mzpefinder_pcap_file.YR, TrojanDropperVtimrun.YR (Lavasoft MAS)Behaviour: Trojan-Dropper, Trojan
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 36673e2b7c5c77f7b71cbc21a0dd9c5a
SHA1: c18abec07aea597e0b7b9453018da05f40a1a382
SHA256: 10a6a2a84bf2ae3b81287e78eff069aa331abfe2bdeaa9454c0b47c0f5d4b94a
SSDeep: 786432:Jbu/VcGXHprY6t JnjzRCjoLdjYhJI40H5m1YlPWfMX:JbutvpYpC0Z0hiQfMX
Size: 30668968 bytes
File type:
Platform:
Entropy:
PEID: UPolyXv05_v6
Company: no certificate found
Created at: no data
Analyzed on: Windows7Ada SP1 64-bit
Summary: Trojan-Dropper. Trojan program, intended for stealth installation of other malware into user's system.
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan-Dropper creates the following process(es):
TPAutoConnSvc.exe:1776
GoogleUpdate.exe:2972
GoogleUpdate.exe:2568
GoogleUpdate.exe:492
%original file name%.exe:600
setup.exe:2688
taskeng.exe:2172
39.0.2171.95_chrome_installer.exe:3348
MsiExec.exe:2252
The Trojan-Dropper injects its code into the following process(es):
%original file name%.exe:3276
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process GoogleUpdate.exe:2972 makes changes in the file system.
The Trojan-Dropper creates and/or writes to the following file(s):
%Program Files% (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\39.0.2171.95\39.0.2171.95_chrome_installer.exe (309253 bytes)
%Program Files% (x86)\Google\Update\Install\{19171A5A-1060-4B7D-86A1-49C9FF206701}\39.0.2171.95_chrome_installer.exe (327230 bytes)
The process %original file name%.exe:3276 makes changes in the file system.
The Trojan-Dropper creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\ResourceCleaner.dll (4451 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSI90FC.tmp (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\tabback (854 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\lzmaextractor.dll (452 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSI77DE.tmp (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Riot Games\League of Legends 3.0.1\install\LoL.EUW.msi (29679 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\completi (1000 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\dialog (940 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\removico (1000 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\aipackagechainer.exe (3243 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\cmdlinkarrow (864 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\LoLIconBanner.jpg_1 (802 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\Prereq.dll (3547 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\banner (374 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSI782D.tmp (1425 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CA4458E7366E94A3C3A9C1FE548B6D21_11BFDD5895E992E1D3AE9CF87B14B921 (471 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSI9552.tmp (1425 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\repairic (1000 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSI785D.tmp (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CA4458E7366E94A3C3A9C1FE548B6D21_11BFDD5895E992E1D3AE9CF87B14B921 (1592 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\insticon (1000 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\info (79 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\New (318 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSI9708.tmp (1425 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\aicustact.dll (1251 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\Up (318 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EE44ECA143B76F2B9F2A5AA75B5D1EC6_847118BE2683F0C241D1D702F3A3F5F9 (1640 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\Ashe_Background.jpg_1 (707 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\TxtUpdater.dll (3667 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\exclamic (766 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 (680 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\custicon (1000 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSI9541.tmp (1425 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSI7722.tmp (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EE44ECA143B76F2B9F2A5AA75B5D1EC6_847118BE2683F0C241D1D702F3A3F5F9 (471 bytes)
The process %original file name%.exe:600 makes changes in the file system.
The Trojan-Dropper creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Roaming\Riot Games\League of Legends\prerequisites\DXSETUP.exe (5257 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Riot Games\League of Legends\prerequisites\dxupdate.cab (1137 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Riot Games\League of Legends\prerequisites\DSETUP.dll (1137 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Riot Games\League of Legends\prerequisites\Aug2008_d3dx9_39_x86.cab (11034 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Riot Games\League of Legends\prerequisites\Aug2008_XAudio_x86.cab (2569 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Riot Games\League of Legends\prerequisites\vcredist_x64.exe (24833 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Riot Games\League of Legends\prerequisites\dxdllreg_x86.cab (47 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Riot Games\League of Legends\prerequisites\dsetup32.dll (12751 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Riot Games\League of Legends\prerequisites\Aug2008_d3dx10_39_x86.cab (8737 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Riot Games\League of Legends\prerequisites\vcredist_x86.exe (20901 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Riot Games\League of Legends\prerequisites\dxnt.cab (105063 bytes)
The process setup.exe:2688 makes changes in the file system.
The Trojan-Dropper creates and/or writes to the following file(s):
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\pdf.dll (58 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\vi.pak (637 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\lt.pak (552 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\chrome.7z (268785 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\en-GB.pak (466 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\sv.pak (514 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\chrome.dll (29434 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\mr.pak (1126 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\cs.pak (560 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\he.pak (643 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\resources.pak (64 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\default_apps\youtube.crx (47 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\default_apps\search.crx (54 bytes)
%Program Files% (x86)\Google\Chrome\Application\35.0.1916.114\default_apps (4 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\lv.pak (562 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\ru.pak (873 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\ml.pak (1457 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\default_apps\docs.crx (12 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\nl.pak (544 bytes)
%Program Files% (x86)\Google\Chrome\Application\35.0.1916.114 (8 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\fr.pak (596 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\nacl64.exe (50 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\ko.pak (568 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\de.pak (481 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\wow_helper.exe (146 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\widevinecdmadapter.dll (293 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\da.pak (506 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\chrome_elf.dll (268 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\zh-CN.pak (456 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\PepperFlash\manifest.json (6 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\default_apps\gmail.crx (48 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\39.0.2171.95.manifest (226 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\VisualElements\smalllogo.png (21 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\te.pak (1242 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\libegl.dll (423 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Extensions\external_extensions.json (103 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\tr.pak (554 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\VisualElements\splash-620x300.png (22 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\gu.pak (1104 bytes)
%Program Files% (x86)\Google\Chrome\Application\35.0.1916.114\Locales (8 bytes)
%Program Files% (x86)\Google\Chrome\Application\chrome.exe (20458 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin (4 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\ta.pak (1333 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\sk.pak (579 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\metro_driver.dll (1022 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\th.pak (1121 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\ar.pak (742 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\default_apps\drive.crx (53 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\sw.pak (471 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\secondarytile.png (641 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\pl.pak (553 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\PepperFlash\pepflashplayer.dll (63 bytes)
C:\Windows\Temp\chrome_installer.log (7903 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\chrome_200_percent.pak (50 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\delegate_execute.exe (51 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\fa.pak (793 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\el.pak (1011 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\am.pak (769 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\VisualElementsManifest.xml (400 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\en-US.pak (466 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\sl.pak (515 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\d3dcompiler_46.dll (52 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\bg.pak (922 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\sr.pak (847 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\pt-BR.pak (544 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\fi.pak (528 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\ro.pak (570 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\default_apps\external_extensions.json (5 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\zh-TW.pak (457 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\es.pak (571 bytes)
%Program Files% (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe (22234 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\ffmpegsumo.dll (50 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\ca.pak (562 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\pt-PT.pak (553 bytes)
%Program Files% (x86)\Google\Chrome\Application\39.0.2171.95\Installer\setup.exe (22234 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\bn.pak (1176 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\xinput1_3.dll (162 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\libglesv2.dll (50 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\chrome_child.dll (32644 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\icudtl.dat (59 bytes)
C:\Users\Public\Desktop\Google Chrome.lnk (6 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\ja.pak (670 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk (6 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\nacl_irt_x86_64.nexe (52 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\hr.pak (523 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\hu.pak (587 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\nb.pak (506 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\chrome.exe (1716 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\chrome_100_percent.pak (50 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\libpeerconnection.dll (51 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\ms.pak (421 bytes)
%Program Files% (x86)\Google\Chrome\Application\35.0.1916.114\VisualElements (4 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\it.pak (546 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\libexif.dll (621 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\fil.pak (570 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\hi.pak (1137 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\nacl_irt_x86_32.nexe (51 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\kn.pak (1273 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\et.pak (490 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\id.pak (505 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\uk.pak (872 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\VisualElements\logo.png (7 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\es-419.pak (561 bytes)
The process 39.0.2171.95_chrome_installer.exe:3348 makes changes in the file system.
The Trojan-Dropper creates and/or writes to the following file(s):
C:\Windows\Temp\CR_01E20.tmp\SETUP.EX_ (375 bytes)
C:\Windows\Temp\CR_01E20.tmp\setup.exe (17361 bytes)
C:\Windows\Temp\CR_01E20.tmp\CHROME.PACKED.7Z (43831 bytes)
The process MsiExec.exe:2252 makes changes in the file system.
The Trojan-Dropper creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSI90FC.tmp (94 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSI9541.tmp (303 bytes)
C:\Windows\Tasks\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}.job (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSI77DE.tmp (94 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSI785D.tmp (94 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Riot Games\League of Legends\prerequisites\vcredist_x64.exe (291 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSI9552.tmp (303 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSI9708.tmp (303 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSI782D.tmp (303 bytes)
Registry activity
The process TPAutoConnSvc.exe:1776 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\ThinPrint\TPPrnUI\NPI456AB0 (HP LaserJet Professional M1212nf MFP)#:1]
"TrayData" = "2,Tray 3, 3,Tray 2, 1,Tray 1, 4,Manual Feed, 7,Auto Select"
"FormData" = "1,2159,2794,Letter¶40,40,2086,2712, 5,2159,3556,Legal¶40,40,2086,3474, 9,2100,2970,A4¶39,39,2032,2890, 7,1842,2667,Executive¶40,40,1761,2585, 258,2159,3302,8.5 x 13 (custom)¶40,40,2086,3220, 11,1480,2100,A5¶39,39,1408,2020, 70,1050,1480,A6¶39,39,975,1399, 13,1820,2570,B5 (JIS)¶39,39,1747,2490, 264,1950,2700,16K 195x270¶39,39,1882,2620, 263,1840,2600,16K 184x260¶39,39,1761,2520, 257,1970,2730,16K 197x273¶39,39,1896,2650, 43,1000,1480,Japanese Postcard¶39,39,921,1399, 82,1480,2000,Double Japan Postcard Rotated¶39,39,1408,1919, 20,1046,2413,Envelope #10¶40,40,975,2331, 37,983,1905,Envelope Monarch¶40,40,907,1823, 34,1760,2500,Envelope B5¶39,39,1693,2420, 28,1620,2290,Envelope C5¶39,39,1544,2209, 27,1100,2200,Envelope DL¶39,39,1029,2120"
"DelAfterCreate" = "1"
[HKU\.DEFAULT\Printers\DevModes2]
"NPI456AB0 (HP LaserJet Professional M1212nf MFP)#:1" = "4E 00 50 00 49 00 34 00 35 00 36 00 41 00 42 00"
The Trojan-Dropper deletes the following registry key(s):
[HKLM\SOFTWARE\ThinPrint\TPPrnUI\NPI456AB0 (HP LaserJet Professional M1212nf MFP)#:1]
The process GoogleUpdate.exe:2972 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"ActivePingDayStartSec" = "1418803200"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\CurrentState]
"DownloadProgressPercent" = "0"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{FDA71E6F-AC4C-4A00-8B70-9958A68906BF}]
"DayOfLastRollCall" = "2907"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"LastCheckSuccess" = "1418873481"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState]
"StateValue" = "16"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{FDA71E6F-AC4C-4A00-8B70-9958A68906BF}]
"RollCallDayStartSec" = "1418803200"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"LastCheckSuccess" = "1418873526"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"RollCallDayStartSec" = "1418803200"
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"LastChecked" = "1418873481"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"pv" = "35.0.1916.153"
[HKCU\Software\Classes\Local Settings\MuiCache\2A\52C64B7E]
"LanguageList" = "en-US, en"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\CurrentState]
"InstallTimeRemainingMs" = "4294967295"
[HKCU\Software\Google\Update\proxy]
"source" = "IEWPAD"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{FDA71E6F-AC4C-4A00-8B70-9958A68906BF}]
"pv" = "35.0.1916.153"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\CurrentState]
"DownloadTimeRemainingMs" = "4294967295"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"DayOfLastActivity" = "2907"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"LastInstallerResult" = "0"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"RollCallDayStartSec" = "1418803200"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"UpdateTime" = "1418873526"
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"LastInstallerResult" = "0"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\CurrentState]
"InstallProgressPercent" = "4294967295"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"pv" = "1.3.25.11"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"RollCallDayStartSec" = "1418803200"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"DayOfLastRollCall" = "2907"
"ActivePingDayStartSec" = "1418803200"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"LastInstallerError" = "2"
[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "0"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"LastCheckSuccess" = "1418873481"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{FDA71E6F-AC4C-4A00-8B70-9958A68906BF}\CurrentState]
"StateValue" = "17"
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"LastInstallerError" = "2"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"UpdateAvailableCount" = "1"
"DayOfLastActivity" = "2907"
"DayOfLastRollCall" = "2907"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}\CurrentState]
"StateValue" = "3"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"DayOfLastRollCall" = "2907"
[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "0"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"pv" = "35.0.1916.153"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\CurrentState]
"StateValue" = "7"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"UpdateAvailableSince" = "Type: REG_QWORD, Length: 8"
The Trojan-Dropper deletes the following registry key(s):
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState]
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{FDA71E6F-AC4C-4A00-8B70-9958A68906BF}\CurrentState]
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}\CurrentState]
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\CurrentState]
The Trojan-Dropper deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"UpdateAvailableSince"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"LastInstallerSuccessLaunchCmdLine"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"LastInstallerSuccessLaunchCmdLine"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"LastInstallerExtraCode1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"UpdateAvailableCount"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"LastInstallerExtraCode1"
"LastInstallerResult"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"UpdateAvailableSince"
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"old-uid"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"InstallerError"
"LastInstallerResult"
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"uid"
"LastInstallerResultUIString"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"iid"
"LastInstallerResultUIString"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"LastInstallerError"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"UpdateAvailableCount"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"UpdateAvailableSince"
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"LastInstallerError"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"UpdateAvailableCount"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"tttoken"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"dr"
"tttoken"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"tttoken"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"InstallerResult"
The process GoogleUpdate.exe:2568 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"IsMSIHelperRegistered" = "1"
"LastStartedAU" = "1418873460"
The Trojan-Dropper deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"uid"
"old-uid"
The process GoogleUpdate.exe:492 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:
[HKCU\Software\Classes\Local Settings\MuiCache\2A\52C64B7E]
"LanguageList" = "en-US, en"
[HKCU\Software\Google\Update\proxy]
"source" = "IEWPAD"
The Trojan-Dropper deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"uid"
"old-uid"
The process %original file name%.exe:3276 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:
[HKCU\Software\Classes\Local Settings\MuiCache\29\52C64B7E]
"LanguageList" = "en-US, en"
[HKCU\Software\Caphyon\Setups]
"Advinst_F97C590466734686980C9759A741364A" = "c:\%original file name%.exe"
The process setup.exe:2688 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"ap" = "-stage:preconditions-multi-chrome-full"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"VersionMajor" = "2171"
"DisplayVersion" = "39.0.2171.95"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"InstallerExtraCode1" = "1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"NoModify" = "1"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{FDA71E6F-AC4C-4a00-8B70-9958A68906BF}]
"pv" = "39.0.2171.95"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"pv" = "39.0.2171.95"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"pv" = "39.0.2171.95"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"UninstallString" = "%Program Files% (x86)\Google\Chrome\Application\39.0.2171.95\Installer\setup.exe"
"InstallerResult" = "0"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\quick-enable-application-host]
"WebAccessible" = "1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"DisplayName" = "Google Chrome"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"UninstallArguments" = " --uninstall --multi-install --system-level"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"UninstallArguments" = " --uninstall --multi-install --chrome --system-level"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"UninstallString" = "%Program Files% (x86)\Google\Chrome\Application\39.0.2171.95\Installer\setup.exe"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\quick-enable-application-host]
"SendsPings" = "1"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{FDA71E6F-AC4C-4a00-8B70-9958A68906BF}]
"Name" = "Google Chrome App Launcher"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\query-eula-acceptance]
"RunAsUser" = "1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"UninstallString" = "%Program Files% (x86)\Google\Chrome\Application\39.0.2171.95\Installer\setup.exe --uninstall --multi-install --chrome --system-level"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"InstallerError" = "2"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"Version" = "24,0,0,0"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\query-eula-acceptance]
"WebAccessible" = "1"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"InstallerError" = "2"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"Version" = "39.0.2171.95"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"Name" = "Google Chrome"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"ap" = "-multi-chrome-full"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath" = "%Program Files% (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level --multi-install --chrome"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"InstallLocation" = "%Program Files% (x86)\Google\Chrome\Application"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"Localized Name" = "Google Chrome"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Commands\on-os-upgrade]
"CommandLine" = "%Program Files% (x86)\Google\Chrome\Application\39.0.2171.95\Installer\setup.exe --on-os-upgrade --multi-install --chrome --system-level --verbose-logging"
[HKCR\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32]
"(Default)" = "%Program Files% (x86)\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\quick-enable-application-host]
"RunAsUser" = "1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"VersionMinor" = "95"
"NoRepair" = "1"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\quick-enable-application-host]
"CommandLine" = "%Program Files% (x86)\Google\Chrome\Application\39.0.2171.95\Installer\setup.exe --multi-install --app-launcher --ensure-google-update-present"
[HKCR\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32]
"ServerExecutable" = "%Program Files% (x86)\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"DisplayIcon" = "%Program Files% (x86)\Google\Chrome\Application\chrome.exe,0"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"(Default)" = "Google Chrome"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Commands\on-os-upgrade]
"AutoRunOnOSUpgrade" = "1"
[HKCR\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}]
"(Default)" = "CommandExecuteImpl Class"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"Name" = "Google Chrome binaries"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\query-eula-acceptance]
"CommandLine" = "%Program Files% (x86)\Google\Chrome\Application\39.0.2171.95\Installer\setup.exe --query-eula-acceptance --system-level"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"Publisher" = "Google Inc."
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"IsInstalled" = "1"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"InstallerResult" = "0"
The Trojan-Dropper deletes the following registry key(s):
[HKCR\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}]
[HKCR\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32]
[HKCR\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\Programmable]
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Commands\install-extension]
The Trojan-Dropper deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"InstallerExtraCode1"
The process taskeng.exe:2172 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{46781B8F-4CD0-469B-8812-240F09039996}]
"data" = "4D 45 4F 57 01 00 00 00 E4 B7 BD 92 8B F2 A0 46"
The process 39.0.2171.95_chrome_installer.exe:3348 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"ap" = "-multi-chrome-full"
The process MsiExec.exe:2252 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:
[HKCU\Software\Riot Games AiTemp]
"{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = "/i C:\Users\"%CurrentUserName%"\AppData\Roaming\Riot Games\League of Legends 3.0.1\install\LoL.EUW.msi AI_RESUME=1 ADDLOCAL=BAEAC99E_37AC_4DB1_8AA2_D0B4B5C09ED_1,LeagueofLegends,LeagueofLegends_GameClient,D2BCE474_49DC_4169_8EFD_7CAB0921B614,F477261_82C3_4613_8028_BC4B6AA8AD37,LoLDesktopShortcut,LoLStartMenuShortcut PRIMARYFOLDER=APPDIR ROOTDRIVE=C:\ AI_PREREQFILES=C:\Users\"%CurrentUserName%"\AppData\Roaming\Riot Games\League of Legends\prerequisites\DXSETUP.exeC:\Users\"%CurrentUserName%"\AppData\Roaming\Riot Games\League of Legends\prerequisites\Aug2008_d3dx9_39_x86.cabC:\Users\"%CurrentUserName%"\AppData\Roaming\Riot Games\League of Legends\prerequisites\Aug2008_d3dx10_39_x86.cabC:\Users\"%CurrentUserName%"\AppData\Roaming\Riot Games\League of Legends\prerequisites\Aug2008_XAudio_x86.cabC:\Users\"%CurrentUserName%"\AppData\Roaming\Riot Games\League of Legends\prerequisites\DSETUP.dllC:\Users\"%CurrentUserName%"\AppData\Roaming\Riot Games\League of Legends\prerequisites\dsetup32.dllC:\Users\"%CurrentUserName%"\AppData\Roaming\Riot Games\League of Legends\prerequisites\dxdllreg_x86.cabC:\Users\"%CurrentUserName%"\AppData\Roaming\Riot CǼ"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"
To automatically run itself each time Windows is booted, the Trojan-Dropper adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = "c:\%original file name%.exe /cmdloc HKCU\Software\Riot Games AiTemp\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}"
The Trojan-Dropper deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
Dropped PE files
MD5 | File path |
---|---|
ba34c1ce9974fa02c0b19682ab683002 | c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe |
ba34c1ce9974fa02c0b19682ab683002 | c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\setup.exe |
00ccf557175b834662b75c2fe6d8c7fa | c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll |
e00de70e27713260b12b67e9bffb78eb | c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome.dll |
ac9f025d821a40f31dbffde53cc06fed | c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome_child.dll |
649aa174d5798b17439eb877b12e6fa3 | c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome_elf.dll |
c81e0c917d5db4fecd2ec3c7e2712bbf | c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\d3dcompiler_46.dll |
2a0cabdd9b4584538a1dd022a4d8fd3f | c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe |
685642623e6aaeca417301ea4ac8124b | c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll |
8216e260b703e4c7529e09223c505876 | c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll |
4d6c24c57c424023c3e14106689d2ff4 | c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libexif.dll |
0c1e0e2c32fa30370a6f8c9fca122548 | c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll |
0f02448d17b890e79ddfe3ea51a05ecc | c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libpeerconnection.dll |
0f5e27ceab632512fb72261e1cbef38b | c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\metro_driver.dll |
adf6e384f3c299240586603de60e4ba9 | c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe |
9f5f88548aff90d80a656652172f7449 | c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll |
e369fc4fd959e3294517c0fb466a55fe | c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\widevinecdmadapter.dll |
77f595dee5ffacea72b135b1fce1312e | c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\xinput1_3.dll |
205e775b4b2c165922203a390b115523 | c:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\39.0.2171.95\39.0.2171.95_chrome_installer.exe |
205e775b4b2c165922203a390b115523 | c:\Program Files (x86)\Google\Update\Install\{19171A5A-1060-4B7D-86A1-49C9FF206701}\39.0.2171.95_chrome_installer.exe |
7e7441f49c6d16c76f9e80bbb2bf65a6 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\Prereq.dll |
0811f0dede18bb068581794ba37db56d | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\ResourceCleaner.dll |
998086e5bab72ed052f43e442e833fc4 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\TxtUpdater.dll |
b051a3c68dcbf9e5b506aed6b0ef0ca8 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\aicustact.dll |
d4b474a8976f331a3847ec98d5b19d97 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\aipackagechainer.exe |
7100cbd95958d194434c3bbe99d5d0ee | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\lzmaextractor.dll |
7e7441f49c6d16c76f9e80bbb2bf65a6 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSI9708.tmp |
3a221f6a9e1a57dbb4724da320381d00 | c:\Users\"%CurrentUserName%"\AppData\Roaming\Riot Games\League of Legends\prerequisites\DSETUP.dll |
2cfd505070ee1ae30c70f1cc8b4a3b23 | c:\Users\"%CurrentUserName%"\AppData\Roaming\Riot Games\League of Legends\prerequisites\DXSETUP.exe |
1d6b292da474d3f0f780664d6883257c | c:\Users\"%CurrentUserName%"\AppData\Roaming\Riot Games\League of Legends\prerequisites\dsetup32.dll |
abde5e0a22a46434bd0df652a63fff44 | c:\Users\"%CurrentUserName%"\AppData\Roaming\Riot Games\League of Legends\prerequisites\vcredist_x64.exe |
6402438591b548121f54b0706a2c6423 | c:\Users\"%CurrentUserName%"\AppData\Roaming\Riot Games\League of Legends\prerequisites\vcredist_x86.exe |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
TPAutoConnSvc.exe:1776
GoogleUpdate.exe:2972
GoogleUpdate.exe:2568
GoogleUpdate.exe:492
%original file name%.exe:600
setup.exe:2688
taskeng.exe:2172
39.0.2171.95_chrome_installer.exe:3348
MsiExec.exe:2252 - Delete the original Trojan-Dropper file.
