Trojan-Downloader.Win32.Moure.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)Behaviour: Trojan-Downloader, Trojan
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: ab7973eb5f9af4e9e65e63b9a82c42c4
SHA1: e6317815e6c8b0bad87a0600d8c8262131f254cd
SHA256: e4913037e0bce3301be39039f541dec2d034ba829f12b49b906289cc4d9d01cb
SSDeep: 49152:ZuuE7AnqIxGrGYyZa/tgrYJUGfZC3wA6EylfwEaFWd:7E7AqrlyutLxC3sEwwMd
Size: 2383432 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: Sogou.com Inc.
Created at: 2016-04-18 16:10:46
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan-Downloader. Trojan program, which downloads files from the Internet without user's notice and executes them.
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan-Downloader creates the following process(es):
ThunderFW.exe:1064
UpdateService.exe:832
UpdateService.exe:1364
ExternalApp.exe:404
minidownload.exe:224
regsvr32.exe:1688
%original file name%.exe:1432
MiniTPFw.exe:976
The Trojan-Downloader injects its code into the following process(es):
SogouSoftware.exe:1416
MiniThunderPlatform.exe:968
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process SogouSoftware.exe:1416 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\link[4].png (392 bytes)
%Documents and Settings%\%current user%\Application Data\SogouSoftware\data\cache\LocalInfo.xml (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\SogouSoftwareExternalApp[1].exe (1090658 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\recommend[1].css (145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ie-css3[1].htc (5022 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\link[2].png (2435 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\link[5].png (3175 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ie-css3[1].htc (1012 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SuiteDownloader20160222153349.exe (119919 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\381427456234840[1].jpg (17344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\link[3].png (6116 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\link[1].jpg (5873 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\link[4].png (13048 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\link[1].png (8672 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\link[2].png (2535 bytes)
%Documents and Settings%\%current user%\Application Data\SogouSoftware\data\cache\PCID.xml (685 bytes)
%Documents and Settings%\%current user%\Application Data\SogouSoftware\data\sogousoftware.db (149 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\loading[1].gif (568 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\scroll[1].js (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\link[2].png (2730 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[1].txt (494 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\link[1].png (1789 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jquery-1.7.2.min[1].js (37173 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\link[1].png (9045 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\link[3].png (3359 bytes)
%Documents and Settings%\%current user%\Application Data\SogouSoftware\data\cache\SilentParaReponse.xml (97 bytes)
%Documents and Settings%\%current user%\Application Data\-5561624350552157631_4848.png (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\741430117543639[1].png (22604 bytes)
%Documents and Settings%\%current user%\Application Data\SogouSoftware\data\sogousoftware.db-journal (86 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\jquery-1.11.1.min[1].js (41557 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\link[1].png (5635 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ranking-ico[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ranking[1].css (73 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SG.jpeg (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\link[2].png (2009 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\link[4].png (776 bytes)
%Documents and Settings%\%current user%\Application Data\SogouSoftware\data\cache\NewVersionReponse.xml (1 bytes)
%Program Files%\SogouSoftware\tmp\ExternalApp.exe (684687 bytes)
%Documents and Settings%\%current user%\Application Data\SogouSoftware\data\cache\OnlineIconReponse.xml (359 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (964 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CC1430117533187[1].png (15244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\10344[1].jpg (628 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\link[3].png (1420 bytes)
