Trojan.Win32.Generic!BT (VIPRE), Trojan.Packed.24524 (DrWeb), Generic5.AOQM (AVG), Installer.Win32.InnoSetup.2.FD, Trojan.Win32.Sasfis.FD, WebToolbar.Win32.InstallCore.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)Behaviour: Trojan, Installer, Packed, WebToolbar
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 3c7b448d2f06e0601b20b43a0800eb5e
SHA1: 6730f85f48d36d7d76447ea29101847bc83a7ff3
SHA256: 1f0721ee2bac8b8cab0076d53c75b1443f9211fddf05e51f1c4bf41146cd6eb6
SSDeep: 12288:AQFag/0TuKo5 w05DIN0tqCWEP4FGlvxQQhmmBzethhy7:AQFN/0TuBsw05DIN0PWECGl8mhet
Size: 652200 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: BorlandDelphi30, UPolyXv05_v6
Company:
Created at: 1992-06-20 01:22:17
Analyzed on: WindowsXP SP3 32-bit
Summary: Installer. An installation package.
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Installer creates the following process(es):
%original file name%.exe:1388
wuauclt.exe:304
The Installer injects its code into the following process(es):
%original file name%.exe:1476
File activity
The process %original file name%.exe:1476 makes changes in the file system.
The Installer creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OK7C0W6U\LOGO[1].png (3719 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Loader.gif (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Quick_Specs.png (221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\KO.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Color_Button.png (863 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\CS.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\JA.locale (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\M56PQRET\logo[1].png (7491 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\M56PQRET\bg2_us[1].jpg (7569 bytes)
%Documents and Settings%\%current user%\Desktop\Continue Flash Player 11 Installation.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\ProgressBar.png (812 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0004C531.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\M56PQRET\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\bootstrap_15771.html (156 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\form.bmp.Mask (244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2L856785\logo_new[1].png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\FR.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OK7C0W6U\bg3_ru[1].jpg (3756 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Close_Hover.png (240 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\IT.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OK7C0W6U\Rodedowo[1].png (3521 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\sdk-ui\checkbox.css (190 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\NL.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2L856785\FF_logo[1].png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is943016861\312728_stp\sqlite3.dll (1706 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\BG.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\DE.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\csshover3.htc (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\EN.locale (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\M56PQRET\Beginogo[1].jpg (2816 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\sdk-ui\images\button-bg.png (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\SV.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GV0TYL01\bg4_us[1].jpg (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\sdk-ui\images\progress-bg-corner.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\M56PQRET\IE_logo[1].png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\isf_312821.flat (1707 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0004D676.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\PL.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\FI.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0004D6C5.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ICReinstall_%original file name%.exe (3725 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\default_tb.png (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2L856785\bg1_ru[1].jpg (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\PT.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\main.css (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0004C158.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2L856785\Rerarapepe3[1].jpg (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Close.png (207 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GV0TYL01\bg3_us[1].jpg (4963 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OK7C0W6U\bg4_ru[1].jpg (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is943016861\312728_stp.CIS.part (42 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is943016861\312728_stp.CIS (4940 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\ES.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Pause_Button.png (577 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\ZH.locale (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GV0TYL01\Beginogo_N[1].jpg (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\sdk-ui\images\progress-bg.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\sdk-ui\images\progress-bg2.png (978 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Progress.png (104 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GV0TYL01\logo[1].png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2L856785\bg2_ru[1].jpg (3056 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\NO.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\M56PQRET\Beginogo_BR[1].jpg (4816 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\sdk-ui\browse.css (337 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\000476F1.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\TR.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is943016861\312702_stp.EXE.part (68 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Color_Button_Hover.png (846 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\DA.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Icon_Generic.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Resume_Button.png (718 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2L856785\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is943016861\312702_stp.EXE (7860 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\EL.locale (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\default_wi.png (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\ID.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\sdk-ui\button.css (417 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OK7C0W6U\install[1].png (639 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\sponsored.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GV0TYL01\CH_logo[1].png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Grey_Button.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\ie6_main.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OK7C0W6U\Rorawaker_Logo[1].png (1145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OK7C0W6U\bg1_us[1].jpg (5101 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\sdk-ui\progress-bar.css (506 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\RU.locale (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GV0TYL01\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0004E115.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OK7C0W6U\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Grey_Button_Hover.png (1 bytes)
The Installer deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\isf_312821.flat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OK7C0W6U\install[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0004C158.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\000476F1.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0004C531.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0004D676.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0004E115.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\bootstrap_15771.html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0004D6C5.log (0 bytes)
The process wuauclt.exe:304 makes changes in the file system.
The Installer creates and/or writes to the following file(s):
%WinDir%\SoftwareDistribution\DataStore\Logs\edb.chk (100 bytes)
%WinDir%\SoftwareDistribution\DataStore\Logs\edb.log (2232 bytes)
%WinDir%\SoftwareDistribution\DataStore\DataStore.edb (100 bytes)
The Installer deletes the following file(s):
%WinDir%\SoftwareDistribution\DataStore\Logs\tmp.edb (0 bytes)
Registry activity
The process %original file name%.exe:1388 makes changes in the system registry.
The Installer creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "95 1C 35 E4 7E AB 73 DD 98 3C 93 A2 98 A6 B1 91"
The process %original file name%.exe:1476 makes changes in the system registry.
The Installer creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "%original file name%.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "708992537"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DC E5 9A 65 3C 20 A9 68 AA 9D C9 72 7F 3C 36 1C"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
The Installer modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Installer modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Installer modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Installer deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
Dropped PE files
MD5 | File path |
---|---|
99f7caaee59dcc8b31327ab86abd9fc3 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\is943016861\312702_stp.EXE |
fd3bd02c9334a382df8c4e9fbe6fe368 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\is943016861\312728_stp\sqlite3.dll |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
%original file name%.exe:1388
wuauclt.exe:304 - Delete the original Installer file.
- Delete or disinfect the following files created/modified by the Installer:
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OK7C0W6U\LOGO[1].png (3719 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Loader.gif (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Quick_Specs.png (221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\KO.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Color_Button.png (863 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\CS.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\JA.locale (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\M56PQRET\logo[1].png (7491 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\M56PQRET\bg2_us[1].jpg (7569 bytes)
%Documents and Settings%\%current user%\Desktop\Continue Flash Player 11 Installation.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\ProgressBar.png (812 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0004C531.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\M56PQRET\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\bootstrap_15771.html (156 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\form.bmp.Mask (244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2L856785\logo_new[1].png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\FR.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OK7C0W6U\bg3_ru[1].jpg (3756 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Close_Hover.png (240 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\IT.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OK7C0W6U\Rodedowo[1].png (3521 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\sdk-ui\checkbox.css (190 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\NL.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2L856785\FF_logo[1].png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is943016861\312728_stp\sqlite3.dll (1706 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\BG.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\DE.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\csshover3.htc (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\EN.locale (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\M56PQRET\Beginogo[1].jpg (2816 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\sdk-ui\images\button-bg.png (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\SV.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GV0TYL01\bg4_us[1].jpg (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\sdk-ui\images\progress-bg-corner.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\M56PQRET\IE_logo[1].png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\isf_312821.flat (1707 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0004D676.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\PL.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\FI.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0004D6C5.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ICReinstall_%original file name%.exe (3725 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\default_tb.png (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2L856785\bg1_ru[1].jpg (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\PT.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\main.css (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0004C158.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2L856785\Rerarapepe3[1].jpg (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Close.png (207 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GV0TYL01\bg3_us[1].jpg (4963 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OK7C0W6U\bg4_ru[1].jpg (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is943016861\312728_stp.CIS.part (42 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\ES.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Pause_Button.png (577 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\ZH.locale (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GV0TYL01\Beginogo_N[1].jpg (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\sdk-ui\images\progress-bg.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\sdk-ui\images\progress-bg2.png (978 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Progress.png (104 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GV0TYL01\logo[1].png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2L856785\bg2_ru[1].jpg (3056 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\NO.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\M56PQRET\Beginogo_BR[1].jpg (4816 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\sdk-ui\browse.css (337 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\000476F1.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\TR.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is943016861\312702_stp.EXE.part (68 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Color_Button_Hover.png (846 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\DA.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Icon_Generic.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Resume_Button.png (718 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2L856785\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\EL.locale (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\default_wi.png (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\ID.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\sdk-ui\button.css (417 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OK7C0W6U\install[1].png (639 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\sponsored.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GV0TYL01\CH_logo[1].png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Grey_Button.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\ie6_main.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OK7C0W6U\Rorawaker_Logo[1].png (1145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OK7C0W6U\bg1_us[1].jpg (5101 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\css\sdk-ui\progress-bar.css (506 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\locale\RU.locale (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GV0TYL01\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0004E115.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OK7C0W6U\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish292609\images\Grey_Button_Hover.png (1 bytes)
%WinDir%\SoftwareDistribution\DataStore\Logs\edb.chk (100 bytes)
%WinDir%\SoftwareDistribution\DataStore\Logs\edb.log (2232 bytes)
%WinDir%\SoftwareDistribution\DataStore\DataStore.edb (100 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name:
Product Name:
Product Version:
Legal Copyright:
Legal Trademarks:
Original Filename:
Internal Name:
File Version:
File Description:
Comments: This installation was built with Inno Setup.
