Installer.Win32.InnoSetup.2_3c7b448d2f – Adaware

Trojan.Win32.Generic!BT (VIPRE), Trojan.Packed.24524 (DrWeb), Generic5.AOQM (AVG), Installer.Win32.InnoSetup.2.FD, Trojan.Win32.Sasfis.FD, WebToolbar.Win32.InstallCore.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)Behaviour: Trojan, Installer, Packed, WebToolbar

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

MD5: 3c7b448d2f06e0601b20b43a0800eb5e

SHA1: 6730f85f48d36d7d76447ea29101847bc83a7ff3

SHA256: 1f0721ee2bac8b8cab0076d53c75b1443f9211fddf05e51f1c4bf41146cd6eb6

SSDeep: 12288:AQFag/0TuKo5 w05DIN0tqCWEP4FGlvxQQhmmBzethhy7:AQFN/0TuBsw05DIN0PWECGl8mhet

Size: 652200 bytes

File type: EXE

Platform: WIN32

Entropy: Packed

PEID: BorlandDelphi30, UPolyXv05_v6

Company:

Created at: 1992-06-20 01:22:17

Analyzed on: WindowsXP SP3 32-bit

Summary: Installer. An installation package.

Dynamic Analysis

Payload

No specific payload has been found.

Process activity

The Installer creates the following process(es):

%original file name%.exe:1388
wuauclt.exe:304

The Installer injects its code into the following process(es):

%original file name%.exe:1476

File activity

The process %original file name%.exe:1476 makes changes in the file system.

The Installer creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OK7C0W6U\LOGO[1].png (3719 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Loader.gif (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Quick_Specs.png (221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\KO.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Color_Button.png (863 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\CS.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\JA.locale (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\M56PQRET\logo[1].png (7491 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\M56PQRET\bg2_us[1].jpg (7569 bytes)
%Documents and Settings%\%current user%\Desktop\Continue Flash Player 11 Installation.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\ProgressBar.png (812 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0004C531.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\M56PQRET\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\bootstrap_15771.html (156 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\form.bmp.Mask (244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2L856785\logo_new[1].png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\FR.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OK7C0W6U\bg3_ru[1].jpg (3756 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Close_Hover.png (240 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\IT.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OK7C0W6U\Rodedowo[1].png (3521 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\sdk-ui\checkbox.css (190 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\NL.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2L856785\FF_logo[1].png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is943016861\312728_stp\sqlite3.dll (1706 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\BG.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\DE.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\csshover3.htc (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\EN.locale (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\M56PQRET\Beginogo[1].jpg (2816 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\sdk-ui\images\button-bg.png (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\SV.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GV0TYL01\bg4_us[1].jpg (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\sdk-ui\images\progress-bg-corner.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\M56PQRET\IE_logo[1].png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\isf_312821.flat (1707 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0004D676.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\PL.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\FI.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0004D6C5.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ICReinstall_%original file name%.exe (3725 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\default_tb.png (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2L856785\bg1_ru[1].jpg (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\PT.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\main.css (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0004C158.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2L856785\Rerarapepe3[1].jpg (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Close.png (207 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GV0TYL01\bg3_us[1].jpg (4963 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OK7C0W6U\bg4_ru[1].jpg (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is943016861\312728_stp.CIS.part (42 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is943016861\312728_stp.CIS (4940 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\ES.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Pause_Button.png (577 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\ZH.locale (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GV0TYL01\Beginogo_N[1].jpg (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\sdk-ui\images\progress-bg.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\sdk-ui\images\progress-bg2.png (978 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Progress.png (104 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GV0TYL01\logo[1].png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2L856785\bg2_ru[1].jpg (3056 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\NO.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\M56PQRET\Beginogo_BR[1].jpg (4816 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\sdk-ui\browse.css (337 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\000476F1.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\TR.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is943016861\312702_stp.EXE.part (68 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Color_Button_Hover.png (846 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\DA.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Icon_Generic.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Resume_Button.png (718 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2L856785\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is943016861\312702_stp.EXE (7860 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\EL.locale (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\default_wi.png (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\ID.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\sdk-ui\button.css (417 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OK7C0W6U\install[1].png (639 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\sponsored.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GV0TYL01\CH_logo[1].png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Grey_Button.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\ie6_main.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OK7C0W6U\Rorawaker_Logo[1].png (1145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OK7C0W6U\bg1_us[1].jpg (5101 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\sdk-ui\progress-bar.css (506 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\RU.locale (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GV0TYL01\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0004E115.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OK7C0W6U\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Grey_Button_Hover.png (1 bytes)

The Installer deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\isf_312821.flat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OK7C0W6U\install[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0004C158.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\000476F1.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0004C531.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0004D676.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0004E115.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\bootstrap_15771.html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0004D6C5.log (0 bytes)

The process wuauclt.exe:304 makes changes in the file system.

The Installer creates and/or writes to the following file(s):

%WinDir%\SoftwareDistribution\DataStore\Logs\edb.chk (100 bytes)
%WinDir%\SoftwareDistribution\DataStore\Logs\edb.log (2232 bytes)
%WinDir%\SoftwareDistribution\DataStore\DataStore.edb (100 bytes)

The Installer deletes the following file(s):

%WinDir%\SoftwareDistribution\DataStore\Logs\tmp.edb (0 bytes)

Registry activity

The process %original file name%.exe:1388 makes changes in the system registry.

The Installer creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "95 1C 35 E4 7E AB 73 DD 98 3C 93 A2 98 A6 B1 91"

The process %original file name%.exe:1476 makes changes in the system registry.

The Installer creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "%original file name%.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "708992537"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DC E5 9A 65 3C 20 A9 68 AA 9D C9 72 7F 3C 36 1C"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Installer modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Installer modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Installer modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Installer deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

Dropped PE files

MD5	File path
99f7caaee59dcc8b31327ab86abd9fc3	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\is943016861\312702_stp.EXE
fd3bd02c9334a382df8c4e9fbe6fe368	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\is943016861\312728_stp\sqlite3.dll

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

Removals

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):
%original file name%.exe:1388
wuauclt.exe:304
Delete the original Installer file.
Delete or disinfect the following files created/modified by the Installer:
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OK7C0W6U\LOGO[1].png (3719 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Loader.gif (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Quick_Specs.png (221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\KO.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Color_Button.png (863 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\CS.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\JA.locale (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\M56PQRET\logo[1].png (7491 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\M56PQRET\bg2_us[1].jpg (7569 bytes)
%Documents and Settings%\%current user%\Desktop\Continue Flash Player 11 Installation.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\ProgressBar.png (812 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0004C531.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\M56PQRET\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\bootstrap_15771.html (156 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\form.bmp.Mask (244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2L856785\logo_new[1].png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\FR.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OK7C0W6U\bg3_ru[1].jpg (3756 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Close_Hover.png (240 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\IT.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OK7C0W6U\Rodedowo[1].png (3521 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\sdk-ui\checkbox.css (190 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\NL.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2L856785\FF_logo[1].png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is943016861\312728_stp\sqlite3.dll (1706 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\BG.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\DE.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\csshover3.htc (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\EN.locale (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\M56PQRET\Beginogo[1].jpg (2816 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\sdk-ui\images\button-bg.png (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\SV.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GV0TYL01\bg4_us[1].jpg (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\sdk-ui\images\progress-bg-corner.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\M56PQRET\IE_logo[1].png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\isf_312821.flat (1707 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0004D676.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\PL.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\FI.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0004D6C5.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ICReinstall_%original file name%.exe (3725 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\default_tb.png (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2L856785\bg1_ru[1].jpg (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\PT.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\main.css (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0004C158.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2L856785\Rerarapepe3[1].jpg (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Close.png (207 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GV0TYL01\bg3_us[1].jpg (4963 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OK7C0W6U\bg4_ru[1].jpg (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is943016861\312728_stp.CIS.part (42 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\ES.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Pause_Button.png (577 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\ZH.locale (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GV0TYL01\Beginogo_N[1].jpg (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\sdk-ui\images\progress-bg.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\sdk-ui\images\progress-bg2.png (978 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Progress.png (104 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GV0TYL01\logo[1].png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2L856785\bg2_ru[1].jpg (3056 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\NO.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\M56PQRET\Beginogo_BR[1].jpg (4816 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\sdk-ui\browse.css (337 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\000476F1.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\TR.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is943016861\312702_stp.EXE.part (68 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Color_Button_Hover.png (846 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\DA.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Icon_Generic.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Resume_Button.png (718 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2L856785\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\EL.locale (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\default_wi.png (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\ID.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\sdk-ui\button.css (417 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OK7C0W6U\install[1].png (639 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\sponsored.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GV0TYL01\CH_logo[1].png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Grey_Button.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\ie6_main.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OK7C0W6U\Rorawaker_Logo[1].png (1145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OK7C0W6U\bg1_us[1].jpg (5101 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\sdk-ui\progress-bar.css (506 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\RU.locale (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GV0TYL01\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0004E115.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OK7C0W6U\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Grey_Button_Hover.png (1 bytes)
%WinDir%\SoftwareDistribution\DataStore\Logs\edb.chk (100 bytes)
%WinDir%\SoftwareDistribution\DataStore\Logs\edb.log (2232 bytes)
%WinDir%\SoftwareDistribution\DataStore\DataStore.edb (100 bytes)
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Static Analysis

VersionInfo

Company Name:
Product Name:
Product Version:
Legal Copyright:
Legal Trademarks:
Original Filename:
Internal Name:
File Version:
File Description:
Comments: This installation was built with Inno Setup.
Language: English (United States)

Company Name: Product Name: Product Version: Legal Copyright: Legal Trademarks: Original Filename: Internal Name: File Version: File Description: Comments: This installation was built with Inno Setup.Language: English (United States)

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
CODE	4096	37732	37888	4.64612	82fb657934b4af7aaf33c36a0f18810d
DATA	45056	588	1024	1.89736	5d98c64569668b0235ae89005918165a
BSS	49152	3720	0	0	d41d8cd98f00b204e9800998ecf8427e
.idata	53248	2384	2560	3.07115	bb5485bf968b970e5ea81292af2acdba
.tls	57344	8	0	0	d41d8cd98f00b204e9800998ecf8427e
.rdata	61440	24	512	0.14174	9ba824905bf9c7922b6fc87a38b74366
.reloc	65536	2228	0	0	d41d8cd98f00b204e9800998ecf8427e
.rsrc	69632	10968	11264	3.08143	80efdde1caff5958d90f94fe734567e0

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 8
5385f3be4840e1d49eaf2d9b0bd468f7
b1e3ab31c18edfdab516ecf116ba9d48
7ff080381702261148822ac6a39b53a2
3025d04823063889cf2e8c11396d86e8
9c0112df9976a6df0305f43d19103fc7
69fd34b6ee439cfad15610b8e8918034
5d8ece51fbfc191a2c707a2b5a6ae536
68f32255c4f4efd1b6ed82d15ac3ceee

Network Activity

URLs

URL	IP
hxxp://os-slv-1323817372.us-west-2.elb.amazonaws.com/Ecommfactory/?v=3.0&c=454163425
hxxp://districdn.com/flash-ie/install_flashplayer11x32ax_mssd_aih_ie.exe
hxxp://districdn.com/flash-ie/install.png
hxxp://geosrvlb-629133695.us-east-1.elb.amazonaws.com/details
hxxp://img.tatomayey.com/img/Rodedowo/Rodedowo.png	146.185.27.45
hxxp://img.tatomayey.com/img/Rulilap/bg1_us.jpg
hxxp://img.tatomayey.com/ofr/sqlite3.cis
hxxp://img.tatomayey.com/img/Rulilap/bg2_us.jpg
hxxp://img.tatomayey.com/img/Rulilap/logo.png
hxxp://img.tatomayey.com/img/Rulilap/bg3_us.jpg
hxxp://img.tatomayey.com/img/Rulilap/bg4_us.jpg
hxxp://img.tatomayey.com/img/Rulilap/bg1_ru.jpg
hxxp://img.tatomayey.com/img/Rulilap/bg2_ru.jpg
hxxp://img.tatomayey.com/img/Rulilap/bg3_ru.jpg
hxxp://img.tatomayey.com/img/Rulilap/bg4_ru.jpg
hxxp://img.tatomayey.com/img/Beginogo/Beginogo.jpg
hxxp://img.tatomayey.com/img/Beginogo/Beginogo_BR.jpg
hxxp://img.tatomayey.com/img/Beginogo/Beginogo_N.jpg
hxxp://img.tatomayey.com/img/Rerarapepe/logo.png
hxxp://img.tatomayey.com/img/Rerarapepe/logo_new.png
hxxp://img.tatomayey.com/img/Rerarapepe/Rerarapepe3.jpg
hxxp://img.tatomayey.com/img/Mapayuy/LOGO.png
hxxp://img.tatomayey.com/img/IE_logo.png
hxxp://img.tatomayey.com/img/CH_logo.png
hxxp://img.tatomayey.com/img/FF_logo.png
hxxp://img.tatomayey.com/img/Rorawaker/Rorawaker_Logo.png
cdneu.tatomayey.com	146.185.27.53
geoip.infra-team.com	174.129.249.174
cdn.neoinstaladores.com	91.121.203.233
os.tatomayey.com	54.203.246.77
cdnus.tatomayey.com	74.81.69.244

