCounterMutex

File activity

The process spidentifierimpl.exe:528 makes changes in the file system.

The Application creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nstB7.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nstB7.tmp\inetc.dll (30 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nstB7.tmp\SPtool.dll (180359 bytes)

The Application deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nstB7.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nstB7.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsnB6.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nstB7.tmp\inetc.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nstB7.tmp\SPtool.dll (0 bytes)

The process %original file name%.exe:1600 makes changes in the file system.

The Application creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\exe\close.html (384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\BingHP4info.dfe (740 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-logo3.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\speedupmypc-img.png (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\Browser app shoppinginfo.dfe (734 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\boton_xl.jpg (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\speedupmypc-logo2.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\less.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\boton.jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\Genesisinfo.dfe (712 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\bg_app.png (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\exe\box.html (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\position2A.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\check-close.png (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\9U0U7603\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\exe\group.html (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\TheBestDeals\info.html (1323 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\exe\finish.html (299 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\45UV0H2Z\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\bg_app_obv.jpg (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\mypcbackup.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\browserapp.css (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\style.css (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\BingHP4\info.html (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\mypcbackup.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\percentage-bg.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\jquery.min.js (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\spidentifierimpl.exe (89955 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-img2-gris.png (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPUB4PUN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\speedupmypc-icon.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\Genesis 2\info.html (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-logo2.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\butpause.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\Genesis 2info.dfe (712 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\Browser appinfo.dfe (734 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\MyBackupPcinfo.dfe (611 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\Browser app shopping\info.html (1251 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\MyBackupPc\info.html (1106 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WL2B4963\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\more.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\progress_small.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\vuupc.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-img1-small.png (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\exe\options.html (965 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\progress.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\genesis.css (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\templateDisplays.dfe (150 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\position3B.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-img2-gris-small.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\TheBestDealsinfo.dfe (750 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\exe\instalando.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\bullet-shortw.gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\position3C.css (638 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\position2C.css (578 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\templateStyle.dfe (4069 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\exe\welcome.html (151 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\SpeedUpMyPcinfo.dfe (1215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\speedupmypc-logo.png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\bullet-short.gif (54 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\logo-win.jpg (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\speedupmypc-img2.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\config.dmc (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\cross.jpg (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\Wajaminfo.dfe (3326 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-logo.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\position3D.css (539 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\position2B.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\Genesis\info.html (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\Browser app\info.html (1497 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\bg_app.jpg (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\butplay.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\position1A.css (421 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\binghp4.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-img1.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-img1-gris.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\position3A.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\Vuupcinfo.dfe (741 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-img1a.png (11 bytes)
%System%\wbem\Logs\wbemprox.log (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\Wajam\info.html (3609 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\Vuupc\info.html (1287 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\progress_small_bg.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\check.jpg (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\speedupmypc.css (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\wajam.css (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-img2.png (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\thebestdeals.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\bullet.gif (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\Dockings.dfe (2617 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\position4A.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-big.png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\SpeedUpMyPc\info.html (2953 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin.dmc (4 bytes)

The process %original file name%.exe:940 makes changes in the file system.

The Application creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\be393027e81a4b88b52679c3751607ae.txt (7854 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nswB5.tmp\nsisdl.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\%original file name%.exe (1431 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\res.txt (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\%original file name%.exe.config (767 bytes)

The Application deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nshB4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\res.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nswB5.tmp (0 bytes)

Registry activity

The process mscorsvw.exe:172 makes changes in the system registry.

The Application creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGenService\State]
"AccumulatedWaitIdleTime" = "1260000"

The process spidentifierimpl.exe:528 makes changes in the system registry.

The Application creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 13 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "26 E5 0C FC 1D 29 82 20 C3 AB 42 A6 26 86 3B DE"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Application modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Application modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Application modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Application deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process %original file name%.exe:1600 makes changes in the system registry.

The Application creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a]
"spidentifierimpl.exe" = "Search Protect Identifier by conduit"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "66 4D 1D DD 7C FB 6F 67 B7 55 5E 0F 0F DC 8C A9"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Application modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Application modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Application modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The process %original file name%.exe:940 makes changes in the system registry.

The Application creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "32 77 5E CB EF 80 B6 5D 3D 9A 79 6E 11 FA 58 63"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

Dropped PE files

MD5	File path
bcd32021c13b7e66581cbc1e44eff79b	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\%original file name%.exe
484003524ef2000db83cb16ced0a48a1	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\spidentifierimpl.exe
1dadb63a5dfaa0679485c5dbaf96033f	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nswB5.tmp\nsisdl.dll

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

Removals

Remove it with Ad-Aware

1. Click (here) to download and install Ad-Aware Free Antivirus.
2. Update the definition files.
3. Run a full scan of your computer.

Manual removal*

1. Terminate malicious process(es) (How to End a Process With the Task Manager):

   mscorsvw.exe:172
   spidentifierimpl.exe:528
   %original file name%.exe:940

2. Delete the original Application file.
   
3. Delete or disinfect the following files created/modified by the Application:

   %Documents and Settings%\%current user%\Local Settings\Temp\nstB7.tmp\System.dll (11 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\nstB7.tmp\inetc.dll (30 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\nstB7.tmp\SPtool.dll (180359 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\exe\close.html (384 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\BingHP4info.dfe (740 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-logo3.png (6 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\speedupmypc-img.png (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\Browser app shoppinginfo.dfe (734 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\boton_xl.jpg (12 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\speedupmypc-logo2.png (4 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\less.png (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\boton.jpg (3 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\Genesisinfo.dfe (712 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\bg_app.png (1856 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\exe\box.html (2 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\position2A.css (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\check-close.png (243 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\9U0U7603\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\exe\group.html (10 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\TheBestDeals\info.html (1323 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\exe\finish.html (299 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\45UV0H2Z\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\bg_app_obv.jpg (2392 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\mypcbackup.png (6 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\browserapp.css (2 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\style.css (784 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\BingHP4\info.html (4 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\mypcbackup.css (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\percentage-bg.png (3 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\jquery.min.js (3312 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\spidentifierimpl.exe (89955 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-img2-gris.png (10 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPUB4PUN\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\speedupmypc-icon.png (4 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\Genesis 2\info.html (12 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-logo2.png (5 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\butpause.png (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\Genesis 2info.dfe (712 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\Browser appinfo.dfe (734 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\MyBackupPcinfo.dfe (611 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\Browser app shopping\info.html (1251 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\MyBackupPc\info.html (1106 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WL2B4963\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\more.png (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\progress_small.png (3 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\vuupc.css (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-img1-small.png (13 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\exe\options.html (965 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\progress.png (4 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\genesis.css (2 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\templateDisplays.dfe (150 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\position3B.css (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-img2-gris-small.png (5 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\TheBestDealsinfo.dfe (750 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\exe\instalando.html (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\bullet-shortw.gif (2 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\position3C.css (638 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\position2C.css (578 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\templateStyle.dfe (4069 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\exe\welcome.html (151 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\SpeedUpMyPcinfo.dfe (1215 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\speedupmypc-logo.png (7 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\bullet-short.gif (54 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\logo-win.jpg (15 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\speedupmypc-img2.png (784 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\config.dmc (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\cross.jpg (9 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\Wajaminfo.dfe (3326 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-logo.png (4 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\position3D.css (539 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\position2B.css (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\Genesis\info.html (12 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\Browser app\info.html (1497 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\bg_app.jpg (3312 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\butplay.png (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\position1A.css (421 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\binghp4.css (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-img1.png (784 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-img1-gris.png (784 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\position3A.css (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\Vuupcinfo.dfe (741 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-img1a.png (11 bytes)
   %System%\wbem\Logs\wbemprox.log (228 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\Wajam\info.html (3609 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\Vuupc\info.html (1287 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\progress_small_bg.png (3 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\check.jpg (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\speedupmypc.css (7 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\wajam.css (12 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-img2.png (9 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\thebestdeals.css (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\bullet.gif (58 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\Dockings.dfe (2617 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\position4A.css (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-big.png (7 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\SpeedUpMyPc\info.html (2953 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin.dmc (4 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\be393027e81a4b88b52679c3751607ae.txt (7854 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\nswB5.tmp\nsisdl.dll (14 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\%original file name%.exe (1431 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\res.txt (18 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\%original file name%.exe.config (767 bytes)

4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
   
5. Reboot the computer.
   

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Static Analysis

VersionInfo

No information is available.

No information is available.

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	23148	23552	4.44633	1c619949741a76b63a54c1e6c4d6b2f8
.rdata	28672	4558	4608	3.62955	6c31e0693072284f258d2c4a271de506
.data	36864	110520	1024	3.36948	78f5760d9fafb71fdbc88c3497afef46
.ndata	147456	61440	0	0	d41d8cd98f00b204e9800998ecf8427e
.rsrc	208896	17000	17408	3.5656	7fae611f3f73978e9992534a50a87055

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 1391
24dfc5735ffdc44ab04ecaf68c5c37c0
248cd4d6bd30996a6869b558faca16ac
22f98262e03b6a9fdd76ef487577e9fb
c07e184b664e31fe5de46e7fc493de4a
54be3ff495bd8cd8c6392147eb53e5bf
c4224fc120b0b6901216579f71e45ef7
a6f1161bacc6ee0dc244bd343cee3d52
4035f9e3a01785a434214c6c78206ae2
56b08547cc69972c86fee86b55113451
0fa967b686efb40270f8b8d5146f6538
801150a4afd013b852620998a092d65e
f43daae470ee7da8d34f9e0946da24b6
b3274d6cd5997d9fcedddee561db6633
4c84417a943bed38a473d00606703bf5
94d6eba469bf9de26f28525fdb336ef6
f17c4a60aea59751f987300141dac91f
3c445e9d72fb2ba6c12364843fda375a
b7b7f244620c26a1b72edd61f9b011de
70a496b643c4d0ec3af903d6174248b3
5f745269d3d3e358ed9825475d45539d
4105b5e5c36a4d68f395dad046321d13
9d586f05d8429bfe8214c733c13eca4e
73043df77e4e2511fb3e87cf47e90e2b
5186f26d09182ee504ee048d6c3e8281
89f5b096648b09f5f0ef1396514e5c86
b651baa3bf7c9c08492cf821ef7a50ae

Network Activity

URLs

URL	IP
hxxp://dtrack.sslsecure1.com/debug/Version/4_0_6_30/Nsis/Start	204.11.56.26
hxxp://dtrack.sslsecure1.com/debug/Version/4_0_6_30/Nsis/GetInfo	204.11.56.26
hxxp://dtrack.sslsecure1.com/debug/Version/4_0_6_30/Nsis/CopyFiles	204.11.56.26
hxxp://dtrack.sslsecure1.com/debug/Version/4_0_6_30/Nsis/GetParameters	204.11.56.26
hxxp://dtrack.sslsecure1.com/debug/Version/4_0_6_30/Nsis/PreRun	204.11.56.26
hxxp://staticrr.tgusrv.com/test.html
hxxp://dtrack.sslsecure1.com/test.html	204.11.56.26
hxxp://Track-903226030.us-west-2.elb.amazonaws.com/test.html
hxxp://API-XML-1918203848.us-west-2.elb.amazonaws.com/test.html
hxxp://API-XML-1918203848.us-west-2.elb.amazonaws.com/index.php/api/85/Java/195/286/English.xml
hxxp://staticrr.tgusrv.com//Dictionaries/English.xml
hxxp://e6337.g.akamaiedge.net/spidentifier/1.0.2.0/spidentifierimpl.exe
hxxp://e9287.g.akamaiedge.net//spidentifier/1.0.2.0/spidentifierimpl.exe
hxxp://jazz-1846647836.us-east-1.elb.amazonaws.com/
hxxp://d1o1q5i2ac5qv7.cloudfront.net/si/Bundle.exe
hxxp://cds.c5z6s5a3.hwcdn.net/ba/full/mon/setup.exe
hxxp://www.wajam-download.com/download/wajam_download.exe	54.208.23.129
hxxp://app.impsperf-users.com/installer.php
hxxp://cds.c5z6s5a3.hwcdn.net/ba/shop/mon/setup.exe
hxxp://cdn.best-tv.com.c.footprint.net/apps/dist/9020-2085_TheBestDeals.exe
hxxp://s3-website-us-east-1.amazonaws.com/7f1df2ad776e148c4007facb815b9b4a/Cloud_Backup_Setup.exe
hxxp://splitter-load-balancer-1436536024.us-east-1.elb.amazonaws.com/cm/softlate/speedupmypc/option9/setup/speedupmypc.exe
hxxp://s3-2-w.amazonaws.com/cm/softlate/speedupmypc/option9/setup/speedupmypc.exe
hxxp://staticrr.tgusrv.com//Styles/Templates/d7d18a25_Win-Y.zip
hxxp://staticrr.tgusrv.com//Displays/Templates/8b4083bc_Win-Y-Yahoo.zip
hxxp://staticrr.tgusrv.com//Docking/Docking.zip
hxxp://staticrr.tgusrv.com//Styles/Softwares/82fb03ea_binghp4.zip
hxxp://staticrr.tgusrv.com//Displays/Softwares/7039a47f_display.html
hxxp://staticrr.tgusrv.com//Styles/Softwares/844a2c3b_browserapp.zip
hxxp://staticrr.tgusrv.com//Displays/Softwares/9103144e_display (1).html
hxxp://staticrr.tgusrv.com//Styles/Softwares/67423fe2_wajam.zip
hxxp://staticrr.tgusrv.com//Displays/Softwares/1f76ab55_display.html
hxxp://staticrr.tgusrv.com//Styles/Softwares/7a6c4a7c_genesis.zip
hxxp://staticrr.tgusrv.com//Displays/Softwares/6fe4b061_display.html
hxxp://staticrr.tgusrv.com//Styles/Softwares/9c04a3ed_thebestdeals.zip
hxxp://staticrr.tgusrv.com//Displays/Softwares/c9c92824_display.html
hxxp://staticrr.tgusrv.com//Styles/Softwares/e7bf26c3_mypcbackup.zip
hxxp://staticrr.tgusrv.com//Displays/Softwares/16220985_display.html
hxxp://staticrr.tgusrv.com//Styles/Softwares/db393704_vuupc.zip
hxxp://staticrr.tgusrv.com//Displays/Softwares/1d58e78d_display.html
hxxp://staticrr.tgusrv.com//Styles/Softwares/3a04fadf_speedupmypc.zip
hxxp://staticrr.tgusrv.com//Displays/Softwares/4d947901_display.html
hxxp://staticrr.paleokits.net//Styles/Softwares/9c04a3ed_thebestdeals.zip	85.12.5.27
hxxp://dl.newgenstatsnet.com/ba/shop/mon/setup.exe	69.16.175.10
hxxp://cdn4.vitaldownload.com/si/Bundle.exe	54.230.36.71
hxxp://api.v2.sslsecure2.com/test.html	204.11.56.26
hxxp://staticrr.paleokits.net//Styles/Softwares/e7bf26c3_mypcbackup.zip	85.12.5.27
hxxp://download.uniblue.com/cm/softlate/speedupmypc/option9/setup/speedupmypc.exe	107.21.127.37
hxxp://staticrr.paleokits.net//Displays/Softwares/9103144e_display (1).html	85.12.5.27
hxxp://track.v2.sslsecure3.com/test.html	204.11.56.26
hxxp://api.v2.sslsecure3.com/test.html	204.11.56.26
hxxp://staticrr.paleokits.net//Styles/Softwares/844a2c3b_browserapp.zip	85.12.5.27
hxxp://staticrr.paleokits.net//Displays/Softwares/7039a47f_display.html	85.12.5.27
hxxp://get.ctx-genesis.com/installer.php	62.4.0.163
hxxp://staticrr.paleokits.net//Displays/Softwares/6fe4b061_display.html	85.12.5.27
hxxp://xml.collectioncss.net/apps/dist/9020-2085_TheBestDeals.exe	8.27.83.254
hxxp://staticrr.paleokits.net//Docking/Docking.zip	85.12.5.27
hxxp://sp-storage.spccinta.com//spidentifier/1.0.2.0/spidentifierimpl.exe	23.9.111.99
hxxp://staticrr.paleokits.net//Styles/Softwares/3a04fadf_speedupmypc.zip	85.12.5.27
hxxp://sp-storage.conduit-services.com/spidentifier/1.0.2.0/spidentifierimpl.exe	23.9.99.152
hxxp://staticrr.paleokits.net//Displays/Softwares/1d58e78d_display.html	85.12.5.27
hxxp://track.v2.sslsecure1.com/test.html	204.11.56.26
hxxp://staticrr.paleokits.net/test.html	85.12.5.27
hxxp://staticrr.paleokits.net//Styles/Softwares/67423fe2_wajam.zip	85.12.5.27
hxxp://api.v2.sslsecure1.com/test.html	204.11.56.26
hxxp://staticrr.paleokits.net//Displays/Softwares/1f76ab55_display.html	85.12.5.27
hxxp://api.v2.sslsecure4.com/test.html	54.213.138.138
hxxp://api.v2.sslsecure4.com/index.php/api/85/Java/195/286/English.xml	54.213.138.138
hxxp://staticrr.paleokits.net//Displays/Softwares/c9c92824_display.html	85.12.5.27
hxxp://dl.newgenstatsnet.com/ba/full/mon/setup.exe	69.16.175.10
hxxp://files.uniblue.com/cm/softlate/speedupmypc/option9/setup/speedupmypc.exe	54.231.244.1
hxxp://staticrr.paleokits.net//Styles/Templates/d7d18a25_Win-Y.zip	85.12.5.27
hxxp://staticrr.paleokits.net//Styles/Softwares/7a6c4a7c_genesis.zip	85.12.5.27
hxxp://staticrr.paleokits.net//Styles/Softwares/82fb03ea_binghp4.zip	85.12.5.27
hxxp://staticrr.paleokits.net//Displays/Softwares/4d947901_display.html	85.12.5.27
hxxp://track.v2.sslsecure4.com/test.html	54.201.5.113
hxxp://staticrr.paleokits.net//Styles/Softwares/db393704_vuupc.zip	85.12.5.27
hxxp://staticrr.paleokits.net//Displays/Softwares/16220985_display.html	85.12.5.27
hxxp://staticrr.paleokits.net//Displays/Templates/8b4083bc_Win-Y-Yahoo.zip	85.12.5.27
hxxp://staticrr.paleokits.net//Dictionaries/English.xml	85.12.5.27
hxxp://aff-software.s3-website-us-east-1.amazonaws.com/7f1df2ad776e148c4007facb815b9b4a/Cloud_Backup_Setup.exe	205.251.242.131
hxxp://track.v2.sslsecure2.com/test.html	204.11.56.26
hxxp://sp-installer.conduit-data.com/	54.243.77.179
s3.amazonaws.com	54.231.244.0