Language: English (United States)
Company Name: Product Name: Product Version: Legal Copyright: Legal Trademarks: Original Filename: Internal Name: File Version: File Description: Comments: This installation was built with Inno Setup.Language: English (United States)
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
CODE | 4096 | 37732 | 37888 | 4.64612 | 82fb657934b4af7aaf33c36a0f18810d |
DATA | 45056 | 588 | 1024 | 1.89736 | 5d98c64569668b0235ae89005918165a |
BSS | 49152 | 3720 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
.idata | 53248 | 2384 | 2560 | 3.07115 | bb5485bf968b970e5ea81292af2acdba |
.tls | 57344 | 8 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
.rdata | 61440 | 24 | 512 | 0.14174 | 9ba824905bf9c7922b6fc87a38b74366 |
.reloc | 65536 | 2228 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
.rsrc | 69632 | 10968 | 11264 | 3.08143 | 80efdde1caff5958d90f94fe734567e0 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Total found: 8
5385f3be4840e1d49eaf2d9b0bd468f7
b1e3ab31c18edfdab516ecf116ba9d48
7ff080381702261148822ac6a39b53a2
3025d04823063889cf2e8c11396d86e8
9c0112df9976a6df0305f43d19103fc7
69fd34b6ee439cfad15610b8e8918034
5d8ece51fbfc191a2c707a2b5a6ae536
68f32255c4f4efd1b6ed82d15ac3ceee
Network Activity
URLs
URL | IP |
---|---|
hxxp://os-slv-1323817372.us-west-2.elb.amazonaws.com/Ecommfactory/?v=3.0&c=454163425 | |
hxxp://districdn.com/flash-ie/install_flashplayer11x32ax_mssd_aih_ie.exe | |
hxxp://districdn.com/flash-ie/install.png | |
hxxp://geosrvlb-629133695.us-east-1.elb.amazonaws.com/details | |
hxxp://img.tatomayey.com/img/Rodedowo/Rodedowo.png | 146.185.27.45 |
hxxp://img.tatomayey.com/img/Rulilap/bg1_us.jpg | |
hxxp://img.tatomayey.com/ofr/sqlite3.cis | |
hxxp://img.tatomayey.com/img/Rulilap/bg2_us.jpg | |
hxxp://img.tatomayey.com/img/Rulilap/logo.png | |
hxxp://img.tatomayey.com/img/Rulilap/bg3_us.jpg | |
hxxp://img.tatomayey.com/img/Rulilap/bg4_us.jpg | |
hxxp://img.tatomayey.com/img/Rulilap/bg1_ru.jpg | |
hxxp://img.tatomayey.com/img/Rulilap/bg2_ru.jpg | |
hxxp://img.tatomayey.com/img/Rulilap/bg3_ru.jpg | |
hxxp://img.tatomayey.com/img/Rulilap/bg4_ru.jpg | |
hxxp://img.tatomayey.com/img/Beginogo/Beginogo.jpg | |
hxxp://img.tatomayey.com/img/Beginogo/Beginogo_BR.jpg | |
hxxp://img.tatomayey.com/img/Beginogo/Beginogo_N.jpg | |
hxxp://img.tatomayey.com/img/Rerarapepe/logo.png | |
hxxp://img.tatomayey.com/img/Rerarapepe/logo_new.png | |
hxxp://img.tatomayey.com/img/Rerarapepe/Rerarapepe3.jpg | |
hxxp://img.tatomayey.com/img/Mapayuy/LOGO.png | |
hxxp://img.tatomayey.com/img/IE_logo.png | |
hxxp://img.tatomayey.com/img/CH_logo.png | |
hxxp://img.tatomayey.com/img/FF_logo.png | |
hxxp://img.tatomayey.com/img/Rorawaker/Rorawaker_Logo.png | |
cdneu.tatomayey.com | 146.185.27.53 |
geoip.infra-team.com | 174.129.249.174 |
cdn.neoinstaladores.com | 91.121.203.233 |
os.tatomayey.com | 54.203.246.77 |
cdnus.tatomayey.com | 74.81.69.244 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /flash-ie/install.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.neoinstaladores.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Content-Type: image/png
Last-Modified: Thu, 21 Nov 2013 12:53:49 GMT
ETag: "a5c1535-6f3-4ebaf638f9140"
MyServer: powah2
MyServer: CDN001
X-UA: cdn
Vary: X-UA
Content-Length: 1779
Accept-Ranges: bytes
Date: Wed, 09 Apr 2014 00:42:48 GMT
X-Varnish: 2097491103
Age: 0
Via: 1.1 varnish
Connection: keep-alive
MyCache: vCDN001
X-Cache: MISS
.PNG........IHDR... ... .....szz.....bKGD..............pHYs...H...H.F.k>....vpAg... ... .........IDATX...].$W....VUWwU..|..q6...8.L$...E..."..D.y. .."y..W....`.....n|......]p6.Bl5....d'.=...u?|..........(......9.{..*.................vV..]..4q..Sv[.D....g.K....>S..]...}.t......A...}..{../.... ....w...v.....4l.....]..nL........`....Vr`..:W.K..V}..Z.r.|...l..w.J...n.7.D.9.D..M.j.M.h.Kw.O.s..WO...b.}.Y{sc.#n.FAl....B'...... Ms<7.H.%)..s(.../=e.........s...O...n.VY5."....".$.I.C.....!..d..F8..o.............0....9.k...%,..%..xC..g.....r.Ge7)..e20.{N.....Pi..3.d.HKS..H...`......A....... ..mG`I.l.....8.....s.,...,..E..t...|.Jf..d.>.;.......v.HA_ze......b..|..*.*p$.#...........6.....S..(.)3((.K.... >.)...y...`.....u....g2.W/.Z#j4[dI\:)tMYlI...D.\.;|..._3.. 1...8..8.......;....G.2P..!U.<,.m......}....... {..JZ=..-... ...`.......7c......#....{....../.....Co..[R[...lk.#%...B..x#Q.............a..h..}......y....)...- ..aL.H.. ...h1...,...l...L......z>VH.k...V9.h......9...G.....?.(.hr.......6...!..C.@[[]........%.zD.....|.3.g..J7{...............%...bt...M.i........D4..........>.DA..7........*g.9z....eq..........F.E3,|.{.=.iT......l^....H......B.....:..lJ.DQ..].$....6.Y........cn.~.V...^..ep=....."....d.p .....:].......:..Z......2.t?.f..^...>.C.<..r7..c..R....k._?.{.d..0......9...^.=....kW.z.ox.....w.....M0.....H.L9..vG....2.k.z...|..<....5...'.. ..N....0............C.l.(.F:F.u..~.Yj,...#d........c.......4....v.px.^B)...6.j~..Zf.).Zfj....h.I1.W....@......vV....y.9...M...HZ.[~...M.0.&iE...e....;
<<
<<< skipped >>>
GET /flash-ie/install_flashplayer11x32ax_mssd_aih_ie.exe HTTP/1.1
Range: bytes=0-1004887
Accept: */*
Host: cdn.neoinstaladores.com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Connection: Keep-Alive
HTTP/1.1 206 Partial Content
Server: nginx
Content-Type: application/x-msdos-program
Last-Modified: Tue, 19 Feb 2013 17:44:02 GMT
ETag: "a5c0e89-f5558-4d6176318bc80"
MyServer: powah2
MyServer: CDN001
X-UA: cdn
Vary: X-UA
Accept-Ranges: bytes
Date: Wed, 09 Apr 2014 00:42:48 GMT
X-Varnish: 2097491104 2097491102
Age: 0
Via: 1.1 varnish
Connection: keep-alive
MyCache: vCDN001
X-Cache: HIT
Content-Range: bytes 0-1004887/1004888
Content-Length: 1004888
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r..Ar..Ar..Al.HAp..AUK.A|..AUK.Aq..A..ZAs..A{.HAB..A{.YAo..A{.OA...Ar..A...A{.EA8..Al.XAs..A{.]As..ARichr..A................PE..L......P.....................p...P..P0...`...@....@..................................H....@..........................................@...c...........6..h...D.......................................,2..H....................9......................UPX0.....P..............................UPX1.........`......................@....rsrc....p...@...f..................@..............................................................................................................................................................................................................................................................................................................................................................................3.08.UPX!......I3n.C!....G.......&../....h...,....p.3.@...U..V.u.Wj.Y.*_n.f....t."!...E...... ...@....:...V.P.*.0@...._^]......W.|$..'......o4t.....rFVj..G........u....-.....W.t$........F...........u.q....^.._.....0t.1...= ..".3(j...W:...4...L.).,0....as30..$.z...5G.x.....%..-6..D7x.......Pb..........1.`......@...............rR.f_ ..........7..SV....8Z..=j3...C......%..~.....z....q .0v[pN......-.`....C[P-..,.........1@..K{N,. .M.....vs.<!.g..*...xxi.[[].==....h..W...u.@.L4..#hw.v.J."i3...D..}.~*..I*HTP....#.Y....B...a....U.R&..P....u...9..4
<<
<<< skipped >>>
POST /details HTTP/1.1
Accept: */*
Host: geoip.infra-team.com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Content-Length: 7
Cache-Control: no-cache
foo=bar
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: application/json
Date: Wed, 09 Apr 2014 00:37:25 GMT
Server: TornadoServer/3.2
Content-Length: 327
Connection: keep-alive
{"city": "Kharkov", "region_code": "07", "ip": "193.138.244.231", "area_code": 0, "time_zone": "Europe/Zaporozhye", "dma_code": 0, "metro_code": null, "country_code3": "UKR", "latitude": 49.98079999999999, "postal_code": null, "longitude": 36.252700000000004, "country_code": "UA", "country_name": "Ukraine", "continent": "EU"}HTTP/1.1 200 OK..Access-Control-Allow-Origin: *..Content-Type: application/json..Date: Wed, 09 Apr 2014 00:37:25 GMT..Server: TornadoServer/3.2..Content-Length: 327..Connection: keep-alive..{"city": "Kharkov", "region_code": "07", "ip": "193.138.244.231", "area_code": 0, "time_zone": "Europe/Zaporozhye", "dma_code": 0, "metro_code": null, "country_code3": "UKR", "latitude": 49.98079999999999, "postal_code": null, "longitude": 36.252700000000004, "country_code": "UA", "country_name": "Ukraine", "continent": "EU"}..
POST /Ecommfactory/?v=3.0&c=454163425 HTTP/1.1
Accept: */*
Host: os.tatomayey.com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Content-Length: 818
Cache-Control: no-cache
0A0CzutD0EtC0RtC0FtC0HtC0HtC0OtC0TtC0RtB0ZtC0FtC0CtB0UtN0U0I0DzutDtDtD0CtBzytA0F0CzytAtDyB0AtByDtN0W0VzuyDtFtCtN0W0S0PzutAtN0O0S0L1T1G1Nzu1P1GtN0E2V1P0C1M1J0S2Y1HzutAtByDyBtBtAyEtDyCtN1L1B0A1Q1H1L1GzutCtN0T0KzutAtCtCyEtBtCtN0U0I0DzutDtDtD0CtBzytA0F0CzytAtDyB0AtByDtN0S0D0TzutBtDtCyEtDyEtDzytDtAtAyCtCtBtByCzytN0V0M0Czu0V0M0WtN1L1B0V0M0D1P1OzutCtN0M0A0C1V0LzutDtDtD0CtBzytA0F0CzytAtDtN0P0E1V0M0O0D0Ezu0D0L0LtN0D0E0P1V0M0O0DzutBtN1L1B0A1Q1H1L1GzutCtN0R0N1T1H1Pzu1RtOtA0AtOyD0CtA1RyB1SyEyEzz1QtB1OtDyC1PtDyCtDtC1StBtD1SyEtA1TtDzztDtD1P1SyD1PtF1P2V1PtN0O0S0L1T1G1Nzu1P1GtN0O0S0V1P1CzuyDtFtCtN0O0S0S0P0V1P1CzutAtN0O0S2VyCyEzutDtN0P0P0Nzu1B1T1G1Q1S1F2V1V1B2X1RtF1P2V1PtN0M1P1H0P1M0AzutBzyzztN0M1P1H0P1M0TzuyDtCtCtN0M1P1H0V1L1C0AzutCzyyCyBtN0M1P1H0V1L1C0TzutBtDyEyBtN0P0R0O0D0U0C0T1V0T0I0T0L0Ezu1O1I1T1B1M1V1E1I1T2U1P1C1VtCtC
HTTP/1.1 200 OK
Content-Type: text/html
Date: Wed, 09 Apr 2014 00:36:35 GMT
Server: nginx
X-ADS-CC: UA
X-ADS-TIMESTAMP: 20140408203633097
X-ADS-VERSION: 1.2.2
transfer-encoding: chunked
Connection: keep-alive
1f88....|..]t..^...&...C|...~.I2...I...;....X.._........0...t.... Z...=&.i...CHnj.3..R4`..x.{.r`......F".J`.V..%b....*.(c.N...m.......r*S.D....*S@..ZZi.;.t8.[izS....j. k.a.6.xS.p.k..........TB..4*SXv..L...d.r.#.h......`.o.S.1Y....e.2....\:..KV...r<.*.A.l.k.... ..0.%...B.. .T....f.9....fk#..B..!H.1..J.c.O.xI..B.u^..G.x...1~..Y...".....l.0...37..t%9(-...Sw..a..@...z<#..).c...A..R.1....Wr...c....~Z.. 1@A.x2......._).lU......x>...2C2.f..........aU......~vKsHY.YC.....&a...4.,..4H....1..........|..yA..w..!.LPGsz.Ny.#v..F.....5...%...TOQC.6..&....dk.0..GIpe.X........w.{Hw.[........<.......<.!....S.s.c.t.SQ....q..H.O..D..j.5. .........6/..{9h...H....2.......M...p.....JNg. ..;.L...8p.K.e...@...p.SHu.;... .j..8p._H.......hp....".X1...u.S.y...{....n..L...~6......hb.Lp...(...q....#.h.........fL.j..$I. .....jN......7..H.......n..H.R..d...KI..T.n.5^.....}....k>.x.:.a.e..(p.K2...........0....`.T.........q.........[.p...~.\4....p..@.K..W..t.(.<zf..l...e(.~b..c...z..*(P..?...^...N.6.C.a.4........8...4..lb'.....Jx..0.K.n..3(......l.z...GkK"`1...... .......4.L5..k........b.F..(fR.R..X....Z...a...8*...9p......(z."....WC,.N.(..._..=.....v4.*x ..2.J.....i......x....t........^.j...1..*....5. ._Z.2{D.D.S.......4..y.7.z~lb.4....g.2......B.........0....D~..Uf....]..*..E.N...ft......>...l@`...f.......G.53..v..B.....T...IFF...F4.5.....&d....nG.xN)....i..,.<a.....9AG..~Y..7Se.....i.._....B.p...0.rV.Fq.?...bg...Jvw..|...........L...h.......t.....{KF'.Y.8.[.`......(#......,.d....m.;rt...@..9..].M...NA.eS.~.|7!.y.[.