- Delete or disinfect the following files created/modified by the Trojan-Dropper:
%Program Files% (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\39.0.2171.95\39.0.2171.95_chrome_installer.exe (309253 bytes)
%Program Files% (x86)\Google\Update\Install\{19171A5A-1060-4B7D-86A1-49C9FF206701}\39.0.2171.95_chrome_installer.exe (327230 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\ResourceCleaner.dll (4451 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSI90FC.tmp (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\tabback (854 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\lzmaextractor.dll (452 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSI77DE.tmp (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Riot Games\League of Legends 3.0.1\install\LoL.EUW.msi (29679 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\completi (1000 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\dialog (940 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\removico (1000 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\aipackagechainer.exe (3243 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\cmdlinkarrow (864 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\LoLIconBanner.jpg_1 (802 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\Prereq.dll (3547 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\banner (374 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSI782D.tmp (1425 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CA4458E7366E94A3C3A9C1FE548B6D21_11BFDD5895E992E1D3AE9CF87B14B921 (471 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSI9552.tmp (1425 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\repairic (1000 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSI785D.tmp (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CA4458E7366E94A3C3A9C1FE548B6D21_11BFDD5895E992E1D3AE9CF87B14B921 (1592 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\insticon (1000 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\info (79 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\New (318 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSI9708.tmp (1425 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\aicustact.dll (1251 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\Up (318 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EE44ECA143B76F2B9F2A5AA75B5D1EC6_847118BE2683F0C241D1D702F3A3F5F9 (1640 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\Ashe_Background.jpg_1 (707 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\TxtUpdater.dll (3667 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\exclamic (766 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 (680 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AI_EXTUI_BIN_3276\custicon (1000 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSI9541.tmp (1425 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSI7722.tmp (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EE44ECA143B76F2B9F2A5AA75B5D1EC6_847118BE2683F0C241D1D702F3A3F5F9 (471 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Riot Games\League of Legends\prerequisites\DXSETUP.exe (5257 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Riot Games\League of Legends\prerequisites\dxupdate.cab (1137 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Riot Games\League of Legends\prerequisites\DSETUP.dll (1137 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Riot Games\League of Legends\prerequisites\Aug2008_d3dx9_39_x86.cab (11034 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Riot Games\League of Legends\prerequisites\Aug2008_XAudio_x86.cab (2569 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Riot Games\League of Legends\prerequisites\vcredist_x64.exe (24833 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Riot Games\League of Legends\prerequisites\dxdllreg_x86.cab (47 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Riot Games\League of Legends\prerequisites\dsetup32.dll (12751 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Riot Games\League of Legends\prerequisites\Aug2008_d3dx10_39_x86.cab (8737 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Riot Games\League of Legends\prerequisites\vcredist_x86.exe (20901 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Riot Games\League of Legends\prerequisites\dxnt.cab (105063 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\pdf.dll (58 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\vi.pak (637 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\lt.pak (552 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\chrome.7z (268785 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\en-GB.pak (466 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\sv.pak (514 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\chrome.dll (29434 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\mr.pak (1126 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\cs.pak (560 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\he.pak (643 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\resources.pak (64 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\default_apps\youtube.crx (47 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\default_apps\search.crx (54 bytes)
%Program Files% (x86)\Google\Chrome\Application\35.0.1916.114\default_apps (4 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\lv.pak (562 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\ru.pak (873 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\ml.pak (1457 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\default_apps\docs.crx (12 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\nl.pak (544 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\fr.pak (596 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\nacl64.exe (50 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\ko.pak (568 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\de.pak (481 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\wow_helper.exe (146 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\widevinecdmadapter.dll (293 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\da.pak (506 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\chrome_elf.dll (268 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\zh-CN.pak (456 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\PepperFlash\manifest.json (6 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\default_apps\gmail.crx (48 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\39.0.2171.95.manifest (226 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\VisualElements\smalllogo.png (21 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\te.pak (1242 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\libegl.dll (423 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Extensions\external_extensions.json (103 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\tr.pak (554 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\VisualElements\splash-620x300.png (22 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\gu.pak (1104 bytes)
%Program Files% (x86)\Google\Chrome\Application\35.0.1916.114\Locales (8 bytes)
%Program Files% (x86)\Google\Chrome\Application\chrome.exe (20458 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\ta.pak (1333 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\sk.pak (579 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\metro_driver.dll (1022 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\th.pak (1121 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\ar.pak (742 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\default_apps\drive.crx (53 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\sw.pak (471 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\secondarytile.png (641 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\pl.pak (553 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\PepperFlash\pepflashplayer.dll (63 bytes)
C:\Windows\Temp\chrome_installer.log (7903 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\chrome_200_percent.pak (50 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\delegate_execute.exe (51 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\fa.pak (793 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\el.pak (1011 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\am.pak (769 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\VisualElementsManifest.xml (400 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\en-US.pak (466 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\sl.pak (515 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\d3dcompiler_46.dll (52 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\bg.pak (922 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\sr.pak (847 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\pt-BR.pak (544 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\fi.pak (528 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\ro.pak (570 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\default_apps\external_extensions.json (5 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\zh-TW.pak (457 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\es.pak (571 bytes)
%Program Files% (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe (22234 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\ffmpegsumo.dll (50 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\ca.pak (562 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\pt-PT.pak (553 bytes)
%Program Files% (x86)\Google\Chrome\Application\39.0.2171.95\Installer\setup.exe (22234 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\bn.pak (1176 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\xinput1_3.dll (162 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\libglesv2.dll (50 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\chrome_child.dll (32644 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\icudtl.dat (59 bytes)
C:\Users\Public\Desktop\Google Chrome.lnk (6 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\ja.pak (670 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk (6 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\nacl_irt_x86_64.nexe (52 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\hr.pak (523 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\hu.pak (587 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\nb.pak (506 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\chrome.exe (1716 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\chrome_100_percent.pak (50 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\libpeerconnection.dll (51 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\ms.pak (421 bytes)
%Program Files% (x86)\Google\Chrome\Application\35.0.1916.114\VisualElements (4 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\it.pak (546 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\libexif.dll (621 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\fil.pak (570 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\hi.pak (1137 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\nacl_irt_x86_32.nexe (51 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\kn.pak (1273 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\et.pak (490 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\id.pak (505 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\uk.pak (872 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\VisualElements\logo.png (7 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source2688_6892\Chrome-bin\39.0.2171.95\Locales\es-419.pak (561 bytes)
C:\Windows\Temp\CR_01E20.tmp\SETUP.EX_ (375 bytes)
C:\Windows\Temp\CR_01E20.tmp\setup.exe (17361 bytes)
C:\Windows\Temp\CR_01E20.tmp\CHROME.PACKED.7Z (43831 bytes)
C:\Windows\Tasks\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}.job (3 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = "c:\%original file name%.exe /cmdloc HKCU\Software\Riot Games AiTemp\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
No information is available.
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Total found: 0
Network Activity
URLs
URL | IP |
---|---|
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?9f58ed40c6a18306 | |
hxxp://cs9.wac.edgecastcdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir/SSy4IxLVGLp6chnfNtyA8CEA+oSQYV1wCgviF2/cXsbb0= | |
hxxp://cs9.wac.edgecastcdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSYagvY3tfizDNoybzVSPFZmSEm0wQUe2jOKarAF75JeuHlP9an90WPNTICEAvVsLNPkJUQ8VRDHj9KlzQ= | |
hxxp://a1363.g.akamai.net/pki/crl/products/microsoftrootcert.crl | |
hxxp://a1363.g.akamai.net/pki/crl/products/WinPCA.crl | |
hxxp://a1363.g.akamai.net/pki/crl/products/MicrosoftTimeStampPCA.crl | |
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/authrootstl.cab?b26dcbe06ad1c88d | |
hxxp://redirector.c.pack.google.com/edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe | |
hxxp://r4.sn-ugpva5o-3c2e.c.pack.google.com/edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1418887884&ip=37.57.16.189&ipbits=0&mm=28&ms=nvh&mt=1418873206&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=4F0C06D0B9EE486BB492B31BDE2E8534B2687092.68CFA14FCDE608F9F518BCACEFD6ED283A4F5B0E&key=cms1 | |
hxxp://e6845.ce.akamaiedge.net/pca3.crl | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk= | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY= | |
hxxp://a1363.g.akamai.net/pki/crl/products/MicCodSigPCA_08-31-2010.crl | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= | |
hxxp://e6845.ce.akamaiedge.net/ThawtePremiumServerCA.crl | |
hxxp://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSYagvY3tfizDNoybzVSPFZmSEm0wQUe2jOKarAF75JeuHlP9an90WPNTICEAvVsLNPkJUQ8VRDHj9KlzQ= | 93.184.220.29 |
hxxp://r4---sn-ugpva5o-3c2e.c.pack.google.com/edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1418887884&ip=37.57.16.189&ipbits=0&mm=28&ms=nvh&mt=1418873206&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=4F0C06D0B9EE486BB492B31BDE2E8534B2687092.68CFA14FCDE608F9F518BCACEFD6ED283A4F5B0E&key=cms1 | 80.73.12.15 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= | 23.43.139.27 |
hxxp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl | 88.221.132.166 |
hxxp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl | 88.221.132.166 |
hxxp://crl.thawte.com/ThawtePremiumServerCA.crl | 23.43.133.163 |
hxxp://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl | 88.221.132.166 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY= | 23.43.139.27 |
hxxp://crl.microsoft.com/pki/crl/products/WinPCA.crl | 88.221.132.166 |
hxxp://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir/SSy4IxLVGLp6chnfNtyA8CEA+oSQYV1wCgviF2/cXsbb0= | 93.184.220.29 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk= | 23.43.139.27 |
hxxp://cache.pack.google.com/edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe | 173.194.122.8 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= | 23.43.139.27 |
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?9f58ed40c6a18306 | 88.221.132.207 |
hxxp://crl.verisign.com/pca3.crl | 23.43.133.163 |
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?b26dcbe06ad1c88d | 88.221.132.207 |
tools.google.com | 173.194.113.196 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=514948, public, no-transform, must-revalidate
Last-Modified: Wed, 17 Dec 2014 02:34:46 GMT
Expires: Wed, 24 Dec 2014 02:34:46 GMT
Date: Thu, 18 Dec 2014 03:32:18 GMT
Connection: keep-alive
0..........0..... .....0......0...0........6?s....V....OlL".O..20141217023446Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5.......l$.%t...............20141217023446Z....20141224023446Z0...*.H................!..4./....*Dj...$."......1.".x..C...}.o.u.-...:..V..IG.p.......G@."..~...c.....s.5sf...C;.`C.S~.....v...H..w..V...oo.z7.}C...m...8.-t..|?32.V...Q).txG.........Y.|N...l.#..;.......&.T.je.=.C?..f...T?....(.iv.})_q.....R.'0@...uW.y..8),.....J...7.............#0...0...0..........<o&S.-S..}...e.30...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at https://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA0...141205000000Z..150305235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.........{(..t....2.Vf.....&;6).i*FK....W@....F....jnb.w._p.E.6.|.mk....(..........p...........X.DF....^0N....b9.:..J. ZK.".^..\..p.'.$..JA..~QG.d.}...r...gv... f...z.#..}..J...r9h.........LI-..^.......PUD.h<.l....(n..i.....E.....2....^./Y......Y.m...'...hz..y..E..........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-24710...*.H......
<<< skipped >>>
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab?b26dcbe06ad1c88d HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 12 Mar 2014 20:20:10 GMT
If-None-Match: "0b96c77303ecf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com
HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: application/octet-stream
Last-Modified: Fri, 12 Sep 2014 18:47:05 GMT
Accept-Ranges: bytes
ETag: "805a83f2b9cecf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 56928
Date: Thu, 18 Dec 2014 03:27:59 GMT
Connection: keep-alive
MSCF....`.......,...................I.................,E.Y .authroot.stl..Y-..8..CK...<T...g.v!M.d..f.%d..}K..5..F. ...T..%.,YJ.,!T......_..x.<=O.....yy....;3..>.|..~..\.....|......;..8..~.za...."A...q.......g..m......<X........j"I........!..-w.....w....P...H..(.?}..2.N. .u..a. ...=.C..D.F>rC.. ..|).=.. ..3b.8H.M...(...u8.%...W.g...\YB.m:.....dE.........V....$....Dn:....0...S."...o..q.....K...I..K...(x%....>A.R...`.0 .........<`L0mp...%....y.....g.n...R0Op..<..,....`0$z.@..&.x"....T..H...<........~..E..".....<<.\B(.....................@.....L.........KNAy8/"...f.......k..Jm7j....R.5q....Rz..!@...].......Y.[........4.. .D8..&...t.J^O..Q.._..1.J.m5<'k.,....%T....i.\.;.;q..S./ 8.?Bu.............}D.Q....L....*..[.."e......15m..._.0.M........#..v!..<...@..?sc.y....*.....tX[........{.W4.Q...^u@..*..QP.......~.L9N....2r...4.....B..-\(...b.d...K...O.8..Un.......V.<.......A...V.....(..s..f..q.{N0.hS.,..;M.|G|.@.M.._.....7._6...C.0...A;L....%...M=Y.....f.JV.(.5.....0..?*...KZ....jM...8.6U...#...ew.?..?...........WE.Or..O>..{.'W2.........3m.O.u..Z8....H4@.w}.o:?~....]<!...%....}@.d...L.p.a.g ..K."..N1!%..S.bT.H.-.....e..`.0$...0t..DX..{.....#./...8.5..M...T.......D......V\C.zy.....3E:..>.{..).QW......q....9..n..1....8%,.........r.p@.>. ...Q.?.p..7.?..7...&..!.........`. .=....Sf..q.l.A.....L...t.}g..;...f....=.e.~.z....C..*R....H-..=...f..(t'.."....F...g._....n.J..U.4vr`}.....1..o@.....@.#...R. L8....z..].|......3..y..-./....K..6{...s.<R`.}6....?.......-..@.g..S....
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=510394, public, no-transform, must-revalidate
Last-Modified: Wed, 17 Dec 2014 01:14:37 GMT
Expires: Wed, 24 Dec 2014 01:14:37 GMT
Date: Thu, 18 Dec 2014 03:31:59 GMT
Connection: keep-alive
0..........0..... .....0......0...0........6?s....V....OlL".O..20141217011437Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5........M.s.Q~...@?j.......20141217011437Z....20141224011437Z0...*.H.............@.v..Q.[k.2......."7..".m...".=....z.C.........(....F-Q\#.....P.....;.....":W.......'(........3...r.....OB..............JV5...7X.*..QM....Uf...6.....g.p.#....98..&...<.......I.@.|../!.qT.....W..qB..o.x.^(..3.#....}.....o...Lq...Y.~...X.\.?......~..opF.u......#0...0...0..........<o&S.-S..}...e.30...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA0...141205000000Z..150305235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.........{(..t....2.Vf.....&;6).i*FK....W@....F....jnb.w._p.E.6.|.mk....(..........p...........X.DF....^0N....b9.:..J. ZK.".^..\..p.'.$..JA..~QG.d.}...r...gv... f...z.#..}..J...r9h.........LI-..^.......PUD.h<.l....(n..i.....E.....2....^./Y......Y.m...'...hz..y..E..........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-24710...*.H...
<<< skipped >>>
HEAD /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1418887884&ip=37.57.16.189&ipbits=0&mm=28&ms=nvh&mt=1418873206&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=4F0C06D0B9EE486BB492B31BDE2E8534B2687092.68CFA14FCDE608F9F518BCACEFD6ED283A4F5B0E&key=cms1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r4---sn-ugpva5o-3c2e.c.pack.google.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 40747600
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Mon, 15 Dec 2014 09:02:47 GMT
Alternate-Protocol: 80:quic,p=0.002
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
HTTP/1.1 200 OK..Accept-Ranges: bytes..Content-Length: 40747600..Content-Type: application/x-msdos-program..Etag: "4c442"..Server: downloads..Vary: *..X-Content-Type-Options: nosniff..X-Frame-Options: SAMEORIGIN..X-Xss-Protection: 1; mode=block..Date: Mon, 15 Dec 2014 09:02:47 GMT..Alternate-Protocol: 80:quic,p=0.002..Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT..Connection: keep-alive..Alternate-Protocol: 80:quic,p=0.01......
GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1418887884&ip=37.57.16.189&ipbits=0&mm=28&ms=nvh&mt=1418873206&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=4F0C06D0B9EE486BB492B31BDE2E8534B2687092.68CFA14FCDE608F9F518BCACEFD6ED283A4F5B0E&key=cms1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=0-8264
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r4---sn-ugpva5o-3c2e.c.pack.google.com
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 8265
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Mon, 15 Dec 2014 09:02:47 GMT
Alternate-Protocol: 80:quic,p=0.002
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 0-8264/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ K..A%..A%..A%..Nx..A%..A$..A%...K..A%...Y..A%..A%..A%...]..A%.Rich.A%.........PE..L....b.T.................(...Zm......-.......@....@...........................m.......n.....................................d1..P....P..pYm...........m.P<...........................................................................................text...&&.......(.................. ..`.data........@......................@....rsrc...pYm..P...Zm..,..............@..@.................................................................................................................................................................................................................................................................................................................................................................................................................................................................2...2...2...2.......2...2...2...3...3.."3...3..D3..Z3..f3..r3...3...3...3...3...3...3...3...4...4..64..B4..X4..n4...4...4...4...4...4...4...4...4...5...5..(5..>5..N5..b5..~5...5...5...5...5...5...5.......6.......................b.T........0...............{.8.A.6.9.D.3.4.5.-.D.5.6.4.-.4.6.3.c.-.A.F.F.1.-.A.6.9.D.9.E.5.3.0.F.9.6.}.....{.F.D.A.7.1.E.6.F.-.A.C.4.C.-.4.a.0.0.-.8.B.7.0.-.9.9.5.8.A.6.8.9.0.6.B.F.}.....{.8.B.A.9.8.6.D.A.-.5.1.0.0.-.4.0.5.E.-.A.A.3.5.-.8.6.F.3.4.A.0.2.A.C.B.F.}.....{.4.D.C.8.