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /download/wajam_download.exe HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1

Host: VVV.wajam-download.com

Connection: Close

HTTP/1.1 200 OK

Date: Tue, 21 Oct 2014 02:32:14 GMT

Server: Apache/2.2.14 (Ubuntu)

Last-Modified: Wed, 21 May 2014 20:10:53 GMT

ETag: "66d4e-f0c0-4f9ee97e8ed40"

Accept-Ranges: bytes

Content-Length: 61632

Connection: close

Content-Type: application/x-msdos-program

Set-Cookie: APPSESSID=w1|VEXFs|VEXFs; path=/

Cache-control: private

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1p.:u..iu..iu..i...iw..iu..i...i...id..i!2.i...i...it..iRichu..i........PE..L...^..K.................b...........6............@..................................`..............................................................P...p............................................................................................text....a.......b.................. ..`.rdata...............f..............@..@.data................x..............@....ndata...0...p...........................rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H.....cB..H.P.u..u..u...T.@..B...SV.5.cB..E.WP.u...X.@..e...E..E.P.u...\.@..}..e....D.@........FR..VV..U... M.......M....3.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...H.@..E...E.P.E.P.u...`.@..u....E..9}...w....~X.te.v4..L.@....E.tU.}.j.W.E......E.......P.@..vXW..T.@..u..5X.@.W...E..E.h ...Pj.h.[B.W..d.@..u.W...u....E.P.u...h.@._^3.[.....L$..(cB...Si.....VW.T.....tO.q.3.;5,cB.sB..i......D.......t.G.....t...O..t .....u...3....3...F.....;5,cB.r._^[...U..QQ.U.SV..i....

<<< skipped >>>

GET //Displays/Softwares/1d58e78d_display.html HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Host: staticrr.paleokits.net

Accept-Encoding: gzip, deflate

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 21 Oct 2014 02:32:26 GMT

Content-Type: text/html

Last-Modified: Fri, 10 Jan 2014 15:52:57 GMT

Transfer-Encoding: chunked

Connection: close

Content-Encoding: gzip

18ea...............r.Fr..5OQ..ks"H..$.B....P..rH..9.s..6.l...^...^..7~.?..&~...V..n....{...* ....U8.....]]].=.q.oo.O...O....Swpp..H.?..L......K.1..\....&..l........y.4...u..m^....: ..{....`.#..^.-.vy....."[N.?e..Ze..\...y..IQd..fm.v...'uz.f... .?....7.\.._..G.o...uv.cU....B.f^gY.r.....j\...".\...q..B..9&...l......W-.Q.N..jD.../i....>. .....L.]Vf..u..Z.8X..Y..,i.:k..n...o.y.4..Z,.....V...=.H......h}|tw....O...........Y.......6....2....Cz.. .:.G...d...\x......UU...".g6.=W<..OU....8.WA..^.....a.u...aU..Ev.....q.0..v.,...)._'e..e..Jn72l..q{.j.hz]'M....re............................C6..#.6....Zg.61?..yw|#..j.F..|..g....(............6....W......=2_f./.gl._|.N..z../......tm.s..q.W..X.m../0x.......E.zuy5;?=.@.....;7{.....S......;.9s'....;P...tsv...rv..~v.........;9==..M.[W7..................=........Y.u;.....S7..q..I....[........w?!....]|.........o ....).l...........;w>.w.o?.=...=so.xR"...~....G....CG~t==(H..^....:uW?.(........gw........%}:......FEi...C.m..~Y../.....O.nf'@.|............n.y:;...$......l:Eb.8..Z....}...1..8.....".[An..Cg.._..........U....^....../....E........t...K.....F1.....,...'...y!.....x..zy2.oM^..iL...=....j.)$.... .......~|....?.*.2..[....>......C."q...9..l....J.AF`.z.S.}...{..d..O..~....Vush..f..Zk..l,0y..x%3.Y.N.:...d.}.`.J21ODd.wk...m.|.f.D.M.'-?d.........h.u...$..<.&Q..k.Di..u.A.^R......h........GO..H........p...v..v{..e..u~.D...M.C.....<en..0a"#a.......Y...=...)4.ZFc......T.W..,L0..)a...<.....8...... .m..J/.X.'."..5IK........6eQ%>:.....M'......O^=.._O.1...\.......%"j."

<<< skipped >>>

GET //Styles/Softwares/7a6c4a7c_genesis.zip HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Host: staticrr.paleokits.net

Accept-Encoding: gzip, deflate

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 21 Oct 2014 02:32:23 GMT

Content-Type: application/zip

Content-Length: 712

Last-Modified: Tue, 25 Mar 2014 18:45:40 GMT

Connection: close

ETag: "5331ced4-2c8"

Accept-Ranges: bytes

PK........3|yD................genesis.css.RAO*1.>C...'.BRX@7P..hL.....ew.m,.......m...=#.8....7.|.u~....=...^.............x\............B.N:..?8:.N.Gt....F......d......,|.v......i..&m,FHk%5.QV....../.2d..~..b.dO..f..O..Ba..|.....5.M{.V.....,.f..g8E...gN. ...fO.../I;.$.....&..-B.9.2Rdy7...(.3J<s........C.XQJ.g..r .R..\.29jDYJ]......Q!.l]8.......E.....^.^......K..4.E... ,)...^.Hh.%Z.q..)YB."E.*zB..X.g...8I....ck..I:/...q....L........00.{.LPX..{....^?......==JW*.,k.kh..PK........Fv2C................images/PK..........3|yD..............$....... .......genesis.css.. .........*Tt.?H..c..h<H..c..h<H..PK..........Fv2C..............$...............images/.. ..........O.`~...c..h<H..c..h<H..PK......................

GET //Docking/Docking.zip HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Host: staticrr.paleokits.net

Accept-Encoding: gzip, deflate

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 21 Oct 2014 02:32:21 GMT

Content-Type: application/zip

Content-Length: 37048

Last-Modified: Tue, 26 Nov 2013 13:00:11 GMT

Connection: close

ETag: "52949b5b-90b8"

Accept-Ranges: bytes

PK........1Q.A..T.............position1A.css.....0.D..W\.n....H.Q... .~@l...Ii"*..k.......9..]..t.jp.../.......6.<7Th...5L....}..E.. ....L.S...........V*...8.;r...,6..r..'.?WC......yX.'c............&.XHA...PK........,g.B^P.]............position2A.css.S.N.0.}n..b.K...m$p^v.j%^...~..............!.RB....c.9s.L~f...[r.....y.x..\.V.7d.-..L..}o.3k.........Dp.....99....x...P)3....(..V........EL..I..B.G.A..{.y........en....<.&.l...[..~.U..'..7..sCC.....O.Z....H.J..G.p;...`.>.....-V ..g6R.......qQ%.Ua....E.7>..o...W.....f..k.L.ME.....cTSF.....s|....#..%....| ..hBv...Lqf(..@.w=...~P$<p.E...y.u..........W.k0[...w.Z......fye.../...&Q.....c.q........1.0.g..ay......|.gI....W.4...GJ...R..e...;.....}b.5.3.^\...A[..O.FX..'5o.%r......F..:....PK.........H.@....Z...........position2B.css.Q.N.0.....D..a..Fp.1B............]....mA......$=.|?=.uF.U.....[ot..~...9Ld.Y.......N.y`~................#.||..j)y.(/..n.....^....45.....\.."..k$. ...0..@C'.$....Q..V.:k&.Z%.U ?.X.-..F..E.Ra.<u..;($g...}.......Ah...)...L.*5.Q0(.M.v.....t`....ho..........d/4.p...A.7.....Ee.$*J...S..r.=.<.... l..%.|!j..6..c"...%:.d.......Hen.[xK...O./....U.}fuV..PK.........lMBjre.....B.......position2C.css.....0....S...bL/....A...P}....h3%....nE.*..Y...}.]..FZ.m7s:.%..0MS...PIm.g....7...U..,VK..}....c..c..-b.g.FS...(.P.x.0.\.?\.'TS...k.2!WG4.....#G%l.. .'.{.....ix...B.}a..m..R.v......(.........,..#E.3'8.._....?...z.PK........VG.@! h.............position3A.css..Qo.0....S.:...-..R.........}..N.f|..k...}6Ic.%.:x;.......TT.l....._..Y._]..r._.x..Ppq.C

<<< skipped >>>

GET /si/Bundle.exe HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1

Host: cdn4.vitaldownload.com

Connection: Close

HTTP/1.1 200 OK

Content-Type: application/octet-stream

Content-Length: 141824

Connection: close

Date: Sun, 19 Oct 2014 06:44:39 GMT

Last-Modified: Sun, 19 Oct 2014 06:39:02 GMT

ETag: "28d626b8c4722628cd8a6019b2f17acd"

Accept-Ranges: bytes

Server: AmazonS3

Age: 54377

X-Cache: Hit from cloudfront

Via: 1.1 d26e060bf36b2533ddf09498db6904d5.cloudfront.net (CloudFront)

X-Amz-Cf-Id: HlK6E0b-am78rKLDt3sNcWdEnMasYWHYzyKv8YzDAUbIVtGA39aCug==

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......vMw 2,.s2,.s2,.s;T.s3,.s.b.s0,.s]Z.s(,.s]Z.s.,.s]Z.s.,.s;T.s!,.s2,.s.,.s)..s<,.s)..s3,.s)..s3,.sRich2,.s........PE..L...a[CT..........................................@..........................p............@..........................................@..(....................P..p.......................................@............................................text............................... ..`.rdata...M.......N..................@..@.data....9..........................@....rsrc...(....@......................@..@.reloc.......P... ..................@..B................................................................................................................................................................................................................................................................................................................................................V....3.;.t.QQQP....A..6....A.^..D$...P.t$..t$...`......U..........u.2..&.E..E...u..E.....j..E.Pj.Q....A.H....@]...V..Vh8.A.h .A..T*..YY...F.^.VWj....0-.....F.Y..t.P...F...t.P...v...t.V.._^.VWj.....-.....F.Y..t.P...v...t.V.._^...d.A...d..V....d.A...d...D$..t.V..[..Y..^...V.t$...t*.Q....r.......;.r....r........I...;.v.....2.^...V.t$...t .Q....r.......;.r....r........I...H;.v.....2.^...U...M....3...t;......w....P..d..Y..u%.e...E.P.M...b..hH.A..E.P.E.d.A..ad....U..3....9E.v8.}..w..u...c..Y..u%.e...E.P.M...b.

<<< skipped >>>

GET /test.html HTTP/1.1

Host: api.v2.sslsecure2.com

Connection: Close

HTTP/1.0 500 Internal Server Error

Date: Tue, 21 Oct 2014 02:31:56 GMT

Server: Apache

Set-Cookie: vsid=905vr1614043164902767; expires=Sun, 20-Oct-2019 02:31:56 GMT; path=/; domain=api.v2.sslsecure2.com; httponly

Vary: Accept-Encoding,User-Agent

Content-Length: 0

Connection: close

Content-Type: text/html; charset=UTF-8

GET //Styles/Softwares/67423fe2_wajam.zip HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Host: staticrr.paleokits.net

Accept-Encoding: gzip, deflate

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 21 Oct 2014 02:32:22 GMT

Content-Type: application/zip

Content-Length: 111525

Last-Modified: Thu, 17 Jul 2014 09:09:05 GMT

Connection: close

ETag: "53c792b1-1b3a5"

Accept-Ranges: bytes

PK.........P.D.........0......wajam.css.Z[o.H.~&R..l.H..b.`...lD.UW.V.t.gb...3.p...._f..xn....Rjl.e.|.;.....^....... }~......{w.^..~.G..M.w...(1q..........E//.qp....?/.*;../..%..g...^....'...._./..o.a..}.v.>....v..O'..=D.4....o...EHO.....vy...s...G.ez.|.....<...K6A..Y|.5.o.. ?...C.1 t....|..<..l...k...$.liYr..[.5>...k...........z.........e[J....C....k...P.".....Aw?.H.U...A.q....M....Z...a\Ci.EE.P....a......TD.....^K..(.....#Jv........F.a*.;.mL...]1...@....j.\.........L.(.Z.A..2n.g2..y..._.A.......l.xa......|.............n..Uc1}.d^....,.$..i..7....J;...I..Oap.B.F.......>...IR..#..%.2* 1eV..nhr..t.eQ..5wNFr..M..i..i.{....".........o. .6,{..*..}.2..L/...q...o........h2.;.r..........&..{.......H..:....7uCg.o..&..X.......o.C.)7.`.).p....)..0...... v....T.UQi..../......2.-....M.....z....d.Es....J...u`,......k..,.Q.QT.a......%..R.q..d...d.....}.fqk3.Q6F..1O.....2..B..wd.......=Um/.03H1......t......w.T$.......P.M.....v*y/Q.R.9.t.X..OFt.F...$..Zn..-.........\....d....rOg;...f..3...r.tw.p.....r.........6...:..%#......m..../....f....n.......tci.t.?.X.........z...y......'...K.vA..n.Z.....f>C, .P...O..D...D........s. ..kf...8^(....8 .qc6....0..NJ....../....Y..BW{.....c...f7....n...?.......,v.A.&L...#j.&.`/.v*...|)Nr..E.>..6 ....&_..I....af...:...V.*...h.......~6....=.ya.f.9;...Y|...:..$(.....6Lm-.7R5.... 4;......<f%..A..`.J......9..............<."3?:D!^......Go...QJ...2mV...>[g.?...O...^... PP.....=w#...n...}..~....P.[jx... ]g.......s...........Ti......@.JP.../^..\.....y..OQ......d..>.I..'..