<<
<<< skipped >>>
GET /img/Rulilap/bg1_us.jpg HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.tatomayey.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.0.10
Date: Wed, 09 Apr 2014 00:36:37 GMT
Content-Type: image/jpeg
Connection: keep-alive
x-amz-id-2: mAdxVYv07pgYJGm4vWtr z7xvtau2LeT8Z2qA 0in7eEhqUSMB4FsqF55 gt9AS
x-amz-request-id: 8F03397238478783
x-amz-meta-s3fox-filesize: 19940
x-amz-meta-s3fox-modifiedtime: 1389781511512
Last-Modified: Wed, 15 Jan 2014 10:25:22 GMT
x-amz-version-id: W8DUE0VZh4ccBw51SEKej3toLFi409KJ
ETag: "00ce656543967661514ce4f214e842f3"
Content-Length: 19940
Accept-Ranges: bytes
......JFIF.....`.`.....hExif..MM.*.................>...........F.(...........1.........N.......`.......`....Paint.NET v3.5.10....C.....................................'!..%..."."%() , . /3/*2'* *...C...........*...**************************************************........0.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....(....(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...h.......iR2......e/.x..cC.....\.....6.~..3.............#...(.. z.......|.,sF.w-x.......u=|.V.9..TB.d.,....n.....[{.X.nv,..].....Q......F..0vP.1n.....|....N_.......4K.O#....3Q..R!..J....s.=.t..t........./.....4.lK4r..n.....H..>.....R..N._C....fW..)b. .>S..Nx....$VsKw.*<C..FD..7...[...,.P....,.?&s.......r\(..H.?..=p3.Q.9...~f=..m...^.....1.^..84I.$@...2...... .(...XH.(..t...-..F...O...'s$.`n..@....zS........:....M...'.;.*..^............ .O.. ..``HfA....C...U...\.f<g...A..R[...Fx........<.G..2<.-.M..m.. .R.it4..n`]hB.TI.~.`.L..j...f..Hl...............E}.=...p....&s.^.b.......v.b..p.\|...L.%Q[n...f-....:h#...O..,....<UK....l.k.a.|.......5...r..@p.....Y.h$[..E...?.._j....x.F.I....X..I...C....PI...Y>....p
<<
<<< skipped >>>
GET /img/Rulilap/logo.png HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.tatomayey.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.0.10
Date: Wed, 09 Apr 2014 00:36:37 GMT
Content-Type: image/png
Connection: keep-alive
x-amz-id-2: G9oXdp187xt0qkHtjW/xrfJGLk6j/TS1QjEbjFImZVr6G sYmlHofjdvJwP 4ZVZ
x-amz-request-id: 532D9E7BF3BF98C0
x-amz-meta-s3fox-filesize: 35910
x-amz-meta-s3fox-modifiedtime: 1386506285075
Last-Modified: Sun, 08 Dec 2013 13:19:55 GMT
x-amz-version-id: XU0WkwE9xr9ndySKMI0rjIuy3nQX8jSj
ETag: "c890f13acf547eeff337e67f3883d08a"
Content-Length: 35910
Accept-Ranges: bytes
.PNG........IHDR.......i.....U..z....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..}.|UU..w{.M..!!...7..&...W..;:..........*..."... ........[.....3....ks.mr.9......U..:..8....;.v...%l.l:.:6'.u......=.l...z..m5[.. [.......k...Z...-......5..:.u..f.,l9l'..<.-S.3_..6....q..[.[.[H..G......l..........E.....b.....l..%h.....f.....4n\..'`*...@.....{w~...>k..`.E....DKk....i'L......(.k.,.W..a.o..v.8.m................hf.....Q=n....h..].q..Y(..Ab.....M./.[<h.l.........\..[N>...".o.J ..ksa...X.v......S.......0Y..3j(6~..f........hnhAQV.R..E[...!..w...`.'^x......z....t.....F.....".a..dDR..F.V..X...K?.....HHO.......3g...8.m..p$...j...S..!.i.t...[^.l...F..u..;.....8\.......QT48q....../..3/....?..Z.A..z...}.I.|...?r8.J. ..!f4...........Q....a....D.b.x<p.5.b.8.8..U ...X8......6\9...9a*....A.QU...v/......R.2'....Y'....f...0lH?.-6T..@zf&........wT"...R.x.z...$%&r....~7.R..........{R2.:3B.NT..#==.}.....fKf3..d...I..[...l7..../../...Sk.....i....l_.G..p...%...5.\.Z.$.._z.n...$.....1......t..u..|.l.Z[....uuuG.a...g@.c(..[9[i........r.[...}_..._>.......K......i.O.a.1>X..,.Z.........."..t$&a..Q.4._....I....}.}../\.Q...*....C,.5.....m...:k...a$'..w..HJO.#..,.......s. U.....,.......Q_s..6o...J......)......9b-G.U.*5..5.z..o...wY....o~...g.)..,@[....:.m..$....~<....5.J..*..y.X.p...x=...].`..9X.j%v..}.\.ii8P...X.!.....D.....i.;m.GfSN~...B.f.UW.p<..0[...._...y.f...i._.......p.\m....1....[....}.YZ.d........#.l...'..S'(6....s{,Y]{.mh...(9.-=T.....Q...u..v......"...Y3g...'.;.?..m.......J..F5 ....o.W.n.Pm......R.94.t...l
<<
<<< skipped >>>
GET /img/Rulilap/bg4_us.jpg HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.tatomayey.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.0.10
Date: Wed, 09 Apr 2014 00:36:37 GMT
Content-Type: image/jpeg
Connection: keep-alive
x-amz-id-2: 6WuC0zL14z9GBhIQVoRlJF7V8kdLMnH3Jgdup/5eOuy3hmFEXdCyeHFoVeiM5dzN
x-amz-request-id: 067EFF2EA44CFC4F
x-amz-meta-s3fox-filesize: 30486
x-amz-meta-s3fox-modifiedtime: 1389785709303
Last-Modified: Wed, 15 Jan 2014 11:35:20 GMT
x-amz-version-id: 66GflDTA_Z7DCv7RokWjIBGxEHMH19Oj
ETag: "b2e66aa870c501c5f6e3dfb166ad71d5"
Content-Length: 30486
Accept-Ranges: bytes
......JFIF.....`.`......Exif..MM.*.................b...........j.(...........1.........rQ...........Q...........Q..................`.......`....Paint.NET v3.5.10....C.....................................'!..%..."."%() , . /3/*2'* *...C...........*...**************************************************........0.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......zO.,..uk.(..{Go;"......\L~,.d...".....v....W..c..?........7..#...}>C@.........j*.......z...?.............Kx...fEf .H.5'....O..P..~ .T..\x.S..`$x.......d..}Eu)...^........b.[..N....|u..1^{....<....5....p.ZI"E.ZX..,.uV.PFG..N.....o|1.....[..0.....p.p.....'...h..#.3...,.).=W"... .l.E.Y........:..B.?...A....^...k..]....?-#. ..B.g..DEL..;.c.....[.d.6..x..c.......T.y.....g./.. .o.j'n3...3.j..|k....O..........JRS..,%,..U..>`..VR......u MR......("{F......!H.*.....).w.)I<U....._....O.......^zx......_..U.....~....s..<..>.s2........v3!...p?.Q.....:..;..H._..C&..../....H._..C&..../.....Q..]...q......=..B...o.. .x..=.......$~/....P......eG.$~/....P......e\..W..E.......q..N...$b.N}Xc.ET..P....R.X....3q..._.$~/....P......eG.$~/....P......e\.jZk.......|2
<<
<<< skipped >>>
GET /img/Rulilap/bg2_ru.jpg HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.tatomayey.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.0.10
Date: Wed, 09 Apr 2014 00:36:38 GMT
Content-Type: image/jpeg
Connection: keep-alive
x-amz-id-2: vZ1vwkqzIFbDVKraiO3h24h36rn/xULogD Nqu5fUBEbHOZTU/QIjURaano5XZOk
x-amz-request-id: 3F4F0EE225F2D167
x-amz-meta-s3fox-filesize: 35726
x-amz-meta-s3fox-modifiedtime: 1386508731893
Last-Modified: Sun, 08 Dec 2013 13:19:54 GMT
x-amz-version-id: laCzrLAMyWcgPN41w4AS4g.L22RoU5lg
ETag: "d91679c5bd4129d808a9fb38a3edb4d3"
Content-Length: 35726
Accept-Ranges: bytes
......JFIF.....F.F......Exif..MM.*.................V...........^.(...........1.........f.2.........x.i...............F.......F......Paint.NET v3.5.10.2013:01:03 10:49:21............................................................(.................H.......H.......XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC hXXp://VVV.iec.ch............IEC hXXp://VVV.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................view.........._...............\.....XYZ .....L.V.P...W..meas................................sig ....CRT curv.......................#.(.-.2.7.;.@.E.J.O.T.Y.^.c.h.m.r.w.|...............................................................%. .2.8.>.E.L.R.Y.`.g.n.u.|........
<<
<<< skipped >>>
GET /img/Rulilap/bg4_ru.jpg HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.tatomayey.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.0.10
Date: Wed, 09 Apr 2014 00:36:38 GMT
Content-Type: image/jpeg
Connection: keep-alive
x-amz-id-2: 628wt3whJLjTbbVx9ByZ0rrd42kXoEIzE neWK/u28fdf7t3f AQPkuYfmx7okxY
x-amz-request-id: 5D5850847EFD7EE9
x-amz-meta-s3fox-filesize: 35270
x-amz-meta-s3fox-modifiedtime: 1386508766758
Last-Modified: Sun, 08 Dec 2013 13:19:55 GMT
x-amz-version-id: 0Qs2DJsPEq2EvoEIq4wV4WPPUdJXl7W_
ETag: "f066ab9757be0f73a0bfeed39ce66178"
Content-Length: 35270
Accept-Ranges: bytes
......JFIF.....F.F......Exif..MM.*.................V...........^.(...........1.........f.2.........x.i...............F.......F......Paint.NET v3.5.10.2013:01:03 11:37:11............................................................(.................H.......H.......XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC hXXp://VVV.iec.ch............IEC hXXp://VVV.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................view.........._...............\.....XYZ .....L.V.P...W..meas................................sig ....CRT curv.......................#.(.-.2.7.;.@.E.J.O.T.Y.^.c.h.m.r.w.|...............................................................%. .2.8.>.E.L.R.Y.`.g.n.u.|........
<<
<<< skipped >>>
GET /img/Beginogo/Beginogo_BR.jpg HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.tatomayey.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.0.10
Date: Wed, 09 Apr 2014 00:36:38 GMT
Content-Type: image/jpeg
Connection: keep-alive
x-amz-id-2: qXuHGox4NQZaFlXgiCzB ZkcGMtIwr07EMrMvKJufR oTenFCjCwW2e gzafAbls
x-amz-request-id: A4A135272D6EE863
x-amz-meta-s3fox-filesize: 43160
x-amz-meta-s3fox-modifiedtime: 1384437539506
Last-Modified: Thu, 14 Nov 2013 14:01:25 GMT
x-amz-version-id: M6JEwdzsilvzVsINdsWWpi8JEVwt1nbK
ETag: "c9bec9d091ab8402ec856da80eede14c"
Content-Length: 43160
Accept-Ranges: bytes
......Exif..II*.................Ducky.......<.....ohXXp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:33EF7B7B3E24E311927FBCF44F044CBF" xmpMM:DocumentID="xmp.did:AE4D09524D2611E39950E309313A7E5D" xmpMM:InstanceID="xmp.iid:AE4D09514D2611E39950E309313A7E5D" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3933C4A2183FE3119EBADE52D0CCAE41" stRef:documentID="xmp.did:BE7256AC244A11E3A018FD60ACFE8DE2"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...................................................................................................................................................0.....................................................................................!....1...Aa".Q..q.2#....B.&.....Rr.3..$.b...C.Scs..4D...T^6........................!1..AQaq"....2..B.....R.rb.#..$.............?...KgD@.QQ..t.-....EF/....tD.U....@....9TTb...KgD@.QQ..:............[:".*.._s..l....*1}..%.. r....:............[:".*.._s..l....*1}..%.. r....:............[:".*.._s..R#. r.....*%
<<
<<< skipped >>>
GET /img/Rerarapepe/logo.png HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.tatomayey.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.0.10
Date: Wed, 09 Apr 2014 00:36:38 GMT
Content-Type: image/png
Connection: keep-alive
x-amz-id-2: DqbruMuBPc4PW2oao60VwcnVboJEDLrAcKiEb2Nb1uaI9AQ63tvah6TJnTJoabJ0
x-amz-request-id: DB82A4C34D62E506
x-amz-meta-s3fox-filesize: 10944
x-amz-meta-s3fox-modifiedtime: 1384099835051
Last-Modified: Tue, 12 Nov 2013 11:05:48 GMT
x-amz-version-id: bDPFTNRsfueKXbAbmeVgRbPvzBoRvTw2
ETag: "0440e25b659207aaea00512d9a0a9924"
Content-Length: 10944
Accept-Ranges: bytes
.PNG........IHDR...L...^...........*.IDATx....T.....M...F."b.....F.Q....{.%..{E.........{.H....J.~*.....gN..j....._.Z..g..ff.....9C."..t:]'.F3-55uOjZz.......o....\...'....&J4[O*.=i.`%Y...................E.".....Z.>.69%;6.....HNIEFf&.J.,..r~..}.p).....e..V...3./)....A\|.............. k,Q...M..B..h....../..N........#..!V.P.y'X4J...v...Z...o.{ ''....L9....M.....7...l....Ml..SS..........$..C!.3.\...........A.'.......m_..%x...."@....)V%.?|WX...Y\.C.c.r.V..R....g...:.\2....4..M.R9X..b...b......,.U..t.b...Z...P..Q*......7.......t.B.{....@jY!.....Q......Tdk...3;...s..0... ....@.&..m.ktE.f. I.M..1...`..V..d[.9..qG.&".U..C..u...W.C{..4'..v?.....\..>......h<.C{.(4...u...G..E=Gvj..7[.?.:.?.K.9...e..s........,--=....[W'...v......R....^<...!..]........>..j........].v.....j.v..l.j.V.wn.j.&(I.][.r...Q.x..>....Hay...99f..;.%..R..Q_...h4Sy...a]....J.dQ..o........... 9...8.2Br..)...a)w..]...h.f.K.}#i.T[.......u..(.;.....d=....,..{....Z..._.Q..t:... ..H.R..Wt.f^...'6.Xu.\.DU*...u.oAK....&KQ.# .%.Q..f......{34.-.>.M............6'(.8@.y..Z.......$.UP:...i.../..5....V:..\...@.m'@B.:..f.\..,......17.......&.Qn..t..DJ.~w..z.j..........e.Q......&..tX...s.5s*..OA...HY......c...d@. .\.B..n9i..k.@.j.m[)...!h..P..r..,A...A..b......O.Oyr.i..".*....m.EA8...r....T.6H.DP.....n.y=4.LG..1m2N.n.G.rX..........?.....5%mp.A=...H@.C.a5.k.J.V/....J.r!..W.t..r.#Y..J.g.c...{.H,N...>r..lY.'.4.....m.....D.t..YT.d. hN..P.K`.....%\..a-..~....l..s....?...5....8..P... ......5.............3u"...#s..(....7@R,.....Es.9..(...m#k.8...tiP..