<<< skipped >>>
GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1418887884&ip=37.57.16.189&ipbits=0&mm=28&ms=nvh&mt=1418873206&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=4F0C06D0B9EE486BB492B31BDE2E8534B2687092.68CFA14FCDE608F9F518BCACEFD6ED283A4F5B0E&key=cms1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=8265-20622
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r4---sn-ugpva5o-3c2e.c.pack.google.com
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 12358
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Mon, 15 Dec 2014 09:02:47 GMT
Alternate-Protocol: 80:quic,p=0.002
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 8265-20622/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
.S....@._[^..U........f.e..f.......V......P.....V....@...t";.s.3.....@.......P...........YYr.^..U....D...SV.....je^.M..u.......M........u..u..M........^[..3.8].t.3.F...E.P.E.P.......YYu.......P.u.f......f.............YYt..E.P. .........P......P......P.u..E.Pf......f......f.].f................u..E.f....:j.j.....@.P....@..E.P......P......P.E.P..........u..E.g......................P......P......P.............j.....@.P.....YP....@..U...M..A.f=..w... .E..P.f...w... 3.f;......].U..V.u...69E.w.2..?.U.3.;.f...v0W.E...........f.<}..@....f.<.f..E..@.f.D..A;.r._..^].U...M...t..}..t.3...f.<A.t.@.M.u.].3.].U..V.u...Wt!.}...t..U......f..AABBf..t.Ou.f!>2._^].....U...U.V.u.RV......u. .R..FP........^].U...}..SVWtH.]...tA.u..=d.@...S.p...Hx) ..<0..{..|!...P.E....pP.......YYt.NKKOy.....2._^[].U..S.]...VWt8.u...t1...3.f..t#...3.....QP.q.....YYt.G..?...0f..u.....2._^[].U...U...SVWt^f.:.tX.E....f....tC ......f...u.t"...f..t0P...7P.......YYt.FFf.<7.u.f.>.t.CC...GGf..u.3........E._^[].U..V.u...d.@..u....u..s.....YYt"........f..-t.f..t..u.Q.Q.....YYu.2.^]..M...t.......U...E....w.3.]..U..LB...f.9\t.II;.u... ........#.].U...E.V.u....u..&.P.F.....@.....^]...3.9......1.q.....@..U..QQVW...6.v.....@.3.;.u.2..eP....@.;..E.t.S.......Wh....j.WWh...@.u.....D.@......t.W.E.PS.u..}.V..8.@...Vu...<.@.2.....<.@......[_^.......1...........2.......1...........5.......2...........6...........................2...2...2...2.......2...2...2...3...3.."3...3..D3..Z3..f3..r3...3...3...3...3...3...3...3...4...4..64..B4..X4..n4...4...4
<<< skipped >>>
GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1418887884&ip=37.57.16.189&ipbits=0&mm=28&ms=nvh&mt=1418873206&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=4F0C06D0B9EE486BB492B31BDE2E8534B2687092.68CFA14FCDE608F9F518BCACEFD6ED283A4F5B0E&key=cms1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=20623-35859
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r4---sn-ugpva5o-3c2e.c.pack.google.com
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 15237
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Mon, 15 Dec 2014 09:02:47 GMT
Alternate-Protocol: 80:quic,p=0.002
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 20623-35859/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
..'....i...a....Mst..e..E{.....*d..#. ~.K.......;...s.p.=.....i....s.....H..jq.......$.`....Lt......'........;.?) .6.x|a....).%.1..........!d....^.2/.....w}x..jsqdt...b83...........?[..&...hl(..pB.0C......A.[m../....'V@...=y...6.-J....T.Ak.*....D..q..M..J.:.;...^.L.V...l. ......dp2..7c.p..... ..4\a%...V.]...A3.C|.-..e.x..[EP.HU...I.nL.....V....Zz.......}-.).k".&...n..Q%x.!,...a.D.w2.o...a.P0:......}d..D.;..]B..(....6..dv.......g...3I.Y...s.....-...........#.R.....2_.kho....6...'.......[...........*..ya.....N.K...:....g.*.q...@M.z.......(..4u.b...=7m..^]5.....A..7k..k...B|p.V5Z..........(...s...7.*......9H.e..q.."...j.....,&....a,:. 5X.....vL.d. .x_.$;/h]!.......]|..K.*.......G#..`.O.]........W.....%.8...;.U.3O.....te6q.:k..7.N.2.....0..R..U.....U....^...Y..q.....C.c...6...x.s.{...8.v|...... .G^...b..e.x.U....%..fx..|.....5).@H...:..:m.UzI5.!..._.......%"a.[.4.[.B..x....uEw`=.4....N.,......C.;.(|...M..O...uD...g..9..?.^...T9..... W*..v.....8..2.jZ.....7">.#d..F....g).$..........W..n.H}m.......\...7s.....A!...A........o?m......./.l.i..&..$..0.>..W.I......!< W:p.".4....8#..E...C...g...Df...9)?1I.7?e.ga..]].X..bl^.mRj..< ....#3.....U3....6.9...{74.........._.4....{Se.,j....| `?.&....TW..Ob.|..B........}.:\<..P.[r...q...<.%uL..` ..v..q.....:..f..wH.Z..A.y.....1.'.\./.U.......y.....e..."......h.......P...q. f.T..!.#.I..F..z..t........h..Jf..v..-=D.w.mFx0.0;....i5.v.g....y...>........ .h;...W.9.G....w.b...ya..P).....Xd....t.(C.F.'@.M ...U......d...Q..........w....I..@*$r........ ..].P.......q.X...
<<< skipped >>>
GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1418887884&ip=37.57.16.189&ipbits=0&mm=28&ms=nvh&mt=1418873206&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=4F0C06D0B9EE486BB492B31BDE2E8534B2687092.68CFA14FCDE608F9F518BCACEFD6ED283A4F5B0E&key=cms1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=35860-56860
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r4---sn-ugpva5o-3c2e.c.pack.google.com
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 21001
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Mon, 15 Dec 2014 09:02:47 GMT
Alternate-Protocol: 80:quic,p=0.002
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 35860-56860/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
... z',...5DH....J.R..~.5....i...sR....J4.=....}..(..ir...{.*h? ..Te...N\..........q]J7.u.&^X..X..8..I.T.....!7a'.:&.so......-......M..G.i.w.Y..-.js..Y..S..[...d.9.....S......#.N.@Y...!8 |m.^7............\.z.m.....M}.V..m..j..x.. .% #p.>.u ............i.(T..v.....u. Bw>.bO.(...W..k|P.-...f{.4... wL!.'....$.8..C...E..."......A...W. .....%. ......h&...... W.`.,....[.jA-........j.....c..g....<5.....@L...D......\E.y6@.o4.........f!..;.iN.w...k.f.......w. zt.|..!........i..).......L#...2 ........68m.._u................z4....Q....F..&..H.....Hq%.). ...9....r......1$...Lg@><...E`...G.....)X....p.....}.D..)..d......!.w.!b.o.#ba.s........c;f......5...5.\...^...7. .ADI.3...l...:D...6........=H....iY{*d.....T..X...%..i.O0!..o..LB..uY.$.Z... .3....2w-..&.M.:x.x&.a.",xT...'Z...}g,t_...4 .....9....O.......%F...!.`C9>.VOP......j....~Q..j(<.0.Q...m..go..5.(NB..].>[..q.2`..U......t/...8...S..b.)*.d.....b...._7....H`h....V......zs>..3,..#.l.uz......^..V%...$...&j.)...?m.Z;....x...rm.../.2.`.S{.H}...G..q`W.='..k.^H..4>......g...?...;.v_..=H..|..........K.0.G~.d...6.*....=..(..I..7.OJ*..8:B.9..Y..DR.$XzqV...........edV,..L..![.w.....z.4.T.O9.,)..b..97..$.ktGy.!....hr........8. .....NT...R..(.U.<...k.......\Ub...8ZT..&.P_oN....O.l.......&4.;..r.zOf..e.g... ....O......&.;E..{......b......K.?.....7..7G........si.b.~Z.@...$....QF.E/"..8%.6..^...&..Tw........W]..........'.jq..........4.....~<.%...p..R.;6.(z.6J.* ..-.[.... #'1CL.x`EU...vc;E..p...../.X.7..QN:;..7.....a^.(.......\.e.NFz..1~..:...k.7}.\O
<<< skipped >>>
GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1418887884&ip=37.57.16.189&ipbits=0&mm=28&ms=nvh&mt=1418873206&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=4F0C06D0B9EE486BB492B31BDE2E8534B2687092.68CFA14FCDE608F9F518BCACEFD6ED283A4F5B0E&key=cms1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=56861-77843
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r4---sn-ugpva5o-3c2e.c.pack.google.com
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 20983
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Mon, 15 Dec 2014 09:02:47 GMT
Alternate-Protocol: 80:quic,p=0.002
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 56861-77843/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
8....<.P.y.4.../g.}.e~0...;......gd=.#._.\Q'.y:HRV..m.[z.Z....R.F....Ds.....01.]S.y.....u.p 3..z]..)C]........_".....?% 3jbc=...\.6K...D.!~eur.z-.O0u...?..v..;.[c...7F...l.g7qD.~..........z'..B._.{H......$...Z._Y..#..y..%,N..;....;S...CP6.;N.m!..$G.....5.....g4.\.>GT.v.t..7..#.g.......[....U{j...c\.go.$X~N....A.IG%..'...V.Jh..U.8dq..:U..M.IU...=.O....wTm ..!..v|Ub .^..3.[.Gu..x....%....TY.... ..E7.I......Y.e3m..F....k..1u...6.x...2..i...1#..X...../'.C.....:Y.gHnH_.5.EAX.....'....S!^.S..........L.p.lT.8B...X...}.d.'5........L......4s..........V....5|..M..J.d.\Yd............}.7.H...C......{z.....a(...$...`.........?......n.q.............L.FJ..Q..Q.q....8....`5/...P.....{.~.Q..H..Kvh....q..0.wj.........)..p.....)Ep...yX..eu qsFW=..../...u]...\r-.......<\."$......Vw.(..IE......G..o.IA.IZ..#..*.`q.<X$..."v....~.7...f.../...3H..I..ga.7..v$..R...'..h.=.|>g....VR..{......B. O.......9. ......:m.%..^f..ngd^..}A..;...N|10...L.....]...-{Q.U...}.~.>........&TU<.....==.p.=.4..&..]....{..S].[/$... ..........a.o..^,.. )O.......kR...#.7.r.h......Q..16....fi.....{....kS.v...)...Ahm..ak=}A*`......yj..rBQ...e....Np.....H..D..g.;....|_5..'.....uf...>...uW..G..z..7.F...P.&m#....&~ ;!0.......)..N.....?.....6g..........#.....A..l...\o..4^d_ tD....&.~.;,...l.....I.....S..o..........4.r.pe.W.y....q=.XF.....cv@ot.=.-...u....%~%Y$UOP...s...&...k..l..z.0.-..'%.3>2...S.#]....H0...l.........^.xh.........\..r.9..8...n..c.~.L.07......sv|.."........].E%].%.u~3>f.....qL__.u........$H6W....=.E.Z%[.C..7.....m..>.^
<<< skipped >>>
GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1418887884&ip=37.57.16.189&ipbits=0&mm=28&ms=nvh&mt=1418873206&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=4F0C06D0B9EE486BB492B31BDE2E8534B2687092.68CFA14FCDE608F9F518BCACEFD6ED283A4F5B0E&key=cms1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=77844-121888
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r4---sn-ugpva5o-3c2e.c.pack.google.com
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 44045
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Mon, 15 Dec 2014 09:02:47 GMT
Alternate-Protocol: 80:quic,p=0.002
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 77844-121888/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
...|..;'.Q.j!P..]..g4.........R...~}2Mj9.E.X..7..4..*...vo@am.|..y~3..{KX...qo.....@Sv......] .?X......y.&...:..s..uU?..........%..Sw;s%~.\\.Kz.L)....D.~:....r...8.1D......V...B:@.....W.)......|wvI...#..||...o{....;.Z..I..O.d.7C.u.O.{Cz....s&..$9.'R..C...Ws.v..^.U....W..)....`.m.~.q.p.3*..................HK\......\.`......7P,...Z..w~.LE..*./...A.P.c.=..QC..b.l..3........UE.......w.p%b.MU8}...@..E.....LN.....e.&....k....#{...l.R.tY..I..U`.5....".<.P.t.&eB...P.....~..J.ib...6A..2d)#....o..?.x....$."..n.R1..< (.....\=.}.....-.9.U..PYB.O.c..)..g...a...n...w.; ..iY./(..........~....%.........KZ...Mm......<....Sk...Fha..d.Gy.0.......vY..c.<..A_S.6.'.".I.j...[6...........r..I.bu.M(..J.......]lP.m<.Q..%......"\..S..u....%ZmK,.J.5.<".C/.....<..%0....... ^Ds..v..&.1..........D.o......y..V...R-...h.F.\%K.A....].{..\]..%z..6....\3......5.....<|..q...k.u.v.Hn@..m'.....M..{.u.F.R........U..u...z..]x.t....e4......Q.....F..j.~`j..:.p...Y....y6...Q..gz..]Y......x....q.z.`.?.)8.......!....F.._.z;.tt.*.d<..#.. .T....!{=<Q.N......v...h..r....l4....X...e....Z6.7'.x.]TSY.....CYm5]..W.~..slK...O..0...f..5|oF.dr.ku@......>k9.]........U../.=.A.6....t PiJ<...8.B......4.=.*.....l7..z...A.....F...8T..s.....Sh..7..>w.Q...,e.n...].&..H.W....S.c.SN..J.....lz....A./.|`....X.^^. ..{}z6..M....@d.........a.=K.T..V.u..<.9@i..s.....=Oq.`.N~....."..D...B _6..Gfl..........'1%...2=fa~..x_w....~ne......%:.JJ......... !........Y.......n.....xR...$...q.^...s..t.wq.:2.....tn.].. .s. .)...>0.5U.e....pVI..s....x
<<< skipped >>>
GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1418887884&ip=37.57.16.189&ipbits=0&mm=28&ms=nvh&mt=1418873206&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=4F0C06D0B9EE486BB492B31BDE2E8534B2687092.68CFA14FCDE608F9F518BCACEFD6ED283A4F5B0E&key=cms1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=121889-211907
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r4---sn-ugpva5o-3c2e.c.pack.google.com
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 90019
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Mon, 15 Dec 2014 09:02:47 GMT
Alternate-Protocol: 80:quic,p=0.002
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 121889-211907/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
0@}.Is....f.M6...l;...9..~...j..,..7.g....*&L..\\G-".........<....#.....J.k.0....<>k..).q... ..........pI..N:C.....9C...{..P.....S.Sv...l. h.Tc...F.....b..aV.gZ.... 2...K'........_.........Qs..y....^Y:u........!\.yd.J.p$0.t.c4;{}.R....P...c.k-..NV...@~l.....I=..#5...&T..DR.#6!7_...~p..-.........Y.@J..e....v.9E.P....o..p....=..I....X....<.5.\.....B9..V..f......u.......m....@..N....9......y...0..%...aW .A..gv...xyBC..i.h..-..}.C9L.rl..r........D.b2..6ZLSPN...vKn1nie......w..of...-.h...5.J...E...5....9.y_.E.:.v..u..=%.W`>...x..y ../...H.}.4......Q=.:....d...~.W.. .F.n`.m.p.....3..K`g.Z?.3w.q....}.@....2.l YAc......E...Y........=8....S..a.......C.....k.1..>5F...]....K.1.~8fp..|.....&.D :!........L.....q.7t.....n`...jBDN.Z..]q....1.u.H.9c..vv.~....vuZA....[.. .wm.ws.......... ......K..8Z".........e.[.2.V../..*s.....#...............;^..m..`*F.C...'...6...d .m3.$......0pDE#.....T...v...A>.EF..(].u.M..5...T..a..5[G...v.#........U#.....F.;K.I.b.G.e.!.........]..u..}.t.....6...........c..#.}........yU.|../..|v`:....._h.H.9..Q.....E].0=k(.7....e.j[i.L..fF..ZC....>.$w..Q.........v|......g.\.lZ_V.....w..J....7.....s.a ..J..s..%#I.A.cX..D..NW..|...>V27..(^A...fx.m$.7.c..X.^...............]13...... .v.V.FS..-..9..x....?.d.*...P..(N..............1........x..:.O.s.W.h.,........|3.u@}.I...;..d.'nC @..y.........j....v..c..'0. ....7....\..T...j."..)..X.\..[.B....Y...O./....Q...a...2...H.N..i.N.0S...E.?B........r...uU...,N..v&....^t..'...H....o.............-.....W{......Ix...W{8....#.*PX..M..E....}..]..d
<<< skipped >>>
GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1418887884&ip=37.57.16.189&ipbits=0&mm=28&ms=nvh&mt=1418873206&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=4F0C06D0B9EE486BB492B31BDE2E8534B2687092.68CFA14FCDE608F9F518BCACEFD6ED283A4F5B0E&key=cms1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=211908-393058
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r4---sn-ugpva5o-3c2e.c.pack.google.com
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 181151
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Mon, 15 Dec 2014 09:02:47 GMT
Alternate-Protocol: 80:quic,p=0.002
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 211908-393058/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
*.Q...k.o...O4B.X.p.O..[.c.G...~.."...b..P7..n.$.^. .k..7w}...Mk.j.kZ..;}..%.....:...4[lx..>..8...v.....,B..x..R.. ...2.".X.[s..W@....S.ala.J.Oum..b..{G..g.IIQ.i%....Kl.Ap....yG.3..v?.?..M...zbu.b...>...DK.QA.u..n...b$S..D.../5>.h...'.f....0U..K$R.d'..-........Y o.y..E.=...=....f.......U.....S...b?.....(4...`..i.k../.:.ZGy.........E.......hK?12hZm........ejr.w.6..t....E-...s......l.D...0...F.]....A(...&rK....)v...T#.:....8......Y9...o.q..G|..2.......(.....~..2m.Jt.h.L..T."....^..K...\.qQ&<....p$....^q...a.....]#...F...o....L.~........W....8.Hf.=\r..8;.....O.n....$....).H..Mr.v.Aa\Y..].\..E......G.:..[....f.........:rB...*..0.UG7....?R9[T..~i@18...;.%..2.".&.W......RS.<Q[......M.T).....~$... z.3y..-.m{.8hJj..kx....G.L.i.$..T....D.\.bT...}.6..;}.....".4C.....NU3.$..nJg2&...Oy....U.dH.C...........cK..(.S..3... .=......p$.5....#..Yi...oY...vw..6......Q2.~xE......E._......^:..JL....S%.6e"e...6..5.$..hR......u.."...~.Q (.....xM....$Cvu..'.d.p.= ..-.....1 :..zS.Vkc.R.Q..-...4'oJ....V7Y..(...J..7,........,..".H.......e..u....zf.o....L..l...DyK9...9?.K....Lz..P3B.-*.?..j..N...*^....n.R.].EGi%.b.8...<...a.....{...........l`.....z.Z...pd....{."' .. ..;....5W...f.C..x..?..$.|..V......W..N.....K..Q.P<......._8Iw.. h@. ..|Mhb.=....m3R.........^#..... <...B.v....Y..z...e.S\r..hG..kn.L.T..7.s..m.,.....ji#.cQ.v.".(.O.=.5,$.}.6S.5"..x.A.s.6BC."h.N....vZ._...U.|C).M.O1H.H.y.{..x...@!..........I........H..W..".s..;.........G./..m...Y..B`.......Q...E.f...5}/... ^.^........O.@7-[.B4..%. 8...a)..iV.Bn...n"...X
<<< skipped >>>
GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1418887884&ip=37.57.16.189&ipbits=0&mm=28&ms=nvh&mt=1418873206&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=4F0C06D0B9EE486BB492B31BDE2E8534B2687092.68CFA14FCDE608F9F518BCACEFD6ED283A4F5B0E&key=cms1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=393059-753459
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r4---sn-ugpva5o-3c2e.c.pack.google.com
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 360401
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Mon, 15 Dec 2014 09:02:47 GMT
Alternate-Protocol: 80:quic,p=0.002
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 393059-753459/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
.C.cz.. ....c....>p.....\O.fQ6..)?.L.d...:-.%..%...,......\k./..HiBj..P..T..g.>.0.....d....fI.G.lO4...j......b.3J..s..7..i E.7[C;..q.[..................c!..<.HEV. .s.S...v....!J.....L....>mJ..$.4..>......d.2..W{."... K..)i...G..7.b....g.E..d..\.C...c.2..V.u.2..:..(e.JMF.......q.&.A@9.!wk..G.Z..5.(3.....y'.z]....G..3@\p.....>....J.J...R[##..0...,....Cz.k..T6.7@=.`.....^.......P.....c.;^6V.9....S .e...5{1....2g">.a.>.........q..!.2V.G0.ea6.B.....9l..........N.%..H.hp7.....Y$.YlOG.....Y(F..q..$\K1!.e..u.k...%...G .:.s..~..k6Xd....-Z|Yf......h....wME...yV..D.rBRtBZ.p4.R...A..%2|.t...........6..RJ..R{.... ...W.M...^S....'H..@70.A"....1..E.<..p. .{....C...o3...p...a.m&....Tz......ip.zc...|\.H..\8.t$.9.S.J..g.......v..1.7...t.J.p`x..........(u6Z...[_.On.X...r.......<a....e.}..4V8.y..j..........[" |q.........K...S.Q..(t.\.....`..{.. .W.)J@I3....^...^I.. .\.(.q..p^..m......e..2..6;..zr.-........PV(..Ccu.E`y.Q.'.XP...F.?M.N.....4j.fy.{...eB...OD...i...%.|...0.(,..A ).,.......qT...)...f..B9[PMo.@...^..v.....2.5m%~........T..v..@.Q.6.I.X&...{...&^........."tQ.bLX.*q....$X...?.........n..#.>....\t........A.....q. .3.8BS;.........D./.8.X..Z..6.v......J.}....3. ]X......S.x.B!..;r..F.._....$...<.)Z.....r.eS..E.4...S:.T.h..>V2.8.........|.g.....f..>.....w.:..5>Mon....;.....K.4r.U..(o..2.......{6p.mp.n.........?.Zn.E.GB.`.{...b.Q..0.......BbL..3........$|$,...r..%`....V.......TU}0KHM.......{..C.$9...&.Cc.v.....(..>...g-q<..o........].WI..8......1d.lbR......4.. .T)n..="}.<.s.$
<<< skipped >>>
GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1418887884&ip=37.57.16.189&ipbits=0&mm=28&ms=nvh&mt=1418873206&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=4F0C06D0B9EE486BB492B31BDE2E8534B2687092.68CFA14FCDE608F9F518BCACEFD6ED283A4F5B0E&key=cms1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=753460-1468415
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r4---sn-ugpva5o-3c2e.c.pack.google.com
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 714956
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Mon, 15 Dec 2014 09:02:47 GMT
Alternate-Protocol: 80:quic,p=0.002
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 753460-1468415/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
z.....q.......\................*.. .c#..............%.'..@R...Q4r.6....pb=..;..)...0.{xr..nTW.. .i......k{K}'_.bCd....."...NJ..cY...SR..^.c..{.lXk..og...e:.:....:.\z.V=..w....S..\QV$O....:M.,.....%..j.B..j9@.o.......X.*........e@..F8...G.'Y.^....|^3.c1..XP_]@Q.$...ZN.g}......... ....._?.{./....V;f.X...B2.|X.........v....G.,..Pa._m.]&.[uv7.<...u........d]N.........%..........b..B...T<Gy...);3.............{......F.........BS.4.B.d.M..I._A..1..y'..'=....H.Ud.B.....H...c..w...5.;..$*..........L.....Z...hZ.7.. n...f..U..l....&&h.9s...H.~...c..y..E................K,.O.^....?....R...c1.E.8...[..Ia.R.O$o[(z...0...<D.G9...E ..,|C9;. .6f]... ..C%^...@?".......Z.Ic...1..J......".9...|-.0.5.9..s...N.. '........E.k.pz...;.....n...p .x=y..dS.....@..6.GL....... w/.I...O.s.-.-...... .1d.....X.....NT..f.."L^..f*.3...)W...&.vLU..o...gg..{gq.4j.L.us.i.|..U......d.[..W"(..f...i..S.$..s.o\.^..1..du\.@.U.,..7...ST.<9...w! f.....[t.3..T.f..K.....xp....U5/z........o..'../^N.VB.....g"...b..@.F......"3).3..H..h.L.'>.4..H..0.y%..K.k...tQ...q%.]....,.....s.Q.......H.=...(>......8p.!&\..7. ..7..<...v...y...vo.0...H*..J... .;..H%q..?Is.2.......M..R...}.>.{@;.... ......-.}c.z.h).Q..C.../F...w......sq.....Zs...I.>...H.EaI...C..<...A...y..f.H;{).y..JDR..............iSdKRnYqX.,.[.....:.Jr..A...TOYB.l...SR<"J..F.V...#.?..<...nq.......#,.m...w.5.VhW....K.].a9.V......dmf..l .B;/.^..D...m>..{.s..4)..r.^.*.j......>^..(..U.0y.}.. K.&....SC".,4.-...{.. ....?.bL...~C.b...U.....].:.?0.H.J.....A.......fA*x.....B'
<<< skipped >>>
GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1418887884&ip=37.57.16.189&ipbits=0&mm=28&ms=nvh&mt=1418873206&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=4F0C06D0B9EE486BB492B31BDE2E8534B2687092.68CFA14FCDE608F9F518BCACEFD6ED283A4F5B0E&key=cms1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=1468416-2890012
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r4---sn-ugpva5o-3c2e.c.pack.google.com
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 1421597
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Mon, 15 Dec 2014 09:02:47 GMT
Alternate-Protocol: 80:quic,p=0.002
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 1468416-2890012/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
.9.#.J...3.m...F..U..p...<.Q:d..cL4....9..c>o.<.T[..ZT.Z.u.@..}.C..}....4....... z...3 .s....P0....kb.u....e..%i....m..p...@..L;T.:......P.Z./..M...K..I.Y{.~O./....t_...p...F..<...;]g..Qm...@......; g!cHL...P..Av..;.] .,.yN...h............Z..`..9.....k.......ZX..;..O.... ?...9j.Mw..L..Z.C.........}...gh..... .<{A..)..*/.d..........L..k..|..F..O.......6..P.}.....I..}~.(..8.. ..tgF>IR*q.P8...cv..b.(o............I~...........>WH(N......VX....2.,o..B#..Fl..?m z..V.F..{C......_B....m....!.).4...M*.v.j!Pk.g..D_...v.~..q...........$iY.O..w..;........u.!..L........F.$}.6.........N...B#{..<..-....Y..`....u..=..@.>.o.rq.23~[...L.J..... fy..f.S.4..2f...k....W..g......t...a....0zVv...m.R..Q6.w..i.8dI.72n.7.F.}.U.:.......X..|6....o;f......3...L....fP&..o...0]..c......<'.uh.O...7.>K./Z....wO.[...E. ..\...M...(W......\5V.r..&.W..|.........i?.........&]..E.1.UR..B...A....}a.M.L.Cu...1.&..r[..S.....=B.Vw.F..4.>b.;...s...|]..u...Q..O.:1....M...n....... ...).."........I.3..E..........,.:...8.-..s.&.3...lr].0. O...Y......}l.........D.%.17.U.L9_y..Fzut.cVN..I.V..42...b.[.T...g:N...O..l,..."6yk.".......hf....F[OGe.d.......=*......v. ...OFj.......o......!.#Tn..J.q......gz....Y.>k..@..kI........}.,.Y{...|.1..u@o.......=.MPs....#r..:Lr"ND.\5z../..K.....'..>....C.[..u...]...}-O.....E..........8&q..A..34...T.<.C.y...er...9....).......]L ...4s........./.}e[.w..0.............?<H...J....{..v......M.e..&w..........7l..{.XHRe...!.........S.=...E.../Pm..y-.h.x.u...<....S..e}{....K5*..\........