<<< skipped >>>

GET /si/Bundle.exe HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1

Host: cdn4.vitaldownload.com

Connection: Close

HTTP/1.1 200 OK

Content-Type: application/octet-stream

Content-Length: 141824

Connection: close

Date: Sun, 19 Oct 2014 06:44:39 GMT

Last-Modified: Sun, 19 Oct 2014 06:39:02 GMT

ETag: "28d626b8c4722628cd8a6019b2f17acd"

Accept-Ranges: bytes

Server: AmazonS3

Age: 54377

X-Cache: Hit from cloudfront

Via: 1.1 7e54fc06cd70e4752fe050bbe5c130be.cloudfront.net (CloudFront)

X-Amz-Cf-Id: O4aAH7j1ZV7a6KHkM4yeCsgXhRRXuw2BbQFvEGlw38nyz6Fy4utcaA==

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......vMw 2,.s2,.s2,.s;T.s3,.s.b.s0,.s]Z.s(,.s]Z.s.,.s]Z.s.,.s;T.s!,.s2,.s.,.s)..s<,.s)..s3,.s)..s3,.sRich2,.s........PE..L...a[CT..........................................@..........................p............@..........................................@..(....................P..p.......................................@............................................text............................... ..`.rdata...M.......N..................@..@.data....9..........................@....rsrc...(....@......................@..@.reloc.......P... ..................@..B................................................................................................................................................................................................................................................................................................................................................V....3.;.t.QQQP....A..6....A.^..D$...P.t$..t$...`......U..........u.2..&.E..E...u..E.....j..E.Pj.Q....A.H....@]...V..Vh8.A.h .A..T*..YY...F.^.VWj....0-.....F.Y..t.P...F...t.P...v...t.V.._^.VWj.....-.....F.Y..t.P...v...t.V.._^...d.A...d..V....d.A...d...D$..t.V..[..Y..^...V.t$...t*.Q....r.......;.r....r........I...;.v.....2.^...V.t$...t .Q....r.......;.r....r........I...H;.v.....2.^...U...M....3...t;......w....P..d..Y..u%.e...E.P.M...b..hH.A..E.P.E.d.A..ad....U..3....9E.v8.}..w..u...c..Y..u%.e...E.P.M...b.

<<< skipped >>>

GET /ba/full/mon/setup.exe HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1

Host: dl.newgenstatsnet.com

Connection: Close

HTTP/1.1 200 OK

Date: Tue, 21 Oct 2014 02:32:13 GMT

Connection: close

Accept-Ranges: bytes

ETag: "1413807219"

Last-Modified: Mon, 20 Oct 2014 12:13:39 GMT

Cache-Control: max-age=2514

Content-Length: 11426128

Content-Type: application/x-msdownload

X-HW: 1413858733.dop007.ny2.t,1413858733.cds053.ny2.c

Content-Disposition: attachment; filename="setup.exe"

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......P.....................n......-A............@.......................... ................ ..............................p.......................G...............................................................................................text...<........................... .0`.data...............................@.0..rdata..8$.......&..................@.0@.bss..................................0..idata.......p......................@.0..ndata........... ..................@.0..rsrc...............................@.0.................................................................................................................................................................................................................................................................................................................................................................................U..WVS.......U..E....t...F........T.D..H...H.......M..E..5..D..D$...$...tE..M..E.....SS...E...$.D$... uE..M..E......M.WW......M.)..M..NT....NP........E.....}...VT........FP..E........}..VP........U.......FT.............}..........E..M...$..|sE..E..R...D$..E..D$...$...uE.....<$...sE..E..Q.}.;}...Q....~X........F4..$...sE...W..........$.E......E......D$........sE.RR.FX..$.D$....sE..5.sE.QQ..$.|$...RR...E...$..|....D$. ....D$..D$......D$.\.D....tE...|.......T$...$..QQ.<$...sE.S.M..E..D$...$...uE.PP1..

<<< skipped >>>

GET /spidentifier/1.0.2.0/spidentifierimpl.exe HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Host: sp-storage.conduit-services.com

Accept-Encoding: gzip, deflate

Connection: Close

HTTP/1.1 301 Moved Permanently

Location: hXXp://sp-storage.spccinta.com//spidentifier/1.0.2.0/spidentifierimpl.exe

Server: BigIP

Content-Length: 0

Cache-Control: private, max-age=900

Expires: Tue, 21 Oct 2014 02:47:08 GMT

Date: Tue, 21 Oct 2014 02:32:08 GMT

Connection: close

GET //Styles/Softwares/3a04fadf_speedupmypc.zip HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Host: staticrr.paleokits.net

Accept-Encoding: gzip, deflate

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 21 Oct 2014 02:32:26 GMT

Content-Type: application/zip

Content-Length: 45456

Last-Modified: Tue, 15 Oct 2013 12:35:00 GMT

Connection: close

ETag: "525d3674-b190"

Accept-Ranges: bytes

PK.........^OC................images/PK.........fJC..2.....T.......images/bullet-shortw.gifs.t..L.d.dh`d......#|..\.K....}EAbrvj.BRjzf........2Sl..M}.|..S32=..R...B....-S....l*.*r.rSK..*rs...*l..S..R..l.....XII...#HB.d.s~Q.....n...........................X..Y.. @......4. .7.]@..RFII...~yy.^..^~Q.....%..##]...........be......E..%..y. ~bR~i........pc......K....H,.7.3.GR..._in.\uqIPj.~..!....A....E..@.. ..V.E..%.E!..9.P..././../Pp.6S..ML....h.u..Zy...$.%.z..*.E.23S..L.,.M,..,....]....M....,......\.z.z]..KsS.J`zS.z-p..%............\....2q....yP.)..b.S.>.1.hQ........p...I?5............~......._>.......o^.z.....O.?z.....wn..y....W._.x....gN.:y....G..:x`...{v...c...[6o..a...kV.Z.b...K./Z.`...sf..9c...S&O.8................................ ?/7'; 3#=-5%9)1!>.6&:*2"<,4$8(0................................@_OWG[KSC]MUEYIQA^NVFZJRB\LTDXHP.................A.'..dd.a..P.........{...........PK.........N.CQ;..............images/speedupmypc-icon.png...v..PNG........IHDR.....................pHYs................OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...........Q,......!.........{.k........>...........H3Q5...B..........@..$p....d!s.#...~<< ".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I. .6a.a.@..y..2.4..............x.....6..._-...."bb.....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<......$.2].G......

<<< skipped >>>

GET //Displays/Softwares/7039a47f_display.html HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Host: staticrr.paleokits.net

Accept-Encoding: gzip, deflate

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 21 Oct 2014 02:32:22 GMT

Content-Type: text/html

Last-Modified: Tue, 24 Jun 2014 10:07:27 GMT

Transfer-Encoding: chunked

Connection: close

Content-Encoding: gzip

62e.............W.n.7.]....V...@..jY..*....d9AV.g..!...H..u.E..@....#.)...K.....h...zeq..{.9...w..-..............}O....`...M...W.....]...U..'..T^.J...z.j..I.6Nye.._..jJJT....`.M.... R.I. .e....:5.$o....*.......MM....f.Q..}*.&.BT..6.-...0......G_V......U.).j...I.....d<...!..M(..x=.i).$ E..Y...<.I...^T....Rp.$*...t.H.JbLT...l..:<xqx....[...........t~..f....|A.....z:.......|....g.....\.;INj.z...efUi.....iA3k<>.I.....&Q.Z..c....G....d...J.a..'....p.#....{.....;......@dr)...=8.p.Q....@...f.ZX.&..,k.8.........h.|a..Wk.....C......,..T=..Q..Qn.....u..Ic..X...:K.5Y.....:..*.\......F#&....SC.v4m......?.}L4...La...{.RY....JY"..HL.V...Yu'.........]..>....!(j.L.,.&..x .....xVJk......%.....OQ. .!..J.iA..L.n.....(N...&/.a...$.4..@.%-.)..N.^..D.>.&t...Z....(A........I@.b..k..l.wJ.e[...<.}).../D.....gaL.sD^.._...k...../HX.........Z...._..(..R.J .~]....o`i.q...-.....1..V2....N...2..X.BE..Hno.3G. ....[>.. 8.. .r.7..M..b.\Z.....*...;W;.\.&...%#...L.OH..%.b..R..C......N..%..h.0.0F.`8X.c.y.9.hpe..k.God.K....\..K.s...J..|(z..................q......0F.AL..,....?....`.....Nr..&.g...*C7...(......8....,&...".>...X.08....#.{x..J.a.`R.....R.Y"...h..h..J..q...9......kr .........p......C.>Wy......).h...V.....h&.m..;:/..^..4.]H.G..2..wY./n}.I.^...k......B..s<*.6l...0"p..V...79...P*...P.m`$k......r......8._..../...<. 0X...kd....%....=.D.Qc.......y.Bp.....]b.......D..G.$r..V..P...b.C..2-.....0...;6.. |....k.[G.\'<p...I.hw.=.../..s........b.A.<..W.....I..bP......!.^..:4...ek.?-s........-.^....gO.....O

<<< skipped >>>

GET /installer.php HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1

Host: get.ctx-genesis.com

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 21 Oct 2014 02:32:15 GMT

Content-Type: application/octet-stream

Content-Length: 1554432

Last-Modified: Mon, 13 Oct 2014 10:14:10 GMT

Connection: close

Content-Disposition: attachment; filename="GenesisInstaller.exe"

Accept-Ranges: bytes

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<og7x..dx..dx..d>_.dd..dqv.dy..d>_.d)..d>_.d...dqv.du..dx..d...du\.dq..du\.dy..du\.dy..dRichx..d........PE..L.....;T.................r...j....................@..........................0............@.....................................d....p..........................\.......................................@............................................text....p.......r.................. ..`.rdata..X............v..............@..@.data...LE..........................@....uqfd....r.......r..................@....rsrc........p......................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................................................................................................U..Q3..E...]....U.....V..c...]..U..Q3..E...]....U.....W......h..U...k.....].....U.....W......h..U..ik.....].....U.....W......h..U..Ik.....].....U..j....W......]................U..j....W..a...]................U..j....W..A...]................U..j....W..!...]................U..Q3..E...]....U..Q3..E...]....U..hp.B.h..B.h....j.h..W......h..U..xj.....]....U..h..W...aX......h..U..Tj.....]................U..h. X...aX......h..U..$j.....]................U..h..X..paX..n...h..U...i.....]................U..h

<<< skipped >>>

GET /test.html HTTP/1.1

Host: api.v2.sslsecure4.com

Connection: Close

HTTP/1.1 200 OK

Content-Type: text/html

Date: Tue, 21 Oct 2014 02:31:57 GMT

Server: nginx

Content-Length: 8

Connection: Close

correct...

GET /installer.php HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1

Host: get.ctx-genesis.com

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 21 Oct 2014 02:32:14 GMT

Content-Type: application/octet-stream

Content-Length: 1554432

Last-Modified: Mon, 13 Oct 2014 10:14:10 GMT

Connection: close

Content-Disposition: attachment; filename="GenesisInstaller.exe"

Accept-Ranges: bytes

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<og7x..dx..dx..d>_.dd..dqv.dy..d>_.d)..d>_.d...dqv.du..dx..d...du\.dq..du\.dy..du\.dy..dRichx..d........PE..L.....;T.................r...j....................@..........................0............@.....................................d....p..........................\.......................................@............................................text....p.......r.................. ..`.rdata..X............v..............@..@.data...LE..........................@....uqfd....r.......r..................@....rsrc........p......................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................................................................................................U..Q3..E...]....U.....V..c...]..U..Q3..E...]....U.....W......h..U...k.....].....U.....W......h..U..ik.....].....U.....W......h..U..Ik.....].....U..j....W......]................U..j....W..a...]................U..j....W..A...]................U..j....W..!...]................U..Q3..E...]....U..Q3..E...]....U..hp.B.h..B.h....j.h..W......h..U..xj.....]....U..h..W...aX......h..U..Tj.....]................U..h. X...aX......h..U..$j.....]................U..h..X..paX..n...h..U...i.....]................U..h

<<< skipped >>>

GET //Styles/Softwares/844a2c3b_browserapp.zip HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Host: staticrr.paleokits.net

Accept-Encoding: gzip, deflate

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 21 Oct 2014 02:32:24 GMT

Content-Type: application/zip

Content-Length: 734

Last-Modified: Tue, 01 Jul 2014 09:26:57 GMT

Connection: close

ETag: "53b27ee1-2de"

Accept-Ranges: bytes

PK........YE.D...=....=.......browserapp.css.S.N.1.='R.aJ......j.\@TH\z.U........l.."...I..JI.:....y...}U..:.p...- Nf....n....U......q...ki.(-u..0.>V}8..A.....w_......\'GF.H....?.4.:..e..}?.X.Y....E..._L..>..!..... .......C...R(,/...o.Hx.p.B....s.. ..0KY.=s.'...m...o..8}..Fd.$....b...... b....Y>..<&...%...Jjd....p...XQK.g... ...F.......fp.E..7S>b......"..>.it.W......k..4.E....,).<...H.dk....p.d.....^..'....=.U.v3Q5L......6B...//l.....^........R..t^...fp<I.!....Eb...G............#`/.../PK.........k3C................images/PK..........YE.D...=....=.....$....... .......browserapp.css.. .................\.5.....\.5.....PK...........k3C..............$...............images/.. .........x..,3.....7.......7.....PK......................