<<
<<< skipped >>>
GET /img/Rerarapepe/logo_new.png HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.tatomayey.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.0.10
Date: Wed, 09 Apr 2014 00:36:38 GMT
Content-Type: image/png
Connection: keep-alive
x-amz-id-2: s9Pbid683I bLXCdgFIQMns4aeNczfz IoURyfEySnoQyRDiyb1hRNcGRzIr0eeP
x-amz-request-id: 2463B02AC48341CD
x-amz-meta-s3fox-filesize: 4569
x-amz-meta-s3fox-modifiedtime: 1388397217065
Last-Modified: Mon, 30 Dec 2013 09:53:59 GMT
x-amz-version-id: FBdIFQNqjG8fAIwxlMklzjPUXqz3Asib
ETag: "3263ff057b8e7380f7579d5aaab2bfdc"
Content-Length: 4569
Accept-Ranges: bytes
.PNG........IHDR...2...2......?......tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:2A43320D713811E3B459B11FBD9400CD" xmpMM:DocumentID="xmp.did:2A43320E713811E3B459B11FBD9400CD"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2A43320B713811E3B459B11FBD9400CD" stRef:documentID="xmp.did:2A43320C713811E3B459B11FBD9400CD"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>v.Gr...MIDATx..Z{p\U......$.l.6M.jc..P....T.N.*3.80`...:#.......3>...F..|...3>..hE..(...P-i..y7.$....{.=..w......6)...~.....~..;.PJ.....ur.n.......O|.&...hj&.H.e2$l..y.T*...D.3E.#.A -^t.....TzA-....P.N..i.'.........T..z>.GT.%r........"..H9....R...I......}..@.^../..?o.U...F..c.qA.H.?A.(a.....k....,.!Vb.......:58.K...@z>K[.......S_....T.......... lr......GU..~.....C......t24;f.M.R%...4......`............%..aZ`.... ..@..v...T.L.l9....R.M-0.&0^.`v. u....?Y....e..%.."ik..^....s.}.~.8Iu..?........m...{ix.KM..........,4R..........FF..W@......o.7]p!%Z..f.$k......hB.......DK...R.&..k..%#e.
<<
<<< skipped >>>
GET /img/Mapayuy/LOGO.png HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.tatomayey.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.0.10
Date: Wed, 09 Apr 2014 00:36:38 GMT
Content-Type: image/png
Connection: keep-alive
x-amz-id-2: lZtoa4n Dbnfri5SYRfKWy 971CEtU 8ZfUk8yIq3FYJw6tYe2d0dfX7 rbU8UGA
x-amz-request-id: 295E407F946DC6E7
x-amz-meta-cb-modifiedtime: Mon, 10 Feb 2014 08:51:03 GMT
Last-Modified: Mon, 10 Feb 2014 09:24:37 GMT
x-amz-version-id: 5u3JQZ1GPK62zlrEEfaN7rrrBMh6wKoK
ETag: "14f5d50e6a8628e97604c97e4735fe7d"
Content-Length: 16671
Accept-Ranges: bytes
.PNG........IHDR...,... ........y....pHYs................OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...........Q,......!.........{.k........>...........H3Q5...B..........@..$p....d!s.#...~<< ".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I. .6a.a.@..y..2.4..............x.....6..._-...."bb.....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<......$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?....D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/.@.4.Qh..p...U..=p..a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., .......3...!.[..b@q..S.(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._... .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).)..4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC].@C.a.a......<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<
<<< skipped >>>
GET /img/CH_logo.png HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.tatomayey.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.0.10
Date: Wed, 09 Apr 2014 00:36:38 GMT
Content-Type: image/png
Connection: keep-alive
x-amz-id-2: zp1PULbiC5hUvxy0Dymh5T457D/rZ5zN8ajMpAguAxyar02iEIIDd98fSlBvb3oR
x-amz-request-id: A991D3B5E2D84417
x-amz-meta-cb-modifiedtime: Thu, 21 Nov 2013 15:31:44 GMT
Last-Modified: Thu, 21 Nov 2013 15:40:01 GMT
x-amz-version-id: osjur0cYkvY0gJkbPOZZ_tbD.fAnrMVX
ETag: "ad8ed967a43ae4d7d6c28ff2ed3c8550"
Content-Length: 4577
Accept-Ranges: bytes
.PNG........IHDR.............Rf.2....pHYs..........o.d...OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...........Q,......!.........{.k........>...........H3Q5...B..........@..$p....d!s.#...~<< ".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I. .6a.a.@..y..2.4..............x.....6..._-...."bb.....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<......$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?....D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/.@.4.Qh..p...U..=p..a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., .......3...!.[..b@q..S.(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._... .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).)..4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC].@C.a.a......<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<
<<< skipped >>>
GET /img/Rorawaker/Rorawaker_Logo.png HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.tatomayey.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.0.10
Date: Wed, 09 Apr 2014 00:36:39 GMT
Content-Type: image/png
Connection: keep-alive
x-amz-id-2: /Q6othGwKxNdKUYFFi2DJj6bE4vop7h0GZRK qerNSOC6Rs2irTNaC5DPtM7Zi j
x-amz-request-id: DE597F2871C35391
x-amz-meta-cb-modifiedtime: Sun, 16 Mar 2014 15:15:43 GMT
Last-Modified: Sun, 16 Mar 2014 15:16:12 GMT
x-amz-version-id: gZHkojfQQbPQRO6L43o4Qv0_5LboQGm5
ETag: "5ea806f38dd30529aed6e9c467ab7fb3"
Content-Length: 7685
Accept-Ranges: bytes
.PNG........IHDR.......(......}VB....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:6DADCFC9ACE211E3A5B1F522388DA20B" xmpMM:DocumentID="xmp.did:6DADCFCAACE211E3A5B1F522388DA20B"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:6DADCFC7ACE211E3A5B1F522388DA20B" stRef:documentID="xmp.did:6DADCFC8ACE211E3A5B1F522388DA20B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..du...yIDATx..].X.g..\.V9l.%g....D...E .b.u[k......n...|...S.vw...k...D.j......"[......H.*I8...$...d..L&L...H.y.g. .yg........;..z=.n..n....C.n.6q.s,;.Y...X....n....HLH.J|(..=.?.vQ............/%........O.t.L..}.g.T..v.-..Y......;.. .t..F.e9./Ha...m=X..a._._....?v.........~-...l....."...q..I.........WR...".<y".A...5B.*......'.....H&.9L.;.r....t.,.Z.......= X.8..=.."....d.?.?dL.{.....r.-{].kW-t..F..^.....iy.4......Z............../b.h.B...?...JL..f...cH...fr..g.O..t......4/..a.1H...!{]..k....O..7..4...X..v.................]J..s.g...f......@.eU..V#@....'.....d4..m.vu.....]_T....i.!i..9...&...
<<
<<< skipped >>>
HEAD /flash-ie/install_flashplayer11x32ax_mssd_aih_ie.exe HTTP/1.1
Accept: */*
Host: cdn.neoinstaladores.com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/x-msdos-program
Last-Modified: Tue, 19 Feb 2013 17:44:02 GMT
ETag: "a5c0e89-f5558-4d6176318bc80"
MyServer: powah2
MyServer: CDN001
X-UA: cdn
Vary: X-UA
Content-Length: 1004888
Accept-Ranges: bytes
Date: Wed, 09 Apr 2014 00:42:48 GMT
X-Varnish: 2097491102
Age: 0
Via: 1.1 varnish
Connection: keep-alive
MyCache: vCDN001
X-Cache: MISS
GET /img/Rodedowo/Rodedowo.png HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.tatomayey.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.0.10
Date: Wed, 09 Apr 2014 00:36:37 GMT
Content-Type: image/png
Connection: keep-alive
x-amz-id-2: UNiVDmYblbMK2V0zf42yr6wGR7HjHaOQTpNTyrgzNNMLM1fSPe13AsuTZdd6 T3J
x-amz-request-id: 9680BAE4ACE66F7C
x-amz-meta-cb-modifiedtime: Sun, 30 Mar 2014 14:27:53 GMT
Last-Modified: Sun, 30 Mar 2014 14:28:44 GMT
x-amz-version-id: PmI6WLH3gY4TjiVC6NwxRIKM1yOR1Nu8
ETag: "263072b8bd388c4c7e43d56565d36a0e"
Content-Length: 7825
Accept-Ranges: bytes
.PNG........IHDR...0.........0.......sRGB.........gAMA......a.....pHYs..........o.d....tEXtSoftware.Paint.NET v3.5.11G.B7....IDATx^...[.........}./s........Af..d.A.Q.......&.ep..1...c4..1z^..w.....u...T|jU....7...U.......H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#.H..#l...O.>z..n.....O?.d7.h.........{.U..qq......^..../..6...]^^.{|..exx.........ibb.....gA.....t.v{..7o......C.\.r....k./]...c..E.v..U......m.t../oS ........?n.{...v.Ojj..S..../_.LJJ*..nmm=....#...w...{{.....o_[[....1.....ddd..o..B=SRR.........[ZZt.......v.@.]......~..no....{zzjkk.....p_}...mnn..j...3..^.....x.RWW766fw.....@z....={..A............rD .W.*..T.....[...}..y..eeeepp0&&f~~.^.G9.r..w....k....v..gqqQ'..H.tRqqq!JI. .... $...tE.....^:;;U...............Kt......E_0..fff...e...{..yc..h_QQQ..B)......v{....._..511q .T__.".n..B........R........~.}.vaa...KeeeYY...b..'.R.@.X!Y~..w...;w................Z......._~..UM....H---v....o ........nox...remm.......S.011a7..).t......(.....F ..\8y.....@..?.o ....\..k..s...:d.......X.....;.../_.m/a....i.......O....K.d...@..?.o ."....vc..#G...........k...#XQ...3]..rv{..H.o....),U..={.n......./jkk...;.H:........)@ ....8p.nl(((.z..5.<.U..;........nl....h ........n.=.......r1;;;--....v. ..