<<< skipped >>>
GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1418887884&ip=37.57.16.189&ipbits=0&mm=28&ms=nvh&mt=1418873206&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=4F0C06D0B9EE486BB492B31BDE2E8534B2687092.68CFA14FCDE608F9F518BCACEFD6ED283A4F5B0E&key=cms1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=2890013-5709720
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r4---sn-ugpva5o-3c2e.c.pack.google.com
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 2819708
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Mon, 15 Dec 2014 09:02:47 GMT
Alternate-Protocol: 80:quic,p=0.002
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 2890013-5709720/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
......n....NM...*.......bt..f..JeD@.7..;..*.....u.....0=..t.I."A.V...j.1...g..Yx`.g...U...g....j55.d... ...\.(?..Q.....a...M|>....b....Y."6.....r.%.I...{...Nk>..pR.@..<...G..."cZ......4m|-......HW.;...P.,.6. p...;....:x.m..=...xi.....\.o}.=.!..k..n1....-..o..J.v.g...~.|\...G....c..>1NcI.T[...i.d....z...X.....".>{q..8..T..bn.#..eo.7..J.k^V....,.[Qh......=..;A.gCC...u#0.;*....d>.....1..F[y.*..tY.89.JP.).._.....x9.6.w_GEVu..}.m.......S...G...i?N..Ay1...5_F.ol..p.4.b64..Z..k.!e..X.H..."..(m.?..~d.......5c\...M.(.?........;O......t....;m.......%S..n..H...c..`...."..Q.....T...<2.Qj'..(.|!A.>................9R.-v*.q~..8\.J......Z..........3v....&rN.>Dvzb\..,...i._...i................,......S....-$.c..EQ....}..JZ........ .X`..X...t........ ..Gv...ss..-... .. .i8A.CM.?/......5.i"O.K.)...g.N. E..Xx.Z..S.Vs........\.XY.O....l..)..H...\.&..{.o...D....u.^C........o..Y....x.K%C.~..E...n..W.C...}3.h...`f...3...oY,.n-.......?.Lr......._.~.....D.A.....!.Y...<...b..K...z...*.C.1..m...^....j.Xn....2.s.B..E..R...s@...:.|'K...bo...6R....2.vLz0dQ....u...3i..o5....-i.P..........P....G...<8.....R.9...^.....0l.5Rpg}x..8..8.^...e...?..o..."E..!;6.z..@..........l.0.8._.....m*..:bV..}..T.I...!]..e...U..:j5V..tzc2..6.T....'..w..W5..yv,..Tx5..E.&h.p.M&.!.9......8GW...3%.....!0G...2x..:_..:..].s.=P./p...I.P...QJ?..Dd.H...*;..Y..).....j.Q?.8C.....W\.../.z^Bt.w......QZ...A.A......z..]6...._5.P. 1..n-:....?.F>...X.BY.f.).Fa8[..3....h.2...;.oa...t/j..,.<Y...ue......_k wF.... S~.A$......r...t. :.....(....D_E
<<< skipped >>>
GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1418887884&ip=37.57.16.189&ipbits=0&mm=28&ms=nvh&mt=1418873206&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=4F0C06D0B9EE486BB492B31BDE2E8534B2687092.68CFA14FCDE608F9F518BCACEFD6ED283A4F5B0E&key=cms1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=5709721-9761708
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r4---sn-ugpva5o-3c2e.c.pack.google.com
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 4051988
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Mon, 15 Dec 2014 09:02:47 GMT
Alternate-Protocol: 80:quic,p=0.002
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 5709721-9761708/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
M.%<`.r^..f.f.*.6Y....9.;.p.....k|..c...pD....j...N..X-..?PS.O....z/.1.....9.d.O...1mr.RK.)....dl....x...G#..N.C'NE.#.3....jo..y...a....j..........6r............N.f...2..].....9c..L...NP....4.V#....v.......j.........s.5 ....?.$.......,L.'..K....8...s.".9..Ih\.N..L.,......&e.......:........... .x"..A.p..T@....]_..C..i......q..*........L~bI.......]..J.#9.-.(.3..W.R/....P9...]..6..V'.....J...={..q.]C..q.Xp....s.}Q. ......cks..nr..7Bj..k.....S....c.".F{...-....g..CZ.y...iYR....5.$z.T.W.A.-.K".....4..:h.;n7.\7...e.,.#a?..p$... ....\.D...4.n.Q..o.r.'..4.U..f...SZ. .'I...".....m.........7..0.Z...@..jFU..v.7?1.>...........c...I......<s..M...3.>8...k..6.8...y..1....X...l...........VdM..4...hI..Bb.a%f~u5.7...Q0......H.y..r...u.m....^5...sK.1^..1..H.-Y..y.(..E:.e...."...5i.....K..L^...-.....Y..t)M.........o.......K..D.....9...w....i......Sx^..}..J]....X.t.{._Vx ..h.o...>....Y.X...k.K.;...$S#.tt...\.u.6.L.L.....-....i............SD."..}#.g.)...]UN...~E.3ULL..q..H..LF..{@...'...1;_.r....Nm~....(!..f.....V.K2.G.^....6...S*...txi4x.......2.NO.....<|.k....}]D..f.r.P...n|$[.*,.....8^'.4x...!..r...:...m.}.>..>.....4.@j..I...b.._.....!.w.6by.....`./].../..d.QWy...j.-.OV(]..y.3.D.........{...7..^X.X.....I....RzU.A?..=mI."W...2.......=.....mk.7.'P..P.$.T.'W...>..._.... A.K.(..G.n....._...6S....q.|`b......@.&q...s.b.$..'. ...K/=...Q..V.....va..T7[6....G{7n..E.`m....n.BzJ..[....P.g..=.'...&...[.............q.C..:c.f.8.v'l.....rQ..t.........64DH.y....7...........2n{.)n(.`.X..:P.J..1.l..B.....IG..6\.....&.c..
<<< skipped >>>
GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1418887884&ip=37.57.16.189&ipbits=0&mm=28&ms=nvh&mt=1418873206&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=4F0C06D0B9EE486BB492B31BDE2E8534B2687092.68CFA14FCDE608F9F518BCACEFD6ED283A4F5B0E&key=cms1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=9761709-14792061
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r4---sn-ugpva5o-3c2e.c.pack.google.com
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 5030353
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Mon, 15 Dec 2014 09:02:47 GMT
Alternate-Protocol: 80:quic,p=0.002
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 9761709-14792061/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
..'...I ..Q.........>..j....#<.f;.]..J...)h..X,....K./.^;..{..^.#..J........`l...a.[72....7.....o.f.gu.5....&%....7.?S..%,..RP.@....c[.a.3.Q..[..8..../C.x._...a7..2.`9.{*>.>..)$I1.f.bXz..........f...4....a 5....;.S..*.m...<~...\...szFP.........S..........<..:>(JX....}.w.i=Gh.R...g....6-........h:X..G..p.........66F.x.L.....h.L.z........a'.1....9a}1......j...../.Gj8.i...p....be. yF.%..\.x.//b..a..@....~...M/-L.J....=..iM.....$.^.....l.Z.VJ.bQ...Gf#k......[Za].<..T.'.o.........JQ....?[.:..N....34...[=.. ..\...>c...b.y.f?....i. &.........].m/...d...l....G)..eo.......Sd.p"..J....M..Z ....)j/.......:.....wf,.I..c............Ur..-...=.-..:.......m..(....=... .v%....P..n>B....-3m....#.WHs.....]...`R....*4j.[BI7...`.oh..3E....4#.....f....Q.J....D.....l..(' W....(..M.T0......;.]\.Y.w-W....u.Ix..G}..[nF.aJ.........\1.........'vv.,&H.s..)..@..Z..I=..&8j....].$.G.b....I..u....u{DXkk.o..R...u.....\Y|.;:....(.S5...Q%Z...X|..........Y.ywD.....b.8......G.........u.LJ.-n..%D..#..W0=h..V.ia.A=............t .Y".k..@.Q.(._f.......U.f.0..i..3z.Y.H.........s....K.U.j6t..T&.IdNV..g.9p3..H.JW.U=].........VzqU.;N.k..(r.d...s....s....c.o....".Q.wS.K/.v.~ag/..J..Q....|L|........"....d........1.?..P@....~X.....e3.}.-.[..LC6....ta.x..\....'wo.:....{V..'.....[.G......{..q......x(...H.....C....x.!.....H;g..#.m.*.Y.m..x7..x..l;......Cf.C<...U...c.6E.....$..WXA........#.K.......b.....h.X....`D~W....f|.z..../dL.f.J0..hf.....;..F.K.G.f..? n......o'yT.4..-....J.......M?R4....n..!H... T.xZ.....y..p.).U......|...g{.
<<< skipped >>>
GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1418887884&ip=37.57.16.189&ipbits=0&mm=28&ms=nvh&mt=1418873206&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=4F0C06D0B9EE486BB492B31BDE2E8534B2687092.68CFA14FCDE608F9F518BCACEFD6ED283A4F5B0E&key=cms1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=14792062-20434324
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r4---sn-ugpva5o-3c2e.c.pack.google.com
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 5642263
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Mon, 15 Dec 2014 09:02:47 GMT
Alternate-Protocol: 80:quic,p=0.002
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 14792062-20434324/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
..R.z.F...x...=C.H.p..wEW.r.W....2.`..f...JJC...:q...F...>`.rq.Q".......-.*.!Y*.8..R..............y.b.@....>4`.u....VP..|X...EW/.w..%a..b..H...J,*.WD.r..yv..eg.2a... .[....w\xW.m..R..?..\.x......\.......w....1.50.....Ui<j.xq.7..,...........t.n.7B.:.....Q.....?..K.N.*.V.J......wi..M.n..$[l..7..O....rr.!.[.]..,g... G..s.../T.....].(.}t..:LTZKEs...9.>... ./.2Fi........M..s...Ts...=.$......(.H.p.!;.@v.\....&.......8f.e...aX..$i.|g..3......|..j..y.........n.|..V./......{....G.n...${_%l....cE....<:.U*d...>0.E....#*`.(&H..p.f...]....P...na;..ghX.....p.C.a.^.HkB....O.3..f>.).....TZ.\.I/.z...sN*E...iU......|].&*.......#..vK;Qu.S.S.....\.'9....Z.M.G.E..-...2..o0ko#.(..?O5..~...bN.k....*...SH,. }*..LQ.`.<..=..n(/_.u.x..3g .t....}w...3..$px..vP.> ..03?......a<.u..8.....?..@ ...C.H3M..s...n."..;..)u.T.b.................5....!...U....V..U82...!4 .~.uC.....$5p..B..7.2OV....SA>.>G. ..i*).I* ).Y._.i@.4.Bu.}vv..t...=....{...n.E(.P...5q....U....m..o.#FVN.YF9.n.i.o.......n.O..$.ZC..pCK}..2......us..X.rf...`u7..... ..3...*d..3.....{./.k.l..,...ATv....X.....;....i.......\.Y#G.....p.....V_..T~j..Ii.5......t...tX.$.Q....N...~.j./...Y...;.....A<.@..#.?.../H.X....m{h..*A.V...|........[........#.|..J..i..) .....cS.".....[...1...$.pO#..r..E....}'...........j"3#W.......y..5.=....p...h..W.....@..}...%..q.pV.|.WO[.Y..'.%;..}^8.SR.D3k)...|..M.......'Z?..s..=.&....]]~.S...U^.k....aj\..@yj............r...1..f...=.E4..K.....\..`f..&...C...F.a...f.......$^hb.E....k.L.u.6P..G......m-....n...k.=...E....4..J.E.
<<< skipped >>>
GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1418887884&ip=37.57.16.189&ipbits=0&mm=28&ms=nvh&mt=1418873206&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=4F0C06D0B9EE486BB492B31BDE2E8534B2687092.68CFA14FCDE608F9F518BCACEFD6ED283A4F5B0E&key=cms1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=20434325-26426727
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r4---sn-ugpva5o-3c2e.c.pack.google.com
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 5992403
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Mon, 15 Dec 2014 09:02:47 GMT
Alternate-Protocol: 80:quic,p=0.002
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 20434325-26426727/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
A$..M..-.......h.~....)........*..i..e....s.d...1b..z......^."...L...5lW\k7A,r8XC..Q.WvR..(.....]tE{Ju.....LC.$....k}v..' 7.........*3.t.]..z..........JR...m...V........@Z...^.6.!t.fD..z.....O3J_..r.?..`.&...'K.H..D ..i(.....w.t.......0..ai....=...Q.b...d.T..E._.#g.Y..Tw....-......VA.....8S.;.m..t8...Ec...q...x.g...q.,.=.....RLt..p.....z!iX....Mo?;..S? .Q:.&...g.rw.r...l...=...AR........_....`....@m.u...HI-....:=......o..\>q.E.._.&..6`2.d.|4X.<.wU....).G.....n1B. 3."Q..2.8.......1{]..I%'.1f...2..;....*.^,...}.......[.WC......E..n4.....q6...{YG.5_.u.6...... .. V..N.....x..@..R..Cp...!.\=o&,./.y.Z..k......g...5...4.?l....j......T...u..QG........F.\...L..../_.[.m..lR..m.M.;.....s......v...i......6..B...J..'a5x..U...^.........."....P|..!...V.f.i...wFQ../~`..d^.V.....Col.}.Bk..fOR..i...b.k..[..(mE.....7..S.o.O..r.)...~0u...~..9.........R...k...]...s.............A..s..|E.....}.dD.<....3....t..Y..-...#z.>..m...*..f..p..T....U.yK1..&.._>..R7.|AF.J..8S....}..L...@....arH..l.R...A....DD...........2.(g.(.\[w1v..Q...>...X8..W...Lo_.....K.w.t.vXT..R.*..ne.bQ.~..U...jeb.....dF.*$..........{......q=b-.Qf.. ...n..w.........t......\....F.. m.......{=6..f....p.Gg@..U.....Q....M...tV...r.......d3..#;....(..bH.......^X...55k._D..b..(.[EKR..{.E....e.w.M-E..2ig.G.@a....C.J.............V..>..\8....D..{k........8..g.|9-p..0.Dl...x.w.....f....9.x...e<....l%.a./..0..... :.6.-.18~r.7...`......g. ;.X.5$.(i...da/.E.j..B..X............cQ_(*qIHZ~.C....R...4t.gK......4...;U..e{GT......r'.1.%.d....Fj....(....."pE...o..
<<< skipped >>>
GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1418887884&ip=37.57.16.189&ipbits=0&mm=28&ms=nvh&mt=1418873206&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=4F0C06D0B9EE486BB492B31BDE2E8534B2687092.68CFA14FCDE608F9F518BCACEFD6ED283A4F5B0E&key=cms1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=26426728-32619706
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r4---sn-ugpva5o-3c2e.c.pack.google.com
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 6192979
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Mon, 15 Dec 2014 09:02:47 GMT
Alternate-Protocol: 80:quic,p=0.002
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 26426728-32619706/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
.......8..^<{2w.L.W.3...C.{....mG......S.7.y..B'tG)..z......r.(`:a...{...:N.6...#7n.....~b .b.M.R..9p...t...!8.!t.0..o*...^.a)..h..~..w..1..e.....~....o.......3UO..M..k...F.$.,{......aa4.c...;M..7....) @......3b...N\..%.$.....Qd... ..<-."o...._...!...]..`.YS'V..X&ya.@K2...e....F.0..]Mu.}..............E9....r"x..gH..6...>..17[.W.*...C$(qMF..2.(y.Jv......(.z..w.n......[b..._.z....(b..o...,.L..zH...=#...P.E...u3.}..^...../.lM...v.|xm`.\..Q.u.7..`..z.....G.m...U.J..|.Y ....<...,....y.-.P3...F..'..V...n........sS....._. .......T{g........|I........n.5@.B.W..3.d.c._.U..N8v|.r..~.....[.~...m....rr..e.....L...:/X.[.r.:.l.=."T...J.~Wt;.6.)V..=zc......... ......i...7FF...(v.....5E$.;^.3.zL. ....].lM^..$fd.. w'|..?|..&.M.../?.?s...Q.....D.....t......*9v.B....f.hWC,|k.nC......X.!$\L.....>Y..~V..g......8RtOn.m.....7....r.....S.4.(*.q}..#.014Y.......ci..#.C6.t...........1v.u....s.,......w..\.eM..nI..|..,Q.`.>L..$.#...y.....n8.AmX..../...p.....6.......P.0...S.wz.s.S.m*.L..........F|.E...&....qq..Y~J....%....u7.........8. g"..O...m....V.j.x.\.`g..7.....wl!.U^..".`......b....J>...#....2pdl.!.L#...$)....U.X..9...*.K..j[P./5`..(..N..s...t.L..&,..j.....S..l..JI..?.3....cYiD..Jz..hx.8>.U;.....,..a.XTEz9.......h..Ijz.%..^{.>C....@....(..;4].L.........W.........V......]c.>Pp..._~.....M*..*...~......d....!.<O:<=...].uR....j...#...uh/..Zg...@......7z.\.....V......o$~)g.'.,lVa0F?....T.h..o........B..?U;j..N...C..mY . z...,.F`...~7.I.5...N4}...x.i.4...`Z..q..6..UKDv..6..a._...D.....l..D..JZ...[.....I.o
<<< skipped >>>
GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1418887884&ip=37.57.16.189&ipbits=0&mm=28&ms=nvh&mt=1418873206&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=4F0C06D0B9EE486BB492B31BDE2E8534B2687092.68CFA14FCDE608F9F518BCACEFD6ED283A4F5B0E&key=cms1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=32619707-38943041
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r4---sn-ugpva5o-3c2e.c.pack.google.com
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 6323335
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Mon, 15 Dec 2014 09:02:47 GMT
Alternate-Protocol: 80:quic,p=0.002
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 32619707-38943041/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
...._.....%T>2..m.z.......*..tq..............\e....^....^..o..v..qcW......@..6}...U.#.....-\...R5{.4.a..].?1&.u..5.t..5}..],...V.Ud..=%a....4......V.c.>.H@.n.h.,.22..|..".>.8x....Y...S2."... N..f.......k...7...]...".Pg..[..GhF...D..).?z....A.....Y.......F.."<f...xR"..Jf. ...ixDl#.a.-...t!.O0.3..xU.Xh...>..x1.../..v}...[|N.....1_ra...q.W..B. .....q5$"...5.:)jL.....G(..R.-...387t2 .(..,......Z....=.lm..S..lJ.-.N~.bj....ah2....5.wF..1..W...H.................=. .M...N4.".q../..=i.<.K......8....n.................~.'...$#.2...M...g..u0..Q....q|..:_o.....'......C.>...,....*.y.Z..a.d....#B..........'....hG.l.O....Zt=....)j..>B...*.V..s........?...8..(....;4....m....-..v...9.Q3iC.-h......~...............4v...m?....|..~%.{.w.Q. ..1.l..A......E ..=....z..P{...`T[a..2.....4.3x..O>.>'=. .?....k.Q...5..K.....o.........zs...K...q^.....\&hR.n\..-.."..0....&...W/..'.{..GQ.lH...x..F.....|.K...V......7BOT.....5~.L!7.s.U..GS.P............I...l.3.Y.._.^O...5....w..=...9...2..i..^.. .>.. 2 .y.....4..........B;h..sy.....D...?.Z|...)*...Aqb6.e...J....L........m...[.'>...9..T..Gtf..8.}P.......U...d.....`..e.t..}N&V...o.<}.d.}....K....\..f.......1......W.....}G.Q=G."~). _.....].....}.....~d..".3*..F`.Jyl.n7k.P"o.E..w....t...5.;...O...Y._VS80.....e.....P.M..4kxY..>.E.E.q..a*.za..;^.:^..b..n~...................d5.=...bM.....o3v*.U...l......j...Pk......S......[......0.....i.....si...X..`...E.!.....OF..!....?6.{c........f.I...6..Z~......g.R.8B..cz0..^....$p!.."...~9../...\....HF...>.c.......P.*8i
<<< skipped >>>
GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1418887884&ip=37.57.16.189&ipbits=0&mm=28&ms=nvh&mt=1418873206&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=4F0C06D0B9EE486BB492B31BDE2E8534B2687092.68CFA14FCDE608F9F518BCACEFD6ED283A4F5B0E&key=cms1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=38943042-40747599
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r4---sn-ugpva5o-3c2e.c.pack.google.com
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 1804558
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Mon, 15 Dec 2014 09:02:47 GMT
Alternate-Protocol: 80:quic,p=0.002
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 38943042-40747599/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
W.Q.*...Wf.... )..{.'VE.....@ .~Z.....UV.............).P...*1@QV.......:.....*..~9..../#.=....5.%.....@......c......I.Z=".C..G..Z.....`.^.N..m.Kk..E 3...).O.bW..`8..n.........\.;.1.xp.r...m...Zn.....c..JM.k%4....-C5~`...........|.1......]F.&...?Zf..Z.Ye\.....z...W.).xz....Bl...\..._z..!...bc.....XR.K.(....2}.e.!...%d.X..-.]...G...D.=.&........I..0.........~...;.*1..m..8...v._J,>'.J.r..F}..8T...'.{;.Q.-...7r.............8......bP[.......Q.Z..qt..nJ...:r*.D...g..,..(,...$...........R}........@. $].rlr.%.....5. ..X.....bS.$..i .l...I...;.0.j.X...E....B...k......A4..9..:..Me.g...{.. x.U...... ..[.......b.......L.B....-.$...V.RU.b..w@q9.."^..Y.!.v.......EY.<.p`.....l.3............))af".n.9,V.'.YoE.V..........JE..=p..W..[.L....c.~y..&2 .{{.k..".......K.l4...Kci.d....qQ..O..,"..zUX....e..`....&..~...M.1@...P..<Wj7.nmT"G.B'..y'.L.Wt...U.._B.K...._..-~......O..AF>A..,...>.:.....v.v_8....U........[..n?w.D7u.....^h......J.M I.Z..S.H......5"..^...G......0...=.....r...".;.K.".....$......g.;.eF1........".. ..6... ..mh0n..O.&s.f.m.j.U5..h..G...5Sl..A.b...&......m....Li...ga.y.....*..'L.!?'..t...f.....ZE.i..>8L,.X.{......_.....r..)v.UH-.m(Z.m...e.?....*.....t.}.....~.......R......TX.|.)...?.y\9..\.......\/l....H..i.w...T.25.2.d_.N5.lx0........)W........1w.....-.4........kB.'...y...@.LQ..R..TtR8..m..~.!ER.....I.....<Z..8J. ......c.@$y.......j.........Ra..C...3..*..w.^.Q../...u>.2.;..s.....M!...V..-...Z.O.)....4R%nE@....}...|.I.~!..|.K. k3.#..a...n>.r)H.....5..N!....c".....d..p.!.....K..i_Z......._.)E.