%Documents and Settings%\%current user%\Application Data\SogouSoftware\data\cache\SoftInfo.xml (809 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\SuiteDownloader20160222153349[1].exe (249517 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ranking-ico[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
The Trojan-Downloader deletes the following file(s):
%Documents and Settings%\%current user%\Application Data\SogouSoftware\data\sogousoftware.db-journal (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\link[2].png (0 bytes)
%Program Files%\SogouSoftware\tmp\ExternalApp.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ie-css3[1].htc (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ranking-ico[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\link[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\link[1].png (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ranking-ico[1].png (0 bytes)
The process ExternalApp.exe:404 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\menu_item.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\search_bar_act.png (17 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\beginbtn.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\install_driver.gif (1568 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\ins_progress_bk.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\ins_app2phone.png.svn-base (16 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\item_icon.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\DrvInst32\.svn\text-base\DrvInst_x86.exe.svn-base (10321 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\7.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\3.0.0.0\.svn\entries (582 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\1.png.svn-base (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\1.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\logo.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\loading.gif.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\combo_simple.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\combo_simple_up.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\menu_item.png (3 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\finishbtn.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\icon_success.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\ScrollBar\.svn\text-base\scrollH.png.svn-base (909 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\uninstall_hov.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\ins_title.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\update_confirm_dlg.xml (2 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\info_icon.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\continuebtn.png (819 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\combo_sel.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\feedback_act.png (17 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\update_hand.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\phone_connected.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\combo_sel.png (347 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\item_icon_4.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\down_smt.png (3 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\menu_item.png.svn-base (3 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\button.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\ins_ready.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\follow_tip.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\update\SogouPDAInfo.sqlite3 (3624 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\phone_unconnected.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\apk.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\scroll_trs.png.svn-base (938 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\logo.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\progress_pause.png.svn-base (17448 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\setting_nor.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\ScrollBar\.svn\prop-base\scrollH.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\.svn\all-wcprops (140 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\feedback_dwn.png.svn-base (17 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\3.0.0.0\apktool.ini (44 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\bigbtn_shadow.png (3 bytes)
| &gid&unc&t&rand | |
| &downloadtype&unc&pcid&mode | |
| &gid&unc&t&rand | |
| &unc&mode | |
| &downloadtype&unc&pcid&mode | |
| &v | |
| &appname&state | |
| &u&pcid&filename | |
| &gid&unc&t&rand | |
| &gid&unc&t&bindtype&bindname&weight&scheme&rand | |
| &gid&unc&t&bindtype&bindname&weight&scheme&rand | |
| &gid&unc&t&activatetype&rand | |