<<
<<< skipped >>>
GET /img/Rulilap/bg2_us.jpg HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.tatomayey.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.0.10
Date: Wed, 09 Apr 2014 00:36:37 GMT
Content-Type: image/jpeg
Connection: keep-alive
x-amz-id-2: I/UKC10gdJp7xXk7ULm9XGXZyJNoIL hVU5jEwkVTC35k1001LxJm aADOzBP52
x-amz-request-id: 46CFDB551B799300
x-amz-meta-s3fox-filesize: 38100
x-amz-meta-s3fox-modifiedtime: 1389785576439
Last-Modified: Wed, 15 Jan 2014 11:35:17 GMT
x-amz-version-id: w0UWnIbQ_UBdAc0gCrQmsS8rQmaX02Ja
ETag: "5a7e847f6c6f35396fc3451bb0fe2973"
Content-Length: 38100
Accept-Ranges: bytes
......JFIF.....`.`......Exif..MM.*.................b...........j.(...........1.........rQ...........Q...........Q..................`.......`....Paint.NET v3.5.10....C.....................................'!..%..."."%() , . /3/*2'* *...C...........*...**************************************************........0.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...;Y.g..`.i..'5.h.....7.oc..1..pOM.6...?C."...[.0...'.X...n..U[...v...5..N..w<.<EirEYw1.m.O..g..(\.L......~.......`...=:...y/%Qn....I....HC(o9..V9E.@>..V.-#..x.>.uX..-.!3I!....XG@....C....~|*..}..D.p...*8.Q.Q.()-D.m.....;..(.......#1n..w.r~....(G..k*.....}.n.B..0..i."...........F....'..M5.[.4.....K?..}..@.T[X.'..'.?Zl.....Z@q.:c...s....]j.9..)$;%.X.P..t...O....6......&I.*.....b..I.....d^c'.GR..g[B.*....._\v....,.V....yZ0N..'..T...l.4........9=....... (-.qoi....F7......S..I....^Co4.."i.8c..=._..u.*nt.1|.MFZ.:.:t..,Z.>.!...&..Qg.Yh61io$...........K...~0. .......63..PX.....{. ...n.B.@..>.1.x.m:..I.n...d..9.&i`.I`..%$.E.7/z.].O...[."72...c.....*{.y%..C.Hv........s.Z.>....C...<...Y.`s..........J..m-.o.M<kg...[FetL.Q..Z..F.7...........}q]41
<<
<<< skipped >>>
GET /img/Rulilap/bg3_us.jpg HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.tatomayey.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.0.10
Date: Wed, 09 Apr 2014 00:36:37 GMT
Content-Type: image/jpeg
Connection: keep-alive
x-amz-id-2: aobmH4YAkVEcQmZN5RXsmcjlBrcTgLfNX4Eo xJjBq1qRlSLuSiTxyiq8uu4JwIw
x-amz-request-id: FE2E9DC596DDAE9F
x-amz-meta-s3fox-filesize: 36525
x-amz-meta-s3fox-modifiedtime: 1389785629555
Last-Modified: Wed, 15 Jan 2014 11:35:18 GMT
x-amz-version-id: jYTTA8v_SMd1faiNeab09_IHAXeiDqV3
ETag: "0df5d68537b1b7fee918c0faef9cace2"
Content-Length: 36525
Accept-Ranges: bytes
......JFIF.....`.`......Exif..MM.*.................b...........j.(...........1.........rQ...........Q...........Q..................`.......`....Paint.NET v3.5.10....C.....................................'!..%..."."%() , . /3/*2'* *...C...........*...**************************************************........0.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..S.......[...K...m.....@......CZ6R...........{g.PKvD.Z-..bX..~a..O...sW9..|}........@c.....M{g..]......?.._..l.3...4.ob=.....]...=...(......*...C..VG.K..lX.....|J..........>VG..dT...c[b7h...n...Cxg\....q.m.'...~.]!.d,Fs....Z.w.j.....P.8.....~.}..<3...G.#.......k...............R`q....R............j\../k..`........:......O.\..5..ylP. ..@..FG_............dm...V...]5(..{;h.UTG.O.bz..Z.s...R........c.W.n..\F%.f}..~x.. ...&.l...2..M....[._z...u2T....>.,Eq..U.v.m..?...U2^B....J....FE.......P.u.).,.......\..R@.p.0=y...x.....t%.d..K..R1....k.....m</"x...K.....I...\.....ug.>{.......... .N.fU.$....E..@3..m.R.<.a.i..h.g*}..w~.....Z.O..".,w\...-fQ.\6~|.1.?.Z.....g].i.{.h..\j.g....N.#...:.0...!R.....p..sWy./...f;q..'?Nj....oI..t....[w....S.".......$...1I.i.
<<
<<< skipped >>>
GET /img/Rulilap/bg1_ru.jpg HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.tatomayey.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.0.10
Date: Wed, 09 Apr 2014 00:36:38 GMT
Content-Type: image/jpeg
Connection: keep-alive
x-amz-id-2: SCP7Pv hqlOdruc9xq1mXK3fuGs9FNLD3K032XdkTrzchoU8MRDCDua55g9WtdF6
x-amz-request-id: CB05761740552F58
x-amz-meta-s3fox-filesize: 35554
x-amz-meta-s3fox-modifiedtime: 1386508713985
Last-Modified: Sun, 08 Dec 2013 13:19:54 GMT
x-amz-version-id: 2bjbhqOBmzpdJ.nRXR0gOs11MRgY3c8F
ETag: "dd14964fdf02d6f23a7508f5c22eba5e"
Content-Length: 35554
Accept-Ranges: bytes
......JFIF.....F.F......Exif..MM.*.................V...........^.(...........1.........f.2.........x.i...............F.......F......Paint.NET v3.5.10.2013:01:03 10:50:49............................................................(.................H.......H.......XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC hXXp://VVV.iec.ch............IEC hXXp://VVV.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................view.........._...............\.....XYZ .....L.V.P...W..meas................................sig ....CRT curv.......................#.(.-.2.7.;.@.E.J.O.T.Y.^.c.h.m.r.w.|...............................................................%. .2.8.>.E.L.R.Y.`.g.n.u.|........
<<
<<< skipped >>>
GET /img/Rulilap/bg3_ru.jpg HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.tatomayey.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.0.10
Date: Wed, 09 Apr 2014 00:36:38 GMT
Content-Type: image/jpeg
Connection: keep-alive
x-amz-id-2: 2WmDYJFWfC/kt7z0n7T79xuWz3SeMua1sSQ7jrgv5QR9wGIZuGX41S 1yMRUiMD5
x-amz-request-id: DBF045DE1F39AB1A
x-amz-meta-s3fox-filesize: 34365
x-amz-meta-s3fox-modifiedtime: 1386508755717
Last-Modified: Sun, 08 Dec 2013 13:19:54 GMT
x-amz-version-id: QETb6tdpD79RZgAimPMj2WtlXGZuYSmS
ETag: "2d59c5aa5865298c284e730094c347e5"
Content-Length: 34365
Accept-Ranges: bytes
......JFIF.....F.F......Exif..MM.*.................V...........^.(...........1.........f.2.........x.i...............F.......F......Paint.NET v3.5.10.2013:01:03 11:34:53............................................................(.................H.......H.......XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC hXXp://VVV.iec.ch............IEC hXXp://VVV.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................view.........._...............\.....XYZ .....L.V.P...W..meas................................sig ....CRT curv.......................#.(.-.2.7.;.@.E.J.O.T.Y.^.c.h.m.r.w.|...............................................................%. .2.8.>.E.L.R.Y.`.g.n.u.|........
<<
<<< skipped >>>
GET /img/Beginogo/Beginogo.jpg HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.tatomayey.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.0.10
Date: Wed, 09 Apr 2014 00:36:38 GMT
Content-Type: image/jpeg
Connection: keep-alive
x-amz-id-2: NqQeHZi7FJ/sug7bwrPjwztGRqKIjFhsiyuvQDt5adV6wIyqQf3QMy0zuJjLZunR
x-amz-request-id: 7862DBF0E0627593
x-amz-meta-s3fox-filesize: 37929
x-amz-meta-s3fox-modifiedtime: 1382011633155
Last-Modified: Thu, 17 Oct 2013 12:07:26 GMT
x-amz-version-id: 4auxrXdrV3WtxExGpU52yT107qO6gef5
ETag: "b553972dbe94b80271fa862af06388cc"
Content-Length: 37929
Accept-Ranges: bytes
......Exif..II*.................Ducky.......<.....ohXXp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:33EF7B7B3E24E311927FBCF44F044CBF" xmpMM:DocumentID="xmp.did:211C4C9C372411E3B45185D3B2B5D9C4" xmpMM:InstanceID="xmp.iid:211C4C9B372411E3B45185D3B2B5D9C4" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:5E941781F724E311B036C0E7691E1950" stRef:documentID="xmp.did:BE7256AC244A11E3A018FD60ACFE8DE2"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...................................................................................................................................................0..........................................................................................!1..AQa."2R..q...B#......r.S$..b.3.T5Uu6...Ccs4.......t.%.D.e&F7(8......................!1..AQ..aq"..2......B..Rb.#..r.3CS................?...T....R|G.@...>..........O.....'.}t.j.....S.G.@...>..............R|G.B.T......>#...O..]..O..].j..>........5?.}t...#...R|G.@...>................<
<<
<<< skipped >>>
GET /img/Beginogo/Beginogo_N.jpg HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.tatomayey.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.0.10
Date: Wed, 09 Apr 2014 00:36:38 GMT
Content-Type: image/jpeg
Connection: keep-alive
x-amz-id-2: q6oYehOoI13uD2b0nClF2TZcrVOXvXr9QHDqqznmxOmzy1C 1M3SZOvwOBC5Ou4S
x-amz-request-id: EE5EA1EAD13D9AE8
x-amz-meta-s3fox-filesize: 23761
x-amz-meta-s3fox-modifiedtime: 1388991951660
Last-Modified: Mon, 06 Jan 2014 07:09:20 GMT
x-amz-version-id: sKWpUx.WhbZC1jjnYPCb8EOxx4iQ83Ua
ETag: "4de9e0eb19e81527d908efa2fe4434a1"
Content-Length: 23761
Accept-Ranges: bytes
......Exif..II*.................Ducky.......<.....ohXXp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:9B9064F37F5AE311BB22B1908A565EB5" xmpMM:DocumentID="xmp.did:62257EC2762811E39C5AB3EBCF48639C" xmpMM:InstanceID="xmp.iid:62257EC1762811E39C5AB3EBCF48639C" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:8DF15B4E0D76E3118CF1DDC511CDA77D" stRef:documentID="xmp.did:9B9064F37F5AE311BB22B1908A565EB5"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...................................................................................................................................................0..........................................................................................!1.AQa....q."2R...Uu......B.3S..4T..6V.#..br$..C...7.c%..DEe&......................!Q..1Aa.R...."3.q.2Bb.....#Sr....C............?................. u..x....T2.2g;;ts .}7.9.n ..9..f......MgKu.OT.......mN...L..v.E.!.......n"..K...qq4..F.F.b...mJM.H.V..1....i..t.F..W.$...f/M..&]...'.....*.......t.M..-D..
<<
<<< skipped >>>
GET /img/Rerarapepe/Rerarapepe3.jpg HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.tatomayey.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.0.10
Date: Wed, 09 Apr 2014 00:36:38 GMT
Content-Type: image/jpeg
Connection: keep-alive
x-amz-id-2: 1iWAdnXTLi4LFhr/yjaElZPveYHgK4mh3DnYGQ0kErju21X6Wf9H9nt4MxZadGgX
x-amz-request-id: 6FFF113497E643FA
x-amz-meta-s3fox-filesize: 15799
x-amz-meta-s3fox-modifiedtime: 1394538949746
Last-Modified: Tue, 11 Mar 2014 11:56:45 GMT
x-amz-version-id: zPl9IpmeaG3ff3qZpgvUQzMtoydG8QKH
ETag: "3e2809731062d36b6ae81e70aef3b785"
Content-Length: 15799
Accept-Ranges: bytes
......Exif..II*.................Ducky.......<.....ohXXp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:F7DDEC055CA8E311B43CF856625B69D6" xmpMM:DocumentID="xmp.did:08AEC486A91411E3A978EB316F7617DC" xmpMM:InstanceID="xmp.iid:08AEC485A91411E3A978EB316F7617DC" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:B1126B7673A8E311B43CF856625B69D6" stRef:documentID="xmp.did:F7DDEC055CA8E311B43CF856625B69D6"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...................................................................................................................................................0........................................................................................!..1A..Qaq"..2R.......r.#S.T.B.$4..3s...bCdt%U....c......................!1..AQ...aq..."2R......b3..B.r................?..J. ..U.@@@@@@@A...."... .a..... ..U.@@@A.A.]A....Dq.....p:QS...C.u.....|OZ...D<GZ...@..h.#.....E_....:......:.<GZ...A..Z*...C.u.x.......:.e..27...EwQ..z........