GET /test.html HTTP/1.1

Host: track.v2.sslsecure1.com

Connection: Close

HTTP/1.0 500 Internal Server Error

Date: Tue, 21 Oct 2014 02:31:53 GMT

Server: Apache

Set-Cookie: vsid=913vr1614043135600456; expires=Sun, 20-Oct-2019 02:31:53 GMT; path=/; domain=track.v2.sslsecure1.com; httponly

Vary: Accept-Encoding,User-Agent

Content-Length: 0

Connection: close

Content-Type: text/html; charset=UTF-8

GET //Displays/Templates/8b4083bc_Win-Y-Yahoo.zip HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Host: staticrr.paleokits.net

Accept-Encoding: gzip, deflate

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 21 Oct 2014 02:32:21 GMT

Content-Type: application/zip

Content-Length: 7483

Last-Modified: Mon, 03 Mar 2014 12:57:44 GMT

Connection: close

ETag: "53147c48-1d3b"

Accept-Ranges: bytes

PK........(gcD#.R.............box.html.Vmo.6......W.[....d.....:...M.VY.O.%....TI*.W.'.?.(....E3./..w..;........1...0.~..r.$..........~..y.G.3..SV8..............|..OBmf4~G.^..gn...p..........E!..v.9:==m....e...8>.Wq<...^_....a........WqD..R...f .c....s%."2..q..xYr.i......ze}Hsf,w..:x...ipD.zYN8....:&Y..d.........r....C.ZK.fy......X.....;....Z..^..x?zw9.........%2Y..=. .H..K&......;j..f.`.'K.....e......>..Hm.X..&z..H..].`9.Zq.....-.B1.Oh....RO..X.%S._....R3w&...7...\~..._[....]...6..|..p..1W.#..0X.\k....DgK...d..tZ...p..Xr.|......T..........>.ZYD..Xm.2>e.t}R.......T2................6{ .{..d8...X.}.y...I...t.......4...fR%.M.m.........p.....h.e..x[..U.kl..vl.B...s1.....r._....6..9.1..R!7.d........DK........;...!.([cNL...[.]I......s...rE[.7...........\[....=.P4.....z..6...NP_..c.}..e.e.e.OD...i-..$O.4zfX.4...$^....em.".x.;.2...TUtSn'4.....f5..............[.I....TRW.....c_./.?Mj{..%..-TY9h..H.....8'Be|..gk?....fj.....u.t....wLV...........J1.o#".p0G.z...np<.~."......|.. .[S[..).eB.....Y"9..LZ~....!./f..d....y...a[A&.[3..E..n.n..?8)..X........l..o.k..ca..c/..h.Hj....6...%.......[.zi.QG.1..y..*...c.E ....-...n..bgDN...G..V.p.....C..|O.j:v..i.l} P..Q*...3.c..2j...5(W.,...ly.0.........eU...2?.D.......%.....e=.....8.k<..l ..yE.. ......n...PK.........F.C.2..............close.html]PAN.0.</..09p }.f.x.G.M.."8U.".=N.E .....L2>.....'..4d.:..p..v...E.n0 .a...^2D.....u>z.Q@..N.q[ryK....].c...)...E.f.F.K.#..e..D@6R.9s..EH..8.a.W........x-KN.S...A.....G.....f.....U.3M...77.~.....fB........Eiw..9t.....

<<< skipped >>>

GET /test.html HTTP/1.1

Host: api.v2.sslsecure1.com

Connection: Close

HTTP/1.0 500 Internal Server Error

Date: Tue, 21 Oct 2014 02:31:56 GMT

Server: Apache

Set-Cookie: vsid=920vr1614043162210446; expires=Sun, 20-Oct-2019 02:31:56 GMT; path=/; domain=api.v2.sslsecure1.com; httponly

Vary: Accept-Encoding,User-Agent

Content-Length: 0

Connection: close

Content-Type: text/html; charset=UTF-8

GET /download/wajam_download.exe HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1

Host: VVV.wajam-download.com

Connection: Close

HTTP/1.1 200 OK

Date: Tue, 21 Oct 2014 02:32:14 GMT

Server: Apache/2.2.14 (Ubuntu)

Last-Modified: Wed, 21 May 2014 20:10:51 GMT

ETag: "7015d-f0c0-4f9ee97ca68c0"

Accept-Ranges: bytes

Content-Length: 61632

Connection: close

Content-Type: application/x-msdos-program

Set-Cookie: APPSESSID=w2|VEXFs|VEXFs; path=/

Cache-control: private

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1p.:u..iu..iu..i...iw..iu..i...i...id..i!2.i...i...it..iRichu..i........PE..L...^..K.................b...........6............@..................................`..............................................................P...p............................................................................................text....a.......b.................. ..`.rdata...............f..............@..@.data................x..............@....ndata...0...p...........................rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H.....cB..H.P.u..u..u...T.@..B...SV.5.cB..E.WP.u...X.@..e...E..E.P.u...\.@..}..e....D.@........FR..VV..U... M.......M....3.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...H.@..E...E.P.E.P.u...`.@..u....E..9}...w....~X.te.v4..L.@....E.tU.}.j.W.E......E.......P.@..vXW..T.@..u..5X.@.W...E..E.h ...Pj.h.[B.W..d.@..u.W...u....E.P.u...h.@._^3.[.....L$..(cB...Si.....VW.T.....tO.q.3.;5,cB.sB..i......D.......t.G.....t...O..t .....u...3....3...F.....;5,cB.r._^[...U..QQ.U.SV..i....

<<< skipped >>>

GET //Displays/Softwares/1f76ab55_display.html HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Host: staticrr.paleokits.net

Accept-Encoding: gzip, deflate

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 21 Oct 2014 02:32:23 GMT

Content-Type: text/html

Last-Modified: Thu, 17 Jul 2014 09:13:47 GMT

Transfer-Encoding: chunked

Connection: close

Content-Encoding: gzip

28a3...............r.......i..-E.Two;foI....$. ..@....;.@...P.W.......y.....7.'...2..p.Zrx..8l.(de.:........p...A.Mg..;..........k....~.Z_...G........iYeE.......OK?l...<..?.M.|.dyZ.d.......aoQT.......4_..C.s2?Xr.....~.;.......{.M..[f.Yz.wt..&.<u..-..?......j..aQ..f..O.j..............j....'.......lzQ...Z.......Z[....E...-f..A.:..&e.....e...........\eXV..[O...d6.........7.....Sw...M.t7e1wq.Y.L ...rU.....b.._6.]Ri...MZ..~!J....j..3i.........d.r..,_=d.......?....,.....O.[.g.....A......n....M..*.{.......J.X<.~q..].2E..4..c....>........5*...........*.).l6......../.d...j.....m2I.....p..-.i.e.%l.wEq;K.......}V.......kC0.^................>:.M....A[..N4V..K.6.J.rrw.n.'.....d:=(.}7 &P.(.O..n:....Dfi.....tf:...TT.t.4A....}O'.H.z...vq.....oL...m.).@7..?O.....D..Of.i...=B.4_j.4....%$.d.'.I.........FI=.bMK..o.l.....-.tv.E..V.7...DU..%.e.gl...R.vy.}......b.vW.e.....r..^.(/.y.....:...2....u.........r.........).!:..&...[b;.......%....>..M.^.H..__........[..m1$...Y.\.=.^,....V._.p[&sd=K.........C.P...<.f..%..).[....TzP.y6.J..E..x......W2....@...?..L....6c^0O...Y.d...oy.....u.<...#...Kin..G...xx1........#.#.....,....."|;i....@..oH..).....Z..U.m..<z.......Y..R.E....*z..[6s..g.....#.mB.eI>..\/...T'Co...m.%&.Fc.@D2.. ..:.e.q.0. ....BQc.......u.h.............R..R..62M......u..........~...b. .?..(<.\...g.(p.9N.;..Yq......bu ...f`$DV.d.-..Y.......*U1[.l..g.y1...W.|'.a..E...&A......A.t..?}....hy.Op..e.......v..b.(20..*.N'.............<.&...I*k...B...).....U.\.dBa..v../...B...q#....T.....Q.&. .@R..#....

<<< skipped >>>

GET //Styles/Softwares/7a6c4a7c_genesis.zip HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Host: staticrr.paleokits.net

Accept-Encoding: gzip, deflate

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 21 Oct 2014 02:32:23 GMT

Content-Type: application/zip

Content-Length: 712

Last-Modified: Tue, 25 Mar 2014 18:45:40 GMT

Connection: close

ETag: "5331ced4-2c8"

Accept-Ranges: bytes

PK........3|yD................genesis.css.RAO*1.>C...'.BRX@7P..hL.....ew.m,.......m...=#.8....7.|.u~....=...^.............x\............B.N:..?8:.N.Gt....F......d......,|.v......i..&m,FHk%5.QV....../.2d..~..b.dO..f..O..Ba..|.....5.M{.V.....,.f..g8E...gN. ...fO.../I;.$.....&..-B.9.2Rdy7...(.3J<s........C.XQJ.g..r .R..\.29jDYJ]......Q!.l]8.......E.....^.^......K..4.E... ,)...^.Hh.%Z.q..)YB."E.*zB..X.g...8I....ck..I:/...q....L........00.{.LPX..{....^?......==JW*.,k.kh..PK........Fv2C................images/PK..........3|yD..............$....... .......genesis.css.. .........*Tt.?H..c..h<H..c..h<H..PK..........Fv2C..............$...............images/.. ..........O.`~...c..h<H..c..h<H..PK......................

GET /debug/Version/4_0_6_30/Nsis/GetParameters HTTP/1.0

Host: dtrack.sslsecure1.com

User-Agent: NSISDL/1.2 (Mozilla)

Accept: */*

HTTP/1.1 200 OK

Date: Tue, 21 Oct 2014 02:31:37 GMT

Server: Apache

Set-Cookie: vsid=910vr1614042971716942; expires=Sun, 20-Oct-2019 02:31:37 GMT; path=/; domain=dtrack.sslsecure1.com; httponly

Vary: Accept-Encoding,User-Agent

Connection: close

Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "hXXp://VVV.w3.org/TR/html4/strict.dtd">..<html>..<head><meta name="tids" content="a='7377' b='9745' c='sslsecure1.com' d='entity_mapped'" /><title>sslsecure1.com</title>..<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">..<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7">..<style type="text/css">..*{margin:0;padding:0; font-family:Arial, Helvetica, sans-serif}..input{outline:none}...wrapper{width:1024px;height:768px; margin:0 auto; background:url(hXXp://i1.cdn-image.com/__media__/pics/7375/left.gif) no-repeat 0 130px}...inner-wrapper{width:1024px;background:url(hXXp://i3.cdn-image.com/__media__/pics/7375/right.gif) no-repeat right 130px; height:768px}...header{padding:40px 0 20px 0}..h1{padding-top:10px}...header h1 a{color:#78603b; font-size:35px; font-weight:bold; text-decoration:none}...header span{color:#6a6a6a; font-size:13px}...searchbox .box{width:278px; height:36px; background:url(hXXp://i2.cdn-image.com/__media__/pics/7375/searchbg.gif) no-repeat; border:none; line-height:36px; padding:0 5px}...searchbox p{font-style:italic;color:#6a6a6a; font-size:13px; padding-bottom:5px}...searchbox{float:right; position:relative}...logobox{float:left}...container{width:1024px}..ul{margin:0 auto; width:33%; padding-top:38px; text-align:center}..li{list-style:none; padding-bottom:12px}..li a{font-size:24px; color:#0066ff; font-weight:bold; line-height:40px; text-transform:capitalize}...c

<<< skipped >>>

GET /ba/shop/mon/setup.exe HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1

Host: dl.newgenstatsnet.com

Connection: Close

HTTP/1.1 200 OK

Date: Tue, 21 Oct 2014 02:32:15 GMT

Connection: close

Accept-Ranges: bytes

ETag: "1413807295"

Last-Modified: Mon, 20 Oct 2014 12:14:55 GMT

Cache-Control: max-age=2593

Content-Length: 11416440

Content-Type: application/x-msdownload

X-HW: 1413858735.dop006.ny2.t,1413858735.cds051.ny2.c

Content-Disposition: attachment; filename="setup.exe"

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......P.....................n......-A............@.......................... ................ ..............................p.......................!...............................................................................................text...<........................... .0`.data...............................@.0..rdata..8$.......&..................@.0@.bss..................................0..idata.......p......................@.0..ndata........... ..................@.0..rsrc...............................@.0.................................................................................................................................................................................................................................................................................................................................................................................U..WVS.......U..E....t...F........T.D..H...H.......M..E..5..D..D$...$...tE..M..E.....SS...E...$.D$... uE..M..E......M.WW......M.)..M..NT....NP........E.....}...VT........FP..E........}..VP........U.......FT.............}..........E..M...$..|sE..E..R...D$..E..D$...$...uE.....<$...sE..E..Q.}.;}...Q....~X........F4..$...sE...W..........$.E......E......D$........sE.RR.FX..$.D$....sE..5.sE.QQ..$.|$...RR...E...$..|....D$. ....D$..D$......D$.\.D....tE...|.......T$...$..QQ.<$...sE.S.M..E..D$...$...uE.PP1..

<<< skipped >>>

POST / HTTP/1.1

Content-Type: application/x-www-form-urlencoded

User-Agent: NSIS_Inetc (Mozilla)

Host: sp-installer.conduit-data.com

Content-Length: 225

Connection: Keep-Alive

Cache-Control: no-cache

{"event_type":"SPidentifier", "environment":"", "machine_ID":"IGLPAZZPZGFIMOT1B RJNV1K7TMDFU BMNXXJDZJK NF/RB AB/BYPPEZXOET4OC8Q82QKOOJII3O1IEAOTPCW", "result": "success", "failure_reason": "clean_machine", "SP_version": ""}

HTTP/1.1 202 Accepted

Date: Tue, 21 Oct 2014 02:32:12 GMT

P3P: CP="NOI ADM DEV COM NAV OUR STP"

Server: Apache-Coyote/1.1

Content-Length: 0

Connection: keep-alive

GET /index.php/api/85/Java/195/286/English.xml HTTP/1.1

Accept-Encoding: gzip, deflate,gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Host: api.v2.sslsecure4.com

Connection: Close

HTTP/1.1 200 OK

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Content-Encoding: gzip

Content-Type: text/xml; charset=utf-8

Date: Tue, 21 Oct 2014 02:32:06 GMT

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Pragma: no-cache

Server: nginx

Set-Cookie: symfony=64vhocqbj62rhnuh3dne4v9qg6; path=/

transfer-encoding: chunked

Connection: Close

370f..............{o.H...w7..A........"g.Y..$..co.N.g.0h.ls-.......{....K..%.J......,.*..n<...w...v..cQ.../....?5X0..~p...&.....?....O......h4.........S.]..............V.T..uGut.e...?...]s...0.'.G4M.tUwU.e.........TU35W.[.....)...o.............6....s..n.FM...\fm..6..-}......4..4..:.k...2.<.=..5[..../.....k.n.ql.j..4!.RU3,G5t]...2{Z5]C7U..M.2................& .....ib......E.g..:I..i6..K.A....%K...}0...^...T.......A...N.=..e.gw..,..D....,......^......F~|....TX.~)"a..............y:..7..Su....7?P~W~...p...<.N....=...._q.0bq....o.e..j..[.\....e/>..7....=.....|........{.u&!-......!6b.;...0{f...,..NF.?..... .s...b........{....O.._>z....k.|.x...TW... ..i.v.(.......rs.P.&...\.jQWn..(.......d2.J.i..W.Lf...... ..o.0fW..j...<..0J.P\. pv....6\.....:o..l..U.....(.....9.'Y.#.s...(..{....$..r...R,...#....i.....~/.........$n...7j.#...<.....{..|...ec(o....k....:Tx......Y..F&9ac..k>...gsk.'.wC/.............L...,....X>.=.m.3...S>.^.X.?m...(.......M}6......a8e..Zk..Cbot.....1}.(...g...... Jsg..7g..b.....m%...tZ.~.....4.._.?.~.D..$......:...]0.}..1.......{.=.>....6'.q.z.h..h.L... .,.mnR.f....;M....m..."...8..i....../m..#..f5...{.]sv..r.....?......K?.....k|vm./.r.y:D/.}......Ko........%h.....}(K.1../..t.LK.re=....'k.o..T...o..'..,......x.._.<...... ...e......u'.er.E|.5.#......$..|....2..I./?..j...f...........1....N)..1....r....>V......f2.2&..)M.j..,\..'.. .X?H.E|..Z.2.F.GA.]z|........'...v.g:....u..t. ...........2:..H....v>f...o...i..Ls.~o4W.._l..........`.m1...i{/..a...e..s6.j.<0J..~[5...