<<< skipped >>>
GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?9f58ed40c6a18306 HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 03 Jul 2014 23:34:12 GMT
If-None-Match: "0b2464b1797cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com
HTTP/1.1 304 Not Modified
Content-Type: application/octet-stream
Last-Modified: Thu, 03 Jul 2014 23:34:12 GMT
ETag: "0b2464b1797cf1:0"
Cache-Control: max-age=86400
Date: Thu, 18 Dec 2014 03:26:57 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/octet-stream..Last-Modified: Thu, 03 Jul 2014 23:34:12 GMT..ETag: "0b2464b1797cf1:0"..Cache-Control: max-age=86400..Date: Thu, 18 Dec 2014 03:26:57 GMT..Connection: keep-alive..
GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1
Cache-Control: max-age = 812
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 23 Oct 2014 05:05:32 GMT
If-None-Match: "a2f3ff97eeecf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 304 Not Modified
Content-Type: application/pkix-crl
Last-Modified: Thu, 23 Oct 2014 05:05:32 GMT
ETag: "a2f3ff97eeecf1:0"
Cache-Control: max-age=900
Date: Thu, 18 Dec 2014 03:27:43 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/pkix-crl..Last-Modified: Thu, 23 Oct 2014 05:05:32 GMT..ETag: "a2f3ff97eeecf1:0"..Cache-Control: max-age=900..Date: Thu, 18 Dec 2014 03:27:43 GMT..Connection: keep-alive......
GET /pki/crl/products/WinPCA.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Mon, 06 Oct 2014 05:06:02 GMT
If-None-Match: "3e1c83923e1cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 304 Not Modified
Content-Type: application/pkix-crl
Last-Modified: Mon, 06 Oct 2014 05:06:02 GMT
ETag: "3e1c83923e1cf1:0"
Cache-Control: max-age=900
Date: Thu, 18 Dec 2014 03:27:48 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/pkix-crl..Last-Modified: Mon, 06 Oct 2014 05:06:02 GMT..ETag: "3e1c83923e1cf1:0"..Cache-Control: max-age=900..Date: Thu, 18 Dec 2014 03:27:48 GMT..Connection: keep-alive......
GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 04 Oct 2014 05:06:12 GMT
If-None-Match: "58cddbea90dfcf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 304 Not Modified
Content-Type: application/pkix-crl
Last-Modified: Sat, 04 Oct 2014 05:06:12 GMT
ETag: "58cddbea90dfcf1:0"
Cache-Control: max-age=900
Date: Thu, 18 Dec 2014 03:27:54 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/pkix-crl..Last-Modified: Sat, 04 Oct 2014 05:06:12 GMT..ETag: "58cddbea90dfcf1:0"..Cache-Control: max-age=900..Date: Thu, 18 Dec 2014 03:27:54 GMT..Connection: keep-alive..
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir/SSy4IxLVGLp6chnfNtyA8CEA+oSQYV1wCgviF2/cXsbb0= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=515677
Content-Type: application/ocsp-response
Date: Thu, 18 Dec 2014 03:27:02 GMT
Etag: "5492346f-1d7"
Expires: Wed, 24 Dec 2014 15:27:02 GMT
Last-Modified: Thu, 18 Dec 2014 01:57:03 GMT
Server: ECS (ams/49D5)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0......E.......1-Q...!..m....20141217200000Z0s0q0I0... ............@..D3=?..Mn8...Q..E.......1-Q...!..m......I......!v...m.....20141217200000Z....20141224200000Z0...*.H................ka....d.j$f.U..$j..G\....9..gU..i..._....0.x*..j6...\..cMAu.8.hq..C.......L....M....".5.v...EkF[.4......k....q1`E.."...D.......!..>....j...`.....5tH.h......[.........5...O.z......D......|.j./...........o......A...I=.8eFf.....A.M.Q...Y.....V.........3Y.OHTTP/1.1 200 OK..Accept-Ranges: bytes..Cache-Control: max-age=515677..Content-Type: application/ocsp-response..Date: Thu, 18 Dec 2014 03:27:02 GMT..Etag: "5492346f-1d7"..Expires: Wed, 24 Dec 2014 15:27:02 GMT..Last-Modified: Thu, 18 Dec 2014 01:57:03 GMT..Server: ECS (ams/49D5)..X-Cache: HIT..Content-Length: 471..0..........0..... .....0......0...0......E.......1-Q...!..m....20141217200000Z0s0q0I0... ............@..D3=?..Mn8...Q..E.......1-Q...!..m......I......!v...m.....20141217200000Z....20141224200000Z0...*.H................ka....d.j$f.U..$j..G\....9..gU..i..._....0.x*..j6...\..cMAu.8.hq..C.......L....M....".5.v...EkF[.4......k....q1`E.."...D.......!..>....j...`.....5tH.h......[.........5...O.z......D......|.j./...........o......A...I=.8eFf.....A.M.Q...Y.....V.........3Y.O....
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSYagvY3tfizDNoybzVSPFZmSEm0wQUe2jOKarAF75JeuHlP9an90WPNTICEAvVsLNPkJUQ8VRDHj9KlzQ= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=516056
Content-Type: application/ocsp-response
Date: Thu, 18 Dec 2014 03:27:07 GMT
Etag: "549230bf-1d7"
Expires: Wed, 24 Dec 2014 15:27:07 GMT
Last-Modified: Thu, 18 Dec 2014 01:41:19 GMT
Server: ECS (ams/4996)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0......{h.)....Iz..?...E.52..20141218012600Z0s0q0I0... .........j......3h...H.Y.!&...{h.)....Iz..?...E.52......O....TC.?J.4....20141218012600Z....20141225014100Z0...*.H.............@!RJ..@.g......=...e...gz5.O].$.. .. .....n!.'.]>..w.m3.w......06.D!-..x....E4...W5.... .W.yoo....8.>....d..{L...........WL..D.ur*..e......D..I...E$.tF...rq..~....]P.....co...J.../......#...mz.1.XI.,.M.....o.S..w,^.....<...4RX....O../.).Q.zA{....!.#......lHTTP/1.1 200 OK..Accept-Ranges: bytes..Cache-Control: max-age=516056..Content-Type: application/ocsp-response..Date: Thu, 18 Dec 2014 03:27:07 GMT..Etag: "549230bf-1d7"..Expires: Wed, 24 Dec 2014 15:27:07 GMT..Last-Modified: Thu, 18 Dec 2014 01:41:19 GMT..Server: ECS (ams/4996)..X-Cache: HIT..Content-Length: 471..0..........0..... .....0......0...0......{h.)....Iz..?...E.52..20141218012600Z0s0q0I0... .........j......3h...H.Y.!&...{h.)....Iz..?...E.52......O....TC.?J.4....20141218012600Z....20141225014100Z0...*.H.............@!RJ..@.g......=...e...gz5.O].$.. .. .....n!.'.]>..w.m3.w......06.D!-..x....E4...W5.... .W.yoo....8.>....d..{L...........WL..D.ur*..e......D..I...E$.tF...rq..~....]P.....co...J.../......#...mz.1.XI.,.M.....o.S..w,^.....<...4RX....O../.).Q.zA{....!.#......l..
<<< skipped >>>
GET /ThawtePremiumServerCA.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.thawte.com
HTTP/1.1 200 OK
Server: Apache
ETag: "824cd0491950c511e344c8ad273b3cb8:1418851241"
Last-Modified: Wed, 17 Dec 2014 21:20:41 GMT
Date: Thu, 18 Dec 2014 03:32:40 GMT
Content-Length: 13012
Connection: keep-alive
Content-Type: application/pkix-crl
0.2.0.290...*.H........0..1.0...U....ZA1.0...U....Western Cape1.0...U....Cape Town1.0...U....Thawte Consulting cc1(0&..U....Certification Services Division1!0...U....Thawte Premium Server CA1(0&..*.H........premium-server@thawte.com..141217210054Z..141227210054Z0.170!....f....p..........100129104213Z0!...X..W.*.R.....2e..130906065816Z0!....l.C`..L.%|\.T...130819183955Z0!....T..W...p.[..%...100322161038Z0!....hx.....k...7....130919164724Z0!....$#.R|..$.....j..130926101045Z0!...!P..6{.lS.@...5..130927150657Z0!...Da\v..........%..130920062728Z0!...>.e..-...s[.2I...140418142220Z0!....dU...(...=...*..140801114607Z0!........d.{#E..9`...130926061856Z0!....6..q.'tT..1.Q...130926062249Z0!...g.._6.w.i..@H....130919205618Z0!.....cXzF..(O0.|.N..131002103626Z0!............>..i....130528164218Z0!..........#.P.......130716072254Z0!.....W........JH....130924125316Z0!.....%.......R......100801221434Z0!.....M..HK.....x....130926060355Z0!....k."..z......64..130919082450Z0!...N..D...0....`H2..130829152308Z0!......Q..m...A..j...100226190909Z0!.....-...k......h...130930085951Z0!...... ...7. .UA.I..130927152007Z0!.....}.L....\/..$^..100407191443Z0!....1....c...s.>9t..100215170304Z0!...W..._....%..I....130926063253Z0!..._._~gq.I.)q6@g...131025034600Z0!.....=X>...]..h5@...130920130332Z0!.............U.<....100318180248Z0!... .(........n.S...130923202627Z0!.....k(....k4.......130919073042Z0!....rF..O..#^.......100312081338Z0!....\x...DyV........130920004114Z0!.....:...B..=]Hsx_..130920011556Z0!....uJdm..'...\G....13052305
<<< skipped >>>
GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Thu, 13 Nov 2014 06:02:42 GMT
Accept-Ranges: bytes
ETag: "88cab6f7ffcf1:0"
Server: Microsoft-IIS/8.0
VTag: 438246244800000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 554
Cache-Control: max-age=900
Date: Thu, 18 Dec 2014 03:32:26 GMT
Connection: keep-alive
0..&0......0...*.H........0y1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1#0!..U....Microsoft Code Signing PCA..141112173206Z..150211055206Z.a0_0...U.#..0..........X..7.3...L...0... .....7.........0...U......W0... .....7......150210174206Z0...*.H................].`...D..9.>LO.ey...Qx%.^.P.& ...D.......b}.K..[.....5.m....).....H..6R....G/ju.........:..A.#.9!......D5...|".w.x..=.u..X6.7{..).XN....g......B.8.!&...........<7fS$..........t<X)%.b(0.L@..i..Kn.......fX... ,...K\....U1cp).........y.T..?rm.t..Y.}.E..-@...
HEAD /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: cache.pack.google.com
HTTP/1.1 302 Found
Date: Thu, 18 Dec 2014 03:31:24 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: hXXp://r4---sn-ugpva5o-3c2e.c.pack.google.com/edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1418887884&ip=37.57.16.189&ipbits=0&mm=28&ms=nvh&mt=1418873206&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=4F0C06D0B9EE486BB492B31BDE2E8534B2687092.68CFA14FCDE608F9F518BCACEFD6ED283A4F5B0E&key=cms1
Content-Type: text/html; charset=UTF-8
Server: ClientMapServer
Content-Length: 610
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 80:quic,p=0.02
HTTP/1.1 302 Found..Date: Thu, 18 Dec 2014 03:31:24 GMT..Pragma: no-cache..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, must-revalidate..Location: hXXp://r4---sn-ugpva5o-3c2e.c.pack.google.com/edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1418887884&ip=37.57.16.189&ipbits=0&mm=28&ms=nvh&mt=1418873206&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=4F0C06D0B9EE486BB492B31BDE2E8534B2687092.68CFA14FCDE608F9F518BCACEFD6ED283A4F5B0E&key=cms1..Content-Type: text/html; charset=UTF-8..Server: ClientMapServer..Content-Length: 610..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Alternate-Protocol: 80:quic,p=0.02..
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1697
content-transfer-encoding: binary
Cache-Control: max-age=350738, public, no-transform, must-revalidate
Last-Modified: Mon, 15 Dec 2014 04:54:07 GMT
Expires: Mon, 22 Dec 2014 04:54:07 GMT
Date: Thu, 18 Dec 2014 03:32:10 GMT
Connection: keep-alive
0..........0..... .....0......0...0...A0?1=0;..U...4VeriSign Class 3 Code Signing 2004 CA OCSP Responder..20141215045407Z0s0q0I0... ........?.@..w.........Y.!......Q...==d6|h.[x....7..`..........cV.!.....20141215045407Z....20141222045407Z0...*.H.............O.1.P*........i..]w.. ..P.Z.....4....t#..LzE8>.4".....:..t9..eUg.U....1..J\=.'...I....?,.mr. |4<I..!..........Vd...m. ......H[x.1H./........f).........}....W8..bv?.CHZ2.hK..wx..ia....z@.f-o8.l....)>..Z..`$.p9.E..p...y..;4.n^.o.........Q....p..3.,..Lz>...3.....0...0...0..{.........[..I|.....Zm..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)041.0,..U...%VeriSign Class 3 Code Signing 2004 CA0...140428000000Z..150729235959Z0?1=0;..U...4VeriSign Class 3 Code Signing 2004 CA OCSP Responder0.."0...*.H.............0.........Y....h..@..>.....%.-.....O...' y.........x..Gw.xF.....?..Z..u,.X.&..........3C..H.l.....f..;]s!.\"v...|....].@.....K7m2...N......-S.I......5n...G7. ..W....n..*..-f?EY.......UN...r...........-_.%..,P;b.....)(.P.4...,.%....<..6.....[r^X.EV..S...5#'Y.. .TD...........0...0...U.......0.0...U.%..0... .......0...U...........0... .....0......0f..U. ._0]0[..`.H...E....0L0#.. .........hXXps://d.symcb.com/cps0%.. .......0...hXXps://d.symcb.com/rpa0!..U....0...0.1.0...U....TGV-B-1080...U......"...?....`>q..i1o...0...U.#..0.....Q...==d6|h.[x....70...*.H.............B8@.$..wo......E.....P52"b*@'C\.y.(...n....h.f..7f.....v...pb<...]..|..
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=369990, public, no-transform, must-revalidate
Last-Modified: Mon, 15 Dec 2014 10:19:02 GMT
Expires: Mon, 22 Dec 2014 10:19:02 GMT
Date: Thu, 18 Dec 2014 03:32:32 GMT
Connection: keep-alive
0..........0..... .....0......0...0........6?s....V....OlL".O..20141215101902Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5.......A..2.....:...:......20141215101902Z....20141222101902Z0...*.H.............A.?v....x...R..IV..........9.%...OQ.&lm..L81!.l4......v,.....:e.......m.2\$K.I.GS..E95.J.G;...T...lj.....f.=.5!$..cM..0'....F.k.n.$.6s...V.<.xbrT....).nC...`Q.m18d.....V...?9O..X.$...bZ...[.....%z^.....'...l..e....b.(q..CH. .........T.M.d.:...@4.Sk.d!..-,....#0...0...0..........<o&S.-S..}...e.30...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA0...141205000000Z..150305235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.........{(..t....2.Vf.....&;6).i*FK....W@....F....jnb.w._p.E.6.|.mk....(..........p...........X.DF....^0N....b9.:..J. ZK.".^..\..p.'.$..JA..~QG.d.}...r...gv... f...z.#..}..J...r9h.........LI-..^.......PUD.h<.l....(n..i.....E.....2....^./Y......Y.m...'...hz..y..E..........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-24710...*.H...
<<< skipped >>>
GET /pca3.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.verisign.com
HTTP/1.1 200 OK
Server: Apache
ETag: "8f6b3bcd9bb64555001fba64f5b01b92:1411517716"
Last-Modified: Wed, 24 Sep 2014 00:15:16 GMT
Date: Thu, 18 Dec 2014 03:32:05 GMT
Content-Length: 933
Connection: keep-alive
Content-Type: application/pkix-crl
0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority..140922000000Z..141231235959Z0..x0!...v....a_>..2......020924164823Z0!.....A.....{2..Y.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y..q.......fh...020923171400Z0!...?A....a.nF`.P....020923171548Z0!............R.e.53..010207212458Z0!..!......Y...ISi....010706171411Z0!..$-..I{r....u<._...080403172226Z0!..&.."?..y..51}..1..010706172118Z0!..4....2....{W......080605175030Z0!..B....c............070411175910Z0!..H.Py...N....* ....010207212031Z0!..N....-.1Gq.@...C..040401175251Z0!..Y......w`G........070411175657Z0!..Z`..H.@B....Z.*q..080403172017Z0!..l....I...Y..] .c..010706171749Z0"......T=deQ...1u.]...010207212247Z0".....p..1..7<.....e..010207211822Z0...*.H............M....s#..Lo...TU...tM.3...'.U......:Z...w.x.=....K.0;...!....D....9...,!....B.t. <..........-.....k.$<i{O.<.E...*.......Ow _..J.HTTP/1.1 200 OK..Server: Apache..ETag: "8f6b3bcd9bb64555001fba64f5b01b92:1411517716"..Last-Modified: Wed, 24 Sep 2014 00:15:16 GMT..Date: Thu, 18 Dec 2014 03:32:05 GMT..Content-Length: 933..Connection: keep-alive..Content-Type: application/pkix-crl..0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority..140922000000Z..141231235959Z0..x0!...v....a_>..2......020924164823Z0!.....A.....{2..Y.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y..q.......fh...020923171400Z0!...?A....a.nF`.P....0209231715
<<< skipped >>>
Map
The Trojan-Dropper connects to the servers at the folowing location(s):
Strings from Dumps
%original file name%.exe_3276:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
u}SSh
u}SSh
PSShG
PSShG
8%uPP3
8%uPP3
u!SSh
u!SSh
t.Qhp
t.Qhp
L$4QSSh
L$4QSSh
SSh
SSh
t.It!
t.It!
RSShh/
RSShh/
vSSSh
vSSSh
FTPjK
FTPjK
FtPj;
FtPj;
C.PjRV
C.PjRV
tGHt.Ht&
tGHt.Ht&
msi.dll
msi.dll
gdiplus.dll
gdiplus.dll
kernel32.dll
kernel32.dll
UxTheme.dll
UxTheme.dll
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
portuguese-brazilian
portuguese-brazilian
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
operator
operator
WININET.dll
WININET.dll
dwmapi.dll
dwmapi.dll
()$^.* ?[]|\-{},:=!
()$^.* ?[]|\-{},:=!