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /flash-ie/install.png HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.neoinstaladores.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Content-Type: image/png

Last-Modified: Thu, 21 Nov 2013 12:53:49 GMT

ETag: "a5c1535-6f3-4ebaf638f9140"

MyServer: powah2

MyServer: CDN001

X-UA: cdn

Vary: X-UA

Content-Length: 1779

Accept-Ranges: bytes

Date: Wed, 09 Apr 2014 00:42:48 GMT

X-Varnish: 2097491103

Age: 0

Via: 1.1 varnish

Connection: keep-alive

MyCache: vCDN001

X-Cache: MISS

.PNG........IHDR... ... .....szz.....bKGD..............pHYs...H...H.F.k>....vpAg... ... .........IDATX...].$W....VUWwU..|..q6...8.L$...E..."..D.y. .."y..W....`.....n|......]p6.Bl5....d'.=...u?|..........(......9.{..*.................vV..]..4q..Sv[.D....g.K....>S..]...}.t......A...}..{../.... ....w...v.....4l.....]..nL........`....Vr`..:W.K..V}..Z.r.|...l..w.J...n.7.D.9.D..M.j.M.h.Kw.O.s..WO...b.}.Y{sc.#n.FAl....B'...... Ms<7.H.%)..s(.../=e.........s...O...n.VY5."....".$.I.C.....!..d..F8..o.............0....9.k...%,..%..xC..g.....r.Ge7)..e20.{N.....Pi..3.d.HKS..H...`......A....... ..mG`I.l.....8.....s.,...,..E..t...|.Jf..d.>.;.......v.HA_ze......b..|..*.*p$.#...........6.....S..(.)3((.K.... >.)...y...`.....u....g2.W/.Z#j4[dI\:)tMYlI...D.\.;|..._3.. 1...8..8.......;....G.2P..!U.<,.m......}....... {..JZ=..-... ...`.......7c......#....{....../.....Co..[R[...lk.#%...B..x#Q.............a..h..}......y....)...- ..aL.H.. ...h1...,...l...L......z>VH.k...V9.h......9...G.....?.(.hr.......6...!..C.@[[]........%.zD.....|.3.g..J7{...............%...bt...M.i........D4..........>.DA..7........*g.9z....eq..........F.E3,|.{.=.iT......l^....H......B.....:..lJ.DQ..].$....6.Y........cn.~.V...^..ep=....."....d.p .....:].......:..Z......2.t?.f..^...>.C.<..r7..c..R....k._?.{.d..0......9...^.=....kW.z.ox.....w.....M0.....H.L9..vG....2.k.z...|..<....5...'.. ..N....0............C.l.(.F:F.u..~.Yj,...#d........c.......4....v.px.^B)...6.j~..Zf.).Zfj....h.I1.W....@......vV....y.9...M...HZ.[~...M.0.&iE...e....;

<<< skipped >>>

GET /flash-ie/install_flashplayer11x32ax_mssd_aih_ie.exe HTTP/1.1

Range: bytes=0-1004887

Accept: */*

Host: cdn.neoinstaladores.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx

Content-Type: application/x-msdos-program

Last-Modified: Tue, 19 Feb 2013 17:44:02 GMT

ETag: "a5c0e89-f5558-4d6176318bc80"

MyServer: powah2

MyServer: CDN001

X-UA: cdn

Vary: X-UA

Accept-Ranges: bytes

Date: Wed, 09 Apr 2014 00:42:48 GMT

X-Varnish: 2097491104 2097491102

Age: 0

Via: 1.1 varnish

Connection: keep-alive

MyCache: vCDN001

X-Cache: HIT

Content-Range: bytes 0-1004887/1004888

Content-Length: 1004888

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r..Ar..Ar..Al.HAp..AUK.A|..AUK.Aq..A..ZAs..A{.HAB..A{.YAo..A{.OA...Ar..A...A{.EA8..Al.XAs..A{.]As..ARichr..A................PE..L......P.....................p...P..P0...`...@....@..................................H....@..........................................@...c...........6..h...D.......................................,2..H....................9......................UPX0.....P..............................UPX1.........`......................@....rsrc....p...@...f..................@..............................................................................................................................................................................................................................................................................................................................................................................3.08.UPX!......I3n.C!....G.......&../....h...,....p.3.@...U..V.u.Wj.Y.*_n.f....t."!...E...... ...@....:...V.P.*.0@...._^]......W.|$..'......o4t.....rFVj..G........u....-.....W.t$........F...........u.q....^.._.....0t.1...= ..".3(j...W:...4...L.).,0....as30..$.z...5G.x.....%..-6..D7x.......Pb..........1.`......@...............rR.f_ ..........7..SV....8Z..=j3...C......%..~.....z....q .0v[pN......-.`....C[P-..,.........1@..K{N,. .M.....vs.<!.g..*...xxi.[[].==....h..W...u.@.L4..#hw.v.J."i3...D..}.~*..I*HTP....#.Y....B...a....U.R&..P....u...9..4

<<< skipped >>>

POST /details HTTP/1.1

Accept: */*

Host: geoip.infra-team.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Content-Length: 7

Cache-Control: no-cache

foo=bar

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *

Content-Type: application/json

Date: Wed, 09 Apr 2014 00:37:25 GMT

Server: TornadoServer/3.2

Content-Length: 327

Connection: keep-alive

{"city": "Kharkov", "region_code": "07", "ip": "193.138.244.231", "area_code": 0, "time_zone": "Europe/Zaporozhye", "dma_code": 0, "metro_code": null, "country_code3": "UKR", "latitude": 49.98079999999999, "postal_code": null, "longitude": 36.252700000000004, "country_code": "UA", "country_name": "Ukraine", "continent": "EU"}HTTP/1.1 200 OK..Access-Control-Allow-Origin: *..Content-Type: application/json..Date: Wed, 09 Apr 2014 00:37:25 GMT..Server: TornadoServer/3.2..Content-Length: 327..Connection: keep-alive..{"city": "Kharkov", "region_code": "07", "ip": "193.138.244.231", "area_code": 0, "time_zone": "Europe/Zaporozhye", "dma_code": 0, "metro_code": null, "country_code3": "UKR", "latitude": 49.98079999999999, "postal_code": null, "longitude": 36.252700000000004, "country_code": "UA", "country_name": "Ukraine", "continent": "EU"}..

POST /Ecommfactory/?v=3.0&c=454163425 HTTP/1.1

Accept: */*

Host: os.tatomayey.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Content-Length: 818

Cache-Control: no-cache

0A0CzutD0EtC0RtC0FtC0HtC0HtC0OtC0TtC0RtB0ZtC0FtC0CtB0UtN0U0I0DzutDtDtD0CtBzytA0F0CzytAtDyB0AtByDtN0W0VzuyDtFtCtN0W0S0PzutAtN0O0S0L1T1G1Nzu1P1GtN0E2V1P0C1M1J0S2Y1HzutAtByDyBtBtAyEtDyCtN1L1B0A1Q1H1L1GzutCtN0T0KzutAtCtCyEtBtCtN0U0I0DzutDtDtD0CtBzytA0F0CzytAtDyB0AtByDtN0S0D0TzutBtDtCyEtDyEtDzytDtAtAyCtCtBtByCzytN0V0M0Czu0V0M0WtN1L1B0V0M0D1P1OzutCtN0M0A0C1V0LzutDtDtD0CtBzytA0F0CzytAtDtN0P0E1V0M0O0D0Ezu0D0L0LtN0D0E0P1V0M0O0DzutBtN1L1B0A1Q1H1L1GzutCtN0R0N1T1H1Pzu1RtOtA0AtOyD0CtA1RyB1SyEyEzz1QtB1OtDyC1PtDyCtDtC1StBtD1SyEtA1TtDzztDtD1P1SyD1PtF1P2V1PtN0O0S0L1T1G1Nzu1P1GtN0O0S0V1P1CzuyDtFtCtN0O0S0S0P0V1P1CzutAtN0O0S2VyCyEzutDtN0P0P0Nzu1B1T1G1Q1S1F2V1V1B2X1RtF1P2V1PtN0M1P1H0P1M0AzutBzyzztN0M1P1H0P1M0TzuyDtCtCtN0M1P1H0V1L1C0AzutCzyyCyBtN0M1P1H0V1L1C0TzutBtDyEyBtN0P0R0O0D0U0C0T1V0T0I0T0L0Ezu1O1I1T1B1M1V1E1I1T2U1P1C1VtCtC

HTTP/1.1 200 OK

Content-Type: text/html

Date: Wed, 09 Apr 2014 00:36:35 GMT

Server: nginx

X-ADS-CC: UA

X-ADS-TIMESTAMP: 20140408203633097

X-ADS-VERSION: 1.2.2

transfer-encoding: chunked

Connection: keep-alive

1f88....|..]t..^...&...C|...~.I2...I...;....X.._........0...t.... Z...=&.i...CHnj.3..R4`..x.{.r`......F".J`.V..%b....*.(c.N...m.......r*S.D....*S@..ZZi.;.t8.[izS....j. k.a.6.xS.p.k..........TB..4*SXv..L...d.r.#.h......`.o.S.1Y....e.2....\:..KV...r<.*.A.l.k.... ..0.%...B.. .T....f.9....fk#..B..!H.1..J.c.O.xI..B.u^..G.x...1~..Y...".....l.0...37..t%9(-...Sw..a..@...z<#..).c...A..R.1....Wr...c....~Z.. 1@A.x2......._).lU......x>...2C2.f..........aU......~vKsHY.YC.....&a...4.,..4H....1..........|..yA..w..!.LPGsz.Ny.#v..F.....5...%...TOQC.6..&....dk.0..GIpe.X........w.{Hw.[........<.......<.!....S.s.c.t.SQ....q..H.O..D..j.5. .........6/..{9h...H....2.......M...p.....JNg. ..;.L...8p.K.e...@...p.SHu.;... .j..8p._H.......hp....".X1...u.S.y...{....n..L...~6......hb.Lp...(...q....#.h.........fL.j..$I. .....jN......7..H.......n..H.R..d...KI..T.n.5^.....}....k>.x.:.a.e..(p.K2...........0....`.T.........q.........[.p...~.\4....p..@.K..W..t.(.<zf..l...e(.~b..c...z..*(P..?...^...N.6.C.a.4........8...4..lb'.....Jx..0.K.n..3(......l.z...GkK"`1...... .......4.L5..k........b.F..(fR.R..X....Z...a...8*...9p......(z."....WC,.N.(..._..=.....v4.*x ..2.J.....i......x....t........^.j...1..*....5. ._Z.2{D.D.S.......4..y.7.z~lb.4....g.2......B.........0....D~..Uf....]..*..E.N...ft......>...l@`...f.......G.53..v..B.....T...IFF...F4.5.....&d....nG.xN)....i..,.<a.....9AG..~Y..7Se.....i.._....B.p...0.rV.Fq.?...bg...Jvw..|...........L...h.......t.....{KF'.Y.8.[.`......(#......,.d....m.;rt...@..9..].M...NA.eS.~.|7!.y.[.