| &gid&unc&t&servicestate&rand | |
| &gid&unc&t&sogousoftware&updateservice&rand | |
| &gid&unc&t&sogousoftware&updateservice&rand | |
| &gid&unc&t&tasktype&pcid&downloadtype&softname&extension&rand | |
| &gid&unc&t&bindtype&bindname&weight&scheme&rand | |
| &v | |
| &appname&state | |
| &url&r | |
| &url&r | |
| &gid&unc&t&num&rand | |
| &pageNo | |
| &url&r | |
| &url&r | |
| &url&r | |
| &url&r | |
| &url&r | |
| &url&r | |
| &url&r | |
| &url&r | |
| &url&r | |
| &url&r | |
| &url&r | |
| &url&r | |
| &url&r | |
| &url&r | |
| &gid&unc&t&rand | |
| &gid&unc&t&bindtype&bindname&weight&scheme&rand | |
| &url&r | |
| &url&r | |
| &url&r | |
| &gid&unc&t&num&rand | |
| &url&r | |
| &v | |
| &pageNo | |
| &url&r | |
| &appname&state | |
| &url&r | |
| &url&r | |
| &gid&unc&t&rand | |
| &url&r | |
| &url&r | |
| &gid&unc&t&bindtype&bindname&weight&scheme&rand | |
| &url&r | |
| &url&r | |
| &url&r | |
| &gid&unc&t&sogousoftware&updateservice&rand | |
| &gid&unc&t&tasktype&pcid&downloadtype&softname&extension&rand | |
| &downloadtype&unc&pcid&mode | |
| &u&pcid&filename | |
| &gid&unc&t&servicestate&rand | |
| &unc&mode | |
| &gid&unc&t&sogousoftware&updateservice&rand | |
| &downloadtype&unc&pcid&mode | |
| &v | |
| &gid&unc&t&activatetype&rand | |
| &gid&unc&t&bindtype&bindname&weight&scheme&rand | |
| &url&r | |
| &appname&state | |
| &url&r | |
| &gid&unc&t&rand | |
| &url&r | |
| &url&r | |
&gid&unc&t&rand
&gid&unc&t&bindtype&bindname&weight&scheme&rand
&gid&unc&t&bindtype&bindname&weight&scheme&rand
&gid&unc&t&activatetype&rand
&gid&unc&t&servicestate&rand
&gid&unc&t&sogousoftware&updateservice&rand
&gid&unc&t&sogousoftware&updateservice&rand
&gid&unc&t&tasktype&pcid&downloadtype&softname&extension&rand
&gid&unc&t&bindtype&bindname&weight&scheme&rand
&gid&unc&t&num&rand
<>
<<
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
<<<>>>
&url&r
>&<>&<<><>&<&m&h.&<&
<<<>>>
&url&r
>&<<&<<>>>>>><<<<<<>
<<<>>>
&url&r
>&<&><<>>><&<>&j..x.d..wK.J<>>>>>
<<<>>>
&url&r
&<>>&&<<>>>&&Q..a........9E.c....o...>>>
<<<>>>
&url&r
>&<&q..>&k....s...G...<<<&>>>
<<<>>>
&url&r
>&<&><>&<&<&A&><&<>&>>>
<<<>>>
&url&r
>&<<>>>&>&>&kpY.>&><>&
<<<>>>
&url&r
>&<&vM...F.&&><&>><<><&R.9..RJ.....Q
<<<>>>
&gid&unc&t&rand
<>
>>
<>&l.x4...g....m....&<&<><&&<><>&q.&T......8.W.&<<><
<<<>>>
&>
&>>
&url&r
>&<>><&<<<<>>&
<<<>>>
&url&r
>&<&><>&<&<&A&><&<>&>>>
<<<>>>
&url&r
>&<&q..>&k....s...G...<<<&>>>
<<<>>>
&url&r
>&<>>&><&>><>><&>&&
<<<>>>
&url&r
>&<<><><>&S.G.......h.><>&<><&<<
<<<>>>
&url&r
>&<<&<<>>>>>><<<<<<>
<<<>>>
&url&r
>&<>&><<&>>&&><&<
<<<>>>
&url&r
>&<&&&&&&<>>
<<<>>>
&url&r
>&<><<<><><&>&>>
<<<>>>
&downloadtype&unc&pcid&mode
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><&v><><><&appname&state><><><><><><><>
<<<>>>
&unc&mode
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
<<<>>>
&downloadtype&unc&pcid&mode
<><><><><><><><><><><><><><><><><><><><><><><><><><><><&v><><><&appname&state><><><><><><><><><><><><><><><><><><><><><><
<<<>>>
<><><><><><><><><><><><>>>
<<<>>>
<<<>>>
<<<>>>
&&>>>&&b>&&
<<<>>>
<><><><>
<><><><>
<><>
<<<>>>
<><><><><
<<<>>>
&pageNo
&&&u&pcid&filename&&
<<<>>>
<&iTXtXML:com.adobe.xmp.....<><><><><><><><><>
<&iTXtXML:com.adobe.xmp.....<><><><><><><><><><
<<<>>>
<
><&l<&<>&<&<>><>>>>
<<<>>>
&gid&unc&t&rand
<><><><><><><><><><><><><>
<<<>>>
<><><><>&&<&&&&l&&&&&&f.error&&
<<<>>>
<<<>>>
<><><><>
<<<>>>
&url&r
&<<<>>>&<<&>&T&_.y....Z.<&l.........
<<<>>>
>
>
<<
>
<
>>>>>
<<<>>>
<>
<
<><><><>
&&&u&pcid&filename&&&u
<<<>>>
<&iTXtXML:com.adobe.xmp.....<><><><><><><><><><
<<<>>>
&&D.TdE..t6..U.e.....u..F&>>>&>&>>>>
<<<>>>
&url&r
<><><><><><><><><>>><
<<<>>>
>
<<<>>>
&>&<&W.>><><&&>&>&><>
<<<>>>
<><<&&RM.F>
<<<>>>
&>&<&W.>><><&&>&>&><>
<<<>>>
&v
&appname&state
<><>
&v
&appname&state
<><>
&u&pcid&filename
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<&g
<><><><><><><><><><><><><><><><><><><>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
<<<>>>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
<<<>>>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<><><><><><><><><><><><><><><><><&partner&dl><><><><><><><><><><><><><><><><><><><><
<<<>>>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<><><>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
<<<>>>
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
<<<>>>
&softurl&u&pcid&filename&iconurl&softname&softsize&softurl&u&pcid&filename&iconurl&softname
<<<>>>
<><><><><><><><><><><><><><&v><><><&appname&state><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><&
<<<>>>
&t&gid&unc&&rand
&t&gid&unc&&rand
&t&gid&unc&rand
&t&gid&unc&rand
&appname&state
&appname&state
&unc&guid&useridbit1&useridbit2&v&t
&unc&guid&useridbit1&useridbit2&v&t