<<< skipped >>>

GET //spidentifier/1.0.2.0/spidentifierimpl.exe HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip, deflate,gzip, deflate

Host: sp-storage.spccinta.com

Connection: Close

HTTP/1.1 200 OK

Last-Modified: Tue, 21 Oct 2014 05:32:08 GMT

Accept-Ranges: bytes

ETag: "a598e211a86915fe8941be6e4d135f8b"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Content-Length: 2592168

Date: Tue, 21 Oct 2014 02:32:08 GMT

Connection: close

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................t...z...B...8............@...................................'...@.................................@...........0............t'. ....`.......................................................................................text....r.......t.................. ..`.rdata..n .......,...x..............@..@.data.... ..........................@....ndata...................................rsrc...0...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H......G..H.P.u..u..u.....@..K...SV.5..G.W.E.P.u.....@..e...E..E.P.u.....@..}..e....D.@........FR..VV..U... M..........M........E...FQ.....NU..M.......M...VT..U........FP..E...............E.P.M...H.@..E..P.E..E.P.u.....@..u....E..9}...n....~X.te.v4..L.@..E...tU.}.j.W.E......E.......P.@..vXW..T.@..u..5X.@.W..h ....E..E.Pj.h.jG.W....@..u.W...u....E.P.u.....@._^3.[.....L$....G...i. @...T.....tUVW.q.3.;5..G.sD..i. @...D..S.....t.G.....t...O..t .....u...3....3...F. @..;5..G.r.[_^...U..QQ

<<< skipped >>>

GET /ba/shop/mon/setup.exe HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1

Host: dl.newgenstatsnet.com

Connection: Close

HTTP/1.1 200 OK

Date: Tue, 21 Oct 2014 02:32:15 GMT

Connection: close

Accept-Ranges: bytes

ETag: "1413807295"

Last-Modified: Mon, 20 Oct 2014 12:14:55 GMT

Cache-Control: max-age=2593

Content-Length: 11416440

Content-Type: application/x-msdownload

X-HW: 1413858735.dop006.ny2.t,1413858735.cds051.ny2.c

Content-Disposition: attachment; filename="setup.exe"

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......P.....................n......-A............@.......................... ................ ..............................p.......................!...............................................................................................text...<........................... .0`.data...............................@.0..rdata..8$.......&..................@.0@.bss..................................0..idata.......p......................@.0..ndata........... ..................@.0..rsrc...............................@.0.................................................................................................................................................................................................................................................................................................................................................................................U..WVS.......U..E....t...F........T.D..H...H.......M..E..5..D..D$...$...tE..M..E.....SS...E...$.D$... uE..M..E......M.WW......M.)..M..NT....NP........E.....}...VT........FP..E........}..VP........U.......FT.............}..........E..M...$..|sE..E..R...D$..E..D$...$...uE.....<$...sE..E..Q.}.;}...Q....~X........F4..$...sE...W..........$.E......E......D$........sE.RR.FX..$.D$....sE..5.sE.QQ..$.|$...RR...E...$..|....D$. ....D$..D$......D$.\.D....tE...|.......T$...$..QQ.<$...sE.S.M..E..D$...$...uE.PP1..

<<< skipped >>>

GET //Displays/Softwares/6fe4b061_display.html HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Host: staticrr.paleokits.net

Accept-Encoding: gzip, deflate

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 21 Oct 2014 02:32:23 GMT

Content-Type: text/html

Last-Modified: Tue, 25 Mar 2014 18:46:17 GMT

Transfer-Encoding: chunked

Connection: close

Content-Encoding: gzip

1674...............r.Wr...*....6...R.dg..Y.............fH...`g... ..:W.J^ ..}.?I~_.3.P.l_D..E.....u..}.O...t.~.{...N.]...>r..^4...k6..>9....p....U..>M.[.....G.|...UZ4....-....h...&.W...:]m..&].eV6w.b..O.:.......M.Y.....t1.....n3O.q5-..:-..*....".s........NO........]e.....d.5.;...O...._....N.Ez.6_,..vrHY..4].lUn..L....n.. .S.e.....O....f....M..9..v.K.x..)...6.....Zl.o....x.-..i.v......<.%`~}....':)..}V . i~}....5.(.M.2_.w.'^}... .q.qe.HM.:.-Zj.J.......%r...`.)g..&.....Y...R.V.G."OP...........K.Z...4(..xv..."...0..OYZ...7.....s........0.3..ccf.t.....V..IE.d..&...P...n..6q..Y..C.>.F.Z]...;...k.{..1.6r..n2..c.>..q..;.j.#M}y...../[.....gc......p.7......qk....Q.;...nt.=~...$..dWp.:...........~.....7.L.-.u.p/......._......,]...=.....,...x.y...M......`...O.R.......az..kwBE;_....../..../.}.m.....}...r..t.._}...o^5\....O....\'A..:.y.....Tp....w/^.x...'..".V..&-../Db.;\.sOSW..K..._<.H@.b..q..O.>F.....Q4....Um,Bf5...n0.FQ.;D......6..#...B.v.Z..Qt......Z.C....G..(.......kVv..G...k.e...s.._.Z..,/!.u-{T...............B.....~~..?:@.....Hlu.F.m........&t.....|v.....n......jv..{....h..v......_=o.1......9.....LF..nxmI.$:f#..(#i....j......w.D3...qC.vx.M0..1...om.....[U[K...y`xN%.H5....-..E..|2..9.........6d..TS ..x_..w.V.....,....b..f.(...........#....lu...e.=(x..)...8.V...'B...P......K| ..h.eZ8.z..)..q....r.(........ ...V.;"...-......d.,_ ....K.....q.e.)u.x...Q`(../.....-...}..n..V9a......e.....X..G.*l0Zs.........O^.e.d..... $../H...$......\.b3B0..b...e8..l.l.e.Jjo....x Y..).... ..4...bs...4]x.q.KC......@.

<<< skipped >>>

GET //Styles/Softwares/82fb03ea_binghp4.zip HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Host: staticrr.paleokits.net

Accept-Encoding: gzip, deflate

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 21 Oct 2014 02:32:21 GMT

Content-Type: application/zip

Content-Length: 740

Last-Modified: Tue, 24 Jun 2014 10:05:59 GMT

Connection: close

ETag: "53a94d87-2e4"

Accept-Ranges: bytes

PK........3oDC................images/PK...........Dx...............binghp4.css.SMo.0.=.....`..Jb.c.|...@/.tC....B.Q...]..>Kv..C.t4`....{$....m......l}.%.t.W......-j.......&4P|.......=.I._.<...8.L...p...&.H.....L.^..K.OQ..9.7..).....FY...S....5d....Y..........x.PX....NN.......c_.VR.t...../M.....5.7.45.....'I7lCv....e ..".g.a....j...J..%...Jjd....]J.1..Bd..>.-*...=........#........;|.F..#..6.>.......t.:........h.v.h.w.....L..2..u...m=l..xxK/......,=...&.`..p.......].....h9.}kH..FW!..H*{...c.(.N..#..nhg.{...jx0.C......b.=Jg=..R.U."..PK..........3oDC..............$...............images/.. ............M......l@......l@....PK.............Dx.............$....... ...%...binghp4.css.. ........... .......l@......l@....PK......................

GET //Styles/Softwares/9c04a3ed_thebestdeals.zip HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Host: staticrr.paleokits.net

Accept-Encoding: gzip, deflate

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 21 Oct 2014 02:32:24 GMT

Content-Type: application/zip

Content-Length: 750

Last-Modified: Thu, 09 Jan 2014 10:45:27 GMT

Connection: close

ETag: "52ce7dc7-2ee"

Accept-Ranges: bytes

PK.........S)D6.lz............thebestdeals.css..QO.0....)..F.....F.:/cP.I.^.i.NrM,....-C.........v..........u..E.G...drT......s.R.m....(.{[.55J,>.>.......9.....I...p.....n...."z.9.D.......B..d.....0H....i...&..K.!o;G....w...8&].f.z3.~.;._#*.....r]... ...N'.....Kz...!.O?...J:b...E...he.g-J..Q..V.vO..x@:dJ;..%Ke.]..@....K.iJ(C.......Rp.....y..a.W`5...|,.b..\..h.4\.4.b..4`..G;wK.W...1.,..\.X...7.Q..........[.%Dtfx.#.V.AC!..U.70....@....Y.{...}.@.S..!...l.xz.p....t.i.p.:...^......x....A..>w._;..X|.-....PK.........^.B................images/PK...........S)D6.lz..........$....... .......thebestdeals.css.. ...........0.%.....Ts%.....Ts%...PK...........^.B..............$...............images/.. ............A.V....Ts%.....Ts%...PK......................

GET /test.html HTTP/1.1

Host: track.v2.sslsecure3.com

Connection: Close

HTTP/1.0 500 Internal Server Error

Date: Tue, 21 Oct 2014 02:31:54 GMT

Server: Apache

Set-Cookie: vsid=925vr1614043140610643; expires=Sun, 20-Oct-2019 02:31:54 GMT; path=/; domain=track.v2.sslsecure3.com; httponly

Vary: Accept-Encoding,User-Agent

Content-Length: 0

Connection: close

Content-Type: text/html; charset=UTF-8

GET /7f1df2ad776e148c4007facb815b9b4a/Cloud_Backup_Setup.exe HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1

Host: aff-software.s3-website-us-east-1.amazonaws.com

Connection: Close

HTTP/1.1 200 OK

x-amz-id-2: JByyQUSVkCbGCtzdBEnuaFPXWbPoUMgQf3riPBCD4yxs1v6AwnDMiNazHeOz8wKA

x-amz-request-id: A5AADF8B1BCB6C69

Date: Tue, 21 Oct 2014 02:32:16 GMT

Last-Modified: Tue, 08 Jul 2014 14:34:06 GMT

ETag: "af37247590f4e4b8a8a214a091ea6067"

Content-Type: application/octet-stream

Content-Length: 73816

Server: AmazonS3

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................^...........0.......p....@.................................|........................................t..........0m..............p............................................................p...............................text...L\.......^.................. ..`.rdata.......p.......b..............@..@.data...X\...........v..............@....ndata...................................rsrc...0m.......n...z..............@..@........................................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H....h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G.....t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....

<<< skipped >>>

GET /cm/softlate/speedupmypc/option9/setup/speedupmypc.exe HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1

Host: download.uniblue.com

Connection: Close

HTTP/1.1 302 Found

Cache-Control: no-cache

Content-Type: text/plain

Date: Tue, 21 Oct 2014 02:32:19 GMT

Location: hXXp://files.uniblue.com/cm/softlate/speedupmypc/option9/setup/speedupmypc.exe

Server: openresty/1.5.8.1

Content-Length: 78

Connection: Close

hXXp://files.uniblue.com/cm/softlate/speedupmypc/option9/setup/speedupmypc.exe..

GET /test.html HTTP/1.1

Host: staticrr.paleokits.net

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 21 Oct 2014 02:31:52 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

8..correct...0..

GET /apps/dist/9020-2085_TheBestDeals.exe HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1

Host: xml.collectioncss.net

Connection: Close

HTTP/1.1 200 OK

Date: Tue, 21 Oct 2014 02:32:15 GMT

Expires: Mon, 27 Oct 2014 20:43:57 GMT

Last-Modified: Sun, 12 Oct 2014 12:14:36 GMT

Cache-Control: max-age=604800

Content-Type: application/octet-stream

ETag: "623421-50538b9bc8300"

Accept-Ranges: bytes

Server: Apache

Content-Length: 6435873

Connection: close

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L.....*J.................\..........<2.......p....@..........................................................................s.......... ............................................................................p...............................text...ZZ.......\.................. ..`.rdata.......p.......`..............@..@.data................r..............@....ndata.......@...........................rsrc... ............v..............@..@........................................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H.....>B..H.P.u..u..u...Hr@..B...SV.5.>B..E.WP.u...Lr@..e...E..E.P.u...Pr@..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..Tp@..u..5Xp@.W...E..E.h ...Pj.h.6B.W..Xr@..u.W...u....E.P.u...\r@._^3.[.....L$...>B...Si.....VW.T.....tO.q.3.;5.>B.sB..i......D.......t.G.....t...O..t .....u...3....3...F.....;5.>B.r._^[..

<<< skipped >>>

GET //Styles/Softwares/db393704_vuupc.zip HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Host: staticrr.paleokits.net

Accept-Encoding: gzip, deflate

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 21 Oct 2014 02:32:26 GMT

Content-Type: application/zip

Content-Length: 741

Last-Modified: Fri, 10 Jan 2014 15:21:49 GMT

Connection: close

ETag: "52d0100d-2e5"

Accept-Ranges: bytes

PK.........^.B................images/PK........op*D.r.8....C.......vuupc.css.S.N.0.=7R.a......@.:.].B...@{v.7.p<...e .}mC.[....!q2~o.....53-.pr.wM.'y.......~b.5\Y8..._...Pb.u.....G....Q..o~..........YD9g...Q...... ...f.....A#....jK.T...h4....}.....t7{.<P..3C.h..I..Dik:..>..J(z.8.H......*KZ...4...EF.a.W$IC.R.Z.G.P..8.V.j..M. ...]aN......DC...$../........c:. .B..rb..B".T.E.@...........>.=On...5-_[f8.}..^.K..x..v......k.,..A).,..!.n4%7...iQ...W!.....u."........37..a...)`........b..E.E..^.'=.......I.....,\.............[.....>.k..11......PK...........^.B..............$...............images/.. ............A.V...B]......B].....PK..........op*D.r.8....C.....$....... ...%...vuupc.css.. ...........k.....R.[.....R.[.....PK......................

GET /cm/softlate/speedupmypc/option9/setup/speedupmypc.exe HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1

Host: download.uniblue.com

Connection: Close

HTTP/1.1 302 Found

Cache-Control: no-cache

Content-Type: text/plain

Date: Tue, 21 Oct 2014 02:32:18 GMT

Location: hXXp://files.uniblue.com/cm/softlate/speedupmypc/option9/setup/speedupmypc.exe

Server: openresty/1.5.8.1

Content-Length: 78

Connection: Close

hXXp://files.uniblue.com/cm/softlate/speedupmypc/option9/setup/speedupmypc.exe..

GET //Dictionaries/English.xml HTTP/1.1

Host: staticrr.paleokits.net

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 21 Oct 2014 02:32:07 GMT

Content-Type: text/xml

Content-Length: 626

Last-Modified: Fri, 12 Apr 2013 09:51:55 GMT

Connection: close

ETag: "5167d93b-272"

Accept-Ranges: bytes

<dictionary>. <installed> Installed </installed> . <installing>Installing</installing> . <installingetc>Installing...</installingetc> . <downloadError>An Error has occurred</downloadError> . <takeFewMinutes>It may take a few seconds</takeFewMinutes> . <confirmExit>Are you sure you want to exit?</confirmExit> . <installClose>Do you want to install the remaining offers?</installClose> . <welcome>Welcome</welcome> . <license>Welcome</license> . <options>Additional Options</options> . <instalando>Installing</instalando> . <finish>Finished</finish>. <downloadingetc>Downloading...</downloadingetc> .</dictionary>..