<<
<<< skipped >>>
GET /img/IE_logo.png HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.tatomayey.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.0.10
Date: Wed, 09 Apr 2014 00:36:38 GMT
Content-Type: image/png
Connection: keep-alive
x-amz-id-2: NxAquGDqQ/X4j 7qOQ5BOUIDaIX5GHvH8cLGooMfBPdAO3oyHGRNujr/q4xE fvq
x-amz-request-id: C0D1AD3D17666FF0
x-amz-meta-cb-modifiedtime: Thu, 21 Nov 2013 15:31:46 GMT
Last-Modified: Thu, 21 Nov 2013 15:40:00 GMT
x-amz-version-id: ULP9X2D2g9vGJo_NefwroanEdNt0Bt7c
ETag: "0866b0f3be00fd96d58f7fba54d6700d"
Content-Length: 5406
Accept-Ranges: bytes
.PNG........IHDR.............Rf.2....pHYs..........o.d...OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...........Q,......!.........{.k........>...........H3Q5...B..........@..$p....d!s.#...~<< ".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I. .6a.a.@..y..2.4..............x.....6..._-...."bb.....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<......$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?....D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/.@.4.Qh..p...U..=p..a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., .......3...!.[..b@q..S.(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._... .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).)..4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC].@C.a.a......<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<
<<< skipped >>>
GET /img/FF_logo.png HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.tatomayey.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.0.10
Date: Wed, 09 Apr 2014 00:36:38 GMT
Content-Type: image/png
Connection: keep-alive
x-amz-id-2: hIVRWCn 4KtFQ7BM8L81Fw CYNAE0Qb3ym6SU5upu9gxhaJWVEj3fLTRVjYBCNV
x-amz-request-id: A11C9AF0299E6595
x-amz-meta-cb-modifiedtime: Thu, 21 Nov 2013 15:31:45 GMT
Last-Modified: Thu, 21 Nov 2013 15:40:00 GMT
x-amz-version-id: g_t3b7eiRe5f7z2B5bSNHqt0MOq9rM5O
ETag: "6bcecb3debf7e4a0569b6a9d6e62adab"
Content-Length: 5025
Accept-Ranges: bytes
.PNG........IHDR.............Rf.2....pHYs..........o.d...OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...........Q,......!.........{.k........>...........H3Q5...B..........@..$p....d!s.#...~<< ".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I. .6a.a.@..y..2.4..............x.....6..._-...."bb.....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<......$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?....D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/.@.4.Qh..p...U..=p..a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., .......3...!.[..b@q..S.(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._... .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).)..4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC].@C.a.a......<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<
<<< skipped >>>
GET /ofr/sqlite3.cis HTTP/1.1
Range: bytes=0-197985
Accept: */*
Host: cdnus.tatomayey.com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Connection: Keep-Alive
HTTP/1.1 206 Partial Content
Server: nginx/1.4.5
Date: Wed, 09 Apr 2014 00:38:46 GMT
Content-Type: application/octet-stream
Content-Length: 197986
Connection: keep-alive
x-amz-id-2: 95jfNvqTgocjBeGm0cY1HdazEvHxPUDRrdV2DQKvxWF8x/LHP gENX18Bv0tOWIY
x-amz-request-id: D8A51A7FD03A0DEA
x-amz-meta-cb-modifiedtime: Tue, 08 Oct 2013 15:00:06 GMT
Last-Modified: Tue, 08 Oct 2013 15:04:47 GMT
x-amz-version-id: jQbkbrqtWmyTycsly3BWYbGSjaPAJVP1
ETag: "f01a40014ab59b35deb83677787e6a33"
Content-Range: bytes 0-197985/197986
CIS................C.......b.......P.........YK.....|3 ...r.g..D.AV].............#a!....2...sS.I.*k...n.J.8..y.u...8. ..[...TR...y4cv..?.MP.9-........Y.]........%..}^.g.1.n..w\...x|,....#]"f}.........J:..I..y..xPm..a&.HM...aN...".....]5Nt... ..NF..$....\|..g.k.@.O9$...D.<6{.W-gt..J.D.g&....y.......i...?.]..l..?.m..qE...x...0.4Y/./<?P..<...V...pw..a.Fs5..?{h....Gy]"...Lb..Sl...S..##n....T<%]H.=S.O.U/....H.A.Fu'.?zc_.......V.BAd'"...XU...W0.....-.................C.c.V..4.....r...|S3.)...<.]......"S{...........CoE...h...U......._.G"o....G.F\<6............Y.b.-.V.;......h....?}`..y?5.a....l6C..B..z..h..ZW.......<.C.M... .T.%...9......B.@.YW..#.....!.L}...^fU.6.qC......C...5.\....l$...?..EF...cH.S...7Z.!g$...RG..}.?g.D.r.. ...|'.Sh..."....E.[..W.5...r..!z.....~c'.......$t....X&*..r.#......=...sa..R...XGa.....7...=..."....@#m_..o.J..j..{..O.......l. ..:....G..zI..e..@{.0..L....2`X..9..8...y...M>.tq>D.."...H5..V.l~^e5h.6:.Wu.Y....f)Ln.y..ZoM.,b~.r.p.]c..>`..f..?.t...]\..4.p....WJS(x..3.Zp...%`f..bO.v.(s.F_ .5.`..O...)6z..d.PrpI.8sMsP.aM. ]c.#.w=o#....Z.#.%,....h..<...i.)..9n....W..s{i.......i?.(?.....TP".1..`~u....sF)./'...#.Xu.....Rp.x.u...=..F.k....O..%.w..~@.6..g...,..Yr...{/..~A.?.... ....._2......."o_>..J.6H.@V.t.$. ...Nw.~."..T.f.a...B...:....R.6....l.V]..! .Bt....cY.-.,...... W(..o?>.B..7..j.0.....Vb..Db....G.pa.E.9.>..q....R....E....v.X.....R.....W<.c..].. ......w.z..eq...$./.\_>r.5".... I._n\O".t.."....F.....S.'.K.Z..-C.{.&<sM......O...Y....9..c....9;..)&6eC.
<<
<<< skipped >>>
HEAD /ofr/sqlite3.cis HTTP/1.1
Accept: */*
Host: cdneu.tatomayey.com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.0.10
Date: Wed, 09 Apr 2014 00:36:37 GMT
Content-Type: application/octet-stream
Connection: keep-alive
x-amz-id-2: yGuRl4hzCY vJFRqopdFIVFE8fxxW52PDjuhdNJJaPBgviiZOoqbOWShBe1DZdLb
x-amz-request-id: 0C1DFD26007CE165
x-amz-meta-cb-modifiedtime: Tue, 08 Oct 2013 15:00:06 GMT
Last-Modified: Tue, 08 Oct 2013 15:04:47 GMT
x-amz-version-id: jQbkbrqtWmyTycsly3BWYbGSjaPAJVP1
ETag: "f01a40014ab59b35deb83677787e6a33"
Content-Length: 197986
Accept-Ranges: bytes
GET /ofr/sqlite3.cis HTTP/1.1
Range: bytes=102400-197985
Accept: */*
Host: cdneu.tatomayey.com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Connection: Keep-Alive
HTTP/1.1 206 Partial Content
Server: nginx/1.0.10
Date: Wed, 09 Apr 2014 00:36:38 GMT
Content-Type: application/octet-stream
Content-Length: 95586
Connection: keep-alive
x-amz-id-2: yGuRl4hzCY vJFRqopdFIVFE8fxxW52PDjuhdNJJaPBgviiZOoqbOWShBe1DZdLb
x-amz-request-id: 0C1DFD26007CE165
x-amz-meta-cb-modifiedtime: Tue, 08 Oct 2013 15:00:06 GMT
Last-Modified: Tue, 08 Oct 2013 15:04:47 GMT
x-amz-version-id: jQbkbrqtWmyTycsly3BWYbGSjaPAJVP1
ETag: "f01a40014ab59b35deb83677787e6a33"
Content-Range: bytes 102400-197985/197986
..."jM~1{..1J...T..q.R......F.hx.}.....W...o..u...d..C .q.'T..?@N._.z~....:.I...n..p*....9O&..s.|o..g...%...$.U..n-..}......./.....\..#..y...7Y<g...(#.....w].[.3....$f.C......MF.w..&.... ..;.u.g.VC..~6...J%{.}.t...Df....{k. .(..].9c...Y.Q.<.T.^..\.I.-.../..>..!p.........M..e..R....m...F..........:.E...S..."..J...v3)...z.f..T......1...G.0......zH.E. ...2.5...26..R.@.........2..[..\.E..o.h..u..N %.m.h.../X.!.7K[.h...1...jh....U..... G}-1......XV(.....q*.t..b...P&X.xg.......Xd....*..r`..T..=..(...4Dr....,.2..`~..Qz..N.Z.p.s.....L.......u.gz5=../.T.J..q..9...}.='O....x...........(.g....T4C.........v....9,^_.......4m.7_..<h.wB|!$....<..l.b.>.b... -.]...?...Jl...%W.4.. ..Q............f.....l.06......J.(K..4.X.n5.8E.{.g.H.....Z5..>...4..'Q5V.).._o..:.CJ.E.....W.....6.._..(......K.O..J...L...b.w.9..4...}...kE.xL............U..7$.f.....R)..;Vl.AL2..C.j...e.MA.u...Wk........?..1C..F...v,i..../.......*D....e&:.0.[.Q5..........:.....:1..D.Y..U.?-.e.2X{v...pc..K.$k.....:t.....l....rP.J4I.....Pr1.Q.~[.qT...A.-.psy..Rd....9.7........$..U.7K......g..D..U..m....n. ......}.58.T*...!.F.I.k...R...a..w..z..h.p.3i..w.....K...<..aJ.h..W.<$8.... ..3s.P..:j..K... .}@..../...W@..9..8.G.../..[/..7..(:d.;....G!.:..3.z...$v...\.=.(.q.....)a.!q....Xm...;..#.L.Z...].Q2W.....7........"...."wgM.U.#v.....*...g.5X..R.-Gk.O.]....My..* .d..\.r*..?..Y....c.'.Ie...T...go.R..q..G)...}.... .~.Cu~n..O.~S....."`....&.@.6.....-......O.D.2..9GrS..4.., .,.=..?.$ .52. Z........I.kA...#4...x..Bs..@..?..........S.."..1.x.L.J.$G.D...
<<
<<< skipped >>>
Map
Strings from Dumps
%original file name%.exe_1476:
.idata
.idata
.rdata
.rdata
P.reloc
P.reloc
P.rsrc
P.rsrc
.dll3
.dll3
kernel32.dll
kernel32.dll
.DEFAULT\Control Panel\International
.DEFAULT\Control Panel\International
File I/O error %d
File I/O error %d
lzmadecompsmall: Compressed data is corrupted (%d)
lzmadecompsmall: Compressed data is corrupted (%d)
lzmadecompsmall: %s
lzmadecompsmall: %s
LzmaDecode failed (%d)
LzmaDecode failed (%d)
shell32.dll
shell32.dll
/SL5="$%x,%d,%d,
/SL5="$%x,%d,%d,
Inno Setup Setup Data (5.5.0)
Inno Setup Setup Data (5.5.0)
Inno Setup Messages (5.5.0)
Inno Setup Messages (5.5.0)
user32.dll
user32.dll
oleaut32.dll
oleaut32.dll
advapi32.dll
advapi32.dll
RegOpenKeyExA
RegOpenKeyExA
RegCloseKey
RegCloseKey
GetWindowsDirectoryA
GetWindowsDirectoryA
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
ExitWindowsEx
ExitWindowsEx
comctl32.dll
comctl32.dll
name="JR.Inno.Setup"
name="JR.Inno.Setup"
version="1.0.0.0"
version="1.0.0.0"
name="Microsoft.Windows.Common-Controls"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
publicKeyToken="6595b64144ccf1df"
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
<windowsSettings></windowsSettings>
<windowsSettings></windowsSettings>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}" />
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}" />
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}" />
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}" />
!'%s' is not a valid integer value('%s' is not a valid floating point value
!'%s' is not a valid integer value('%s' is not a valid floating point value
'%s' is not a valid date
'%s' is not a valid date
'%s' is not a valid time!'%s' is not a valid date and time
'%s' is not a valid time!'%s' is not a valid date and time
I/O error %d
I/O error %d
Integer overflow Invalid floating point operation
Integer overflow Invalid floating point operation
Invalid pointer operation
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Invalid class typecast0Access violation at address %p. %s of address %p
Operation aborted%Exception %s in module %s at %p.
Operation aborted%Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'
No argument for format '%s'
Invalid variant operation"Variant method calls not supported
Invalid variant operation"Variant method calls not supported
External exception %x
External exception %x
%original file name%.exe_1476_rwx_00401000_00001000:
.dll3
.dll3
%original file name%.exe_1476_rwx_00900000_000A0000:
.rsrc
.rsrc
6|%x=n~0
6|%x=n~0
kernel32.dllw)
kernel32.dllw)
a.aUCNM
a.aUCNM
l.Tc_It.
l.Tc_It.
<8999940,(9999$
<8999940,(9999$
Keyw
Keyw
3%Cp)
3%Cp)
r%DnI
r%DnI
.FDiag
.FDiag
Ha=.hnY`
Ha=.hnY`
?7E(AL("%s",4),"
?7E(AL("%s",4),"
#}%c!