<<< skipped >>>

GET /img/Rulilap/bg1_us.jpg HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.tatomayey.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Wed, 09 Apr 2014 00:36:37 GMT

Content-Type: image/jpeg

Connection: keep-alive

x-amz-id-2: mAdxVYv07pgYJGm4vWtr z7xvtau2LeT8Z2qA 0in7eEhqUSMB4FsqF55 gt9AS

x-amz-request-id: 8F03397238478783

x-amz-meta-s3fox-filesize: 19940

x-amz-meta-s3fox-modifiedtime: 1389781511512

Last-Modified: Wed, 15 Jan 2014 10:25:22 GMT

x-amz-version-id: W8DUE0VZh4ccBw51SEKej3toLFi409KJ

ETag: "00ce656543967661514ce4f214e842f3"

Content-Length: 19940

Accept-Ranges: bytes

......JFIF.....`.`.....hExif..MM.*.................>...........F.(...........1.........N.......`.......`....Paint.NET v3.5.10....C.....................................'!..%..."."%() , . /3/*2'* *...C...........*...**************************************************........0.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....(....(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...h.......iR2......e/.x..cC.....\.....6.~..3.............#...(.. z.......|.,sF.w-x.......u=|.V.9..TB.d.,....n.....[{.X.nv,..].....Q......F..0vP.1n.....|....N_.......4K.O#....3Q..R!..J....s.=.t..t........./.....4.lK4r..n.....H..>.....R..N._C....fW..)b. .>S..Nx....$VsKw.*<C..FD..7...[...,.P....,.?&s.......r\(..H.?..=p3.Q.9...~f=..m...^.....1.^..84I.$@...2...... .(...XH.(..t...-..F...O...'s$.`n..@....zS........:....M...'.;.*..^............ .O.. ..``HfA....C...U...\.f<g...A..R[...Fx........<.G..2<.-.M..m.. .R.it4..n`]hB.TI.~.`.L..j...f..Hl...............E}.=...p....&s.^.b.......v.b..p.\|...L.%Q[n...f-....:h#...O..,....<UK....l.k.a.|.......5...r..@p.....Y.h$[..E...?.._j....x.F.I....X..I...C....PI...Y>....p

<<< skipped >>>

GET /img/Rulilap/logo.png HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.tatomayey.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Wed, 09 Apr 2014 00:36:37 GMT

Content-Type: image/png

Connection: keep-alive

x-amz-id-2: G9oXdp187xt0qkHtjW/xrfJGLk6j/TS1QjEbjFImZVr6G sYmlHofjdvJwP 4ZVZ

x-amz-request-id: 532D9E7BF3BF98C0

x-amz-meta-s3fox-filesize: 35910

x-amz-meta-s3fox-modifiedtime: 1386506285075

Last-Modified: Sun, 08 Dec 2013 13:19:55 GMT

x-amz-version-id: XU0WkwE9xr9ndySKMI0rjIuy3nQX8jSj

ETag: "c890f13acf547eeff337e67f3883d08a"

Content-Length: 35910

Accept-Ranges: bytes

.PNG........IHDR.......i.....U..z....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..}.|UU..w{.M..!!...7..&...W..;:..........*..."... ........[.....3....ks.mr.9......U..:..8....;.v...%l.l:.:6'.u......=.l...z..m5[.. [.......k...Z...-......5..:.u..f.,l9l'..<.-S.3_..6....q..[.[.[H..G......l..........E.....b.....l..%h.....f.....4n\..'`*...@.....{w~...>k..`.E....DKk....i'L......(.k.,.W..a.o..v.8.m................hf.....Q=n....h..].q..Y(..Ab.....M./.[<h.l.........\..[N>...".o.J ..ksa...X.v......S.......0Y..3j(6~..f........hnhAQV.R..E[...!..w...`.'^x......z....t.....F.....".a..dDR..F.V..X...K?.....HHO.......3g...8.m..p$...j...S..!.i.t...[^.l...F..u..;.....8\.......QT48q....../..3/....?..Z.A..z...}.I.|...?r8.J. ..!f4...........Q....a....D.b.x<p.5.b.8.8..U ...X8......6\9...9a*....A.QU...v/......R.2'....Y'....f...0lH?.-6T..@zf&........wT"...R.x.z...$%&r....~7.R..........{R2.:3B.NT..#==.}.....fKf3..d...I..[...l7..../../...Sk.....i....l_.G..p...%...5.\.Z.$.._z.n...$.....1......t..u..|.l.Z[....uuuG.a...g@.c(..[9[i........r.[...}_..._>.......K......i.O.a.1>X..,.Z.........."..t$&a..Q.4._....I....}.}../\.Q...*....C,.5.....m...:k...a$'..w..HJO.#..,.......s. U.....,.......Q_s..6o...J......)......9b-G.U.*5..5.z..o...wY....o~...g.)..,@[....:.m..$....~<....5.J..*..y.X.p...x=...].`..9X.j%v..}.\.ii8P...X.!.....D.....i.;m.GfSN~...B.f.UW.p<..0[...._...y.f...i._.......p.\m....1....[....}.YZ.d........#.l...'..S'(6....s{,Y]{.mh...(9.-=T.....Q...u..v......"...Y3g...'.;.?..m.......J..F5 ....o.W.n.Pm......R.94.t...l

<<< skipped >>>

GET /img/Rulilap/bg4_us.jpg HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.tatomayey.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Wed, 09 Apr 2014 00:36:37 GMT

Content-Type: image/jpeg

Connection: keep-alive

x-amz-id-2: 6WuC0zL14z9GBhIQVoRlJF7V8kdLMnH3Jgdup/5eOuy3hmFEXdCyeHFoVeiM5dzN

x-amz-request-id: 067EFF2EA44CFC4F

x-amz-meta-s3fox-filesize: 30486

x-amz-meta-s3fox-modifiedtime: 1389785709303

Last-Modified: Wed, 15 Jan 2014 11:35:20 GMT

x-amz-version-id: 66GflDTA_Z7DCv7RokWjIBGxEHMH19Oj

ETag: "b2e66aa870c501c5f6e3dfb166ad71d5"

Content-Length: 30486

Accept-Ranges: bytes

......JFIF.....`.`......Exif..MM.*.................b...........j.(...........1.........rQ...........Q...........Q..................`.......`....Paint.NET v3.5.10....C.....................................'!..%..."."%() , . /3/*2'* *...C...........*...**************************************************........0.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......zO.,..uk.(..{Go;"......\L~,.d...".....v....W..c..?........7..#...}>C@.........j*.......z...?.............Kx...fEf .H.5'....O..P..~ .T..\x.S..`$x.......d..}Eu)...^........b.[..N....|u..1^{....<....5....p.ZI"E.ZX..,.uV.PFG..N.....o|1.....[..0.....p.p.....'...h..#.3...,.).=W"... .l.E.Y........:..B.?...A....^...k..]....?-#. ..B.g..DEL..;.c.....[.d.6..x..c.......T.y.....g./.. .o.j'n3...3.j..|k....O..........JRS..,%,..U..>`..VR......u MR......("{F......!H.*.....).w.)I<U....._....O.......^zx......_..U.....~....s..<..>.s2........v3!...p?.Q.....:..;..H._..C&..../....H._..C&..../.....Q..]...q......=..B...o.. .x..=.......$~/....P......eG.$~/....P......e\..W..E.......q..N...$b.N}Xc.ET..P....R.X....3q..._.$~/....P......eG.$~/....P......e\.jZk.......|2

<<< skipped >>>

GET /img/Rulilap/bg2_ru.jpg HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.tatomayey.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Wed, 09 Apr 2014 00:36:38 GMT

Content-Type: image/jpeg

Connection: keep-alive

x-amz-id-2: vZ1vwkqzIFbDVKraiO3h24h36rn/xULogD Nqu5fUBEbHOZTU/QIjURaano5XZOk

x-amz-request-id: 3F4F0EE225F2D167

x-amz-meta-s3fox-filesize: 35726

x-amz-meta-s3fox-modifiedtime: 1386508731893

Last-Modified: Sun, 08 Dec 2013 13:19:54 GMT

x-amz-version-id: laCzrLAMyWcgPN41w4AS4g.L22RoU5lg

ETag: "d91679c5bd4129d808a9fb38a3edb4d3"

Content-Length: 35726

Accept-Ranges: bytes

......JFIF.....F.F......Exif..MM.*.................V...........^.(...........1.........f.2.........x.i...............F.......F......Paint.NET v3.5.10.2013:01:03 10:49:21............................................................(.................H.......H.......XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC hXXp://VVV.iec.ch............IEC hXXp://VVV.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................view.........._...............\.....XYZ .....L.V.P...W..meas................................sig ....CRT curv.......................#.(.-.2.7.;.@.E.J.O.T.Y.^.c.h.m.r.w.|...............................................................%. .2.8.>.E.L.R.Y.`.g.n.u.|........

<<< skipped >>>

GET /img/Rulilap/bg4_ru.jpg HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.tatomayey.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Wed, 09 Apr 2014 00:36:38 GMT

Content-Type: image/jpeg

Connection: keep-alive

x-amz-id-2: 628wt3whJLjTbbVx9ByZ0rrd42kXoEIzE neWK/u28fdf7t3f AQPkuYfmx7okxY

x-amz-request-id: 5D5850847EFD7EE9

x-amz-meta-s3fox-filesize: 35270

x-amz-meta-s3fox-modifiedtime: 1386508766758

Last-Modified: Sun, 08 Dec 2013 13:19:55 GMT

x-amz-version-id: 0Qs2DJsPEq2EvoEIq4wV4WPPUdJXl7W_

ETag: "f066ab9757be0f73a0bfeed39ce66178"

Content-Length: 35270

Accept-Ranges: bytes

......JFIF.....F.F......Exif..MM.*.................V...........^.(...........1.........f.2.........x.i...............F.......F......Paint.NET v3.5.10.2013:01:03 11:37:11............................................................(.................H.......H.......XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC hXXp://VVV.iec.ch............IEC hXXp://VVV.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................view.........._...............\.....XYZ .....L.V.P...W..meas................................sig ....CRT curv.......................#.(.-.2.7.;.@.E.J.O.T.Y.^.c.h.m.r.w.|...............................................................%. .2.8.>.E.L.R.Y.`.g.n.u.|........

<<< skipped >>>

GET /img/Beginogo/Beginogo_BR.jpg HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.tatomayey.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Wed, 09 Apr 2014 00:36:38 GMT

Content-Type: image/jpeg

Connection: keep-alive

x-amz-id-2: qXuHGox4NQZaFlXgiCzB ZkcGMtIwr07EMrMvKJufR oTenFCjCwW2e gzafAbls

x-amz-request-id: A4A135272D6EE863

x-amz-meta-s3fox-filesize: 43160

x-amz-meta-s3fox-modifiedtime: 1384437539506

Last-Modified: Thu, 14 Nov 2013 14:01:25 GMT

x-amz-version-id: M6JEwdzsilvzVsINdsWWpi8JEVwt1nbK

ETag: "c9bec9d091ab8402ec856da80eede14c"

Content-Length: 43160

Accept-Ranges: bytes

......Exif..II*.................Ducky.......<.....ohXXp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:33EF7B7B3E24E311927FBCF44F044CBF" xmpMM:DocumentID="xmp.did:AE4D09524D2611E39950E309313A7E5D" xmpMM:InstanceID="xmp.iid:AE4D09514D2611E39950E309313A7E5D" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3933C4A2183FE3119EBADE52D0CCAE41" stRef:documentID="xmp.did:BE7256AC244A11E3A018FD60ACFE8DE2"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...................................................................................................................................................0.....................................................................................!....1...Aa".Q..q.2#....B.&.....Rr.3..$.b...C.Scs..4D...T^6........................!1..AQaq"....2..B.....R.rb.#..$.............?...KgD@.QQ..t.-....EF/....tD.U....@....9TTb...KgD@.QQ..:............[:".*.._s..l....*1}..%.. r....:............[:".*.._s..l....*1}..%.. r....:............[:".*.._s..R#. r.....*%

<<< skipped >>>

GET /img/Rerarapepe/logo.png HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.tatomayey.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Wed, 09 Apr 2014 00:36:38 GMT

Content-Type: image/png

Connection: keep-alive

x-amz-id-2: DqbruMuBPc4PW2oao60VwcnVboJEDLrAcKiEb2Nb1uaI9AQ63tvah6TJnTJoabJ0

x-amz-request-id: DB82A4C34D62E506

x-amz-meta-s3fox-filesize: 10944

x-amz-meta-s3fox-modifiedtime: 1384099835051

Last-Modified: Tue, 12 Nov 2013 11:05:48 GMT

x-amz-version-id: bDPFTNRsfueKXbAbmeVgRbPvzBoRvTw2

ETag: "0440e25b659207aaea00512d9a0a9924"