GET /apps/dist/9020-2085_TheBestDeals.exe HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1

Host: xml.collectioncss.net

Connection: Close

HTTP/1.1 200 OK

Date: Tue, 21 Oct 2014 02:32:15 GMT

Expires: Mon, 27 Oct 2014 20:43:57 GMT

Last-Modified: Sun, 12 Oct 2014 12:14:36 GMT

Cache-Control: max-age=604800

Content-Type: application/octet-stream

ETag: "623421-50538b9bc8300"

Accept-Ranges: bytes

Server: Apache

Content-Length: 6435873

Connection: close

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L.....*J.................\..........<2.......p....@..........................................................................s.......... ............................................................................p...............................text...ZZ.......\.................. ..`.rdata.......p.......`..............@..@.data................r..............@....ndata.......@...........................rsrc... ............v..............@..@........................................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H.....>B..H.P.u..u..u...Hr@..B...SV.5.>B..E.WP.u...Lr@..e...E..E.P.u...Pr@..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..Tp@..u..5Xp@.W...E..E.h ...Pj.h.6B.W..Xr@..u.W...u....E.P.u...\r@._^3.[.....L$...>B...Si.....VW.T.....tO.q.3.;5.>B.sB..i......D.......t.G.....t...O..t .....u...3....3...F.....;5.>B.r._^[..

<<< skipped >>>

GET /7f1df2ad776e148c4007facb815b9b4a/Cloud_Backup_Setup.exe HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1

Host: aff-software.s3-website-us-east-1.amazonaws.com

Connection: Close

HTTP/1.1 200 OK

x-amz-id-2: c9gp3VWrDwffFNTokgZvTL9SUYkEnQXf9h4UIw au6VCQB1tltCiDjZzX3 66NJ7

x-amz-request-id: 6213E9D41DE95D7C

Date: Tue, 21 Oct 2014 02:32:16 GMT

Last-Modified: Tue, 08 Jul 2014 14:34:06 GMT

ETag: "af37247590f4e4b8a8a214a091ea6067"

Content-Type: application/octet-stream

Content-Length: 73816

Server: AmazonS3

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................^...........0.......p....@.................................|........................................t..........0m..............p............................................................p...............................text...L\.......^.................. ..`.rdata.......p.......b..............@..@.data...X\...........v..............@....ndata...................................rsrc...0m.......n...z..............@..@........................................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H....h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G.....t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....

<<< skipped >>>

GET //Displays/Softwares/16220985_display.html HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Host: staticrr.paleokits.net

Accept-Encoding: gzip, deflate

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 21 Oct 2014 02:32:25 GMT

Content-Type: text/html

Last-Modified: Thu, 03 Oct 2013 10:28:07 GMT

Transfer-Encoding: chunked

Connection: close

Content-Encoding: gzip

1f87...............r..u...W....UEB..{..\.!..`...@i.?.!0$g.`..@.}...\`..t.L..j7UIU*.dE.3.O....>3..rp.....7..;.xq..t..vy..?w.......;8x.s...........?._N..n....w'.b....:(..n2.....eY...\.....b=w....*.|Z/................*V..v...|6)..[.nu..aqU/.8...",.u.Y..i^O..&.}}.L..v.|.^...?.jz.........?../....O.^.....I9..wZ..c=..|..E.....].r....).rYQ.;#/.t]6......}...{\y.~...b...E~]..uU.]$6.Vy.wy.ZWy.t.z9.....mV....:.:...S6.....I.O.O./&oL.|.'.>\.....Y..$ci....{Q..m.>..p.EU.......r]..b.....gF,%YVhe1-..}w.M...X...DO..;-. e....Y.....a..PV.,.\.....j.9.g...K&...Sz.3.|..*.......w{.J.Z._VY.c.H.i.yi......\..^.y...$_Lr..a..|.....^.........=vG.a..r0.......b{......V..r{.F..w...m..b(en..d3...1.....c.v{y.WTh.;gg.t......,V...........U9.V.'...U...k.....?*.....;.g~.f.....iU...,[...|.mc..Fj...Ww.X.2 &.Y.....-&.n....d..rM].....J>-.}....}....fX..(m...e.`.......t.......].WnQ....."...U.H..q.)qd.i....|.kj...L...{.^.V......V..*..6..JTb1R.Bz.......3.....}.b..UW....f.&m...v...n.....'..^.Pp.....>c.H.S..........4..$.-.$ru....2........5:1.W..Rh...|t....;.................y..>t..z......;....?.G=wi_..].../...........z.8....._..k.]5..OG.....Q".A..w.=...w6.....:>wg....C*.=v.....w.a....H<$......._...j......;.w~...%\%.:;.e....B...TX.7..gv.z.^9.............s.W.{.v.b...75/...r6..<...C..d...I..0ay../.4.......C..q..5..L6..E..Z..0...]...Y...b......!S..56G.-...#...*......0=.yg..A.]........8;..y..Ir.~.r..W.eU.....P.....Kp@s..a-.S.S..'.).".bv.q.|...=yM......<H...p$8 I...*....ky$N.FU.........s.p........7.._...?....u...q"...............BHk. t.E

<<< skipped >>>

GET //Styles/Softwares/e7bf26c3_mypcbackup.zip HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Host: staticrr.paleokits.net

Accept-Encoding: gzip, deflate

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 21 Oct 2014 02:32:24 GMT

Content-Type: application/zip

Content-Length: 7774

Last-Modified: Tue, 15 Oct 2013 10:54:23 GMT

Connection: close

ETag: "525d1edf-1e5e"

Accept-Ranges: bytes

PK.........]OC................images/PK.........fJC..2.....T.......images/bullet-shortw.gifs.t..L.d.dh`d......#|..\.K....}EAbrvj.BRjzf........2Sl..M}.|..S32=..R...B....-S....l*.*r.rSK..*rs...*l..S..R..l.....XII...#HB.d.s~Q.....n...........................X..Y.. @......4. .7.]@..RFII...~yy.^..^~Q.....%..##]...........be......E..%..y. ~bR~i........pc......K....H,.7.3.GR..._in.\uqIPj.~..!....A....E..@.. ..V.E..%.E!..9.P..././../Pp.6S..ML....h.u..Zy...$.%.z..*.E.23S..L.,.M,..,....]....M....,......\.z.z]..KsS.J`zS.z-p..%............\....2q....yP.)..b.S.>.1.hQ........p...I?5............~......._>.......o^.z.....O.?z.....wn..y....W._.x....gN.:y....G..:x`...{v...c...[6o..a...kV.Z.b...K./Z.`...sf..9c...S&O.8................................ ?/7'; 3#=-5%9)1!>.6&:*2"<,4$8(0................................@_OWG[KSC]MUEYIQA^NVFZJRB\LTDXHP.................A.'..dd.a..P.........{...........PK.........N.C.U.?}...w.......images/mypcbackup.png}X.T.....CW....tH(...".wA..B.PBS..."H/"..).D:"E.*M.P..D@........[..Y_.9..=g...Y.....J......T.jJ..w(.f!'.?/....40...C.=.....P.C..@.n6.(...]......@t....c..%.D.......w...)2r..6H...d.rprG..Z:. ';.......PD9:.=.B.>.1B>rA...r. ..)<...c..wsu...G........!`._......A.j....^(.LHT...............@"Pa........I...D$@.,`|o^v.R.J*....B..1..)....O.OT.........8DD..........Awo....P.H/'.......mc... ......./Zw.....0....DX..._...........1.(.....(...1@y.}..........R.B.`.^Fh...Y.sDc...h....8.G.........B[[J...c..D. !.x.......TY...S.T.... .((....%....I...%..*..>n(w..X..cU. .....Fy9...T..n...-...b

<<< skipped >>>

GET //Styles/Templates/d7d18a25_Win-Y.zip HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip, deflate,gzip, deflate

Host: staticrr.paleokits.net

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 21 Oct 2014 02:32:20 GMT

Content-Type: application/zip

Content-Length: 218389

Last-Modified: Wed, 26 Feb 2014 11:59:42 GMT

Connection: close

ETag: "530dd72e-35515"

Accept-Ranges: bytes

PK.........F.C................images/PK.........F.C.T.Z....ZA......images/bg_app.jpg..y8....o[9:..Z(.-".-;...5QHcD...2c.y..t.B*.':D.O..M*.X.ud.?....c.3.=..T..y....\s.5s......?...k...~`..........A.....DLCa......~..o..).....( #...}P..J0.B.......U........x..1.q..>.RF.....C\5l...&p?.K.....s...`.>.C..=.......x.`.'..:X}.kp..3..2D..$$@.b.| s..^.....h(A.a..P..*J*j....{dT.*Pe.............*.|A...>.:....s...!.P..F....B.WV...f......P..G.xc.....G0......!.(.....1Th.>........'[.....?7E ....q...s.`..@..#<...........:&h.w....B..lE{?T.*...(c..!c...G2......X!.C..0...>.......c.55267Q7..k......h....j.B......?.5E.B.pd...>_.j...).O..h.0..9...a!....Z.M...P-c...;.r_..Y.r_...*..Q.n.?......E..2_..G.jG..fL......<.........p~.~...\...........) ".s......xEx.Dx./.N......|q.......x...Z...e.........<.?.......5...k...x..u.......&.....G<e.N@..a....OAg..'.(...8..CB.R..Cs..K..M...B.....6[.;.wh....?....?.... /...W._.&& .z......;V...]2..@dW.9l.026..........W0..w..F..3..x.>...x....,... ......Zh...U............\....R...'u.M.EK..=.}....3.>2w'U.t..[.v..1.1i.L.>r^.N.r..v.......mt.;......f.1&..=..G......(...#...L. B ...A..}.m. .}"g.6@s.\.p...%&W....$...w........$>xc0......K....Q.W7...I..d......S.M.....[.......bp1..\.........bp1..\.........bp1..\.........bp1..\.........bp1..\.........bp1..\.......#..o*).bX.C$...5.......G...1LmW.4..,..1..\...v..?t ......zK..wR%I..NCYa.&b.v:.n.v.&}..P.Hj....8..%..?q........Y..i.Z.....^..=..,..?....&.>M.n.....{...J..B.u.......-.E........\.>t....L...C..[.h2M.8...d.b.]e...b.[L. .H9

<<< skipped >>>

GET /test.html HTTP/1.1

Host: track.v2.sslsecure2.com

Connection: Close

HTTP/1.0 500 Internal Server Error

Date: Tue, 21 Oct 2014 02:31:53 GMT

Server: Apache

Set-Cookie: vsid=902vr1614043138202826; expires=Sun, 20-Oct-2019 02:31:53 GMT; path=/; domain=track.v2.sslsecure2.com; httponly

Vary: Accept-Encoding,User-Agent

Content-Length: 0

Connection: close

Content-Type: text/html; charset=UTF-8

GET //Displays/Softwares/4d947901_display.html HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Host: staticrr.paleokits.net

Accept-Encoding: gzip, deflate

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 21 Oct 2014 02:32:27 GMT

Content-Type: text/html

Last-Modified: Mon, 07 Oct 2013 12:18:54 GMT

Transfer-Encoding: chunked

Connection: close

Content-Encoding: gzip

2a3e..............ks.F.._g..;.Q.n.*]l'.L2.WA.e3.H.^.x.lA$$aL..^.h>.......%....J&..t?.{.....a..z.'Y?.....0.....e ..o.;.w.......k.....tz.....W'..0........u^...a9...i.Z.mo1_..r>;\?,......E1.,.....{nd....o^.....o{.r=-n..|(...].....-.kv.Z...j...^.....wR....&.{..X....b.Y...?...... ..............?.y.X.o.....^...\..E1..l.^n..|......&\..r..my...........s.\.L._...7.M.U1 ..u.^..BZl......|.Y....7...~....J........ca..?.qj|....F....i.f4...t.....*n.*..K...|..e.6.rv.@.s>..W."..|........|..lg.....nJ(....zYV .....P.s(...].s......S.P.x.3.....]...C(...s....1.v....z...g..ZT..>6.......-?Z\< ..%l.7..].....! k3_t..Z.wP../[A...~.0.9...q.B.{....m1..u.1w..C.|R..{.u\ ......c..Q....m(.n.&.#...a.lU......]a_*......2.U_.}.x..X.K{F..j.).......I.o}..........iyW.o.2.*...!....C..b..(.E>].&...g.\.^5o.'....X..2....r^....t3.....0X.=.N...<.<.^b...\~....[.....t.....f9_.a..(.Y~...{.#.."....R....8..}wT.....(.. P..v.....FZ."..z}/.2....r....uB>....=.Lw..k....0.........La'b.i.......%..*..|......0...E..7.aV/.........7................ts&....P%5;i.....q6..H....jF...@...Q.r..@..%..~..6.5.9......1..B.d.U..B<.. .a..q,.F..~,......e.Q.,...|../..Y$...\.@vR:.".@.Sg.]...Wr.@.,...H....:{..."-[......z..N.!. .F...0........q. a...7...y...r|....>.....M>.).9.y....!Y.9.j..........=..o...@.?.|.....=.9s..F.V..%...f[...F....\.U..y-....&n.....(C.................[.....Q8.}..@.....A..L.&..-...[..w..GO...`..4.p..*Q=........a.,.../....,.E.bC..s\/....n...|!........=......F.J..B..x..h..m...K.......H.....I.2....X...|.p.[MZ.<...K...d.s.WG..P...D..

<<< skipped >>>

GET /installer.php HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1

Host: get.ctx-genesis.com

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 21 Oct 2014 02:32:14 GMT

Content-Type: application/octet-stream

Content-Length: 1554432

Last-Modified: Mon, 13 Oct 2014 10:14:10 GMT

Connection: close

Content-Disposition: attachment; filename="GenesisInstaller.exe"

Accept-Ranges: bytes

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<og7x..dx..dx..d>_.dd..dqv.dy..d>_.d)..d>_.d...dqv.du..dx..d...du\.dq..du\.dy..du\.dy..dRichx..d........PE..L.....;T.................r...j....................@..........................0............@.....................................d....p..........................\.......................................@............................................text....p.......r.................. ..`.rdata..X............v..............@..@.data...LE..........................@....uqfd....r.......r..................@....rsrc........p......................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................................................................................................U..Q3..E...]....U.....V..c...]..U..Q3..E...]....U.....W......h..U...k.....].....U.....W......h..U..ik.....].....U.....W......h..U..Ik.....].....U..j....W......]................U..j....W..a...]................U..j....W..A...]................U..j....W..!...]................U..Q3..E...]....U..Q3..E...]....U..hp.B.h..B.h....j.h..W......h..U..xj.....]....U..h..W...aX......h..U..Tj.....]................U..h. X...aX......h..U..$j.....]................U..h..X..paX..n...h..U...i.....]................U..h

<<< skipped >>>

GET /test.html HTTP/1.1

Host: track.v2.sslsecure4.com

Connection: Close

HTTP/1.1 200 OK

Content-Type: text/html

Date: Tue, 21 Oct 2014 02:31:55 GMT

Server: nginx

Content-Length: 8

Connection: Close

correct...