#}%c!
u..Qi
u..Qi
4'.Yt
4'.Yt
-i.aN&,
-i.aN&,
keysK<</pre><pre>.jw@]</pre><pre>2301654879'</pre><pre>a.thz</pre><pre>Ht.HAG</pre><pre>tLcibD.ZPo</pre><pre>%uhrskNr</pre><pre>*.*2XE</pre><pre>.dwcnh</pre><pre>nmhpjhc03.fcclJLO</pre><pre>1.2.3'</pre><pre>THttpR</pre><pre>pM.DJ?</pre><pre>}.EOtJ</pre><pre>bVsqlz3_</pre><pre>T.lLp|</pre><pre>H.NOr0</pre><pre>,zH-S.Gg</pre><pre>.IV`F</pre><pre>w'|%C</pre><pre>.FJn`</pre><pre>.H.VZ</pre><pre>Mozilla</pre><pre>\O.Rhn</pre><pre>.cjjm0).S"'b</pre><pre>.rdf'.fksd'</pre><pre>fe..js</pre><pre>nt_urlzi`</pre><pre>Q$.Xp'Q</pre><pre>HURL</pre><pre>`_Key=c</pre><pre>Da.Agt&(-</pre><pre>%dnZC</pre><pre>Uix.obk</pre><pre>_%tCp</pre><pre>msGu</pre><pre>|%F~E</pre><pre>.ke;o</pre><pre>M".rv</pre><pre>Cfg.Fw</pre><pre>.LqW]E).rG</pre><pre>I.hlpkI</pre><pre>I.dd\</pre><pre>B.ssrsko-!</pre><pre>Íd4</pre><pre>[hx.XuRR</pre><pre>HTTP_CbBXR</pre><pre>'ExeChkSum=</pre><pre>'%s' i</pre><pre>tkA.CH</pre><pre>OycC.Ej</pre><pre>2.1.0</pre><pre>%XoUa<19</pre><pre>8b8%SO</pre><pre>mGOPIPE</pre><pre>j0Ø#</pre><pre>.iGF>'</pre><pre>qah`k,.nlvcbqff,-U>o</pre><pre>z`o1caig2,.hf5b</pre><pre>J?.DD@</pre><pre>.Rh_w</pre><pre>c.cl/</pre><pre>%dh{'</pre><pre>Yi.iK</pre><pre>X.Qpv</pre><pre>.YpDEE</pre><pre>)).fy</pre><pre>:u.bW</pre><pre>[u.bu</pre><pre>*0)X/%x</pre><pre>@.GGG</pre><pre>"$ %),'8</pre><pre>"$"!(&&$' )#</pre><pre>- /*-( ,'.-</pre><pre>*/.)*72-7)</pre><pre>#-**(-#,</pre><pre>&",,/- '</pre><pre>P.reU</pre><pre>KERNEL32.DLL</pre><pre>advapi32.dll</pre><pre>comctl32.dll</pre><pre>comdlg32.dll</pre><pre>gdi32.dll</pre><pre>ole32.dll</pre><pre>oleaut32.dll</pre><pre>shell32.dll</pre><pre>URLMON.DLL</pre><pre>user32.dll</pre><pre>version.dll</pre><pre>wininet.dll</pre><pre>HtmlUIInstallerSADLL.dll</pre><pre>"GhhWurln</pre><pre>GhhWurln</pre><pre>&GhhWurln</pre><pre>rljunurln</pre><pre>GhhWurlnBbnjutisYGIvvn</pre><pre>]Y.Iv</pre><pre>LWJGhhWurlnSxejyn]YG</pre><pre>49022180-1</pre><b>%original file name%.exe_1476_rwx_009A1000_0013C000:</b><pre>kernel32.dll</pre><pre>MSWHEEL_ROLLMSG</pre><pre>MSH_WHEELSUPPORT_MSG</pre><pre>MSH_SCROLL_LINES_MSG</pre><pre>$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)</pre><pre>EVariantBadIndexError</pre><pre>htKeyword</pre><pre>EInvalidOperation</pre><pre>u%CNu</pre><pre>%s[%d]</pre><pre>%s_%d</pre><pre>.Owner</pre><pre>EInvalidGraphicOperation</pre><pre>USER32.DLL</pre><pre>comctl32.dll</pre><pre>UrlMon</pre><pre>IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")</pre><pre>JumpID("","%s")</pre><pre>TKeyEvent</pre><pre>TKeyPressEvent</pre><pre>HelpKeyword8</pre><pre>crSQLWait</pre><pre>%s (%s)</pre><pre>IMM32.DLL</pre><pre>AutoHotkeysHb</pre><pre>AutoHotkeys</pre><pre>ssHotTrack</pre><pre>TWindowState</pre><pre>poProportional</pre><pre>TWMKey</pre><pre>KeyPreview<i><pre>WindowStatetd</pre><pre>OnKeyDown</pre><pre>OnKeyPressP=</pre><pre>OnKeyUp</pre><pre>System\CurrentControlSet\Control\Keyboard Layouts\%.8x</pre><pre>vcltest3.dll</pre><pre>User32.dll</pre><pre>2301654879</pre><pre>A`bng`@ikc-4,uUxlxs-4,Ht.HA</pre><pre>Vh-0,Cd`jiVhlxwd-0,tLcibD.ZP</pre><pre>TThreadExecuter</pre><pre>TScanAllWindowsCallBackData</pre><pre>Portuguese</pre><pre>i\*.*2XE</pre><pre>i.dwcnhE</pre><pre>nmhpjhc03.fcclJL</pre><pre>i.ulzn1E</pre><pre>1.2.3</pre><pre>THttpTimeOutThread</pre><pre>THttpCallBackShell</pre><pre>Gx-21,\igh]ixyj-42,M.DJ</pre><pre>A`qjz``-0,ZkdkNgij.pc</pre><pre>Kcqjpc`-0,Aaj-1,gEdafa`.pM</pre><pre>SQL error or missing database</pre><pre>An internal logic error in SQLite</pre><pre>Operation terminated by sqlite3_interrupt()</pre><pre>Uses OS features not supported on host</pre><pre>2nd parameter to sqlite3_bind out of range</pre><pre>sqlite3_step() has another row ready</pre><pre>sqlite3_step() has finished executing</pre><pre>Unknown SQLite Error Code</pre><pre>sqlite3.dll</pre><pre>ESQLiteException</pre><pre>TSQLiteDatabase</pre><pre>TSQLiteTable</pre><pre>Error executing SQL</pre><pre>Could not prepare SQL statement</pre><pre>Error executing SQL statement</pre><pre>select [sql] from sqlite_master where [type] = 'table' and lower(name) = '</pre><pre>Could not prepare SQL statement</pre><pre>SQLite is Busy</pre><pre>https</pre><pre>t%f;u</pre><pre>SOFTWARE\Mozilla\Mozilla Firefox</pre><pre>8SQLit</pre><pre>install.rdf</pre><pre>DoSetChromeHomePage AL=</pre><pre>SELECT value FROM meta WHERE key='Default Search Provider ID'</pre><pre>SELECT short_name FROM keywords WHERE id='</pre><pre>Exception in InstallChromeExtensionRegistry:</pre><pre>manifest.json</pre><pre>UPDATE keywords SET sync_guid='</pre><pre>UPDATE keywords SET instant_url='' WHERE id=</pre><pre>keywords_backup</pre><pre>DROP TABLE keywords_backup</pre><pre>CREATE TABLE keywords_backup AS SELECT * FROM keywords ORDER BY id ASC</pre><pre>autogenerate_keyword ||</pre><pre>SELECT id || short_name || keyword || favicon_url || url || safe_for_autoreplace || originating_url || date_created || usage_count || input_encodings || show_in_default_list || suggest_url || prepopulate_id ||</pre><pre>created_by_policy || instant_url || last_modified || sync_guid</pre><pre>FROM keywords ORDER BY id ASC</pre><pre>RemoveChromeSearchProvider - cannot remove</pre><pre>DELETE from keywords WHERE short_name='</pre><pre>RemoveChromeSearchProvider - exception:</pre><pre>SELECT id FROM keywords WHERE short_name='</pre><pre>Home URL</pre><pre>Amazon.com</pre><pre>eBay.com</pre><pre>Merriam-Webster</pre><pre>Suggest URL</pre><pre>Opera Preferences version 2.0</pre><pre>; Do not edit this file while Opera is running</pre><pre>Key=c</pre><pre>Suggest URL=</pre><pre>Protocol is unsupported</pre><pre>Retrieved Filename from Url:</pre><pre>Restart attempts surpassed the maximum (</pre><pre>http://</pre><pre>New Source created, url:</pre><pre>, httpCode:</pre><pre>, url:</pre><pre>https://</pre><pre>, Url:</pre><pre>, old Url:</pre><pre>, new Url:</pre><pre>Switching suspended Server back to use; Url:</pre><pre>, HttpCode:</pre><pre>TDownloadConnection.Destroy() was called from not authorized thread (</pre><pre>HttpCode:</pre><pre>Unsupported 3xx redirect response, code:</pre><pre>HNetCfg.FwMgr</pre><pre>HNetCfg.FwAuthorizedApplication</pre><pre>]DKizHi-4,exc-1,Hc`hk-3.GI</pre><pre>6?0N2=.Lq</pre><pre>;768>1-80</pre><pre>005345000000</pre><pre>000000000000</pre><pre>000000000010</pre><pre>000000000030</pre><pre>cabinet.dll</pre><pre>Reporting failed on first attempt, second attempt is cancelled (finallizing)! Url:</pre><pre>First report attempt failed, going for second! Url:</pre><pre>The report failed! Url:</pre><pre>Successfull report, Url:</pre><pre>TUninstallExecuter</pre><pre>TUninstallExecuter can be created only once.</pre><pre>RootKey:</pre><pre>RegDelKey:</pre><pre>(FF) TUninstallExecuter.RestoreBrwAddrSearch: OpCode=</pre><pre>(FF) TUninstallExecuter.RestoreBrwSearchProvider: OpCode=</pre><pre>TUninstallExecuter.DoRun: Key=</pre><pre>CJ[hx.Xu</pre><pre>Downloading Bundles data from adServer on url:</pre><pre>BND_HTTP_CODE</pre><pre>&ExeChkSum=</pre><pre>Report main param:</pre><pre>Exclusive Execution mode is switched to:</pre><pre>Report param (pkg:</pre><pre>), exeName:</pre><pre>dwa.Err</pre><pre>dwa.State</pre><pre>dwa.ErrHistory</pre><pre>dwa.MaxSpd</pre><pre>dwa.AvgSpd</pre><pre>dwa.Time</pre><pre>dwa.HttpCode</pre><pre>dwa.PrtclCodeHistory</pre><pre>dwa.ConnCnt</pre><pre>dwa.Opt</pre><pre>dwa.Size</pre><pre>dwa.Progress</pre><pre>dwa.IsProxy</pre><pre>dwa.Restart</pre><pre>dwa.Heur</pre><pre>dwa.IsAcc</pre><pre>dwa.SrcNo</pre><pre>dwa.Url</pre><pre>GENERIC_WINDOWS</pre><pre>NO_JAR_SUPPORT</pre><pre>ole32.dll</pre><pre>olepro32.dll</pre><pre>IWebBrowser</pre><pre>IWebBrowserApp</pre><pre>IWebBrowser24J</pre><pre>TEWBWindowSetResizable</pre><pre>TEWBWindowSetLeft</pre><pre>TEWBWindowSetTop</pre><pre>TEWBWindowSetWidth</pre><pre>TEWBWindowSetHeight</pre><pre>bstrUrlContext</pre><pre>bstrUrl</pre><pre>OnWindowSetResizable</pre><pre>OnWindowSetLeft</pre><pre>OnWindowSetTop</pre><pre>OnWindowSetWidthDP</pre><pre>OnWindowSetHeight</pre><pre>grfKeyState</pre><pre>TComTargetExecEvent</pre><pre>CmdGroup</pre><pre>nCmdID</pre><pre>nCmdexecopt</pre><pre>hhctrl.ocx</pre><pre>URLMON.DLL</pre><pre>SHDOCLC.DLL</pre><pre>rcmDefault</pre><pre>rcmDebug</pre><pre>DontExecuteScripts</pre><pre>DontExecuteJava</pre><pre>DontExecuteActiveX</pre><pre>DisableUrlIfEncodingUTF8</pre><pre>EnableUrlIfEncodingUTF8</pre><pre>CheckFontSupportsCodePage</pre><pre>DisableSubmitUrlInUTF8</pre><pre>EnableSubmitUrlInUTF8</pre><pre>lpMsg</pre><pre>PMsg</pre><pre>pguidCmdGroup</pre><pre>TTranslateUrlEvent</pre><pre>pchURLIn</pre><pre>ppchURLOut</pre><pre>CmdID</pre><pre>pszUrl</pre><pre>pszUrlContext</pre><pre>szPassWord</pre><pre>ErrorUrl</pre><pre>OptionKeyPath</pre><pre>OverrideOptionKeyPath</pre><pre>OnTranslateUrl</pre><pre>OnCommandExec(g</pre><pre>'%s' is not supported.</pre><pre>TMsgEvent</pre><pre>TKeyEventEx</pre><pre>Port</pre><pre>Password</pre><pre>poPortrait</pre><pre>OnKeyDown|</pre><pre>0.750000</pre><pre>3333333</pre><pre>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent</pre><pre>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform</pre><pre>User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)</pre><pre>User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)(</pre><pre>This object does not support this method (</pre><pre>Unsupported type for Parameter with Index %d</pre><pre>Method call unsuccessful. %s (%s).</pre><pre>eiOnKeyDown</pre><pre>eiOnKeyPress</pre><pre>eiOnKeyUp</pre><pre>OnKeyPress</pre><pre>Handler with EventID = %s already exists.</pre><pre>Error on IConnectionPoint.Advise</pre><pre>Source don't have connection point for [%s]</pre><pre>JS function sync-execution failed with message:</pre><pre>] execution failed with message:</pre><pre>.html</pre><pre>MAPI32.DLL</pre><pre>LeftPopup</pre><pre>TPipeServer</pre><pre>TPipeObject</pre><pre>TPipeServerListener|</pre><pre>TPipeClientU</pre><pre>2.1.0.0</pre><pre>This exe was created with an old version of HtmlAppMaker.