Content-Length: 10944

Accept-Ranges: bytes

.PNG........IHDR...L...^...........*.IDATx....T.....M...F."b.....F.Q....{.%..{E.........{.H....J.~*.....gN..j....._.Z..g..ff.....9C."..t:]'.F3-55uOjZz.......o....\...'....&J4[O*.=i.`%Y...................E.".....Z.>.69%;6.....HNIEFf&.J.,..r~..}.p).....e..V...3./)....A\|.............. k,Q...M..B..h....../..N........#..!V.P.y'X4J...v...Z...o.{ ''....L9....M.....7...l....Ml..SS..........$..C!.3.\...........A.'.......m_..%x...."@....)V%.?|WX...Y\.C.c.r.V..R....g...:.\2....4..M.R9X..b...b......,.U..t.b...Z...P..Q*......7.......t.B.{....@jY!.....Q......Tdk...3;...s..0... ....@.&..m.ktE.f. I.M..1...`..V..d[.9..qG.&".U..C..u...W.C{..4'..v?.....\..>......h<.C{.(4...u...G..E=Gvj..7[.?.:.?.K.9...e..s........,--=....[W'...v......R....^<...!..]........>..j........].v.....j.v..l.j.V.wn.j.&(I.][.r...Q.x..>....Hay...99f..;.%..R..Q_...h4Sy...a]....J.dQ..o........... 9...8.2Br..)...a)w..]...h.f.K.}#i.T[.......u..(.;.....d=....,..{....Z..._.Q..t:... ..H.R..Wt.f^...'6.Xu.\.DU*...u.oAK....&KQ.# .%.Q..f......{34.-.>.M............6'(.8@.y..Z.......$.UP:...i.../..5....V:..\...@.m'@B.:..f.\..,......17.......&.Qn..t..DJ.~w..z.j..........e.Q......&..tX...s.5s*..OA...HY......c...d@. .\.B..n9i..k.@.j.m[)...!h..P..r..,A...A..b......O.Oyr.i..".*....m.EA8...r....T.6H.DP.....n.y=4.LG..1m2N.n.G.rX..........?.....5%mp.A=...H@.C.a5.k.J.V/....J.r!..W.t..r.#Y..J.g.c...{.H,N...>r..lY.'.4.....m.....D.t..YT.d. hN..P.K`.....%\..a-..~....l..s....?...5....8..P... ......5.............3u"...#s..(....7@R,.....Es.9..(...m#k.8...tiP..

<<< skipped >>>

GET /img/Rerarapepe/logo_new.png HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.tatomayey.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Wed, 09 Apr 2014 00:36:38 GMT

Content-Type: image/png

Connection: keep-alive

x-amz-id-2: s9Pbid683I bLXCdgFIQMns4aeNczfz IoURyfEySnoQyRDiyb1hRNcGRzIr0eeP

x-amz-request-id: 2463B02AC48341CD

x-amz-meta-s3fox-filesize: 4569

x-amz-meta-s3fox-modifiedtime: 1388397217065

Last-Modified: Mon, 30 Dec 2013 09:53:59 GMT

x-amz-version-id: FBdIFQNqjG8fAIwxlMklzjPUXqz3Asib

ETag: "3263ff057b8e7380f7579d5aaab2bfdc"

Content-Length: 4569

Accept-Ranges: bytes

.PNG........IHDR...2...2......?......tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:2A43320D713811E3B459B11FBD9400CD" xmpMM:DocumentID="xmp.did:2A43320E713811E3B459B11FBD9400CD"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2A43320B713811E3B459B11FBD9400CD" stRef:documentID="xmp.did:2A43320C713811E3B459B11FBD9400CD"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>v.Gr...MIDATx..Z{p\U......$.l.6M.jc..P....T.N.*3.80`...:#.......3>...F..|...3>..hE..(...P-i..y7.$....{.=..w......6)...~.....~..;.PJ.....ur.n.......O|.&...hj&.H.e2$l..y.T*...D.3E.#.A -^t.....TzA-....P.N..i.'.........T..z>.GT.%r........"..H9....R...I......}..@.^../..?o.U...F..c.qA.H.?A.(a.....k....,.!Vb.......:58.K...@z>K[.......S_....T.......... lr......GU..~.....C......t24;f.M.R%...4......`............%..aZ`.... ..@..v...T.L.l9....R.M-0.&0^.`v. u....?Y....e..%.."ik..^....s.}.~.8Iu..?........m...{ix.KM..........,4R..........FF..W@......o.7]p!%Z..f.$k......hB.......DK...R.&..k..%#e.

<<< skipped >>>

GET /img/Mapayuy/LOGO.png HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.tatomayey.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Wed, 09 Apr 2014 00:36:38 GMT

Content-Type: image/png

Connection: keep-alive

x-amz-id-2: lZtoa4n Dbnfri5SYRfKWy 971CEtU 8ZfUk8yIq3FYJw6tYe2d0dfX7 rbU8UGA

x-amz-request-id: 295E407F946DC6E7

x-amz-meta-cb-modifiedtime: Mon, 10 Feb 2014 08:51:03 GMT

Last-Modified: Mon, 10 Feb 2014 09:24:37 GMT

x-amz-version-id: 5u3JQZ1GPK62zlrEEfaN7rrrBMh6wKoK

ETag: "14f5d50e6a8628e97604c97e4735fe7d"

Content-Length: 16671

Accept-Ranges: bytes

.PNG........IHDR...,... ........y....pHYs................OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...........Q,......!.........{.k........>...........H3Q5...B..........@..$p....d!s.#...~<< ".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I. .6a.a.@..y..2.4..............x.....6..._-...."bb.....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<......$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?....D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/.@.4.Qh..p...U..=p..a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., .......3...!.[..b@q..S.(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._... .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).)..4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC].@C.a.a......<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......

<<< skipped >>>

GET /img/CH_logo.png HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.tatomayey.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Wed, 09 Apr 2014 00:36:38 GMT

Content-Type: image/png

Connection: keep-alive

x-amz-id-2: zp1PULbiC5hUvxy0Dymh5T457D/rZ5zN8ajMpAguAxyar02iEIIDd98fSlBvb3oR

x-amz-request-id: A991D3B5E2D84417

x-amz-meta-cb-modifiedtime: Thu, 21 Nov 2013 15:31:44 GMT

Last-Modified: Thu, 21 Nov 2013 15:40:01 GMT

x-amz-version-id: osjur0cYkvY0gJkbPOZZ_tbD.fAnrMVX

ETag: "ad8ed967a43ae4d7d6c28ff2ed3c8550"

Content-Length: 4577

Accept-Ranges: bytes

.PNG........IHDR.............Rf.2....pHYs..........o.d...OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...........Q,......!.........{.k........>...........H3Q5...B..........@..$p....d!s.#...~<< ".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I. .6a.a.@..y..2.4..............x.....6..._-...."bb.....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<......$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?....D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/.@.4.Qh..p...U..=p..a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., .......3...!.[..b@q..S.(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._... .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).)..4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC].@C.a.a......<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......

<<< skipped >>>

GET /img/Rorawaker/Rorawaker_Logo.png HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.tatomayey.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Wed, 09 Apr 2014 00:36:39 GMT

Content-Type: image/png

Connection: keep-alive

x-amz-id-2: /Q6othGwKxNdKUYFFi2DJj6bE4vop7h0GZRK qerNSOC6Rs2irTNaC5DPtM7Zi j

x-amz-request-id: DE597F2871C35391

x-amz-meta-cb-modifiedtime: Sun, 16 Mar 2014 15:15:43 GMT

Last-Modified: Sun, 16 Mar 2014 15:16:12 GMT

x-amz-version-id: gZHkojfQQbPQRO6L43o4Qv0_5LboQGm5

ETag: "5ea806f38dd30529aed6e9c467ab7fb3"

Content-Length: 7685

Accept-Ranges: bytes

.PNG........IHDR.......(......}VB....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:6DADCFC9ACE211E3A5B1F522388DA20B" xmpMM:DocumentID="xmp.did:6DADCFCAACE211E3A5B1F522388DA20B"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:6DADCFC7ACE211E3A5B1F522388DA20B" stRef:documentID="xmp.did:6DADCFC8ACE211E3A5B1F522388DA20B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..du...yIDATx..].X.g..\.V9l.%g....D...E .b.u[k......n...|...S.vw...k...D.j......"[......H.*I8...$...d..L&L...H.y.g. .yg........;..z=.n..n....C.n.6q.s,;.Y...X....n....HLH.J|(..=.?.vQ............/%........O.t.L..}.g.T..v.-..Y......;.. .t..F.e9./Ha...m=X..a._._....?v.........~-...l....."...q..I.........WR...".<y".A...5B.*......'.....H&.9L.;.r....t.,.Z.......= X.8..=.."....d.?.?dL.{.....r.-{].kW-t..F..^.....iy.4......Z............../b.h.B...?...JL..f...cH...fr..g.O..t......4/..a.1H...!{]..k....O..7..4...X..v.................]J..s.g...f......@.eU..V#@....'.....d4..m.vu.....]_T....i.!i..9...&...

<<< skipped >>>

HEAD /flash-ie/install_flashplayer11x32ax_mssd_aih_ie.exe HTTP/1.1

Accept: */*

Host: cdn.neoinstaladores.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Content-Length: 0

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 200 OK

Server: nginx

Content-Type: application/x-msdos-program

Last-Modified: Tue, 19 Feb 2013 17:44:02 GMT

ETag: "a5c0e89-f5558-4d6176318bc80"

MyServer: powah2

MyServer: CDN001

X-UA: cdn

Vary: X-UA

Content-Length: 1004888

Accept-Ranges: bytes

Date: Wed, 09 Apr 2014 00:42:48 GMT

X-Varnish: 2097491102

Age: 0

Via: 1.1 varnish

Connection: keep-alive

MyCache: vCDN001

X-Cache: MISS

GET /img/Rodedowo/Rodedowo.png HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.tatomayey.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Wed, 09 Apr 2014 00:36:37 GMT

Content-Type: image/png

Connection: keep-alive

x-amz-id-2: UNiVDmYblbMK2V0zf42yr6wGR7HjHaOQTpNTyrgzNNMLM1fSPe13AsuTZdd6 T3J

x-amz-request-id: 9680BAE4ACE66F7C

x-amz-meta-cb-modifiedtime: Sun, 30 Mar 2014 14:27:53 GMT

Last-Modified: Sun, 30 Mar 2014 14:28:44 GMT

x-amz-version-id: PmI6WLH3gY4TjiVC6NwxRIKM1yOR1Nu8

ETag: "263072b8bd388c4c7e43d56565d36a0e"

Content-Length: 7825

Accept-Ranges: bytes

.PNG........IHDR...0.........0.......sRGB.........gAMA......a.....pHYs..........o.d....tEXtSoftware.Paint.NET v3.5.11G.B7....IDATx^...[.........}./s........Af..d.A.Q.......&.ep..1...c4..1z^..w.....u...T|jU....7...U.......H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#l...O.>z..n.....O?.d7.h.........{.U..qq......^..../..6...]^^.{|..exx.........ibb.....gA.....t.v{..7o......C.\.r....k./]...c..E.v..U......m.t../oS ........?n.{...v.Ojj..S..../_.LJJ*..nmm=....#...w...{{.....o_[[....1.....ddd..o..B=SRR.........[ZZt.......v.@.]......~..no....{zzjkk.....p_}...mnn..j...3..^.....x.RWW766fw.....@z....={..A............rD .W.*..T.....[...}..y..eeeepp0&&f~~.^.G9.r..w....k....v..gqqQ'..H.tRqqq!JI. .... $...tE.....^:;;U...............Kt......E_0..fff...e...{..yc..h_QQQ..B)......v{....._..511q .T__.".n..B........R........~.}.vaa...KeeeYY...b..'.R.@.X!Y~..w...;w................Z......._~..UM....H---v....o ........nox...remm.......S.011a7..).t......(.....F ..\8y.....@..?.o ....\..k..s...:d.......X.....;.../_.m/a....i.......O....K.d...@..?.o ."....vc..#G...........k...#XQ...3]..rv{..H.o....),U..={.n......./jkk...;.H:........)@ ....8p.nl(((.z..5.<.U..;........nl....h ........n.=.......r1;;;--....v. ..