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
F%D,3
F%D,3
ATTRIB -r "%s"
ATTRIB -r "%s"
rd "%s"
rd "%s"
if exist "%s" goto try
if exist "%s" goto try
del "%s" | cls
del "%s" | cls
del "%s"
del "%s"
FLT_DENORMAL_OPERAND
FLT_DENORMAL_OPERAND
FLT_INVALID_OPERATION
FLT_INVALID_OPERATION
Dbghelp.dll
Dbghelp.dll
[SystemFolder]msi.dll
[SystemFolder]msi.dll
FtpCommandW
FtpCommandW
FtpGetFileSize
FtpGetFileSize
URL=%s
URL=%s
invalid _N_type: %d
invalid _N_type: %d
D:\BranchAI\win\Release\stubs\x86\ExternalUi.pdb
D:\BranchAI\win\Release\stubs\x86\ExternalUi.pdb
GdiplusShutdown
GdiplusShutdown
GdipSetImageAttributesColorKeys
GdipSetImageAttributesColorKeys
HttpQueryInfoW
HttpQueryInfoW
HttpOpenRequestW
HttpOpenRequestW
HttpSendRequestW
HttpSendRequestW
FtpOpenFileW
FtpOpenFileW
FtpFindFirstFileW
FtpFindFirstFileW
InternetCrackUrlW
InternetCrackUrlW
KERNEL32.dll
KERNEL32.dll
GetAsyncKeyState
GetAsyncKeyState
GetKeyState
GetKeyState
USER32.dll
USER32.dll
SetViewportOrgEx
SetViewportOrgEx
GDI32.dll
GDI32.dll
RegCloseKey
RegCloseKey
RegOpenKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumKeyExW
RegCreateKeyExW
RegCreateKeyExW
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteW
ShellExecuteW
ShellExecuteExW
ShellExecuteExW
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
dbghelp.dll
dbghelp.dll
SHLWAPI.dll
SHLWAPI.dll
COMCTL32.dll
COMCTL32.dll
MSIMG32.dll
MSIMG32.dll
VERSION.dll
VERSION.dll
NETAPI32.dll
NETAPI32.dll
Secur32.dll
Secur32.dll
GetConsoleOutputCP
GetConsoleOutputCP
GetWindowsDirectoryW
GetWindowsDirectoryW
CreateNamedPipeW
CreateNamedPipeW
ConnectNamedPipe
ConnectNamedPipe
PeekNamedPipe
PeekNamedPipe
GetProcessHeap
GetProcessHeap
GetCPInfo
GetCPInfo
EnumWindows
EnumWindows
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
ExitWindowsEx
ExitWindowsEx
COMDLG32.dll
COMDLG32.dll
RegOpenKeyExA
RegOpenKeyExA
RegOpenKeyW
RegOpenKeyW
RegCreateKeyW
RegCreateKeyW
RegDeleteKeyA
RegDeleteKeyA
RegCreateKeyA
RegCreateKeyA
RegOpenKeyA
RegOpenKeyA
zcÃ
zcÃ
.?AVWindowsException@@
.?AVWindowsException@@
{\*\generator Msftedit 5.41.15.1507;}\viewkind4\uc1\pard\lang1033\f0\fs20\par
{\*\generator Msftedit 5.41.15.1507;}\viewkind4\uc1\pard\lang1033\f0\fs20\par
{\*\generator Msftedit 5.41.15.1507;}\viewkind4\uc1\pard\f0\fs20 EULA\par
{\*\generator Msftedit 5.41.15.1507;}\viewkind4\uc1\pard\f0\fs20 EULA\par
43333333333333333
43333333333333333
"999500>
"999500>
"999550-]
"999550-]
3(343
3(343
2%3s3
2%3s3
2'2F2\2
2'2F2\2
;$; ;5;?;
;$; ;5;?;
='=3=@=[=
='=3=@=[=
6&787#828
6&787#828
7#828#909
7#828#909
5"5/565;5
5"5/565;5
4F4S4]4z4
4F4S4]4z4
33383{5
33383{5
3$3(3,303
3$3(3,303
8$8*80868
8$8*80868
%0X0|0
%0X0|0
: :$:,:0:
: :$:,:0:
? ?$?(?,?0?4?
? ?$?(?,?0?4?
3 3$3(3,3034383
3 3$3(3,3034383
KERNEL32.DLL
KERNEL32.DLL
mscoree.dll
mscoree.dll
user32.dll
user32.dll
controls\QuickSelectionListControl.cpp
controls\QuickSelectionListControl.cpp
d:\branchai\externalui\controls\generic\VisualStyleBorder.h
d:\branchai\externalui\controls\generic\VisualStyleBorder.h
controls\TabControl.cpp
controls\TabControl.cpp
nativeui\NativeDialog.cpp
nativeui\NativeDialog.cpp
d:\branchai\externalui\nativeui\NativeAccelerator.h
d:\branchai\externalui\nativeui\NativeAccelerator.h
nativeui\NativeUiBridge.cpp
nativeui\NativeUiBridge.cpp
controls\CheckBoxControl.cpp
controls\CheckBoxControl.cpp
controls\CheckListControl.cpp
controls\CheckListControl.cpp
WindowsBuild
WindowsBuild
controls\ColumnsTreeControl.cpp
controls\ColumnsTreeControl.cpp
d:\branchai\externalui\controls\generic/VisualStyleBorder.h
d:\branchai\externalui\controls\generic/VisualStyleBorder.h
comctl32.dll
comctl32.dll
controls\ComboBoxControl.cpp
controls\ComboBoxControl.cpp
cmdlinkarrow
cmdlinkarrow
controls\CommandLinkButtonControl.cpp
controls\CommandLinkButtonControl.cpp
controls\HyperLinkControl.cpp
controls\HyperLinkControl.cpp
controls\ListBoxControl.cpp
controls\ListBoxControl.cpp
controls\ListViewControl.cpp
controls\ListViewControl.cpp
controls\PushButtonControl.cpp
controls\PushButtonControl.cpp
controls\QuickSelectionTreeControl.cpp
controls\QuickSelectionTreeControl.cpp
controls\RadioButtonControl.cpp
controls\RadioButtonControl.cpp
controls\ScrollableTextControl.cpp
controls\ScrollableTextControl.cpp
uxtheme.dll
uxtheme.dll
controls\SelectionTreeControl.cpp
controls\SelectionTreeControl.cpp
0123456789
0123456789
controls\VolumeCostListControl.cpp
controls\VolumeCostListControl.cpp
controls\VolumeSelectComboControl.cpp
controls\VolumeSelectComboControl.cpp
controls\generic\GenericEditControl.cpp
controls\generic\GenericEditControl.cpp
NumberValidationTipMsg
NumberValidationTipMsg
controls\generic\GenericRichEditControl.cpp
controls\generic\GenericRichEditControl.cpp
hXXp://
hXXp://
controls\mshtml\GenericAxControl.cpp
controls\mshtml\GenericAxControl.cpp
AppEvents\Schemes\Apps\Explorer\Navigating\.Current
AppEvents\Schemes\Apps\Explorer\Navigating\.Current
Caphyon.AI.ExtUI.IEClickSoundRemover
Caphyon.AI.ExtUI.IEClickSoundRemover
{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}
{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}
Windows
Windows
FOLDERID_Windows
FOLDERID_Windows
{F38BF404-1D43-42F2-9305-67DE0B28FC23}
{F38BF404-1D43-42F2-9305-67DE0B28FC23}
{18989B1D-99B5-455B-841C-AB7C74E4DDFC}
{18989B1D-99B5-455B-841C-AB7C74E4DDFC}
{A63293E8-664E-48DB-A079-DF759E0509F7}
{A63293E8-664E-48DB-A079-DF759E0509F7}
{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}
{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}
{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}
{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}
{B97D20BB-F46A-4C97-BA10-5E3608430854}
{B97D20BB-F46A-4C97-BA10-5E3608430854}
{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}
{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}
{8983036C-27C0-404B-8F08-102D10DCFD74}
{8983036C-27C0-404B-8F08-102D10DCFD74}
{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}
{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}
{8AD10C31-2ADB-4296-A8F7-E4701232C972}
{8AD10C31-2ADB-4296-A8F7-E4701232C972}
{AE50C081-EBD2-438A-8655-8A092E34987A}
{AE50C081-EBD2-438A-8655-8A092E34987A}
{2400183A-6185-49FB-A2D8-4A392A602BA3}
{2400183A-6185-49FB-A2D8-4A392A602BA3}
{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}
{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}
{3214FAB5-9757-4298-BB61-92A9DEAA44FF}
{3214FAB5-9757-4298-BB61-92A9DEAA44FF}
{ED4824AF-DCE4-45A8-81E2-FC7965083634}
{ED4824AF-DCE4-45A8-81E2-FC7965083634}
{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}
{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}
{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}
{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}
{DE974D24-D9C6-4D3E-BF91-F4455120B917}
{DE974D24-D9C6-4D3E-BF91-F4455120B917}
{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}
{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}
{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}
{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}
{905e63b6-c1bf-494e-b29c-65b732d3d21a}
{905e63b6-c1bf-494e-b29c-65b732d3d21a}
{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}
{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}
{5E6C858F-0E22-4760-9AFE-EA3317B67173}
{5E6C858F-0E22-4760-9AFE-EA3317B67173}
{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}
{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}
{33E28130-4E1E-4676-835A-98395C3BC3BB}
{33E28130-4E1E-4676-835A-98395C3BC3BB}
{C5ABBF53-E17F-4121-8900-86626FC2C973}
{C5ABBF53-E17F-4121-8900-86626FC2C973}
{4BD8D571-6D19-48D3-BE97-422220080E43}
{4BD8D571-6D19-48D3-BE97-422220080E43}
{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}
{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}
{352481E8-33BE-4251-BA85-6007CAEDCF9D}
{352481E8-33BE-4251-BA85-6007CAEDCF9D}
{D9DC8A3B-B784-432E-A781-5A1130A75963}
{D9DC8A3B-B784-432E-A781-5A1130A75963}
{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}
{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}
{1777F761-68AD-4D8A-87BD-30B759FA33DD}
{1777F761-68AD-4D8A-87BD-30B759FA33DD}
{FDD39AD0-238F-46AF-ADB4-6C85480369C7}
{FDD39AD0-238F-46AF-ADB4-6C85480369C7}
{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
{2B0F765D-C0E9-4171-908E-08A611B84FF6}
{2B0F765D-C0E9-4171-908E-08A611B84FF6}
{B94237E7-57AC-4347-9151-B08C6C32D1F7}
{B94237E7-57AC-4347-9151-B08C6C32D1F7}
{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}
{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}
{A4115719-D62E-491D-AA7C-E74B8BE3B067}
{A4115719-D62E-491D-AA7C-E74B8BE3B067}
{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}
{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}
{D0384E7D-BAC3-4797-8F14-CBA229B392B5}
{D0384E7D-BAC3-4797-8F14-CBA229B392B5}
{9E52AB10-F80D-49DF-ACB8-4330F5687855}
{9E52AB10-F80D-49DF-ACB8-4330F5687855}
{724EF170-A42D-4FEF-9F26-B60E846FBA4F}
{724EF170-A42D-4FEF-9F26-B60E846FBA4F}
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
HKEY_DYN_DATA
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
ExternalUi.cpp
ExternalUi.cpp
RICHED20.DLL
RICHED20.DLL
/passive
/passive
Unable to start installation error code: %u
Unable to start installation error code: %u
oAI_MORE_CMD_LINE
oAI_MORE_CMD_LINE
ExternalUiManager.cpp
ExternalUiManager.cpp
..\core\ExceptionPresenter.cpp
..\core\ExceptionPresenter.cpp
EXCEPTION_CMD
EXCEPTION_CMD
..\core\ExceptionHandling.cpp
..\core\ExceptionHandling.cpp
C:\FAKE_DIR\
C:\FAKE_DIR\
Advapi32.dll
Advapi32.dll
\/:*?"|
\/:*?"|
Failed to get Windows error message [win32 error 0x
Failed to get Windows error message [win32 error 0x
Send Error Report
Send Error Report
/cmdloc
/cmdloc
Return code of msiexec.exe:
Return code of msiexec.exe:
Launching msiexec.exe with command line:
Launching msiexec.exe with command line:
Detected Windows Installer version:
Detected Windows Installer version:
Code returned to Windows by setup:
Code returned to Windows by setup:
User name and password for proxy server were received from command line and used.
User name and password for proxy server were received from command line and used.
Command line to pass to MSI:
Command line to pass to MSI:
"%s" %s
"%s" %s
TRANSFORMS=":%d"
TRANSFORMS=":%d"
TRANSFORMS="%s;%s\%d"
TRANSFORMS="%s;%s\%d"
TRANSFORMS="%s\%d"
TRANSFORMS="%s\%d"
TRANSFORMS="%s"
TRANSFORMS="%s"
%s AI_SETUPEXEPATH="%s" SETUPEXEDIR="%s"
%s AI_SETUPEXEPATH="%s" SETUPEXEDIR="%s"
EXE_CMD_LINE="%s "
EXE_CMD_LINE="%s "
[SystemFolder]msiexec.exe
[SystemFolder]msiexec.exe
%s=%i
%s=%i
Windows installer is inluded in package.
Windows installer is inluded in package.
[WindowsVolume]
[WindowsVolume]
%d.dll
%d.dll
%sholder%d.aiph
%sholder%d.aiph
%d-%s
%d-%s
Windows 2000
Windows 2000
Shlwapi.dll
Shlwapi.dll
Shell32.dll
Shell32.dll
%d.%d.%d.%d
%d.%d.%d.%d
\StringFileInfo\xx\%s
\StringFileInfo\xx\%s
%d %s
%d %s
%d.0%d %s
%d.0%d %s
%d.%d %s
%d.%d %s
Windows 8.1 x64
Windows 8.1 x64
Windows 8.1 x86
Windows 8.1 x86
Windows Server 2012 R2 x64
Windows Server 2012 R2 x64
Windows 8 x64
Windows 8 x64
Windows 8 x86
Windows 8 x86
Windows Server 2012 x64
Windows Server 2012 x64
Windows 7 x64 Service Pack 1
Windows 7 x64 Service Pack 1
Windows 7 x64
Windows 7 x64
Windows 7 x86 Service Pack 1
Windows 7 x86 Service Pack 1
Windows 7 x86
Windows 7 x86
Windows Server 2008 R2 x64 Service Pack 1
Windows Server 2008 R2 x64 Service Pack 1
Windows Server 2008 R2 x64
Windows Server 2008 R2 x64
Windows Vista x64 Service Pack 2
Windows Vista x64 Service Pack 2
Windows Vista x64 Service Pack 1
Windows Vista x64 Service Pack 1
Windows Vista x64
Windows Vista x64
Windows Vista x86 Service Pack 2
Windows Vista x86 Service Pack 2
Windows Vista x86 Service Pack 1
Windows Vista x86 Service Pack 1
Windows Vista x86
Windows Vista x86
Windows Server 2008 x64
Windows Server 2008 x64
Windows Server 2008 x86
Windows Server 2008 x86
Windows XP x64 Service Pack 2
Windows XP x64 Service Pack 2
Windows XP x64 Service Pack 1
Windows XP x64 Service Pack 1
Windows XP x64
Windows XP x64
Windows Server 2003 x64 Service Pack 2
Windows Server 2003 x64 Service Pack 2
Windows Server 2003 x64 Service Pack 1
Windows Server 2003 x64 Service Pack 1
Windows Server 2003 x64
Windows Server 2003 x64
Windows Server 2003 x86 Service Pack 2
Windows Server 2003 x86 Service Pack 2
Windows Server 2003 x86 Service Pack 1
Windows Server 2003 x86 Service Pack 1
Windows Server 2003 x86
Windows Server 2003 x86
Windows XP x86
Windows XP x86
Windows XP x86 Service Pack 3
Windows XP x86 Service Pack 3
Windows XP x86 Service Pack 2
Windows XP x86 Service Pack 2
Windows XP x86 Service Pack 1
Windows XP x86 Service Pack 1
Windows 2000 Service Pack 4
Windows 2000 Service Pack 4
Windows 2000 Service Pack 3
Windows 2000 Service Pack 3
Windows 2000 Service Pack 2
Windows 2000 Service Pack 2
Windows 2000 Service Pack 1
Windows 2000 Service Pack 1
Windows NT 4.0
Windows NT 4.0
Windows NT 4.0 Service Pack 6
Windows NT 4.0 Service Pack 6
Windows NT 4.0 Service Pack 5
Windows NT 4.0 Service Pack 5
Windows NT 4.0 Service Pack 4
Windows NT 4.0 Service Pack 4
Windows NT 4.0 Service Pack 3
Windows NT 4.0 Service Pack 3
Windows NT 4.0 Service Pack 2
Windows NT 4.0 Service Pack 2
Windows NT 4.0 Service Pack 1
Windows NT 4.0 Service Pack 1
Windows 95 OSR
Windows 95 OSR
Windows 95 OSR2.5
Windows 95 OSR2.5
Windows 95
Windows 95
Windows 98 SE
Windows 98 SE
Windows 98
Windows 98
Windows Millennium
Windows Millennium
{374DE290-123F-4565-9164-39C4925E467B}
{374DE290-123F-4565-9164-39C4925E467B}
Newer version is at a local URL.
Newer version is at a local URL.