</pre><pre>LOG_URL</pre><pre>Log server Url is invalid:</pre><pre>Sending Log to the following Url:</pre><pre>Log Http request has failed, res:</pre><pre>irsoMsgDialog</pre><pre>irsoGetCurExePath</pre><pre>irsoJoinPath</pre><pre>irsoGetCmdLineParam</pre><pre>irsoGetCmdLineCount</pre><pre>irsoGetCmdLineIndexOf</pre><pre>irsoGetCmdLineParamValue</pre><pre>irsoGetCmdLineAll</pre><pre>irsoRegCreateKey</pre><pre>irsoRegCreateKeyTree</pre><pre>irsoRegDeleteKey</pre><pre>irsoIsRegKeyExists</pre><pre>irsoRegListKeyValues</pre><pre>irsoRegListKeyKeys</pre><pre>irsoRegSearchKeyKeys</pre><pre>irsoRegCopyKey</pre><pre>irsoHttpGetData</pre><pre>irsoHttpGetDataInThread</pre><pre>irsoLibraryExecuteProc</pre><pre>irsoLibraryExecuteProcW</pre><pre>irsoLibraryExecuteProcWithResult</pre><pre>!irsoLibraryExecuteProcWithResultW</pre><pre>irsoExecute</pre><pre>irsoIsMutexExists</pre><pre>irsoCreatePipeServer</pre><pre>irsoStopPipeServer</pre><pre>irsoSendDataToPipeServer</pre><pre>irsoGetCurExeCheckSum</pre><pre>irsoSetSQLiteDll</pre><pre>irsoGetSQLiteDll</pre><pre>TExecArgsX</pre><pre>H-4,njBdi-2,o-4,r.vY</pre><pre>iexplore.exe</pre><pre>firefox.exe</pre><pre>chrome.exe</pre><pre>safari.exe</pre><pre>opera.exe</pre><pre>PIPE_DATA</pre><pre>PIPE</pre><pre>THtmlUIExeApp</pre><pre>logurl</pre><pre>irsoExecutePackage</pre><pre>irsoReportPackageError</pre><pre>irsoReportPackageSkip</pre><pre>irsoReportPackageQuit</pre><pre>irsoReportPackageSuccess</pre><pre>irsoReportPackageInfo</pre><pre>irsoGetPackageFilenameFromHttp</pre><pre>irsoGetPackageExecExitCode</pre><pre>irsoGetPackageExecResult</pre><pre>irsoSetPackageRelProgressShare</pre><pre>irsoIsFireFoxInstalled</pre><pre>irsoIsChromeInstalled</pre><pre>irsoIsOperaInstalled</pre><pre>irsoGetFireFoxHomePage</pre><pre>irsoGetChromeHomePage</pre><pre>irsoGetOperaHomePage</pre><pre>irsoSetFireFoxHomePage</pre><pre>irsoSetChromeHomePage</pre><pre>irsoSetOperaHomePage</pre><pre>irsoSetChromeOnStartup</pre><pre>irsoAddChromeUrlToStartupPages</pre><pre>irsoGetFireFoxDefaultSP</pre><pre>irsoGetChromeDefaultSP</pre><pre>irsoGetOperaDefaultSP</pre><pre>irsoAddFireFoxDefaultSPFromXML</pre><pre>irsoAddFireFoxDefaultSP</pre><pre>irsoSetFireFoxAddressBar</pre><pre>irsoAddOperaDefaultSP</pre><pre>irsoAddChromeDefaultSP</pre><pre>irsoGetFireFoxEXE</pre><pre>irsoGetIEEXE</pre><pre>irsoGetChromeEXE</pre><pre>irsoGetOperaEXE</pre><pre>irsoGetFireFoxVer</pre><pre>irsoGetChromeVer</pre><pre>irsoGetOperaVer</pre><pre>irsoLocateSQLite</pre><pre>irsoGetFireFoxCookie</pre><pre>irsoGetChromeCookie</pre><pre>irsoIsFireFoxExtensionInstalled</pre><pre>irsoInstallFireFoxAddon</pre><pre>irsoInstallChromeAddon</pre><pre>irsoUninstallAddExeCmd</pre><pre>irsoUninstallAddOpenBrowserCmd</pre><pre>irsoUninstallAddRegistryKey</pre><pre>irsoUninstallExecute</pre><pre>irsoReportStart</pre><pre>irsoReportInfo</pre><pre>irsoSetExclusiveExec</pre><pre>isroSetReportUrl</pre><pre>An attempt to download bundle data was denied: adServer domain name must remain the same! Url:</pre><pre>Report Url changed dynamically from:</pre><pre>RepUrlChanged</pre><pre>\fuj-1,w U,P\O U,qah`k,.nlvcbqff,-U></pre><pre>TcUlue.PL</pre><pre>/UnExeFile:</pre><pre>UnExeFile</pre><pre>z`o1caig2,.hf5b Q,0cfh)914`,,34`6;ia2f=ae-3,L1</pre><pre>1.2.1</pre><pre>inflate 1.2.1 Copyright 1995-2003 Mark Adler</pre><pre>?456789:;<=</pre><pre>!"#$%&'()* ,-./0123</pre><pre>333333333333333333</pre><pre>33333833</pre><pre>3333339</pre><pre>3333333333333338</pre><pre>:*"*"$3338</pre><pre>33333333</pre><pre>33333333333</pre><pre>3333333333338</pre><pre>33338?383</pre><pre>333333333333</pre><pre>:*3:"$3338</pre><pre>333333333333333</pre><pre>.Rh_w</pre><pre>c.cl/</pre><pre>%dh{'</pre><pre>Yi.iK</pre><pre>X.Qpv</pre><pre>.YpDEE</pre><pre>g.Tdy</pre><pre>.MJCw L</pre><pre>)).fy</pre><pre>e.eVS{</pre><pre>KWindows</pre><pre>XisrWindowsEx</pre><pre>YisrUrl</pre><pre>kisrSQLiteTable3</pre><pre>isrSQLite3</pre><pre>isrSQLiteUtils</pre><pre>hisrPipes</pre><pre>HtmlUIExeApp</pre><pre>WaitNamedPipeA</pre><pre>PeekNamedPipe</pre><pre>GetWindowsDirectoryW</pre><pre>GetCPInfo</pre><pre>DisconnectNamedPipe</pre><pre>CreatePipe</pre><pre>CreateNamedPipeA</pre><pre>ConnectNamedPipe</pre><pre>RegQueryInfoKeyA</pre><pre>RegOpenKeyExW</pre><pre>RegOpenKeyExA</pre><pre>RegFlushKey</pre><pre>RegEnumKeyW</pre><pre>RegEnumKeyExA</pre><pre>RegDeleteKeyW</pre><pre>RegDeleteKeyA</pre><pre>RegCreateKeyExW</pre><pre>RegCreateKeyExA</pre><pre>RegCloseKey</pre><pre>SetViewportOrgEx</pre><pre>ShellExecuteExW</pre><pre>ShellExecuteA</pre><pre>UnhookWindowsHookEx</pre><pre>SetWindowsHookExA</pre><pre>MapVirtualKeyA</pre><pre>LoadKeyboardLayoutA</pre><pre>GetKeyboardState</pre><pre>GetKeyboardLayoutList</pre><pre>GetKeyboardLayout</pre><pre>GetKeyState</pre><pre>GetKeyNameTextA</pre><pre>GetAsyncKeyState</pre><pre>EnumWindows</pre><pre>EnumThreadWindows</pre><pre>EnumChildWindows</pre><pre>ActivateKeyboardLayout</pre><pre>GetKeyboardType</pre><pre>"$ %),'8</pre><pre>38000=344</pre><pre>&W!%C-7</pre><pre>%/ *(2'-=</pre><pre>1 0 .'7(2':</pre><pre>- /*-( ,'.-!$$$&'('/*) ,*/.)*72-7)</pre><pre>&)"%&$&'&",,/- '</pre><pre>SSSHHHK`````````````````q}</pre><pre>#)'%%'%'%</pre><pre>.idata</pre><pre>.edata</pre><pre>P.reloc</pre><pre>P.rsrc</pre><pre>P.reU</pre><pre>Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice</pre><pre>http\shell\open\command</pre><pre>PathToExe</pre><pre>mozsqlite3.dll</pre><pre>No sqlite3.dll</pre><pre>cookies.sqlite</pre><pre>"urls_to_restore_on_startup": [ ],</pre><pre>"urls_to_restore_on_startup": [ ]</pre><pre>"urls_to_restore_on_startup": [ ]</pre><pre>GetChromeDefaultSearchProviderFromDb - failed to get spid, returning default!</pre><pre>sqlGetQueryResultEx failed!</pre><pre>Opera\Opera</pre><pre>Opera</pre><pre>\operaprefs.ini</pre><pre>\profile\operaprefs.ini</pre><pre>\profile\opera6.ini</pre><pre>\opera6.ini</pre><pre>Software\Opera Software</pre><pre>locale\en\en.lng</pre><pre>\profile\search.ini</pre><pre>\search.ini</pre><pre>search.ini</pre><pre>\defaults\search.ini</pre><pre>DoRemoveOperaSearchProvider - cannot remove</pre><pre>" was sucessfully removed but references to its HexKey: "</pre><pre>TopResultURLFallback</pre><pre>FaviconURL</pre><pre>FaviconURLFallback</pre><pre>*.txt</pre><pre>.part</pre><pre>TDownloadAccelerator.Run() was ignored, since another download is currently in progress.</pre><pre>Urls:</pre><pre>Pause request ignored, servers without HTTP Range support will cause download restart.</pre><pre>The source dropped range support.</pre><pre>Uninstall\__Uninstall_.exe</pre><pre>Uninstall\uninst.dat</pre><pre>uninst.dat</pre><pre>regsvr32.exe</pre><pre>Waiting for all the ongoing reports to complete...</pre><pre>_EXEXE_</pre><pre>errorUrl</pre><pre>Registry entry removed: HtmlUI Browser object's IE7 fallback support is now enabled.</pre><pre>Failed to launch htmlUI from the following url:</pre><pre>main.html</pre><pre>Log server Url is not provided.</pre><pre>Log Http request has timed out.</pre><pre>Remote mask loading is currently not supported. mask:</pre><pre>Please login as administrator and try again.</pre><pre>Installer Account Name altered after at least one report already sent.</pre><pre>isroSetReportUrl() was ignored due to lack of Privelege Mode.</pre><pre>Installer Report Url changed after at least one report already sent.</pre><pre>.Uninstall\</pre><pre>No help found for %s#No context-sensitive help installed$No topic-based help system installed</pre><pre>OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters</pre><pre>OLE error %.8x%License information for %s is invalidPLicense information for %s not found. You cannot use this control in design modeNUnable to retrieve a pointer to a running object registered with OLE for %s/%s</pre><pre>Alt Clipboard does not support Icons/Menu '%s' is already being used by another form</pre><pre>!Control '%s' has no parent window</pre><pre>Metafile is not valid!Cannot change the size of an icon Invalid operation on TOleGraphic</pre><pre>Unsupported clipboard format</pre><pre>Invalid data type for '%s' List capacity out of bounds (%d)</pre><pre>List count out of bounds (%d)</pre><pre>List index out of bounds (%d) Out of memory while expanding memory stream</pre><pre>Error reading %s%s%s: %s</pre><pre>Failed to get data for '%s'</pre><pre>Failed to set data for '%s'</pre><pre>Resource %s not found</pre><pre>%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group</pre><pre>Property %s does not exist</pre><pre>Cannot assign a %s to a %s</pre><pre>Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread</pre><pre>Class %s not found</pre><pre>A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates</pre><pre>Cannot create file %s</pre><pre>Cannot open file %s</pre><pre>Invalid stream format$''%s'' is not a valid component name</pre><pre>Ancestor for '%s' not found</pre><pre>External exception %x</pre><pre>Interface not supported</pre><pre>%s (%s, line %d)</pre><pre>Abstract Error?Access violation at address %p in module '%s'. %s of address %p</pre><pre>System Error. Code: %d.</pre><pre>Invalid variant operation!Invalid variant operation ($%.8x)</pre><pre>Variant is not an array5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)</pre><pre>Operation not supported</pre><pre>Integer overflow Invalid floating point operation</pre><pre>Invalid pointer operation</pre><pre>Invalid class typecast0Access violation at address %p. %s of address %p</pre><pre>Privileged instruction(Exception %s in module %s at %p.</pre><pre>Application Error1Format '%s' invalid or incompatible with argument</pre><pre>No argument for format '%s'"Variant method calls not supported</pre><pre>!'%s' is not a valid integer value('%s' is not a valid floating point value"'%s' is not a valid currency value!'%g' is not a valid date and time</pre><pre>'%s' is not a valid GUID value</pre><pre>I/O error %d</pre></i></pre>