<<< skipped >>>

GET /img/Rulilap/bg2_us.jpg HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.tatomayey.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Wed, 09 Apr 2014 00:36:37 GMT

Content-Type: image/jpeg

Connection: keep-alive

x-amz-id-2: I/UKC10gdJp7xXk7ULm9XGXZyJNoIL hVU5jEwkVTC35k1001LxJm aADOzBP52

x-amz-request-id: 46CFDB551B799300

x-amz-meta-s3fox-filesize: 38100

x-amz-meta-s3fox-modifiedtime: 1389785576439

Last-Modified: Wed, 15 Jan 2014 11:35:17 GMT

x-amz-version-id: w0UWnIbQ_UBdAc0gCrQmsS8rQmaX02Ja

ETag: "5a7e847f6c6f35396fc3451bb0fe2973"

Content-Length: 38100

Accept-Ranges: bytes

......JFIF.....`.`......Exif..MM.*.................b...........j.(...........1.........rQ...........Q...........Q..................`.......`....Paint.NET v3.5.10....C.....................................'!..%..."."%() , . /3/*2'* *...C...........*...**************************************************........0.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...;Y.g..`.i..'5.h.....7.oc..1..pOM.6...?C."...[.0...'.X...n..U[...v...5..N..w<.<EirEYw1.m.O..g..(\.L......~.......`...=:...y/%Qn....I....HC(o9..V9E.@>..V.-#..x.>.uX..-.!3I!....XG@....C....~|*..}..D.p...*8.Q.Q.()-D.m.....;..(.......#1n..w.r~....(G..k*.....}.n.B..0..i."...........F....'..M5.[.4.....K?..}..@.T[X.'..'.?Zl.....Z@q.:c...s....]j.9..)$;%.X.P..t...O....6......&I.*.....b..I.....d^c'.GR..g[B.*....._\v....,.V....yZ0N..'..T...l.4........9=....... (-.qoi....F7......S..I....^Co4.."i.8c..=._..u.*nt.1|.MFZ.:.:t..,Z.>.!...&..Qg.Yh61io$...........K...~0. .......63..PX.....{. ...n.B.@..>.1.x.m:..I.n...d..9.&i`.I`..%$.E.7/z.].O...[."72...c.....*{.y%..C.Hv........s.Z.>....C...<...Y.`s..........J..m-.o.M<kg...[FetL.Q..Z..F.7...........}q]41

<<< skipped >>>

GET /img/Rulilap/bg3_us.jpg HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.tatomayey.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Wed, 09 Apr 2014 00:36:37 GMT

Content-Type: image/jpeg

Connection: keep-alive

x-amz-id-2: aobmH4YAkVEcQmZN5RXsmcjlBrcTgLfNX4Eo xJjBq1qRlSLuSiTxyiq8uu4JwIw

x-amz-request-id: FE2E9DC596DDAE9F

x-amz-meta-s3fox-filesize: 36525

x-amz-meta-s3fox-modifiedtime: 1389785629555

Last-Modified: Wed, 15 Jan 2014 11:35:18 GMT

x-amz-version-id: jYTTA8v_SMd1faiNeab09_IHAXeiDqV3

ETag: "0df5d68537b1b7fee918c0faef9cace2"

Content-Length: 36525

Accept-Ranges: bytes

......JFIF.....`.`......Exif..MM.*.................b...........j.(...........1.........rQ...........Q...........Q..................`.......`....Paint.NET v3.5.10....C.....................................'!..%..."."%() , . /3/*2'* *...C...........*...**************************************************........0.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..S.......[...K...m.....@......CZ6R...........{g.PKvD.Z-..bX..~a..O...sW9..|}........@c.....M{g..]......?.._..l.3...4.ob=.....]...=...(......*...C..VG.K..lX.....|J..........>VG..dT...c[b7h...n...Cxg\....q.m.'...~.]!.d,Fs....Z.w.j.....P.8.....~.}..<3...G.#.......k...............R`q....R............j\../k..`........:......O.\..5..ylP. ..@..FG_............dm...V...]5(..{;h.UTG.O.bz..Z.s...R........c.W.n..\F%.f}..~x.. ...&.l...2..M....[._z...u2T....>.,Eq..U.v.m..?...U2^B....J....FE.......P.u.).,.......\..R@.p.0=y...x.....t%.d..K..R1....k.....m</"x...K.....I...\.....ug.>{.......... .N.fU.$....E..@3..m.R.<.a.i..h.g*}..w~.....Z.O..".,w\...-fQ.\6~|.1.?.Z.....g].i.{.h..\j.g....N.#...:.0...!R.....p..sWy./...f;q..'?Nj....oI..t....[w....S.".......$...1I.i.

<<< skipped >>>

GET /img/Rulilap/bg1_ru.jpg HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.tatomayey.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Wed, 09 Apr 2014 00:36:38 GMT

Content-Type: image/jpeg

Connection: keep-alive

x-amz-id-2: SCP7Pv hqlOdruc9xq1mXK3fuGs9FNLD3K032XdkTrzchoU8MRDCDua55g9WtdF6

x-amz-request-id: CB05761740552F58

x-amz-meta-s3fox-filesize: 35554

x-amz-meta-s3fox-modifiedtime: 1386508713985

Last-Modified: Sun, 08 Dec 2013 13:19:54 GMT

x-amz-version-id: 2bjbhqOBmzpdJ.nRXR0gOs11MRgY3c8F

ETag: "dd14964fdf02d6f23a7508f5c22eba5e"

Content-Length: 35554

Accept-Ranges: bytes

......JFIF.....F.F......Exif..MM.*.................V...........^.(...........1.........f.2.........x.i...............F.......F......Paint.NET v3.5.10.2013:01:03 10:50:49............................................................(.................H.......H.......XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC hXXp://VVV.iec.ch............IEC hXXp://VVV.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................view.........._...............\.....XYZ .....L.V.P...W..meas................................sig ....CRT curv.......................#.(.-.2.7.;.@.E.J.O.T.Y.^.c.h.m.r.w.|...............................................................%. .2.8.>.E.L.R.Y.`.g.n.u.|........

<<< skipped >>>

GET /img/Rulilap/bg3_ru.jpg HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.tatomayey.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Wed, 09 Apr 2014 00:36:38 GMT

Content-Type: image/jpeg

Connection: keep-alive

x-amz-id-2: 2WmDYJFWfC/kt7z0n7T79xuWz3SeMua1sSQ7jrgv5QR9wGIZuGX41S 1yMRUiMD5

x-amz-request-id: DBF045DE1F39AB1A

x-amz-meta-s3fox-filesize: 34365

x-amz-meta-s3fox-modifiedtime: 1386508755717

Last-Modified: Sun, 08 Dec 2013 13:19:54 GMT

x-amz-version-id: QETb6tdpD79RZgAimPMj2WtlXGZuYSmS

ETag: "2d59c5aa5865298c284e730094c347e5"

Content-Length: 34365

Accept-Ranges: bytes

......JFIF.....F.F......Exif..MM.*.................V...........^.(...........1.........f.2.........x.i...............F.......F......Paint.NET v3.5.10.2013:01:03 11:34:53............................................................(.................H.......H.......XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC hXXp://VVV.iec.ch............IEC hXXp://VVV.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................view.........._...............\.....XYZ .....L.V.P...W..meas................................sig ....CRT curv.......................#.(.-.2.7.;.@.E.J.O.T.Y.^.c.h.m.r.w.|...............................................................%. .2.8.>.E.L.R.Y.`.g.n.u.|........

<<< skipped >>>

GET /img/Beginogo/Beginogo.jpg HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.tatomayey.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Wed, 09 Apr 2014 00:36:38 GMT

Content-Type: image/jpeg

Connection: keep-alive

x-amz-id-2: NqQeHZi7FJ/sug7bwrPjwztGRqKIjFhsiyuvQDt5adV6wIyqQf3QMy0zuJjLZunR

x-amz-request-id: 7862DBF0E0627593

x-amz-meta-s3fox-filesize: 37929

x-amz-meta-s3fox-modifiedtime: 1382011633155

Last-Modified: Thu, 17 Oct 2013 12:07:26 GMT

x-amz-version-id: 4auxrXdrV3WtxExGpU52yT107qO6gef5

ETag: "b553972dbe94b80271fa862af06388cc"

Content-Length: 37929

Accept-Ranges: bytes

......Exif..II*.................Ducky.......<.....ohXXp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:33EF7B7B3E24E311927FBCF44F044CBF" xmpMM:DocumentID="xmp.did:211C4C9C372411E3B45185D3B2B5D9C4" xmpMM:InstanceID="xmp.iid:211C4C9B372411E3B45185D3B2B5D9C4" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:5E941781F724E311B036C0E7691E1950" stRef:documentID="xmp.did:BE7256AC244A11E3A018FD60ACFE8DE2"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...................................................................................................................................................0..........................................................................................!1..AQa."2R..q...B#......r.S$..b.3.T5Uu6...Ccs4.......t.%.D.e&F7(8......................!1..AQ..aq"..2......B..Rb.#..r.3CS................?...T....R|G.@...>..........O.....'.}t.j.....S.G.@...>..............R|G.B.T......>#...O..]..O..].j..>........5?.}t...#...R|G.@...>................&lt

<<< skipped >>>

GET /img/Beginogo/Beginogo_N.jpg HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.tatomayey.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Wed, 09 Apr 2014 00:36:38 GMT

Content-Type: image/jpeg

Connection: keep-alive

x-amz-id-2: q6oYehOoI13uD2b0nClF2TZcrVOXvXr9QHDqqznmxOmzy1C 1M3SZOvwOBC5Ou4S

x-amz-request-id: EE5EA1EAD13D9AE8

x-amz-meta-s3fox-filesize: 23761

x-amz-meta-s3fox-modifiedtime: 1388991951660

Last-Modified: Mon, 06 Jan 2014 07:09:20 GMT

x-amz-version-id: sKWpUx.WhbZC1jjnYPCb8EOxx4iQ83Ua

ETag: "4de9e0eb19e81527d908efa2fe4434a1"

Content-Length: 23761

Accept-Ranges: bytes

......Exif..II*.................Ducky.......<.....ohXXp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:9B9064F37F5AE311BB22B1908A565EB5" xmpMM:DocumentID="xmp.did:62257EC2762811E39C5AB3EBCF48639C" xmpMM:InstanceID="xmp.iid:62257EC1762811E39C5AB3EBCF48639C" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:8DF15B4E0D76E3118CF1DDC511CDA77D" stRef:documentID="xmp.did:9B9064F37F5AE311BB22B1908A565EB5"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...................................................................................................................................................0..........................................................................................!1.AQa....q."2R...Uu......B.3S..4T..6V.#..br$..C...7.c%..DEe&......................!Q..1Aa.R...."3.q.2Bb.....#Sr....C............?................. u..x....T2.2g;;ts .}7.9.n ..9..f......MgKu.OT.......mN...L..v.E.!.......n"..K...qq4..F.F.b...mJM.H.V..1....i..t.F..W.$...f/M..&]...'.....*.......t.M..-D..

<<< skipped >>>

GET /img/Rerarapepe/Rerarapepe3.jpg HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.tatomayey.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Wed, 09 Apr 2014 00:36:38 GMT

Content-Type: image/jpeg

Connection: keep-alive

x-amz-id-2: 1iWAdnXTLi4LFhr/yjaElZPveYHgK4mh3DnYGQ0kErju21X6Wf9H9nt4MxZadGgX

x-amz-request-id: 6FFF113497E643FA

x-amz-meta-s3fox-filesize: 15799

x-amz-meta-s3fox-modifiedtime: 1394538949746

Last-Modified: Tue, 11 Mar 2014 11:56:45 GMT

x-amz-version-id: zPl9IpmeaG3ff3qZpgvUQzMtoydG8QKH

ETag: "3e2809731062d36b6ae81e70aef3b785"

Content-Length: 15799

Accept-Ranges: bytes

......Exif..II*.................Ducky.......<.....ohXXp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:F7DDEC055CA8E311B43CF856625B69D6" xmpMM:DocumentID="xmp.did:08AEC486A91411E3A978EB316F7617DC" xmpMM:InstanceID="xmp.iid:08AEC485A91411E3A978EB316F7617DC" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:B1126B7673A8E311B43CF856625B69D6" stRef:documentID="xmp.did:F7DDEC055CA8E311B43CF856625B69D6"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...................................................................................................................................................0........................................................................................!..1A..Qaq"..2R.......r.#S.T.B.$4..3s...bCdt%U....c......................!1..AQ...aq..."2R......b3..B.r................?..J. ..U.@@@@@@@A...."... .a..... ..U.@@@A.A.]A....Dq.....p:QS...C.u.....|OZ...D<GZ...@..h.#.....E_....:......:.<GZ...A..Z*...C.u.x.......:.e..27...EwQ..z........