GET /debug/Version/4_0_6_30/Nsis/GetInfo HTTP/1.0

Host: dtrack.sslsecure1.com

User-Agent: NSISDL/1.2 (Mozilla)

Accept: */*

HTTP/1.1 200 OK

Date: Tue, 21 Oct 2014 02:31:35 GMT

Server: Apache

Set-Cookie: vsid=916vr1614042954825116; expires=Sun, 20-Oct-2019 02:31:35 GMT; path=/; domain=dtrack.sslsecure1.com; httponly

Vary: Accept-Encoding,User-Agent

Connection: close

Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "hXXp://VVV.w3.org/TR/html4/strict.dtd">..<html>..<head><meta name="tids" content="a='7377' b='9745' c='sslsecure1.com' d='entity_mapped'" /><title>sslsecure1.com</title>..<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">..<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7">..<style type="text/css">..*{margin:0;padding:0; font-family:Arial, Helvetica, sans-serif}..input{outline:none}...wrapper{width:1024px;height:768px; margin:0 auto; background:url(hXXp://i2.cdn-image.com/__media__/pics/7375/left.gif) no-repeat 0 130px}...inner-wrapper{width:1024px;background:url(hXXp://i3.cdn-image.com/__media__/pics/7375/right.gif) no-repeat right 130px; height:768px}...header{padding:40px 0 20px 0}..h1{padding-top:10px}...header h1 a{color:#78603b; font-size:35px; font-weight:bold; text-decoration:none}...header span{color:#6a6a6a; font-size:13px}...searchbox .box{width:278px; height:36px; background:url(hXXp://i1.cdn-image.com/__media__/pics/7375/searchbg.gif) no-repeat; border:none; line-height:36px; padding:0 5px}...searchbox p{font-style:italic;color:#6a6a6a; font-size:13px; padding-bottom:5px}...searchbox{float:right; position:relative}...logobox{float:left}...container{width:1024px}..ul{margin:0 auto; width:33%; padding-top:38px; text-align:center}..li{list-style:none; padding-bottom:12px}..li a{font-size:24px; color:#0066ff; font-weight:bold; line-height:40px; text-transform:capitalize}...c

<<< skipped >>>

GET //Displays/Softwares/c9c92824_display.html HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Host: staticrr.paleokits.net

Accept-Encoding: gzip, deflate

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 21 Oct 2014 02:32:24 GMT

Content-Type: text/html

Last-Modified: Thu, 09 Jan 2014 10:45:56 GMT

Transfer-Encoding: chunked

Connection: close

Content-Encoding: gzip

1759...............n.....#..P ...Tl...L.K..!.....`,.A.t.LG=.....s.........7....;......D.%...........9....p.................7.o....~....~.....xp.a.|...............M...=\..PTM....aX.E...p...P...p......&.b?.....kF25.o..U.......yx.!..v...........c...a...._..<}..........7g<.&=.........x......fC.~.....y.q)....C..%O.V...V......v...U.z...*....I.@..n.T.~Yt..!....P4eX.&..!..v..du1.....0v........l.M.K.v.............I/........N.g.........O.,..CU...#6.^..*..v....7&.Pa..MU..o...j..m...P..B-z$...< .g..j..$&.ua....K...;.h......L.W....b.2...OU.b....}%..\;5...u:......L....R...1.M\~<.d...K]QV..^r....1_t.......B........ ...B.zvQ........z9...........F.....c`.R...!O..5M..l0!...E...:.q.....RF .({........gq`*s..H6.....$.....2h...Ix..,..]...>..-.b..B....2..Qh...P..M..H.T..fo.t.uY.......C.b.m...T(y..{f[.c..].G..&.|r........r.)b.Wi.eF1H..t....\U..J.L..Z..........I]..=i....pU,o..e>.V..F....t0i.H.....K..N../W....M;.9......[2..p$......f..ll.9..y)......)....k.-(....h..5.......)vR.9.Q..>cG(..X.-...UUW....~...j.&...I.........u..%nx-..|e.dU.....6^U.!....D.?.{"..,....Eth.... ...._t....X.o....{..B....#.1.....m.../.y..N.;...X.........i....>.E].Mg.Ix....{..o~.9...YdL0'.a5*.e..}'..Jd...`i.f..r......6..I..b.<..R..0.gIL1.X..B.A...q.N|..v......%...0..&.c.-7)?......'....*]......q..Y."._ol..qi.j.H.OZ.....\4KN.....b.&U....R.X...||:..b.4.<..I.&..........l!..\.0\...R.&\5hf4f.....q....m....n.._..- R..iS..I.B.D.>...........b.2T..N......T.M9-...t..].cM.:..>.6..n.I.......'.>D......C..#...=..x....2...4......V.5.E(..4LH".P-

<<< skipped >>>

GET /ba/full/mon/setup.exe HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1

Host: dl.newgenstatsnet.com

Connection: Close

HTTP/1.1 200 OK

Date: Tue, 21 Oct 2014 02:32:13 GMT

Connection: close

Accept-Ranges: bytes

ETag: "1413807219"

Last-Modified: Mon, 20 Oct 2014 12:13:39 GMT

Cache-Control: max-age=2514

Content-Length: 11426128

Content-Type: application/x-msdownload

X-HW: 1413858733.dop006.ny2.t,1413858733.cds053.ny2.c

Content-Disposition: attachment; filename="setup.exe"

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......P.....................n......-A............@.......................... ................ ..............................p.......................G...............................................................................................text...<........................... .0`.data...............................@.0..rdata..8$.......&..................@.0@.bss..................................0..idata.......p......................@.0..ndata........... ..................@.0..rsrc...............................@.0.................................................................................................................................................................................................................................................................................................................................................................................U..WVS.......U..E....t...F........T.D..H...H.......M..E..5..D..D$...$...tE..M..E.....SS...E...$.D$... uE..M..E......M.WW......M.)..M..NT....NP........E.....}...VT........FP..E........}..VP........U.......FT.............}..........E..M...$..|sE..E..R...D$..E..D$...$...uE.....<$...sE..E..Q.}.;}...Q....~X........F4..$...sE...W..........$.E......E......D$........sE.RR.FX..$.D$....sE..5.sE.QQ..$.|$...RR...E...$..|....D$. ....D$..D$......D$.\.D....tE...|.......T$...$..QQ.<$...sE.S.M..E..D$...$...uE.PP1..

<<< skipped >>>

GET /cm/softlate/speedupmypc/option9/setup/speedupmypc.exe HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1

Host: files.uniblue.com

Connection: Close

HTTP/1.1 200 OK

x-amz-id-2: PJhb3matOwf los/RaPUHQsIe/ALJfuy9EzelIJ 3cnnmmNzdDsxx6XNUr8pXDPP

x-amz-request-id: C9D3001AD0E2D90A

Date: Tue, 21 Oct 2014 02:32:20 GMT

x-amz-meta-built_from_package_id: 23466

x-amz-meta-built_from_package_version: 84

Cache-Control: max-age 86400,public

Last-Modified: Fri, 10 Oct 2014 19:53:33 GMT

ETag: "7ddda0daedd1ef875325bad41071317a"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Content-Length: 1294552

Server: AmazonS3

MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....WZR.....................D............... ....@..............................................@......................................,%..........X................................................................................................text...,........................... ..`.itext..D........................... ..`.data........ ......................@....bss.....V...0...........................idata..............................@....tls.....................................rdata..............................@..@.rsrc...,%.......&... ..............@..@....................................@..@..................................................................................................................................................................@...AnsiChar............@...string(.@...AnsiString......@...............................@......... 9@.(9@..9@..9@..9@..9@..9@..9@.,8@.H8@..8@..TObject.%..A....%..A....%..A....%..A....%..A....%..A....%(.A....%..A....%$.A....%..A....%..A....%..A....%..A....%..A....%|.A....%x.A....%t.A....%p.A....%l.A....%h.A....% .A....%d.A....%`.A....%\.A....%..A....%..A....%..A....%X.A....%T.A....%..A....%..A....%..A....%P.A....%L.A....%H.A....%D.A....%@.A...S..........$D...T.J....D$,.t...\$0....D[..@..%<.A....%8.A....

<<< skipped >>>

GET //Displays/Softwares/6fe4b061_display.html HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Host: staticrr.paleokits.net

Accept-Encoding: gzip, deflate

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 21 Oct 2014 02:32:23 GMT

Content-Type: text/html

Last-Modified: Tue, 25 Mar 2014 18:46:17 GMT

Transfer-Encoding: chunked

Connection: close

Content-Encoding: gzip

1674...............r.Wr...*....6...R.dg..Y.............fH...`g... ..:W.J^ ..}.?I~_.3.P.l_D..E.....u..}.O...t.~.{...N.]...>r..^4...k6..>9....p....U..>M.[.....G.|...UZ4....-....h...&.W...:]m..&].eV6w.b..O.:.......M.Y.....t1.....n3O.q5-..:-..*....".s........NO........]e.....d.5.;...O...._....N.Ez.6_,..vrHY..4].lUn..L....n.. .S.e.....O....f....M..9..v.K.x..)...6.....Zl.o....x.-..i.v......<.%`~}....':)..}V . i~}....5.(.M.2_.w.'^}... .q.qe.HM.:.-Zj.J.......%r...`.)g..&.....Y...R.V.G."OP...........K.Z...4(..xv..."...0..OYZ...7.....s........0.3..ccf.t.....V..IE.d..&...P...n..6q..Y..C.>.F.Z]...;...k.{..1.6r..n2..c.>..q..;.j.#M}y...../[.....gc......p.7......qk....Q.;...nt.=~...$..dWp.:...........~.....7.L.-.u.p/......._......,]...=.....,...x.y...M......`...O.R.......az..kwBE;_....../..../.}.m.....}...r..t.._}...o^5\....O....\'A..:.y.....Tp....w/^.x...'..".V..&-../Db.;\.sOSW..K..._<.H@.b..q..O.>F.....Q4....Um,Bf5...n0.FQ.;D......6..#...B.v.Z..Qt......Z.C....G..(.......kVv..G...k.e...s.._.Z..,/!.u-{T...............B.....~~..?:@.....Hlu.F.m........&t.....|v.....n......jv..{....h..v......_=o.1......9.....LF..nxmI.$:f#..(#i....j......w.D3...qC.vx.M0..1...om.....[U[K...y`xN%.H5....-..E..|2..9.........6d..TS ..x_..w.V.....,....b..f.(...........#....lu...e.=(x..)...8.V...'B...P......K| ..h.eZ8.z..)..q....r.(........ ...V.;"...-......d.,_ ....K.....q.e.)u.x...Q`(../.....-...}..n..V9a......e.....X..G.*l0Zs.........O^.e.d..... $../H...$......\.b3B0..b...e8..l.l.e.Jjo....x Y..).... ..4...bs...4]x.q.KC......@.

<<< skipped >>>

GET /installer.php HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1

Host: get.ctx-genesis.com

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 21 Oct 2014 02:32:14 GMT

Content-Type: application/octet-stream

Content-Length: 1554432

Last-Modified: Mon, 13 Oct 2014 10:14:10 GMT

Connection: close

Content-Disposition: attachment; filename="GenesisInstaller.exe"

Accept-Ranges: bytes

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<og7x..dx..dx..d>_.dd..dqv.dy..d>_.d)..d>_.d...dqv.du..dx..d...du\.dq..du\.dy..du\.dy..dRichx..d........PE..L.....;T.................r...j....................@..........................0............@.....................................d....p..........................\.......................................@............................................text....p.......r.................. ..`.rdata..X............v..............@..@.data...LE..........................@....uqfd....r.......r..................@....rsrc........p......................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................................................................................................U..Q3..E...]....U.....V..c...]..U..Q3..E...]....U.....W......h..U...k.....].....U.....W......h..U..ik.....].....U.....W......h..U..Ik.....].....U..j....W......]................U..j....W..a...]................U..j....W..A...]................U..j....W..!...]................U..Q3..E...]....U..Q3..E...]....U..hp.B.h..B.h....j.h..W......h..U..xj.....]....U..h..W...aX......h..U..Tj.....]................U..h. X...aX......h..U..$j.....]................U..h..X..paX..n...h..U...i.....]................U..h

<<< skipped >>>

GET /debug/Version/4_0_6_30/Nsis/Start HTTP/1.0

Host: dtrack.sslsecure1.com

User-Agent: NSISDL/1.2 (Mozilla)

Accept: */*

HTTP/1.1 200 OK

Date: Tue, 21 Oct 2014 02:31:34 GMT

Server: Apache

Set-Cookie: vsid=905vr1614042946610931; expires=Sun, 20-Oct-2019 02:31:34 GMT; path=/; domain=dtrack.sslsecure1.com; httponly

Vary: Accept-Encoding,User-Agent

Connection: close

Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "hXXp://VVV.w3.org/TR/html4/strict.dtd">..<html>..<head><meta name="tids" content="a='7377' b='9745' c='sslsecure1.com' d='entity_mapped'" /><title>sslsecure1.com</title>..<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">..<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7">..<style type="text/css">..*{margin:0;padding:0; font-family:Arial, Helvetica, sans-serif}..input{outline:none}...wrapper{width:1024px;height:768px; margin:0 auto; background:url(hXXp://i1.cdn-image.com/__media__/pics/7375/left.gif) no-repeat 0 130px}...inner-wrapper{width:1024px;background:url(hXXp://i3.cdn-image.com/__media__/pics/7375/right.gif) no-repeat right 130px; height:768px}...header{padding:40px 0 20px 0}..h1{padding-top:10px}...header h1 a{color:#78603b; font-size:35px; font-weight:bold; text-decoration:none}...header span{color:#6a6a6a; font-size:13px}...searchbox .box{width:278px; height:36px; background:url(hXXp://i2.cdn-image.com/__media__/pics/7375/searchbg.gif) no-repeat; border:none; line-height:36px; padding:0 5px}...searchbox p{font-style:italic;color:#6a6a6a; font-size:13px; padding-bottom:5px}...searchbox{float:right; position:relative}...logobox{float:left}...container{width:1024px}..ul{margin:0 auto; width:33%; padding-top:38px; text-align:center}..li{list-style:none; padding-bottom:12px}..li a{font-size:24px; color:#0066ff; font-weight:bold; line-height:40px; text-transform:capitalize}...c

<<< skipped >>>

GET /debug/Version/4_0_6_30/Nsis/PreRun HTTP/1.0

Host: dtrack.sslsecure1.com

User-Agent: NSISDL/1.2 (Mozilla)

Accept: */*

HTTP/1.1 200 OK

Date: Tue, 21 Oct 2014 02:31:37 GMT

Server: Apache

Set-Cookie: vsid=926vr1614042979420107; expires=Sun, 20-Oct-2019 02:31:37 GMT; path=/; domain=dtrack.sslsecure1.com; httponly

Vary: Accept-Encoding,User-Agent

Connection: close

Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "hXXp://VVV.w3.org/TR/html4/strict.dtd">..<html>..<head><meta name="tids" content="a='7377' b='9745' c='sslsecure1.com' d='entity_mapped'" /><title>sslsecure1.com</title>..<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">..<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7">..<style type="text/css">..*{margin:0;padding:0; font-family:Arial, Helvetica, sans-serif}..input{outline:none}...wrapper{width:1024px;height:768px; margin:0 auto; background:url(hXXp://i3.cdn-image.com/__media__/pics/7375/left.gif) no-repeat 0 130px}...inner-wrapper{width:1024px;background:url(hXXp://i3.cdn-image.com/__media__/pics/7375/right.gif) no-repeat right 130px; height:768px}...header{padding:40px 0 20px 0}..h1{padding-top:10px}...header h1 a{color:#78603b; font-size:35px; font-weight:bold; text-decoration:none}...header span{color:#6a6a6a; font-size:13px}...searchbox .box{width:278px; height:36px; background:url(hXXp://i2.cdn-image.com/__media__/pics/7375/searchbg.gif) no-repeat; border:none; line-height:36px; padding:0 5px}...searchbox p{font-style:italic;color:#6a6a6a; font-size:13px; padding-bottom:5px}...searchbox{float:right; position:relative}...logobox{float:left}...container{width:1024px}..ul{margin:0 auto; width:33%; padding-top:38px; text-align:center}..li{list-style:none; padding-bottom:12px}..li a{font-size:24px; color:#0066ff; font-weight:bold; line-height:40px; text-transform:capitalize}...c

<<< skipped >>>

GET /test.html HTTP/1.1

Host: api.v2.sslsecure3.com

Connection: Close

HTTP/1.0 500 Internal Server Error

Date: Tue, 21 Oct 2014 02:31:56 GMT

Server: Apache

Set-Cookie: vsid=913vr1614043167216346; expires=Sun, 20-Oct-2019 02:31:56 GMT; path=/; domain=api.v2.sslsecure3.com; httponly

Vary: Accept-Encoding,User-Agent

Content-Length: 0

Connection: close

Content-Type: text/html; charset=UTF-8

GET /cm/softlate/speedupmypc/option9/setup/speedupmypc.exe HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1

Host: files.uniblue.com

Connection: Close

HTTP/1.1 200 OK

x-amz-id-2: NNkBvtCrRII36SrsAPAV9S8E22WW0HFAgJZbt5Jcwc9QUjK6ZG2S608Vfv7ij9WL

x-amz-request-id: 27AD26F1F1EBA713

Date: Tue, 21 Oct 2014 02:32:19 GMT

x-amz-meta-built_from_package_id: 23466

x-amz-meta-built_from_package_version: 84

Cache-Control: max-age 86400,public

Last-Modified: Fri, 10 Oct 2014 19:53:33 GMT

ETag: "7ddda0daedd1ef875325bad41071317a"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Content-Length: 1294552

Server: AmazonS3

MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....WZR.....................D............... ....@..............................................@......................................,%..........X................................................................................................text...,........................... ..`.itext..D........................... ..`.data........ ......................@....bss.....V...0...........................idata..............................@....tls.....................................rdata..............................@..@.rsrc...,%.......&... ..............@..@....................................@..@..................................................................................................................................................................@...AnsiChar............@...string(.@...AnsiString......@...............................@......... 9@.(9@..9@..9@..9@..9@..9@..9@.,8@.H8@..8@..TObject.%..A....%..A....%..A....%..A....%..A....%..A....%(.A....%..A....%$.A....%..A....%..A....%..A....%..A....%..A....%|.A....%x.A....%t.A....%p.A....%l.A....%h.A....% .A....%d.A....%`.A....%\.A....%..A....%..A....%..A....%X.A....%T.A....%..A....%..A....%..A....%P.A....%L.A....%H.A....%D.A....%@.A...S..........$D...T.J....D$,.t...\$0....D[..@..%<.A....%8.A....