/exenoupdates
/exenoupdates
Detected SQL Compact:
Detected SQL Compact:
Detected SQL Express:
Detected SQL Express:
Detected .NET:
Detected .NET:
Windows PowerShell 4.0 (Windows Management Framework Core 4.0)
Windows PowerShell 4.0 (Windows Management Framework Core 4.0)
Windows PowerShell 3.0 (Windows Management Framework Core 3.0)
Windows PowerShell 3.0 (Windows Management Framework Core 3.0)
Windows PowerShell 2.0 (Windows Management Framework Core)
Windows PowerShell 2.0 (Windows Management Framework Core)
Windows PowerShell 1.0
Windows PowerShell 1.0
HKLM\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\15.0\SharePoint
HKLM\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\15.0\SharePoint
HKLM\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\14.0\SharePoint
HKLM\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\14.0\SharePoint
HKLM\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\12.0\SharePoint
HKLM\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\12.0\SharePoint
Windows SharePoint Services 3.0 or Microsoft Office SharePoint Server 2007
Windows SharePoint Services 3.0 or Microsoft Office SharePoint Server 2007
Windows Mobile Device Center 6.1
Windows Mobile Device Center 6.1
Windows Mobile Device Center 6.0
Windows Mobile Device Center 6.0
HKLM\SOFTWARE\Microsoft\Windows CE Services\MinorVersion
HKLM\SOFTWARE\Microsoft\Windows CE Services\MinorVersion
HKLM\SOFTWARE\Microsoft\Windows CE Services\MajorVersion
HKLM\SOFTWARE\Microsoft\Windows CE Services\MajorVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\CEAPPMGR.EXE\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\CEAPPMGR.EXE\
HKLM\Software\Microsoft\VSTO Runtime Setup\v9.0.21022\Install
HKLM\Software\Microsoft\VSTO Runtime Setup\v9.0.21022\Install
HKLM\Software\Microsoft\vsto runtime Setup\v2.0.50727\Install
HKLM\Software\Microsoft\vsto runtime Setup\v2.0.50727\Install
{64E2917E-AA13-4CA4-BFFE-EA6EDA3AFCB4}
{64E2917E-AA13-4CA4-BFFE-EA6EDA3AFCB4}
{FAB10E66-B22C-4274-8647-7CA1BA5EF30F}
{FAB10E66-B22C-4274-8647-7CA1BA5EF30F}
{7102C98C-EF47-4F04-A227-FE33650BF954}
{7102C98C-EF47-4F04-A227-FE33650BF954}
{011B9112-EBB1-4A6C-86CB-C2FDC9EA7B0E}
{011B9112-EBB1-4A6C-86CB-C2FDC9EA7B0E}
{B2279272-3FD2-434D-B94E-E4E0F8561AC4}
{B2279272-3FD2-434D-B94E-E4E0F8561AC4}
{8B74A499-37F8-4DEA-B5A0-D72FC501CEFA}
{8B74A499-37F8-4DEA-B5A0-D72FC501CEFA}
{3EA123B5-6316-452E-9D51-A489E06E2347}
{3EA123B5-6316-452E-9D51-A489E06E2347}
{EECBA6B8-3A62-44AD-99EB-8666265466F9}
{EECBA6B8-3A62-44AD-99EB-8666265466F9}
{1D844339-3DAE-413E-BC13-62D6A52816B2}
{1D844339-3DAE-413E-BC13-62D6A52816B2}
{4153F732-D670-4E44-8AB7-500F2B576BDA}
{4153F732-D670-4E44-8AB7-500F2B576BDA}
{EA7564AC-C67D-4868-BE5C-26E4FC2223FF}
{EA7564AC-C67D-4868-BE5C-26E4FC2223FF}
{957A4EC0-E67B-4E86-A383-6AF7270B216A}
{957A4EC0-E67B-4E86-A383-6AF7270B216A}
{00B41853-4377-4AD8-AD44-8404E0D331EC}
{00B41853-4377-4AD8-AD44-8404E0D331EC}
{580CB155-841D-4D48-9F59-866A035C2241}
{580CB155-841D-4D48-9F59-866A035C2241}
{816D4DFD-FF7B-4C16-8943-EEB07DF989CB}
{816D4DFD-FF7B-4C16-8943-EEB07DF989CB}
{C1F1028F-D91A-43E8-A117-4F7CAFD7A041}
{C1F1028F-D91A-43E8-A117-4F7CAFD7A041}
{04E73476-518E-4B6A-8E10-021A00078847}
{04E73476-518E-4B6A-8E10-021A00078847}
{ED569DB3-58C4-4463-971F-4AAABB6440BD}
{ED569DB3-58C4-4463-971F-4AAABB6440BD}
{F1B5AE30-CB00-4DCF-978B-07D33B034ADB}
{F1B5AE30-CB00-4DCF-978B-07D33B034ADB}
{1ABEAF09-435F-47D6-9FEB-0AD05D4EF3EA}
{1ABEAF09-435F-47D6-9FEB-0AD05D4EF3EA}
{53C65973-D89D-4EA0-8567-8788C14E0A02}
{53C65973-D89D-4EA0-8567-8788C14E0A02}
{A58B51D1-89BF-4D88-939D-B6D0DB2EEB53}
{A58B51D1-89BF-4D88-939D-B6D0DB2EEB53}
{835AC3CE-E36B-4D65-B50F-2863A682ABEE}
{835AC3CE-E36B-4D65-B50F-2863A682ABEE}
{1C8772BD-6E6F-4C9D-8FF8-B5EA072F86EF}
{1C8772BD-6E6F-4C9D-8FF8-B5EA072F86EF}
{6F1AE751-4D8A-4B25-AC0A-C6CB912A9791}
{6F1AE751-4D8A-4B25-AC0A-C6CB912A9791}
{3F40FA9E-26CA-4CA2-93C9-603622349915}
{3F40FA9E-26CA-4CA2-93C9-603622349915}
{14D3E42A-A318-4D77-9895-A7EE585EFC3B}
{14D3E42A-A318-4D77-9895-A7EE585EFC3B}
{C1E59364-35F6-44B3-AF0F-FCA934C4B252}
{C1E59364-35F6-44B3-AF0F-FCA934C4B252}
{A1FE0698-609D-400F-BF10-F52238DD6475}
{A1FE0698-609D-400F-BF10-F52238DD6475}
6.01.7000.0000
6.01.7000.0000
6.00.6000.16386
6.00.6000.16386
4.09.00.0903
4.09.00.0903
4.09.00.0902
4.09.00.0902
4.09.00.0901
4.09.00.0901
4.09.00.0900
4.09.00.0900
4.08.02.0134
4.08.02.0134
4.08.01.0901
4.08.01.0901
4.08.01.0810
4.08.01.0810
4.08.00.0400
4.08.00.0400
4.07.01.3000
4.07.01.3000
4.07.00.0716
4.07.00.0716
4.07.00.0700
4.07.00.0700
SQL Server Compact 4.0
SQL Server Compact 4.0
HKLM\SOFTWARE\Microsoft\Microsoft SQL Server Compact Edition\v4.0\ENU\DesktopRuntimeVersion
HKLM\SOFTWARE\Microsoft\Microsoft SQL Server Compact Edition\v4.0\ENU\DesktopRuntimeVersion
SQL Server Compact 3.5 SP2
SQL Server Compact 3.5 SP2
SQL Server Compact 3.5 SP1
SQL Server Compact 3.5 SP1
HKLM\SOFTWARE\Microsoft\Microsoft SQL Server Compact Edition\v3.5\ENU\DesktopRuntimeServicePackLevel
HKLM\SOFTWARE\Microsoft\Microsoft SQL Server Compact Edition\v3.5\ENU\DesktopRuntimeServicePackLevel
SQL Server Compact 3.5
SQL Server Compact 3.5
HKLM\SOFTWARE\Microsoft\Microsoft SQL Server Compact Edition\v3.5\ENU\DesktopRuntimeVersion
HKLM\SOFTWARE\Microsoft\Microsoft SQL Server Compact Edition\v3.5\ENU\DesktopRuntimeVersion
11.0.3000
11.0.3000
SQL Server Express 2012 SP1
SQL Server Express 2012 SP1
HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\110\Tools\ClientSetup\CurrentVersion\CurrentVersion
HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\110\Tools\ClientSetup\CurrentVersion\CurrentVersion
HKLM\SOFTWARE\Microsoft\Microsoft SQL Server Native Client 11.0\CurrentVersion\Version
HKLM\SOFTWARE\Microsoft\Microsoft SQL Server Native Client 11.0\CurrentVersion\Version
SQL Server Express 2012
SQL Server Express 2012
HKLM\SOFTWARE\Microsoft\Microsoft SQL Server 2012 Redist\SQLNCLI11\1033\CurrentVersion\Version
HKLM\SOFTWARE\Microsoft\Microsoft SQL Server 2012 Redist\SQLNCLI11\1033\CurrentVersion\Version
10.52.4000
10.52.4000
SQL Server Express 2008 R2 SP2
SQL Server Express 2008 R2 SP2
10.51.2500
10.51.2500
SQL Server Express 2008 R2 SP1
SQL Server Express 2008 R2 SP1
SQL Server Express 2008 R2
SQL Server Express 2008 R2
HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\100\Bootstrap R2\CurrentVersion\Version
HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\100\Bootstrap R2\CurrentVersion\Version
SQL Server Express 2008 SP3
SQL Server Express 2008 SP3
SQL Server Express 2008 SP2
SQL Server Express 2008 SP2
SQL Server Express 2008 SP1
SQL Server Express 2008 SP1
HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\100\Bootstrap\Setup\PatchLevel
HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\100\Bootstrap\Setup\PatchLevel
HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\SQLSERVER2008\MSSQLServer\CurrentVersion\CurrentVersion
HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\SQLSERVER2008\MSSQLServer\CurrentVersion\CurrentVersion
SQL Server Express 2008
SQL Server Express 2008
HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\SQLEXPRESS\MSSQLServer\CurrentVersion\CurrentVersion
HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\SQLEXPRESS\MSSQLServer\CurrentVersion\CurrentVersion
9.00.5000
9.00.5000
SQL Server Express 2005 SP4
SQL Server Express 2005 SP4
9.00.4035
9.00.4035
SQL Server Express 2005 SP3
SQL Server Express 2005 SP3
9.00.3042
9.00.3042
SQL Server Express 2005 SP2
SQL Server Express 2005 SP2
9.00.2047
9.00.2047
SQL Server Express 2005 SP1
SQL Server Express 2005 SP1
SQL Server Express 2005
SQL Server Express 2005
HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\90\Tools\ClientSetup\CurrentVersion\CurrentVersion
HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\90\Tools\ClientSetup\CurrentVersion\CurrentVersion
4.5.2
4.5.2
4.5.1
4.5.1
HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v2.0.50727\Install
HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v2.0.50727\Install
HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v1.1.4322\Install
HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v1.1.4322\Install
3321-3705
3321-3705
HKLM\SOFTWARE\Microsoft\.NETFramework\policy\v1.0\3705
HKLM\SOFTWARE\Microsoft\.NETFramework\policy\v1.0\3705
Windows 9x/ME
Windows 9x/ME
Windows 9x/ME/NT/2000/XP/Vista/Windows 7/Windows 8 x86/Windows 8.1 x86
Windows 9x/ME/NT/2000/XP/Vista/Windows 7/Windows 8 x86/Windows 8.1 x86
Windows XP/Vista/Windows 7/Windows 8 x64/Windows 8.1 x64
Windows XP/Vista/Windows 7/Windows 8 x64/Windows 8.1 x64
[SystemFolder]wininet.dll
[SystemFolder]wininet.dll
[SystemFolder]inetsrv\inetinfo.exe
[SystemFolder]inetsrv\inetinfo.exe
[SystemFolder]inetsrv\w3wp.exe
[SystemFolder]inetsrv\w3wp.exe
[ProgramFilesFolder]Microsoft Office\Office14\vviewer.dll
[ProgramFilesFolder]Microsoft Office\Office14\vviewer.dll
[ProgramFiles64Folder]Microsoft Office\Office14\vviewer.dll
[ProgramFiles64Folder]Microsoft Office\Office14\vviewer.dll
[ProgramFilesFolder]Microsoft Office\Office15\vviewer.dll
[ProgramFilesFolder]Microsoft Office\Office15\vviewer.dll
[ProgramFiles64Folder]Microsoft Office\Office15\vviewer.dll
[ProgramFiles64Folder]Microsoft Office\Office15\vviewer.dll
[ProgramFilesFolder]Microsoft Office\Office15\lync.exe
[ProgramFilesFolder]Microsoft Office\Office15\lync.exe
[ProgramFiles64Folder]Microsoft Office\Office15\lync.exe
[ProgramFiles64Folder]Microsoft Office\Office15\lync.exe
EXE_CMD_LINE
EXE_CMD_LINE
SETUPEXEDIR
SETUPEXEDIR
AI_SETUPEXEPATH
AI_SETUPEXEPATH
/aespassword
/aespassword
/proxypassword
/proxypassword
/password
/password
/exelog
/exelog
/exelang
/exelang
/exefullui
/exefullui
/exebasicui
/exebasicui
/exenoui
/exenoui
%s %s
%s %s
d-d-d @d:d:d
d-d-d @d:d:d
MajorVersion: %u;
MajorVersion: %u;
MinorVersion: %u;
MinorVersion: %u;
BuildNumber: %u;
BuildNumber: %u;
PlatformId: %u;
PlatformId: %u;
CSDVersion: %s;
CSDVersion: %s;
ServicePackMajor: %u;
ServicePackMajor: %u;
ServicePackMinor: %u;
ServicePackMinor: %u;
SuiteMask: %u;
SuiteMask: %u;
ProductType: %u;
ProductType: %u;
WindowsFolder
WindowsFolder
WindowsVolume
WindowsVolume
shfolder.dll
shfolder.dll
instname-custom.mst
instname-custom.mst
instname-target.msi
instname-target.msi
instname-template.msi
instname-template.msi
TRANSFORMS=:%s.mst
TRANSFORMS=:%s.mst
AI_INTANCE_LOCATION="%s"
AI_INTANCE_LOCATION="%s"
/n %s
/n %s
TRANSFORMS="%s"
TRANSFORMS="%s"
TRANSFORMS=":%s.mst;%s" MSINEWINSTANCE=1
TRANSFORMS=":%s.mst;%s" MSINEWINSTANCE=1
TRANSFORMS=:%s.mst MSINEWINSTANCE=1
TRANSFORMS=:%s.mst MSINEWINSTANCE=1
SELECT `Value` FROM `Property` WHERE Property='%s'
SELECT `Value` FROM `Property` WHERE Property='%s'
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
MainAppCmdLine
MainAppCmdLine
UpdatesUrl
UpdatesUrl
MainAppURL
MainAppURL
SQLExpress
SQLExpress
SQLCompact
SQLCompact
Operator
Operator
SearchCmdLine
SearchCmdLine
.part
.part
hXXp://VVV.google.com
hXXp://VVV.google.com
hXXp://VVV.yahoo.com
hXXp://VVV.yahoo.com
hXXp://VVV.example.com
hXXp://VVV.example.com
tin9999.tmp
tin9999.tmp
wininet.dll
wininet.dll
FTP Server
FTP Server
HTTP/1.0
HTTP/1.0
Range: bytes=%u-
Range: bytes=%u-
REST %u
REST %u
0.0.0.0
0.0.0.0
Launching URL:
Launching URL:
SELECT `Value` FROM `Property` WHERE `Property` = '%s'
SELECT `Value` FROM `Property` WHERE `Property` = '%s'
\\.\pipe\ToServer
\\.\pipe\ToServer
*.pack
*.pack
--verbose --log-file="%s" --remove-pack-file "%s" "%s"
--verbose --log-file="%s" --remove-pack-file "%s" "%s"
unpack200.exe
unpack200.exe
%s (%s)
%s (%s)
(%s) %s
(%s) %s
(%s (%s
(%s (%s
mstask.exe
mstask.exe
BIN\STSADM.EXE
BIN\STSADM.EXE
12\BIN\STSADM.EXE
12\BIN\STSADM.EXE
14\BIN\STSADM.EXE
14\BIN\STSADM.EXE
15\BIN\STSADM.EXE
15\BIN\STSADM.EXE
Microsoft Shared\Web Server Extensions\
Microsoft Shared\Web Server Extensions\
Solutions.list
Solutions.list
SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\
SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\
EventPublisher.cpp
EventPublisher.cpp
`Key` = '
`Key` = '
AiMsgBox
AiMsgBox
AiProgressReport
AiProgressReport
ErrorMsgTitle
ErrorMsgTitle
PIDKEY
PIDKEY
Software\Microsoft\Windows\CurrentVersion\Uninstall\
Software\Microsoft\Windows\CurrentVersion\Uninstall\
PTF://
PTF://
hXXps://
hXXps://
AI_MORE_CMD_LINE=1
AI_MORE_CMD_LINE=1
msiexec.exe
msiexec.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\TempPackages
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\TempPackages
MsiInstaller.cpp
MsiInstaller.cpp
UninstallMsg
UninstallMsg
InstallExecuteAgain
InstallExecuteAgain
InstallExecute
InstallExecute
InstallExecuteSequence
InstallExecuteSequence
1500000
1500000
3000000
3000000
InstallMonitor.cpp
InstallMonitor.cpp
(.*)(?:\{)?(.*)\[1\](.*)(?:\})?(.*)
(.*)(?:\{)?(.*)\[1\](.*)(?:\})?(.*)
(.*)\{(.*)\[.\](.*)\}(.*)
(.*)\{(.*)\[.\](.*)\}(.*)
(.*)\[.\](.*)
(.*)\[.\](.*)
(.*)(\{[^}]*\})(.*)
(.*)(\{[^}]*\})(.*)
[1-9]: (.*)
[1-9]: (.*)
ARPURLUPDATEINFO
ARPURLUPDATEINFO
ARPURLINFOABOUT
ARPURLINFOABOUT
zzzzzzzzz.zzzzzzzzzzzzzzzzzzzzzz
zzzzzzzzz.zzzzzzzzzzzzzzzzzzzzzz
c:\%original file name%.exe
c:\%original file name%.exe
Copy URL In Clipboard
Copy URL In Clipboard
You must locate, download and install the following prerequisites onto your computer. Double click on an URL to open it in your web browser.
You must locate, download and install the following prerequisites onto your computer. Double click on an URL to open it in your web browser.
Password:
Password:
Show password
Show password
This archive is corrupted.(This archive has an unsupported version.'Windows Installer could not be started.)An error occurred while reading the file.#An error occurred while extracting.
This archive is corrupted.(This archive has an unsupported version.'Windows Installer could not be started.)An error occurred while reading the file.#An error occurred while extracting.
Select the download folder.R%s can not be installed on systems with Windows Installer version smaller than %s.
Select the download folder.R%s can not be installed on systems with Windows Installer version smaller than %s.
ErrorkThis package requires Windows Installer version "%s". You have "%s".
ErrorkThis package requires Windows Installer version "%s". You have "%s".
Please upgrade your Windows Installer.
Please upgrade your Windows Installer.
%s Options(Extracting the main application files...
%s Options(Extracting the main application files...
%s [options]
%s [options]
/listlangs - list languages supported by this setup
/listlangs - list languages supported by this setup
/exenoui - launches the EXE setup without UI
/exenoui - launches the EXE setup without UI
/exebasicui - launches the EXE setup with basic UI
/exebasicui - launches the EXE setup with basic UI
/exelang - launches the EXE setup using the specified language
/exelang - launches the EXE setup using the specified language
/password - password used by the proxy
/password - password used by the proxy
/exelog - creates a log file at specified path
/exelog - creates a log file at specified path
/exenoupdates - does not check for a newer version
/exenoupdates - does not check for a newer version
- options for msiexec.exe on running the MSI package
- options for msiexec.exe on running the MSI package
Installing %s4Press the Next button to download the prerequisites.3Press the Next button to install the prerequisites.;Press the Next button to open the prerequisites' web sites.8Press the Finish button to install the main application.
Installing %s4Press the Next button to download the prerequisites.3Press the Next button to install the prerequisites.;Press the Next button to open the prerequisites' web sites.8Press the Finish button to install the main application.
%s Setup
%s Setup
Required: %s or lower.
Required: %s or lower.
Required: %s or higher.
Required: %s or higher.
Required: between %s and %s.
Required: between %s and %s.
Found: %s.
Found: %s.
NameCPress the Finish button when you are done and ready to install %s. 3Press the Next button to install the prerequisites.
NameCPress the Finish button when you are done and ready to install %s. 3Press the Next button to install the prerequisites.
Error: %s
Error: %s
Installing %s from: %sZSome prerequisites could not be installed. Press Back to return to the prerequisites list.{After launching all packages some required prerequisites are still missing. Press Back to return to the prerequisites list.aAll prerequisites have been installed successfully. Press Finish to install the main application.&Welcome to the %s Prerequisites Wizard
Installing %s from: %sZSome prerequisites could not be installed. Press Back to return to the prerequisites list.{After launching all packages some required prerequisites are still missing. Press Back to return to the prerequisites list.aAll prerequisites have been installed successfully. Press Finish to install the main application.&Welcome to the %s Prerequisites Wizard
%d.%d KB/slSome required prerequisites are still missing. You can try again or remove them from the prerequisites list.
%d.%d KB/slSome required prerequisites are still missing. You can try again or remove them from the prerequisites list.
%d hr %d min at %s/sec
%d hr %d min at %s/sec
%d min %d sec at %s/sec
%d min %d sec at %s/sec
%d sec at %s/sec
%d sec at %s/sec
Progress: %d%% (%s of %s) Downloading: %s %d%% (%s of %s)
Progress: %d%% (%s of %s) Downloading: %s %d%% (%s of %s)
Opening site of %s
Opening site of %s
Downloading %s Extracting files from archive...
Downloading %s Extracting files from archive...
Extracting file to %s0The %s file can't be unpacked. Error message: %saThe Java Runtime Environment version 1.5 or later must be installed in order to unpack JAR files.-Another instance of setup is already running.
Extracting file to %s0The %s file can't be unpacked. Error message: %saThe Java Runtime Environment version 1.5 or later must be installed in order to unpack JAR files.-Another instance of setup is already running.
%s cannot be installed on %s
%s cannot be installed on %s
Unpacking file:%syThere is not enough space in folder:%s
Unpacking file:%syThere is not enough space in folder:%s
Preparing...L%s can not be installed on systems with Adobe Reader version smaller than %s
Preparing...L%s can not be installed on systems with Adobe Reader version smaller than %s
%s Languages
%s Languages
B%s cannot be installed on systems with JRE version smaller than %sF%s cannot be installed on systems with DirectX version smaller than %sw%s requires an active Internet connection for installation. Please check your network configuration and proxy settings.
B%s cannot be installed on systems with JRE version smaller than %sF%s cannot be installed on systems with DirectX version smaller than %sw%s requires an active Internet connection for installation. Please check your network configuration and proxy settings.
QuestionOAn upgrade of the selected instance will be performed. Do you want to continue? Upgrade all installed instances.xThis package allows you to install multiple instances of %s. Please select the option you want and press OK to continue:L%s cannot be installed on systems with XNA Framework version smaller than %s
QuestionOAn upgrade of the selected instance will be performed. Do you want to continue? Upgrade all installed instances.xThis package allows you to install multiple instances of %s. Please select the option you want and press OK to continue:L%s cannot be installed on systems with XNA Framework version smaller than %s
Evaluating launch conditions...B%s cannot be installed on systems with JDK version smaller than %s-%s can not be installed on systems without %s6%s cannot be installed on systems without %s or higher,%s cannot be installed on systems without %sK%s cannot be installed on systems without %s 2003 Primary Interop Assembly.K%s cannot be installed on systems without %s 2007 Primary Interop Assembly.-%s cannot be installed on systems without %s.
Evaluating launch conditions...B%s cannot be installed on systems with JDK version smaller than %s-%s can not be installed on systems without %s6%s cannot be installed on systems without %s or higher,%s cannot be installed on systems without %sK%s cannot be installed on systems without %s 2003 Primary Interop Assembly.K%s cannot be installed on systems without %s 2007 Primary Interop Assembly.-%s cannot be installed on systems without %s.
Connect to %sNThe server %s at %s requires a username and password. Please enter them below.
Connect to %sNThe server %s at %s requires a username and password. Please enter them below.
Cannot acces URL: %sK%s cannot be installed on systems without %s 2010 Primary Interop Assembly.-%s cannot be installed on systems without %s.p%s cannot be installed because the current user does not have enough permissions to deploy SharePoint solutions.g%s cannot be installed because SharePoint Administration and SharePoint Timer services are not started.Y%s cannot be installed because the SharePoint solutions it contains are already deployed.
Cannot acces URL: %sK%s cannot be installed on systems without %s 2010 Primary Interop Assembly.-%s cannot be installed on systems without %s.p%s cannot be installed because the current user does not have enough permissions to deploy SharePoint solutions.g%s cannot be installed because SharePoint Administration and SharePoint Timer services are not started.Y%s cannot be installed because the SharePoint solutions it contains are already deployed.
Failed>%s cannot be installed on systems running on virtual machines.F%s cannot be installed on systems without %s Primary Interop Assembly.PThere is a newer version of %s (%s).
Failed>%s cannot be installed on systems running on virtual machines.F%s cannot be installed on systems without %s Primary Interop Assembly.PThere is a newer version of %s (%s).
Checking for a newer version...mFailed to download newer version (Error: %s). Would you like to retry or proceed and install current version?(Failed to read from file "%s". Error: %s'Failed to write in file "%s". Error: %s
Checking for a newer version...mFailed to download newer version (Error: %s). Would you like to retry or proceed and install current version?(Failed to read from file "%s". Error: %s'Failed to write in file "%s". Error: %s
Setup package was encrypted using AES 256 algorithm. To continue the setup process, you should provide the password needed to decrypt the package.?
Setup package was encrypted using AES 256 algorithm. To continue the setup process, you should provide the password needed to decrypt the package.?
Deleting extracted files...
Deleting extracted files...
Invalid command line"Unable to init windows application
Invalid command line"Unable to init windows application
Internal errorNThis application cannot be installed on systems earlier than Windows 2000 SP4._This installation package is not supported by this processor type. Contact your product vendor.
Internal errorNThis application cannot be installed on systems earlier than Windows 2000 SP4._This installation package is not supported by this processor type. Contact your product vendor.
Unexpected exception.XThe application ran into a problem that it couldn't handle.
Unexpected exception.XThe application ran into a problem that it couldn't handle.
Could not allocate memory.PParse error in file: "%1!ls!" at line: [%2!ld!] column: [%3!ld!] (code: %4!ls!).
Could not allocate memory.PParse error in file: "%1!ls!" at line: [%2!ld!] column: [%3!ld!] (code: %4!ls!).
Unsupported XML file encoding. File "%1!ls!" could not be read.
Unsupported XML file encoding. File "%1!ls!" could not be read.
3.0.1
3.0.1
LeagueofLegends_EUW_Installer.exe
LeagueofLegends_EUW_Installer.exe
MsiExec.exe_2252:
.text
.text
`.data
`.data
.rsrc
.rsrc
@.reloc
@.reloc
ADVAPI32.dll
ADVAPI32.dll
KERNEL32.dll
KERNEL32.dll
NTDLL.DLL
NTDLL.DLL
USER32.dll
USER32.dll
msvcrt.dll
msvcrt.dll
ole32.dll
ole32.dll
msi.dll
msi.dll
PSSSSSSh
PSSSSSSh
t%SSWV3
t%SSWV3
ntdll.dll
ntdll.dll
RegOpenKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCreateKeyExW
ReportEventW
ReportEventW
RegCloseKey
RegCloseKey
RegDeleteKeyW
RegDeleteKeyW
RegEnumKeyW
RegEnumKeyW
RegEnumKeyExW
RegEnumKeyExW
RegGetKeySecurity
RegGetKeySecurity
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
_acmdln
_acmdln
_amsg_exit
_amsg_exit
msiexec.pdb
msiexec.pdb
name="MSIExec"
name="MSIExec"
version="4.0.0.0"
version="4.0.0.0"
Windows installer setup service
Windows installer setup service
name="Microsoft.Windows.Common-Controls"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
publicKeyToken="6595b64144ccf1df"
> >$>(>,>4>8>
> >$>(>,>4>8>
Msi.dll
Msi.dll
Software\Microsoft\Windows\CurrentVersion\Installer
Software\Microsoft\Windows\CurrentVersion\Installer
passive
passive
Kernel32.dll
Kernel32.dll
FIsKeyLocalSystemOrAdminOrTrustedInstallersOwned: Could not get owner security info.