<<< skipped >>>

GET /img/IE_logo.png HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.tatomayey.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Wed, 09 Apr 2014 00:36:38 GMT

Content-Type: image/png

Connection: keep-alive

x-amz-id-2: NxAquGDqQ/X4j 7qOQ5BOUIDaIX5GHvH8cLGooMfBPdAO3oyHGRNujr/q4xE fvq

x-amz-request-id: C0D1AD3D17666FF0

x-amz-meta-cb-modifiedtime: Thu, 21 Nov 2013 15:31:46 GMT

Last-Modified: Thu, 21 Nov 2013 15:40:00 GMT

x-amz-version-id: ULP9X2D2g9vGJo_NefwroanEdNt0Bt7c

ETag: "0866b0f3be00fd96d58f7fba54d6700d"

Content-Length: 5406

Accept-Ranges: bytes

<<< skipped >>>

GET /img/FF_logo.png HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.tatomayey.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Wed, 09 Apr 2014 00:36:38 GMT

Content-Type: image/png

Connection: keep-alive

x-amz-id-2: hIVRWCn 4KtFQ7BM8L81Fw CYNAE0Qb3ym6SU5upu9gxhaJWVEj3fLTRVjYBCNV

x-amz-request-id: A11C9AF0299E6595

x-amz-meta-cb-modifiedtime: Thu, 21 Nov 2013 15:31:45 GMT

Last-Modified: Thu, 21 Nov 2013 15:40:00 GMT

x-amz-version-id: g_t3b7eiRe5f7z2B5bSNHqt0MOq9rM5O

ETag: "6bcecb3debf7e4a0569b6a9d6e62adab"

Content-Length: 5025

Accept-Ranges: bytes

<<< skipped >>>

GET /ofr/sqlite3.cis HTTP/1.1

Range: bytes=0-197985

Accept: */*

Host: cdnus.tatomayey.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.4.5

Date: Wed, 09 Apr 2014 00:38:46 GMT

Content-Type: application/octet-stream

Content-Length: 197986

Connection: keep-alive

x-amz-id-2: 95jfNvqTgocjBeGm0cY1HdazEvHxPUDRrdV2DQKvxWF8x/LHP gENX18Bv0tOWIY

x-amz-request-id: D8A51A7FD03A0DEA

x-amz-meta-cb-modifiedtime: Tue, 08 Oct 2013 15:00:06 GMT

Last-Modified: Tue, 08 Oct 2013 15:04:47 GMT

x-amz-version-id: jQbkbrqtWmyTycsly3BWYbGSjaPAJVP1

ETag: "f01a40014ab59b35deb83677787e6a33"

Content-Range: bytes 0-197985/197986

CIS................C.......b.......P.........YK.....|3 ...r.g..D.AV].............#a!....2...sS.I.*k...n.J.8..y.u...8. ..[...TR...y4cv..?.MP.9-........Y.]........%..}^.g.1.n..w\...x|,....#]"f}.........J:..I..y..xPm..a&.HM...aN...".....]5Nt... ..NF..$....\|..g.k.@.O9$...D.<6{.W-gt..J.D.g&....y.......i...?.]..l..?.m..qE...x...0.4Y/./<?P..<...V...pw..a.Fs5..?{h....Gy]"...Lb..Sl...S..##n....T<%]H.=S.O.U/....H.A.Fu'.?zc_.......V.BAd'"...XU...W0.....-.................C.c.V..4.....r...|S3.)...<.]......"S{...........CoE...h...U......._.G"o....G.F\<6............Y.b.-.V.;......h....?}`..y?5.a....l6C..B..z..h..ZW.......<.C.M... .T.%...9......B.@.YW..#.....!.L}...^fU.6.qC......C...5.\....l$...?..EF...cH.S...7Z.!g$...RG..}.?g.D.r.. ...|'.Sh..."....E.[..W.5...r..!z.....~c'.......$t....X&*..r.#......=...sa..R...XGa.....7...=..."....@#m_..o.J..j..{..O.......l. ..:....G..zI..e..@{.0..L....2`X..9..8...y...M>.tq>D.."...H5..V.l~^e5h.6:.Wu.Y....f)Ln.y..ZoM.,b~.r.p.]c..>`..f..?.t...]\..4.p....WJS(x..3.Zp...%`f..bO.v.(s.F_ .5.`..O...)6z..d.PrpI.8sMsP.aM. ]c.#.w=o#....Z.#.%,....h..<...i.)..9n....W..s{i.......i?.(?.....TP".1..`~u....sF)./'...#.Xu.....Rp.x.u...=..F.k....O..%.w..~@.6..g...,..Yr...{/..~A.?.... ....._2......."o_>..J.6H.@V.t.$. ...Nw.~."..T.f.a...B...:....R.6....l.V]..! .Bt....cY.-.,...... W(..o?>.B..7..j.0.....Vb..Db....G.pa.E.9.>..q....R....E....v.X.....R.....W<.c..].. ......w.z..eq...$./.\_>r.5".... I._n\O".t.."....F.....S.'.K.Z..-C.{.&<sM......O...Y....9..c....9;..)&6eC.

<<< skipped >>>

HEAD /ofr/sqlite3.cis HTTP/1.1

Accept: */*

Host: cdneu.tatomayey.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Content-Length: 0

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Wed, 09 Apr 2014 00:36:37 GMT

Content-Type: application/octet-stream

Connection: keep-alive

x-amz-id-2: yGuRl4hzCY vJFRqopdFIVFE8fxxW52PDjuhdNJJaPBgviiZOoqbOWShBe1DZdLb

x-amz-request-id: 0C1DFD26007CE165

x-amz-meta-cb-modifiedtime: Tue, 08 Oct 2013 15:00:06 GMT

Last-Modified: Tue, 08 Oct 2013 15:04:47 GMT

x-amz-version-id: jQbkbrqtWmyTycsly3BWYbGSjaPAJVP1

ETag: "f01a40014ab59b35deb83677787e6a33"

Content-Length: 197986

Accept-Ranges: bytes

GET /ofr/sqlite3.cis HTTP/1.1

Range: bytes=102400-197985

Accept: */*

Host: cdneu.tatomayey.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.0.10

Date: Wed, 09 Apr 2014 00:36:38 GMT

Content-Type: application/octet-stream

Content-Length: 95586

Connection: keep-alive

x-amz-id-2: yGuRl4hzCY vJFRqopdFIVFE8fxxW52PDjuhdNJJaPBgviiZOoqbOWShBe1DZdLb

x-amz-request-id: 0C1DFD26007CE165

x-amz-meta-cb-modifiedtime: Tue, 08 Oct 2013 15:00:06 GMT

Last-Modified: Tue, 08 Oct 2013 15:04:47 GMT

x-amz-version-id: jQbkbrqtWmyTycsly3BWYbGSjaPAJVP1

ETag: "f01a40014ab59b35deb83677787e6a33"

Content-Range: bytes 102400-197985/197986

..."jM~1{..1J...T..q.R......F.hx.}.....W...o..u...d..C .q.'T..?@N._.z~....:.I...n..p*....9O&..s.|o..g...%...$.U..n-..}......./.....\..#..y...7Y<g...(#.....w].[.3....$f.C......MF.w..&.... ..;.u.g.VC..~6...J%{.}.t...Df....{k. .(..].9c...Y.Q.<.T.^..\.I.-.../..>..!p.........M..e..R....m...F..........:.E...S..."..J...v3)...z.f..T......1...G.0......zH.E. ...2.5...26..R.@.........2..[..\.E..o.h..u..N %.m.h.../X.!.7K[.h...1...jh....U..... G}-1......XV(.....q*.t..b...P&X.xg.......Xd....*..r`..T..=..(...4Dr....,.2..`~..Qz..N.Z.p.s.....L.......u.gz5=../.T.J..q..9...}.='O....x...........(.g....T4C.........v....9,^_.......4m.7_..<h.wB|!$....<..l.b.>.b... -.]...?...Jl...%W.4.. ..Q............f.....l.06......J.(K..4.X.n5.8E.{.g.H.....Z5..>...4..'Q5V.).._o..:.CJ.E.....W.....6.._..(......K.O..J...L...b.w.9..4...}...kE.xL............U..7$.f.....R)..;Vl.AL2..C.j...e.MA.u...Wk........?..1C..F...v,i..../.......*D....e&:.0.[.Q5..........:.....:1..D.Y..U.?-.e.2X{v...pc..K.$k.....:t.....l....rP.J4I.....Pr1.Q.~[.qT...A.-.psy..Rd....9.7........$..U.7K......g..D..U..m....n. ......}.58.T*...!.F.I.k...R...a..w..z..h.p.3i..w.....K...<..aJ.h..W.<$8.... ..3s.P..:j..K... .}@..../...W@..9..8.G.../..[/..7..(:d.;....G!.:..3.z...$v...\.=.(.q.....)a.!q....Xm...;..#.L.Z...].Q2W.....7........"...."wgM.U.#v.....*...g.5X..R.-Gk.O.]....My..* .d..\.r*..?..Y....c.'.Ie...T...go.R..q..G)...}.... .~.Cu~n..O.~S....."`....&.@.6.....-......O.D.2..9GrS..4.., .,.=..?.$ .52. Z........I.kA...#4...x..Bs..@..?..........S.."..1.x.L.J.$G.D...

<<< skipped >>>

Map

Strings from Dumps

%original file name%.exe_1476:

.idata

.rdata

P.reloc

P.rsrc

.dll3

kernel32.dll

.DEFAULT\Control Panel\International

File I/O error %d

lzmadecompsmall: Compressed data is corrupted (%d)

lzmadecompsmall: %s

LzmaDecode failed (%d)

shell32.dll

/SL5="$%x,%d,%d,

Inno Setup Setup Data (5.5.0)

Inno Setup Messages (5.5.0)

user32.dll

oleaut32.dll

advapi32.dll

RegOpenKeyExA

RegCloseKey

GetWindowsDirectoryA

MsgWaitForMultipleObjects

ExitWindowsEx

comctl32.dll

name="JR.Inno.Setup"

version="1.0.0.0"

name="Microsoft.Windows.Common-Controls"

version="6.0.0.0"

publicKeyToken="6595b64144ccf1df"

!'%s' is not a valid integer value('%s' is not a valid floating point value

'%s' is not a valid date

'%s' is not a valid time!'%s' is not a valid date and time

I/O error %d

Integer overflow Invalid floating point operation

Invalid pointer operation

Invalid class typecast0Access violation at address %p. %s of address %p

Operation aborted%Exception %s in module %s at %p.

Application Error1Format '%s' invalid or incompatible with argument

No argument for format '%s'

Invalid variant operation"Variant method calls not supported

External exception %x

%original file name%.exe_1476_rwx_00401000_00001000:

.dll3

%original file name%.exe_1476_rwx_00900000_000A0000:

.rsrc

6|%x=n~0

kernel32.dllw)

a.aUCNM

l.Tc_It.

<8999940,(9999$

Keyw

3%Cp)

r%DnI

.FDiag

Ha=.hnY`

?7E(AL("%s",4),"

#}%c!