<<< skipped >>>

GET /debug/Version/4_0_6_30/Nsis/CopyFiles HTTP/1.0

Host: dtrack.sslsecure1.com

User-Agent: NSISDL/1.2 (Mozilla)

Accept: */*

HTTP/1.1 200 OK

Date: Tue, 21 Oct 2014 02:31:36 GMT

Server: Apache

Set-Cookie: vsid=916vr1614042962527815; expires=Sun, 20-Oct-2019 02:31:36 GMT; path=/; domain=dtrack.sslsecure1.com; httponly

Vary: Accept-Encoding,User-Agent

Connection: close

Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "hXXp://VVV.w3.org/TR/html4/strict.dtd">..<html>..<head><meta name="tids" content="a='7377' b='9745' c='sslsecure1.com' d='entity_mapped'" /><title>sslsecure1.com</title>..<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">..<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7">..<style type="text/css">..*{margin:0;padding:0; font-family:Arial, Helvetica, sans-serif}..input{outline:none}...wrapper{width:1024px;height:768px; margin:0 auto; background:url(hXXp://i3.cdn-image.com/__media__/pics/7375/left.gif) no-repeat 0 130px}...inner-wrapper{width:1024px;background:url(hXXp://i4.cdn-image.com/__media__/pics/7375/right.gif) no-repeat right 130px; height:768px}...header{padding:40px 0 20px 0}..h1{padding-top:10px}...header h1 a{color:#78603b; font-size:35px; font-weight:bold; text-decoration:none}...header span{color:#6a6a6a; font-size:13px}...searchbox .box{width:278px; height:36px; background:url(hXXp://i2.cdn-image.com/__media__/pics/7375/searchbg.gif) no-repeat; border:none; line-height:36px; padding:0 5px}...searchbox p{font-style:italic;color:#6a6a6a; font-size:13px; padding-bottom:5px}...searchbox{float:right; position:relative}...logobox{float:left}...container{width:1024px}..ul{margin:0 auto; width:33%; padding-top:38px; text-align:center}..li{list-style:none; padding-bottom:12px}..li a{font-size:24px; color:#0066ff; font-weight:bold; line-height:40px; text-transform:capitalize}...c

<<< skipped >>>

GET //Displays/Softwares/9103144e_display (1).html HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Host: staticrr.paleokits.net

Accept-Encoding: gzip, deflate

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 21 Oct 2014 02:32:24 GMT

Content-Type: text/html

Last-Modified: Tue, 01 Jul 2014 09:28:50 GMT

Transfer-Encoding: chunked

Connection: close

Content-Encoding: gzip

2215...............r..q...*..D.;R.I.....*.9.`C....y...CbV .......6o.T%O.7.'...>gf..k..l.....s.....t....?>N....]o.\U.}.W.z..............go4.s:..G..K..~..w.*...{1 W..X..q.z...Y]..b]...(W...u...v.?.g..?..wo..I..w/6.f./^.../g.m.l.d..........^g.......O...e.M.......6....:.R.9..o^/~.......,..../~...7.*...\..{..@h=..|...zSmg..N..f.......N.m...q.riw......j.I....(.V..*_...&....$N..6y.oy..Vy.h.v=...6.".E`y}.W'o^k....o[..>...s..K..|....r...."(../..r.?..].. v$..\....I.%.Gx.[....b....` ...pmQ,s..J..]gweUl.nSV.(..Z.....b..v_.t)./6....u*..9EB...v.WG..En.r...Y^.Y.....Yg...m.Y....V"( ....6.....s..<0V....\.&.3...^B.?o..3[...;.^3./.Te..|..7...i..?l.*...?..f.z..f.Z2..[..:...........v.,f...H/.....^~_.....w.O?.Ww..~..W.M...5.X......#.........>..G..)'|........_-.l......o.:........f.[=\j..u.....c....a...z....;$.Lz`w.1..l..,V..v..^m.OttY.....`n...>J..zs.......m....Js..v.r/.......C.nWs.b.55<Jn.M..n..#...Y...Q".*..G...)..\.zs..LAF..O?.g...].{@....j....%......X....*/._q..[...l......a.]V,. ......oW....._.wI^s._Q............l.,...y9...x......l.WI......|H^.P....oZ.s.....3....HUN.)L..>.bc.2.A.@,.R..np6"......A..L...TGZ....e.x..:..S./.....eYeI.u.....A.Dy.......`o..z.E...*....a......;.g5._......f.'...3#..v'M..<...!Vsx.B...Q..~d..V.{.7..........D.!.O.w..0E.7d...V@.j.g.$!hf-.pL...H..!....|......J..]V.....-.....{.. ..*.j ...p.5....E2I...9Q.9t...P. P@...k=..M.X@...y..kU...J.......:..Eb.G.%....RQq..k0...3.........0C..I......7..>H........:)...p...'....l..G...a......#....I2z.\L...|..&i2.....~..g...........7<K.|L.i2N....

<<< skipped >>>

GET //Displays/Softwares/9103144e_display (1).html HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Host: staticrr.paleokits.net

Accept-Encoding: gzip, deflate

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 21 Oct 2014 02:32:22 GMT

Content-Type: text/html

Last-Modified: Tue, 01 Jul 2014 09:28:50 GMT

Transfer-Encoding: chunked

Connection: close

Content-Encoding: gzip

2215...............r..q...*..D.;R.I.....*.9.`C....y...CbV .......6o.T%O.7.'...>gf..k..l.....s.....t....?>N....]o.\U.}.W.z..............go4.s:..G..K..~..w.*...{1 W..X..q.z...Y]..b]...(W...u...v.?.g..?..wo..I..w/6.f./^.../g.m.l.d..........^g.......O...e.M.......6....:.R.9..o^/~.......,..../~...7.*...\..{..@h=..|...zSmg..N..f.......N.m...q.riw......j.I....(.V..*_...&....$N..6y.oy..Vy.h.v=...6.".E`y}.W'o^k....o[..>...s..K..|....r...."(../..r.?..].. v$..\....I.%.Gx.[....b....` ...pmQ,s..J..]gweUl.nSV.(..Z.....b..v_.t)./6....u*..9EB...v.WG..En.r...Y^.Y.....Yg...m.Y....V"( ....6.....s..<0V....\.&.3...^B.?o..3[...;.^3./.Te..|..7...i..?l.*...?..f.z..f.Z2..[..:...........v.,f...H/.....^~_.....w.O?.Ww..~..W.M...5.X......#.........>..G..)'|........_-.l......o.:........f.[=\j..u.....c....a...z....;$.Lz`w.1..l..,V..v..^m.OttY.....`n...>J..zs.......m....Js..v.r/.......C.nWs.b.55<Jn.M..n..#...Y...Q".*..G...)..\.zs..LAF..O?.g...].{@....j....%......X....*/._q..[...l......a.]V,. ......oW....._.wI^s._Q............l.,...y9...x......l.WI......|H^.P....oZ.s.....3....HUN.)L..>.bc.2.A.@,.R..np6"......A..L...TGZ....e.x..:..S./.....eYeI.u.....A.Dy.......`o..z.E...*....a......;.g5._......f.'...3#..v'M..<...!Vsx.B...Q..~d..V.{.7..........D.!.O.w..0E.7d...V@.j.g.$!hf-.pL...H..!....|......J..]V.....-.....{.. ..*.j ...p.5....E2I...9Q.9t...P. P@...k=..M.X@...y..kU...J.......:..Eb.G.%....RQq..k0...3.........0C..I......7..>H........:)...p...'....l..G...a......#....I2z.\L...|..&i2.....~..g...........7<K.|L.i2N....

<<< skipped >>>

GET //Styles/Softwares/844a2c3b_browserapp.zip HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Host: staticrr.paleokits.net

Accept-Encoding: gzip, deflate

Connection: Close

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 21 Oct 2014 02:32:22 GMT

Content-Type: application/zip

Content-Length: 734

Last-Modified: Tue, 01 Jul 2014 09:26:57 GMT

Connection: close

ETag: "53b27ee1-2de"

Accept-Ranges: bytes

PK........YE.D...=....=.......browserapp.css.S.N.1.='R.aJ......j.\@TH\z.U........l.."...I..JI.:....y...}U..:.p...- Nf....n....U......q...ki.(-u..0.>V}8..A.....w_......\'GF.H....?.4.:..e..}?.X.Y....E..._L..>..!..... .......C...R(,/...o.Hx.p.B....s.. ..0KY.=s.'...m...o..8}..Fd.$....b...... b....Y>..<&...%...Jjd....p...XQK.g... ...F.......fp.E..7S>b......"..>.it.W......k..4.E....,).<...H.dk....p.d.....^..'....=.U.v3Q5L......6B...//l.....^........R..t^...fp<I.!....Eb...G............#`/.../PK.........k3C................images/PK..........YE.D...=....=.....$....... .......browserapp.css.. .................\.5.....\.5.....PK...........k3C..............$...............images/.. .........x..,3.....7.......7.....PK......................

Map

The Application connects to the servers at the folowing location(s):

Strings from Dumps

%original file name%.exe_940:

.text

.text

`.rdata

`.rdata

@.data

@.data

.ndata

.ndata

.rsrc

.rsrc

uDSSh

uDSSh

.DEFAULT\Control Panel\International

.DEFAULT\Control Panel\International

Software\Microsoft\Windows\CurrentVersion

Software\Microsoft\Windows\CurrentVersion

GetWindowsDirectoryA

GetWindowsDirectoryA

KERNEL32.dll

KERNEL32.dll

ExitWindowsEx

ExitWindowsEx

USER32.dll

USER32.dll

GDI32.dll

GDI32.dll

SHFileOperationA

SHFileOperationA

ShellExecuteA

ShellExecuteA

SHELL32.dll

SHELL32.dll

RegEnumKeyA

RegEnumKeyA

RegCreateKeyExA

RegCreateKeyExA

RegCloseKey

RegCloseKey

RegDeleteKeyA

RegDeleteKeyA

RegOpenKeyExA

RegOpenKeyExA

ADVAPI32.dll

ADVAPI32.dll

COMCTL32.dll

COMCTL32.dll

ole32.dll

ole32.dll

VERSION.dll

VERSION.dll

verifying installer: %d%%

verifying installer: %d%%

hXXp://nsis.sf.net/NSIS_Error

hXXp://nsis.sf.net/NSIS_Error

... %d%%

... %d%%

~nsu.tmp

~nsu.tmp

%u.%u%s%s

%u.%u%s%s

RegDeleteKeyExA

RegDeleteKeyExA

%s=%s

%s=%s

*?|/":

*?|/":

"C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\%original file name%.exe" /path="c:\%original file name%.exe" ""

"C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\%original file name%.exe" /path="c:\%original file name%.exe" ""

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nswB5.tmp\nsisdl.dll

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nswB5.tmp\nsisdl.dll

f718db1e70c.exe\e5d39da6f3e34d49a99c04aec898786a\%original file name%.exe->C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\parent.txt

f718db1e70c.exe\e5d39da6f3e34d49a99c04aec898786a\%original file name%.exe->C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\parent.txt

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nswB5.tmp

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nswB5.tmp

4a5df93e68ff718db1e70c.exe\e5d39da6f3e34d49a99c04aec898786a\parent.txt

4a5df93e68ff718db1e70c.exe\e5d39da6f3e34d49a99c04aec898786a\parent.txt

f718db1e70c.exe\e5d39da6f3e34d49a99c04aec898786a\%original file name%.exe

f718db1e70c.exe\e5d39da6f3e34d49a99c04aec898786a\%original file name%.exe

f.lXs

f.lXs

.nIrR

.nIrR

v2.0.50727

v2.0.50727

setup.exe

setup.exe

CallUrl

CallUrl

.ctor

.ctor

System.Resources

System.Resources

System.Reflection

System.Reflection

System.Runtime.InteropServices

System.Runtime.InteropServices

System.Runtime.CompilerServices

System.Runtime.CompilerServices

System.IO

System.IO

System.Net

System.Net

WebRequest

WebRequest

HttpWebRequest

HttpWebRequest

IWebProxy

IWebProxy

get_DefaultWebProxy

get_DefaultWebProxy

WebResponse

WebResponse

HttpWebResponse

HttpWebResponse

Password

Password

{B9D36289-C9B1-42FE-A2FC-62AE8DAAE9F9}

{B9D36289-C9B1-42FE-A2FC-62AE8DAAE9F9}

System.Security.Cryptography

System.Security.Cryptography

PasswordDeriveBytes

PasswordDeriveBytes

set_Key

set_Key

4.0.6.30

4.0.6.30

$a7de9600-ff8a-4d28-a544-9eaad1f27abc

$a7de9600-ff8a-4d28-a544-9eaad1f27abc

_CorExeMain

_CorExeMain

mscoree.dll

mscoree.dll

.6M%u_T(

.6M%u_T(

%original file name%.exe

%original file name%.exe

B50A97~1.EXE

B50A97~1.EXE

718db1e70c.exe\e5d39da6f3e34d49a99c04aec898786a\parent.txt

718db1e70c.exe\e5d39da6f3e34d49a99c04aec898786a\parent.txt

\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nswB5.tmp

\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nswB5.tmp

c:\%original file name%.exe

c:\%original file name%.exe

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a

CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nshB4.tmp

CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nshB4.tmp

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\

Nullsoft Install System v3.0a1

Nullsoft Install System v3.0a1

be393027e81a4b88b52679c3751607ae.txt

be393027e81a4b88b52679c3751607ae.txt