FIsKeyLocalSystemOrAdminOrTrustedInstallersOwned: Could not get owner security info.
PurgeUserOwnedSubkeys: Could not open subkey: %s
PurgeUserOwnedSubkeys: Could not open subkey: %s
PurgeUserOwnedSubkeys: Could not enumerate subkeys.
PurgeUserOwnedSubkeys: Could not enumerate subkeys.
PurgeUserOwnedSubkeys: Could not delete SubKey tree.
PurgeUserOwnedSubkeys: Could not delete SubKey tree.
PurgeUserOwnedSubkeys: %s not owned by System, Admin or Trusted Installers. Deleting key subkeys.
PurgeUserOwnedSubkeys: %s not owned by System, Admin or Trusted Installers. Deleting key subkeys.
PurgeUserOwnedInstallerKeys: Could not delete tree.
PurgeUserOwnedInstallerKeys: Could not delete tree.
PurgeUserOwnedInstallerKeys: Key '%s' not owned by System, Admin, or Trusted Installers. Deleting key subkeys.
PurgeUserOwnedInstallerKeys: Key '%s' not owned by System, Admin, or Trusted Installers. Deleting key subkeys.
PurgeUserOwnedInstallerKeys: Could not open key '%s'
PurgeUserOwnedInstallerKeys: Could not open key '%s'
OpenProcessToken failed with %d
OpenProcessToken failed with %d
OLEAUT32.dll
OLEAUT32.dll
Software\Microsoft\Windows\CurrentVersion\Installer\RunOnceEntries
Software\Microsoft\Windows\CurrentVersion\Installer\RunOnceEntries
SetInstallerACLs: Could not create Secure Installer sub key.
SetInstallerACLs: Could not create Secure Installer sub key.
SetInstallerACLs: Could not delete Installer key tree.
SetInstallerACLs: Could not delete Installer key tree.
SetInstallerACLs: Installer key not owned by System or Admin. Deleting key subkeys and re-creating.
SetInstallerACLs: Installer key not owned by System or Admin. Deleting key subkeys and re-creating.
SetInstallerACLs: Could not create Installer key.
SetInstallerACLs: Could not create Installer key.
Wait Failed in MsgWait.
Wait Failed in MsgWait.
kernel32.dll
kernel32.dll
APPID\%s
APPID\%s
%s\DefaultIcon
%s\DefaultIcon
%s\CLSID
%s\CLSID
CLSID\%s
CLSID\%s
CLSID\%s\ProgId
CLSID\%s\ProgId
Msi.Package
Msi.Package
Windows Installer Package
Windows Installer Package
Msi.Patch
Msi.Patch
Windows Installer Patch
Windows Installer Patch
MsiExecCA32
MsiExecCA32
{lX-0000-0000-C000-000000000046}
{lX-0000-0000-C000-000000000046}
MsiRegMv.Exe
MsiRegMv.Exe
ISMIF32.DLL
ISMIF32.DLL
%d.%d.%.4d.%d
%d.%d.%.4d.%d
REINSTALL=ALL REINSTALLMODE=%s
REINSTALL=ALL REINSTALLMODE=%s
Error: %d. %s.
Error: %d. %s.
Software\Policies\Microsoft\Windows\Installer
Software\Policies\Microsoft\Windows\Installer
Failed to connect to server. Error: 0x%X
Failed to connect to server. Error: 0x%X
FDeleteRegTree: Unable to delete subkey: %s
FDeleteRegTree: Unable to delete subkey: %s
Windows
Windows
5.0.7601.17514 (win7sp1_rtm.101119-1850)
5.0.7601.17514 (win7sp1_rtm.101119-1850)
msiexec
msiexec
msiexec.exe
msiexec.exe
Windows Installer - Unicode
Windows Installer - Unicode
5.0.7601.17514
5.0.7601.17514
vcredist_x64.exe_3272:
.text
.text
`.data
`.data
.rsrc
.rsrc
ADVAPI32.dll
ADVAPI32.dll
KERNEL32.dll
KERNEL32.dll
NTDLL.DLL
NTDLL.DLL
GDI32.dll
GDI32.dll
USER32.dll
USER32.dll
COMCTL32.dll
COMCTL32.dll
VERSION.dll
VERSION.dll
advapi32.dll
advapi32.dll
advpack.dll
advpack.dll
wininit.ini
wininit.ini
Software\Microsoft\Windows\CurrentVersion\App Paths
Software\Microsoft\Windows\CurrentVersion\App Paths
setupapi.dll
setupapi.dll
setupx.dll
setupx.dll
IXPd.TMP
IXPd.TMP
TMP4351$.TMP
TMP4351$.TMP
FINISHMSG
FINISHMSG
USRQCMD
USRQCMD
ADMQCMD
ADMQCMD
msdownld.tmp
msdownld.tmp
wextract.pdb
wextract.pdb
PSSSSSSh
PSSSSSSh
RegCloseKey
RegCloseKey
RegOpenKeyExA
RegOpenKeyExA
RegCreateKeyExA
RegCreateKeyExA
RegQueryInfoKeyA
RegQueryInfoKeyA
GetWindowsDirectoryA
GetWindowsDirectoryA
ExitWindowsEx
ExitWindowsEx
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
rundll32.exe %s,InstallHinfSection %s 128 %s
rundll32.exe %s,InstallHinfSection %s 128 %s
SHELL32.DLL
SHELL32.DLL
Software\Microsoft\Windows\CurrentVersion\RunOnce
Software\Microsoft\Windows\CurrentVersion\RunOnce
PendingFileRenameOperations
PendingFileRenameOperations
System\CurrentControlSet\Control\Session Manager\FileRenameOperations
System\CurrentControlSet\Control\Session Manager\FileRenameOperations
wextract_cleanup%d
wextract_cleanup%d
%s /D:%s
%s /D:%s
rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"
rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"
Command.com /c %s
Command.com /c %s
33333330
33333330
3333333
3333333
33333333
33333333
VCREDI~2.EXE
VCREDI~2.EXE
icrosoft.VC80.MFCLOC.cat
icrosoft.VC80.MFCLOC.cat
.8.00.Microsoft.VC80.MFCLOC.cat
.8.00.Microsoft.VC80.MFCLOC.cat
Microsoft.VC80.OpenMP.cat
Microsoft.VC80.OpenMP.cat
policy.8.00.Microsoft.VC80.OpenMP.cat
policy.8.00.Microsoft.VC80.OpenMP.cat
vcredist.msi
vcredist.msi
vcredis1.cab
vcredis1.cab
.qoRr_R
.qoRr_R
,.gV2\
,.gV2\
M%SQTU
M%SQTU
/1`121406
/1`121406
7.KZc
7.KZc
.AN _!
.AN _!
%xlN!
%xlN!
,8mv-I}~
,8mv-I}~
Nv.uQz/wy
Nv.uQz/wy
i\'.Ru
i\'.Ru
&(.JEj
&(.JEj
-j}$@
-j}$@
hdt.Lb
hdt.Lb
Z'.lB
Z'.lB
7@s%U
7@s%U
y.hJr
y.hJr
lp.HU
lp.HU
CRTq!
CRTq!
h.DFo
h.DFo
r "%sDD
r "%sDD
.Ub{Y_
.Ub{Y_
.LK=e
.LK=e
,qE]i.jrD
,qE]i.jrD
6M
6M
.vql]BM
.vql]BM
o .Jt
o .Jt
EFZ.MO
EFZ.MO
ju'$?r6.qJW
ju'$?r6.qJW
v:%F,
v:%F,
yL.VUJ
yL.VUJ
0I.QN
0I.QN
SNG. %D
SNG. %D
@xÂ>
@xÂ>
Qk.ek
Qk.ek
wC.OqVd
wC.OqVd
r%Dn,.
r%Dn,.
.ujv&
.ujv&
vT.LnB^
vT.LnB^
PU.bq6
PU.bq6
.jOu',
.jOu',
XO.Zu
XO.Zu
c.Hgb
c.Hgb
fPu.eejg9)
fPu.eejg9)
.UIKm
.UIKm
P.kx
P.kx
G.RCv
G.RCv
Y9%Dy
Y9%Dy
6:%FzvB
6:%FzvB
=D.If;
=D.If;
*=3%F
*=3%F
/4.avD
/4.avD
%XjPV
%XjPV
O$%X?S
O$%X?S
XT.NHk
XT.NHk
`w).QI
`w).QI
bt%shu
bt%shu
n.Zx@
n.Zx@
0 .jU
0 .jU
O_HA.ar
O_HA.ar
Y.fG2I
Y.fG2I
Ëdu
Ëdu
N[&(%u
N[&(%u
(!.cI
(!.cI
*-GL}4
*-GL}4
).qxv
).qxv
u|%7x
u|%7x
d@.Zj
d@.Zj
E-%xA=
E-%xA=
.cXvt
.cXvt
E^I.sh0
E^I.sh0
%u!5#
%u!5#
WkEy#
WkEy#
*
*
-p.ql
-p.ql
HL%DI;
HL%DI;
yj.uI
yj.uI
Ta-%u
Ta-%u
2R%DNS^
2R%DNS^
=È"
=È"
5 &4.fd
5 &4.fd
P.noy
P.noy
m/%XA
m/%XA
0.GCN !
0.GCN !
H.lBO
H.lBO
UDpf
UDpf
RA7b%s
RA7b%s
%D~(
%D~(
/$A.tujw
/$A.tujw
.oq*$
.oq*$
V}k'%UO
V}k'%UO
i5.us 2
i5.us 2
!?.yH
!?.yH
Xc.aE
Xc.aE
-M.sv
-M.sv
4.KbE
4.KbE
.QpK
.QpK
g.CYh
g.CYh
V-z.ID
V-z.ID
?>*"87(2
?>*"87(2
.q]%D
.q]%D
@Az.Ly
@Az.Ly
q"%XHT
q"%XHT
Ug%Sf
Ug%Sf
.8.XPAf
.8.XPAf
-.OZ7
-.OZ7
W.ul:`
W.ul:`
pp0.dm
pp0.dm
MlP.sD
MlP.sD
zA#[%f
zA#[%f
%6Ul7
%6Ul7
=.gb'
=.gb'
r{%1sjcn1
r{%1sjcn1
5%C^c
5%C^c
:"%C=
:"%C=
m.Bcu
m.Bcu
?X.sH
?X.sH
@%xeI
@%xeI
9;.ol
9;.ol
.UduQR
.UduQR
qH.QF
qH.QF
.RYvD
.RYvD
5W.rk
5W.rk
0.njQW
0.njQW
1x0.QyK
1x0.QyK
%XoRz
%XoRz
{LFR--mU}$V]
{LFR--mU}$V]
\PÃ
\PÃ
%F"[0
%F"[0
a,.vA
a,.vA
bx5?
bx5?
'.qT=
'.qT=
'%xGP
'%xGP
d.tLIQ
d.tLIQ
$K.tIgN!*/
$K.tIgN!*/
b.Lt2g
b.Lt2g
Jw.RR
Jw.RR
%%DOK
%%DOK
fm %d
fm %d
1p9.yv
1p9.yv
|.cJ9
|.cJ9
w.DWJ
w.DWJ
S.dm[)]
S.dm[)]
K!.py
K!.py
=LX.pC
=LX.pC
.nY8S/
.nY8S/
7)G%XE!Ac
7)G%XE!Ac
{.sdTv
{.sdTv
/%dI\
/%dI\
p$;%s
p$;%s
c%2X"%@8
c%2X"%@8
%XLeT
%XLeT
Rf]%S_N
Rf]%S_N
;B%SW:
;B%SW:
}.ln"
}.ln"
M:\H=.1
M:\H=.1
9{ceXe
9{ceXe
u[@^5TF.PA
u[@^5TF.PA
9' "'")")
9' "'")")
Z.TV-A
Z.TV-A
w{.HX
w{.HX
W%fp>
W%fp>
n.AA.|
n.AA.|
`cM%ua
`cM%ua
%0S4&a
%0S4&a
NŸe
NŸe
.Xu%o7B
.Xu%o7B
E2I.Fp
E2I.Fp
H6.Og
H6.Og
.MVw
.MVw
[Q.yn
[Q.yn
%uO/i
%uO/i
-Hu})
-Hu})
?FI%d
?FI%d
?*.Zyj~j
?*.Zyj~j
t&X%F
t&X%F
',594898
',594898
.Xw\^
.Xw\^
0V.FY
0V.FY
Ak.wi
Ak.wi
m/.pnl
m/.pnl
V\#9B%D
V\#9B%D
2~o%u9
2~o%u9
~oÃ
~oÃ
"/%f_
"/%f_
e.ot:
e.ot:
.GJ-ZG
.GJ-ZG
iQp.mR
iQp.mR
VY.uv
VY.uv
M.fmX\
M.fmX\
x_.qI
x_.qI
G %xs
G %xs
C<.ob>
C<.ob>
8a%%S
8a%%S
&(.kA
&(.kA
We.ja
We.ja
.YSVM
.YSVM
w%FYwF
w%FYwF
RbB.NVF5{I
RbB.NVF5{I
.YOHg
.YOHg
x%UYT
x%UYT
y#-W}
y#-W}
zf.PJ
zf.PJ
~`-xj}
~`-xj}
AS.kK
AS.kK
N.OUY
N.OUY
&PG%x
&PG%x
Il.zs
Il.zs
F9.kL
F9.kL
#6dF/
#6dF/
9b%F:4
9b%F:4
= v.sH
= v.sH
$%d$}]V
$%d$}]V
/.zc|J`
/.zc|J`
g5.Nm
g5.Nm
Qv%dR6
Qv%dR6
r%sfj
r%sfj
(PB%D
(PB%D
O.NOK
O.NOK
[%X8]
[%X8]
.SYKT
.SYKT
{%Dmz
{%Dmz
qB:%sW
qB:%sW
%X!'
%X!'
ia%d*
ia%d*
%UI/sW
%UI/sW
NtN-bd}
NtN-bd}
|.mBb
|.mBb
<.mwv>
<.mwv>
;&c.WG
;&c.WG
.exG1
.exG1
KKc%f
KKc%f
r(%xIWJ
r(%xIWJ
~%X@R2o
~%X@R2o
#v.Hq
#v.Hq
G%XR9,=i
G%XR9,=i
.ynV/
.ynV/
f[Z.DH
f[Z.DH
%S(U?t
%S(U?t
5XWj-h}ud
5XWj-h}ud
mz%fQ[
mz%fQ[
.%C"FR
.%C"FR
,po
,po
%UH"J
%UH"J
QLp
QLp
#t.lZ
#t.lZ
.gR\ )~
.gR\ )~
4O8r%S
4O8r%S
HGo.zG2
HGo.zG2
%u/p
%u/p
fTp gp
fTp gp
/,.oD
/,.oD
8%XGF
8%XGF
35Y%X%
35Y%X%
.FwOc
.FwOc
t%CmHdj
t%CmHdj
Zsbi|
Zsbi|
.bKD C/8/a
.bKD C/8/a
tsqLz
tsqLz
nue.ONsG
nue.ONsG
I%CV'
I%CV'
v].LC
v].LC
.EF9V
.EF9V
~.Mb{
~.Mb{
'.lR:
'.lR:
T.XCt
T.XCt
slv%8S
slv%8S
T).RE
T).RE
nh.MD
nh.MD
']t6.stVF
']t6.stVF
u{P%F
u{P%F
H.dJ "Ad`
H.dJ "Ad`
.yNIY>
.yNIY>
.JFL.WL
.JFL.WL
13.dJ1
13.dJ1
1|%xDT9
1|%xDT9
M-6d}
M-6d}
}*t%XI'
}*t%XI'
D%U>fA
D%U>fA
).PP1
).PP1
B/
B/
%cZ~.txdYtZ
%cZ~.txdYtZ
R.KGk
R.KGk
Mt|
Mt|
.jsxt,
.jsxt,
)&).qu
)&).qu
x-7A}
x-7A}
F=RP|.cGm-?`#z
F=RP|.cGm-?`#z
* support services
* support services
2. SCOPE OF LICENSE. The software is licensed, not sold. This agreement only gives you some rights to use the software. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation, you may use the software only as expressly permitted in this agreement. In doing so, you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may not
2. SCOPE OF LICENSE. The software is licensed, not sold. This agreement only gives you some rights to use the software. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation, you may use the software only as expressly permitted in this agreement. In doing so, you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may not
5. EXPORT RESTRICTIONS. The software is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the software. These laws include restrictions on destinations, end users and end use. For additional information, see VVV.microsoft.com/exporting.
5. EXPORT RESTRICTIONS. The software is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the software. These laws include restrictions on destinations, end users and end use. For additional information, see VVV.microsoft.com/exporting.
6. SUPPORT SERVICES. Because this software is
6. SUPPORT SERVICES. Because this software is
we may not provide support services for it.
we may not provide support services for it.
7. ENTIRE AGREEMENT. This agreement, and the terms for supplements, updates, Internet-based services and support services that you use, are the entire agreement for the software and support services.
7. ENTIRE AGREEMENT. This agreement, and the terms for supplements, updates, Internet-based services and support services that you use, are the entire agreement for the software and support services.
9. LEGAL EFFECT. This agreement describes certain legal rights. You may have other rights under the laws of your country. You may also have rights with respect to the party from whom you acquired the software. This agreement does not change your rights under the laws of your country if the laws of your country do not permit it to do so.
9. LEGAL EFFECT. This agreement describes certain legal rights. You may have other rights under the laws of your country. You may also have rights with respect to the party from whom you acquired the software. This agreement does not change your rights under the laws of your country if the laws of your country do not permit it to do so.
Please read the following license agreement. Press the PAGE DOWN key to see the rest of the agreement.
Please read the following license agreement. Press the PAGE DOWN key to see the rest of the agreement.
CFailed to get disk space information from: %s.
CFailed to get disk space information from: %s.
System Message: %s.&A required resource cannot be located. Are you sure you want to cancel?
System Message: %s.&A required resource cannot be located. Are you sure you want to cancel?
8Unable to retrieve operating system version information.!Memory allocation request failed.
8Unable to retrieve operating system version information.!Memory allocation request failed.
Filetable full.Ên not change to destination folder.
Filetable full.Ên not change to destination folder.
Setup could not find a drive with %s KB free disk space to install the program. Please free up some space first and press RETRY or press CANCEL to exit setup.KThat folder is invalid. Please make sure the folder exists and is writable.IYou must specify a folder with fully qualified pathname or choose Cancel.!Could not update folder edit box.5Could not load functions required for browser dialog.7Could not load Shell32.dll required for browser dialog.
Setup could not find a drive with %s KB free disk space to install the program. Please free up some space first and press RETRY or press CANCEL to exit setup.KThat folder is invalid. Please make sure the folder exists and is writable.IYou must specify a folder with fully qualified pathname or choose Cancel.!Could not update folder edit box.5Could not load functions required for browser dialog.7Could not load Shell32.dll required for browser dialog.
(Error creating process . Reason: %s1The cluster size in this system is not supported.,A required resource appears to be corrupted.QWindows 95 or Windows NT 4.0 Beta 2 or greater is required for this installation.
(Error creating process . Reason: %s1The cluster size in this system is not supported.,A required resource appears to be corrupted.QWindows 95 or Windows NT 4.0 Beta 2 or greater is required for this installation.
Error loading %shGetProcAddress() failed on function '%s'. Possible reason: incorrect version of advpack.dll being used./Windows 95 or Windows NT is required to install
Error loading %shGetProcAddress() failed on function '%s'. Possible reason: incorrect version of advpack.dll being used./Windows 95 or Windows NT is required to install
Could not create folder '%s'
Could not create folder '%s'
To install this program, you need %s KB disk space on drive %s. It is recommended that you free up the required disk space before you continue.
To install this program, you need %s KB disk space on drive %s. It is recommended that you free up the required disk space before you continue.
Error retrieving Windows folder
Error retrieving Windows folder
$NT Shutdown: OpenProcessToken error.)NT Shutdown: AdjustTokenPrivileges error.!NT Shutdown: ExitWindowsEx error.}Extracting file failed. It is most likely caused by low memory (low disk space for swapping file) or corrupted Cabinet file.aThe setup program could not retrieve the volume information for drive (%s) .
$NT Shutdown: OpenProcessToken error.)NT Shutdown: AdjustTokenPrivileges error.!NT Shutdown: ExitWindowsEx error.}Extracting file failed. It is most likely caused by low memory (low disk space for swapping file) or corrupted Cabinet file.aThe setup program could not retrieve the volume information for drive (%s) .
System message: %s.xSetup could not find a drive with %s KB free disk space to install the program. Please free up some space and try again.eThe installation program appears to be damaged or corrupted. Contact the vendor of this application.
System message: %s.xSetup could not find a drive with %s KB free disk space to install the program. Please free up some space and try again.eThe installation program appears to be damaged or corrupted. Contact the vendor of this application.
/C: -- Override Install Command defined by author.
/C: -- Override Install Command defined by author.
eAnother copy of the '%s' package is already running on your system. Do you want to run another copy?
eAnother copy of the '%s' package is already running on your system. Do you want to run another copy?
Could not find the file: %s.
Could not find the file: %s.
:The folder '%s' does not exist. Do you want to create it?hAnother copy of the '%s' package is already running on your system. You can only run one copy at a time.OThe '%s' package is not compatible with the version of Windows you are running.SThe '%s' package is not compatible with the version of the file: %s on your system.
:The folder '%s' does not exist. Do you want to create it?hAnother copy of the '%s' package is already running on your system. You can only run one copy at a time.OThe '%s' package is not compatible with the version of Windows you are running.SThe '%s' package is not compatible with the version of the file: %s on your system.
6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
WEXTRACT.EXE
WEXTRACT.EXE
Windows
Windows
Operating System
Operating System
6.00.2900.2180
6.00.2900.2180