u..Qi

4'.Yt

-i.aN&,

keysK<</pre><pre>.jw@]</pre><pre>2301654879'</pre><pre>a.thz</pre><pre>Ht.HAG</pre><pre>tLcibD.ZPo</pre><pre>%uhrskNr</pre><pre>*.*2XE</pre><pre>.dwcnh</pre><pre>nmhpjhc03.fcclJLO</pre><pre>1.2.3'</pre><pre>THttpR</pre><pre>pM.DJ?</pre><pre>}.EOtJ</pre><pre>bVsqlz3_</pre><pre>T.lLp|</pre><pre>H.NOr0</pre><pre>,zH-S.Gg</pre><pre>.IV`F</pre><pre>w'|%C</pre><pre>.FJn`</pre><pre>.H.VZ</pre><pre>Mozilla</pre><pre>\O.Rhn</pre><pre>.cjjm0).S"'b</pre><pre>.rdf'.fksd'</pre><pre>fe..js</pre><pre>nt_urlzi`</pre><pre>Q$.Xp'Q</pre><pre>HURL</pre><pre>`_Key=c</pre><pre>Da.Agt&(-</pre><pre>%dnZC</pre><pre>Uix.obk</pre><pre>_%tCp</pre><pre>msGu</pre><pre>|%F~E</pre><pre>.ke;o</pre><pre>M".rv</pre><pre>Cfg.Fw</pre><pre>.LqW]E).rG</pre><pre>I.hlpkI</pre><pre>I.dd\</pre><pre>B.ssrsko-!</pre><pre>Íd4</pre><pre>[hx.XuRR</pre><pre>HTTP_CbBXR</pre><pre>'ExeChkSum=</pre><pre>'%s' i</pre><pre>tkA.CH</pre><pre>OycC.Ej</pre><pre>2.1.0</pre><pre>%XoUa<19</pre><pre>8b8%SO</pre><pre>mGOPIPE</pre><pre>j0Ø#</pre><pre>.iGF>'</pre><pre>qah`k,.nlvcbqff,-U>o</pre><pre>z`o1caig2,.hf5b</pre><pre>J?.DD@</pre><pre>.Rh_w</pre><pre>c.cl/</pre><pre>%dh{'</pre><pre>Yi.iK</pre><pre>X.Qpv</pre><pre>.YpDEE</pre><pre>)).fy</pre><pre>:u.bW</pre><pre>[u.bu</pre><pre>*0)X/%x</pre><pre>@.GGG</pre><pre>"$ %),'8</pre><pre>"$"!(&&$' )#</pre><pre>- /*-( ,'.-</pre><pre>*/.)*72-7)</pre><pre>#-**(-#,</pre><pre>&",,/- '</pre><pre>P.reU</pre><pre>KERNEL32.DLL</pre><pre>advapi32.dll</pre><pre>comctl32.dll</pre><pre>comdlg32.dll</pre><pre>gdi32.dll</pre><pre>ole32.dll</pre><pre>oleaut32.dll</pre><pre>shell32.dll</pre><pre>URLMON.DLL</pre><pre>user32.dll</pre><pre>version.dll</pre><pre>wininet.dll</pre><pre>HtmlUIInstallerSADLL.dll</pre><pre>"GhhWurln</pre><pre>GhhWurln</pre><pre>&GhhWurln</pre><pre>rljunurln</pre><pre>GhhWurlnBbnjutisYGIvvn</pre><pre>]Y.Iv</pre><pre>LWJGhhWurlnSxejyn]YG</pre><pre>49022180-1</pre><b>%original file name%.exe_1476_rwx_009A1000_0013C000:</b><pre>kernel32.dll</pre><pre>MSWHEEL_ROLLMSG</pre><pre>MSH_WHEELSUPPORT_MSG</pre><pre>MSH_SCROLL_LINES_MSG</pre><pre>$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)</pre><pre>EVariantBadIndexError</pre><pre>htKeyword</pre><pre>EInvalidOperation</pre><pre>u%CNu</pre><pre>%s[%d]</pre><pre>%s_%d</pre><pre>.Owner</pre><pre>EInvalidGraphicOperation</pre><pre>USER32.DLL</pre><pre>comctl32.dll</pre><pre>UrlMon</pre><pre>IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")</pre><pre>JumpID("","%s")</pre><pre>TKeyEvent</pre><pre>TKeyPressEvent</pre><pre>HelpKeyword8</pre><pre>crSQLWait</pre><pre>%s (%s)</pre><pre>IMM32.DLL</pre><pre>AutoHotkeysHb</pre><pre>AutoHotkeys</pre><pre>ssHotTrack</pre><pre>TWindowState</pre><pre>poProportional</pre><pre>TWMKey</pre><pre>KeyPreview<i><pre>WindowStatetd</pre><pre>OnKeyDown</pre><pre>OnKeyPressP=</pre><pre>OnKeyUp</pre><pre>System\CurrentControlSet\Control\Keyboard Layouts\%.8x</pre><pre>vcltest3.dll</pre><pre>User32.dll</pre><pre>2301654879</pre><pre>A`bng`@ikc-4,uUxlxs-4,Ht.HA</pre><pre>Vh-0,Cd`jiVhlxwd-0,tLcibD.ZP</pre><pre>TThreadExecuter</pre><pre>TScanAllWindowsCallBackData</pre><pre>Portuguese</pre><pre>i\*.*2XE</pre><pre>i.dwcnhE</pre><pre>nmhpjhc03.fcclJL</pre><pre>i.ulzn1E</pre><pre>1.2.3</pre><pre>THttpTimeOutThread</pre><pre>THttpCallBackShell</pre><pre>Gx-21,\igh]ixyj-42,M.DJ</pre><pre>A`qjz``-0,ZkdkNgij.pc</pre><pre>Kcqjpc`-0,Aaj-1,gEdafa`.pM</pre><pre>SQL error or missing database</pre><pre>An internal logic error in SQLite</pre><pre>Operation terminated by sqlite3_interrupt()</pre><pre>Uses OS features not supported on host</pre><pre>2nd parameter to sqlite3_bind out of range</pre><pre>sqlite3_step() has another row ready</pre><pre>sqlite3_step() has finished executing</pre><pre>Unknown SQLite Error Code</pre><pre>sqlite3.dll</pre><pre>ESQLiteException</pre><pre>TSQLiteDatabase</pre><pre>TSQLiteTable</pre><pre>Error executing SQL</pre><pre>Could not prepare SQL statement</pre><pre>Error executing SQL statement</pre><pre>select [sql] from sqlite_master where [type] = 'table' and lower(name) = '</pre><pre>Could not prepare SQL statement</pre><pre>SQLite is Busy</pre><pre>https</pre><pre>t%f;u</pre><pre>SOFTWARE\Mozilla\Mozilla Firefox</pre><pre>8SQLit</pre><pre>install.rdf</pre><pre>DoSetChromeHomePage AL=</pre><pre>SELECT value FROM meta WHERE key='Default Search Provider ID'</pre><pre>SELECT short_name FROM keywords WHERE id='</pre><pre>Exception in InstallChromeExtensionRegistry:</pre><pre>manifest.json</pre><pre>UPDATE keywords SET sync_guid='</pre><pre>UPDATE keywords SET instant_url='' WHERE id=</pre><pre>keywords_backup</pre><pre>DROP TABLE keywords_backup</pre><pre>CREATE TABLE keywords_backup AS SELECT * FROM keywords ORDER BY id ASC</pre><pre>autogenerate_keyword ||</pre><pre>SELECT id || short_name || keyword || favicon_url || url || safe_for_autoreplace || originating_url || date_created || usage_count || input_encodings || show_in_default_list || suggest_url || prepopulate_id ||</pre><pre>created_by_policy || instant_url || last_modified || sync_guid</pre><pre>FROM keywords ORDER BY id ASC</pre><pre>RemoveChromeSearchProvider - cannot remove</pre><pre>DELETE from keywords WHERE short_name='</pre><pre>RemoveChromeSearchProvider - exception:</pre><pre>SELECT id FROM keywords WHERE short_name='</pre><pre>Home URL</pre><pre>Amazon.com</pre><pre>eBay.com</pre><pre>Merriam-Webster</pre><pre>Suggest URL</pre><pre>Opera Preferences version 2.0</pre><pre>; Do not edit this file while Opera is running</pre><pre>Key=c</pre><pre>Suggest URL=</pre><pre>Protocol is unsupported</pre><pre>Retrieved Filename from Url:</pre><pre>Restart attempts surpassed the maximum (</pre><pre>http://</pre><pre>New Source created, url:</pre><pre>, httpCode:</pre><pre>, url:</pre><pre>https://</pre><pre>, Url:</pre><pre>, old Url:</pre><pre>, new Url:</pre><pre>Switching suspended Server back to use; Url:</pre><pre>, HttpCode:</pre><pre>TDownloadConnection.Destroy() was called from not authorized thread (</pre><pre>HttpCode:</pre><pre>Unsupported 3xx redirect response, code:</pre><pre>HNetCfg.FwMgr</pre><pre>HNetCfg.FwAuthorizedApplication</pre><pre>]DKizHi-4,exc-1,Hc`hk-3.GI</pre><pre>6?0N2=.Lq</pre><pre>;768>1-80</pre><pre>005345000000</pre><pre>000000000000</pre><pre>000000000010</pre><pre>000000000030</pre><pre>cabinet.dll</pre><pre>Reporting failed on first attempt, second attempt is cancelled (finallizing)! Url:</pre><pre>First report attempt failed, going for second! Url:</pre><pre>The report failed! Url:</pre><pre>Successfull report, Url:</pre><pre>TUninstallExecuter</pre><pre>TUninstallExecuter can be created only once.</pre><pre>RootKey:</pre><pre>RegDelKey:</pre><pre>(FF) TUninstallExecuter.RestoreBrwAddrSearch: OpCode=</pre><pre>(FF) TUninstallExecuter.RestoreBrwSearchProvider: OpCode=</pre><pre>TUninstallExecuter.DoRun: Key=</pre><pre>CJ[hx.Xu</pre><pre>Downloading Bundles data from adServer on url:</pre><pre>BND_HTTP_CODE</pre><pre>&ExeChkSum=</pre><pre>Report main param:</pre><pre>Exclusive Execution mode is switched to:</pre><pre>Report param (pkg:</pre><pre>), exeName:</pre><pre>dwa.Err</pre><pre>dwa.State</pre><pre>dwa.ErrHistory</pre><pre>dwa.MaxSpd</pre><pre>dwa.AvgSpd</pre><pre>dwa.Time</pre><pre>dwa.HttpCode</pre><pre>dwa.PrtclCodeHistory</pre><pre>dwa.ConnCnt</pre><pre>dwa.Opt</pre><pre>dwa.Size</pre><pre>dwa.Progress</pre><pre>dwa.IsProxy</pre><pre>dwa.Restart</pre><pre>dwa.Heur</pre><pre>dwa.IsAcc</pre><pre>dwa.SrcNo</pre><pre>dwa.Url</pre><pre>GENERIC_WINDOWS</pre><pre>NO_JAR_SUPPORT</pre><pre>ole32.dll</pre><pre>olepro32.dll</pre><pre>IWebBrowser</pre><pre>IWebBrowserApp</pre><pre>IWebBrowser24J</pre><pre>TEWBWindowSetResizable</pre><pre>TEWBWindowSetLeft</pre><pre>TEWBWindowSetTop</pre><pre>TEWBWindowSetWidth</pre><pre>TEWBWindowSetHeight</pre><pre>bstrUrlContext</pre><pre>bstrUrl</pre><pre>OnWindowSetResizable</pre><pre>OnWindowSetLeft</pre><pre>OnWindowSetTop</pre><pre>OnWindowSetWidthDP</pre><pre>OnWindowSetHeight</pre><pre>grfKeyState</pre><pre>TComTargetExecEvent</pre><pre>CmdGroup</pre><pre>nCmdID</pre><pre>nCmdexecopt</pre><pre>hhctrl.ocx</pre><pre>URLMON.DLL</pre><pre>SHDOCLC.DLL</pre><pre>rcmDefault</pre><pre>rcmDebug</pre><pre>DontExecuteScripts</pre><pre>DontExecuteJava</pre><pre>DontExecuteActiveX</pre><pre>DisableUrlIfEncodingUTF8</pre><pre>EnableUrlIfEncodingUTF8</pre><pre>CheckFontSupportsCodePage</pre><pre>DisableSubmitUrlInUTF8</pre><pre>EnableSubmitUrlInUTF8</pre><pre>lpMsg</pre><pre>PMsg</pre><pre>pguidCmdGroup</pre><pre>TTranslateUrlEvent</pre><pre>pchURLIn</pre><pre>ppchURLOut</pre><pre>CmdID</pre><pre>pszUrl</pre><pre>pszUrlContext</pre><pre>szPassWord</pre><pre>ErrorUrl</pre><pre>OptionKeyPath</pre><pre>OverrideOptionKeyPath</pre><pre>OnTranslateUrl</pre><pre>OnCommandExec(g</pre><pre>'%s' is not supported.</pre><pre>TMsgEvent</pre><pre>TKeyEventEx</pre><pre>Port</pre><pre>Password</pre><pre>poPortrait</pre><pre>OnKeyDown|</pre><pre>0.750000</pre><pre>3333333</pre><pre>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent</pre><pre>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform</pre><pre>User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)</pre><pre>User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)(</pre><pre>This object does not support this method (</pre><pre>Unsupported type for Parameter with Index %d</pre><pre>Method call unsuccessful. %s (%s).</pre><pre>eiOnKeyDown</pre><pre>eiOnKeyPress</pre><pre>eiOnKeyUp</pre><pre>OnKeyPress</pre><pre>Handler with EventID = %s already exists.</pre><pre>Error on IConnectionPoint.Advise</pre><pre>Source don't have connection point for [%s]</pre><pre>JS function sync-execution failed with message:</pre><pre>] execution failed with message:</pre><pre>.html</pre><pre>MAPI32.DLL</pre><pre>LeftPopup</pre><pre>TPipeServer</pre><pre>TPipeObject</pre><pre>TPipeServerListener|</pre><pre>TPipeClientU</pre><pre>2.1.0.0</pre><pre>This exe was created with an old version of HtmlAppMaker.</pre><pre>LOG_URL</pre><pre>Log server Url is invalid:</pre><pre>Sending Log to the following Url:</pre><pre>Log Http request has failed, res:</pre><pre>irsoMsgDialog</pre><pre>irsoGetCurExePath</pre><pre>irsoJoinPath</pre><pre>irsoGetCmdLineParam</pre><pre>irsoGetCmdLineCount</pre><pre>irsoGetCmdLineIndexOf</pre><pre>irsoGetCmdLineParamValue</pre><pre>irsoGetCmdLineAll</pre><pre>irsoRegCreateKey</pre><pre>irsoRegCreateKeyTree</pre><pre>irsoRegDeleteKey</pre><pre>irsoIsRegKeyExists</pre><pre>irsoRegListKeyValues</pre><pre>irsoRegListKeyKeys</pre><pre>irsoRegSearchKeyKeys</pre><pre>irsoRegCopyKey</pre><pre>irsoHttpGetData</pre><pre>irsoHttpGetDataInThread</pre><pre>irsoLibraryExecuteProc</pre><pre>irsoLibraryExecuteProcW</pre><pre>irsoLibraryExecuteProcWithResult</pre><pre>!irsoLibraryExecuteProcWithResultW</pre><pre>irsoExecute</pre><pre>irsoIsMutexExists</pre><pre>irsoCreatePipeServer</pre><pre>irsoStopPipeServer</pre><pre>irsoSendDataToPipeServer</pre><pre>irsoGetCurExeCheckSum</pre><pre>irsoSetSQLiteDll</pre><pre>irsoGetSQLiteDll</pre><pre>TExecArgsX</pre><pre>H-4,njBdi-2,o-4,r.vY</pre><pre>iexplore.exe</pre><pre>firefox.exe</pre><pre>chrome.exe</pre><pre>safari.exe</pre><pre>opera.exe</pre><pre>PIPE_DATA</pre><pre>PIPE</pre><pre>THtmlUIExeApp</pre><pre>logurl</pre><pre>irsoExecutePackage</pre><pre>irsoReportPackageError</pre><pre>irsoReportPackageSkip</pre><pre>irsoReportPackageQuit</pre><pre>irsoReportPackageSuccess</pre><pre>irsoReportPackageInfo</pre><pre>irsoGetPackageFilenameFromHttp</pre><pre>irsoGetPackageExecExitCode</pre><pre>irsoGetPackageExecResult</pre><pre>irsoSetPackageRelProgressShare</pre><pre>irsoIsFireFoxInstalled</pre><pre>irsoIsChromeInstalled</pre><pre>irsoIsOperaInstalled</pre><pre>irsoGetFireFoxHomePage</pre><pre>irsoGetChromeHomePage</pre><pre>irsoGetOperaHomePage</pre><pre>irsoSetFireFoxHomePage</pre><pre>irsoSetChromeHomePage</pre><pre>irsoSetOperaHomePage</pre><pre>irsoSetChromeOnStartup</pre><pre>irsoAddChromeUrlToStartupPages</pre><pre>irsoGetFireFoxDefaultSP</pre><pre>irsoGetChromeDefaultSP</pre><pre>irsoGetOperaDefaultSP</pre><pre>irsoAddFireFoxDefaultSPFromXML</pre><pre>irsoAddFireFoxDefaultSP</pre><pre>irsoSetFireFoxAddressBar</pre><pre>irsoAddOperaDefaultSP</pre><pre>irsoAddChromeDefaultSP</pre><pre>irsoGetFireFoxEXE</pre><pre>irsoGetIEEXE</pre><pre>irsoGetChromeEXE</pre><pre>irsoGetOperaEXE</pre><pre>irsoGetFireFoxVer</pre><pre>irsoGetChromeVer</pre><pre>irsoGetOperaVer</pre><pre>irsoLocateSQLite</pre><pre>irsoGetFireFoxCookie</pre><pre>irsoGetChromeCookie</pre><pre>irsoIsFireFoxExtensionInstalled</pre><pre>irsoInstallFireFoxAddon</pre><pre>irsoInstallChromeAddon</pre><pre>irsoUninstallAddExeCmd</pre><pre>irsoUninstallAddOpenBrowserCmd</pre><pre>irsoUninstallAddRegistryKey</pre><pre>irsoUninstallExecute</pre><pre>irsoReportStart</pre><pre>irsoReportInfo</pre><pre>irsoSetExclusiveExec</pre><pre>isroSetReportUrl</pre><pre>An attempt to download bundle data was denied: adServer domain name must remain the same! Url:</pre><pre>Report Url changed dynamically from:</pre><pre>RepUrlChanged</pre><pre>\fuj-1,w U,P\O U,qah`k,.nlvcbqff,-U></pre><pre>TcUlue.PL</pre><pre>/UnExeFile:</pre><pre>UnExeFile</pre><pre>z`o1caig2,.hf5b Q,0cfh)914`,,34`6;ia2f=ae-3,L1</pre><pre>1.2.1</pre><pre>inflate 1.2.1 Copyright 1995-2003 Mark Adler</pre><pre>?456789:;<=</pre><pre>!"#$%&'()* ,-./0123</pre><pre>333333333333333333</pre><pre>33333833</pre><pre>3333339</pre><pre>3333333333333338</pre><pre>:*"*"$3338</pre><pre>33333333</pre><pre>33333333333</pre><pre>3333333333338</pre><pre>33338?383</pre><pre>333333333333</pre><pre>:*3:"$3338</pre><pre>333333333333333</pre><pre>.Rh_w</pre><pre>c.cl/</pre><pre>%dh{'</pre><pre>Yi.iK</pre><pre>X.Qpv</pre><pre>.YpDEE</pre><pre>g.Tdy</pre><pre>.MJCw L</pre><pre>)).fy</pre><pre>e.eVS{</pre><pre>KWindows</pre><pre>XisrWindowsEx</pre><pre>YisrUrl</pre><pre>kisrSQLiteTable3</pre><pre>isrSQLite3</pre><pre>isrSQLiteUtils</pre><pre>hisrPipes</pre><pre>HtmlUIExeApp</pre><pre>WaitNamedPipeA</pre><pre>PeekNamedPipe</pre><pre>GetWindowsDirectoryW</pre><pre>GetCPInfo</pre><pre>DisconnectNamedPipe</pre><pre>CreatePipe</pre><pre>CreateNamedPipeA</pre><pre>ConnectNamedPipe</pre><pre>RegQueryInfoKeyA</pre><pre>RegOpenKeyExW</pre><pre>RegOpenKeyExA</pre><pre>RegFlushKey</pre><pre>RegEnumKeyW</pre><pre>RegEnumKeyExA</pre><pre>RegDeleteKeyW</pre><pre>RegDeleteKeyA</pre><pre>RegCreateKeyExW</pre><pre>RegCreateKeyExA</pre><pre>RegCloseKey</pre><pre>SetViewportOrgEx</pre><pre>ShellExecuteExW</pre><pre>ShellExecuteA</pre><pre>UnhookWindowsHookEx</pre><pre>SetWindowsHookExA</pre><pre>MapVirtualKeyA</pre><pre>LoadKeyboardLayoutA</pre><pre>GetKeyboardState</pre><pre>GetKeyboardLayoutList</pre><pre>GetKeyboardLayout</pre><pre>GetKeyState</pre><pre>GetKeyNameTextA</pre><pre>GetAsyncKeyState</pre><pre>EnumWindows</pre><pre>EnumThreadWindows</pre><pre>EnumChildWindows</pre><pre>ActivateKeyboardLayout</pre><pre>GetKeyboardType</pre><pre>"$ %),'8</pre><pre>38000=344</pre><pre>&W!%C-7</pre><pre>%/ *(2'-=</pre><pre>1 0 .'7(2':</pre><pre>- /*-( ,'.-!$$$&'('/*) ,*/.)*72-7)</pre><pre>&)"%&$&'&",,/- '</pre><pre>SSSHHHK`````````````````q}</pre><pre>#)'%%'%'%</pre><pre>.idata</pre><pre>.edata</pre><pre>P.reloc</pre><pre>P.rsrc</pre><pre>P.reU</pre><pre>Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice</pre><pre>http\shell\open\command</pre><pre>PathToExe</pre><pre>mozsqlite3.dll</pre><pre>No sqlite3.dll</pre><pre>cookies.sqlite</pre><pre>"urls_to_restore_on_startup": [ ],</pre><pre>"urls_to_restore_on_startup": [ ]</pre><pre>"urls_to_restore_on_startup": [ ]</pre><pre>GetChromeDefaultSearchProviderFromDb - failed to get spid, returning default!</pre><pre>sqlGetQueryResultEx failed!</pre><pre>Opera\Opera</pre><pre>Opera</pre><pre>\operaprefs.ini</pre><pre>\profile\operaprefs.ini</pre><pre>\profile\opera6.ini</pre><pre>\opera6.ini</pre><pre>Software\Opera Software</pre><pre>locale\en\en.lng</pre><pre>\profile\search.ini</pre><pre>\search.ini</pre><pre>search.ini</pre><pre>\defaults\search.ini</pre><pre>DoRemoveOperaSearchProvider - cannot remove</pre><pre>" was sucessfully removed but references to its HexKey: "</pre><pre>TopResultURLFallback</pre><pre>FaviconURL</pre><pre>FaviconURLFallback</pre><pre>*.txt</pre><pre>.part</pre><pre>TDownloadAccelerator.Run() was ignored, since another download is currently in progress.</pre><pre>Urls:</pre><pre>Pause request ignored, servers without HTTP Range support will cause download restart.</pre><pre>The source dropped range support.</pre><pre>Uninstall\__Uninstall_.exe</pre><pre>Uninstall\uninst.dat</pre><pre>uninst.dat</pre><pre>regsvr32.exe</pre><pre>Waiting for all the ongoing reports to complete...</pre><pre>_EXEXE_</pre><pre>errorUrl</pre><pre>Registry entry removed: HtmlUI Browser object's IE7 fallback support is now enabled.</pre><pre>Failed to launch htmlUI from the following url:</pre><pre>main.html</pre><pre>Log server Url is not provided.</pre><pre>Log Http request has timed out.</pre><pre>Remote mask loading is currently not supported. mask:</pre><pre>Please login as administrator and try again.</pre><pre>Installer Account Name altered after at least one report already sent.</pre><pre>isroSetReportUrl() was ignored due to lack of Privelege Mode.</pre><pre>Installer Report Url changed after at least one report already sent.</pre><pre>.Uninstall\</pre><pre>No help found for %s#No context-sensitive help installed$No topic-based help system installed</pre><pre>OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters</pre><pre>OLE error %.8x%License information for %s is invalidPLicense information for %s not found. You cannot use this control in design modeNUnable to retrieve a pointer to a running object registered with OLE for %s/%s</pre><pre>Alt Clipboard does not support Icons/Menu '%s' is already being used by another form</pre><pre>!Control '%s' has no parent window</pre><pre>Metafile is not valid!Cannot change the size of an icon Invalid operation on TOleGraphic</pre><pre>Unsupported clipboard format</pre><pre>Invalid data type for '%s' List capacity out of bounds (%d)</pre><pre>List count out of bounds (%d)</pre><pre>List index out of bounds (%d) Out of memory while expanding memory stream</pre><pre>Error reading %s%s%s: %s</pre><pre>Failed to get data for '%s'</pre><pre>Failed to set data for '%s'</pre><pre>Resource %s not found</pre><pre>%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group</pre><pre>Property %s does not exist</pre><pre>Cannot assign a %s to a %s</pre><pre>Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread</pre><pre>Class %s not found</pre><pre>A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates</pre><pre>Cannot create file %s</pre><pre>Cannot open file %s</pre><pre>Invalid stream format$''%s'' is not a valid component name</pre><pre>Ancestor for '%s' not found</pre><pre>External exception %x</pre><pre>Interface not supported</pre><pre>%s (%s, line %d)</pre><pre>Abstract Error?Access violation at address %p in module '%s'. %s of address %p</pre><pre>System Error. Code: %d.</pre><pre>Invalid variant operation!Invalid variant operation ($%.8x)</pre><pre>Variant is not an array5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)</pre><pre>Operation not supported</pre><pre>Integer overflow Invalid floating point operation</pre><pre>Invalid pointer operation</pre><pre>Invalid class typecast0Access violation at address %p. %s of address %p</pre><pre>Privileged instruction(Exception %s in module %s at %p.</pre><pre>Application Error1Format '%s' invalid or incompatible with argument</pre><pre>No argument for format '%s'"Variant method calls not supported</pre><pre>!'%s' is not a valid integer value('%s' is not a valid floating point value"'%s' is not a valid currency value!'%g' is not a valid date and time</pre><pre>'%s' is not a valid GUID value</pre><pre>I/O error %d</pre></i></pre>