Trojan.NSIS.StartPage.FD, Trojan.Win32.Swrort.3.FD, SearchProtectToolbar_pcap.YR, mzpefinder_pcap_file.YR, SearchProtectToolbar.YR (Lavasoft MAS)Behaviour: Trojan
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 5bd032c3d5d4a28f624dbf49476077e6
SHA1: 977c2a4999c1383a56ede8d9db2444b81af01949
SHA256: 790b55bb7bb1bcdb0630c045acd0879dab965b25841c2fb5873519f2558605a3
SSDeep: 6144:FQqTbUzFxusbxMsk09N0cxtN60UD7ZqXJgN8/p6wIqnlPpKLVW uE9CTqM oUmb:P4z3usbxZltL3UhqXJg /p6clkhHmqMJ
Size: 356408 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2009-12-06 00:50:41
Analyzed on: Windows7Ada SP1 64-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
pcspeedup.exe:3936
install.exe:2612
PCSUService.exe:604
PCSUService.exe:3100
PCSUService.exe:3444
cvs_mystartsearch.exe:948
BaofengUpdate.exe:3384
BaofengUpdate.exe:2892
nssCF71.tmp:3176
ProtectWindowsManager.exe:3500
ProtectWindowsManager.exe:3460
PCSUSD.exe:4000
ProtectService.exe:3668
ProtectService.exe:3684
wpm_v20.0.0.2227.exe:3440
MSI106D.tmp:3272
pcspeedup.tmp:3952
VOPackage.exe:1780
XTab_Setup2253.exe:3544
HPNotify.exe:3756
coregen.exe:3664
coregen.exe:3576
coregen.exe:3472
coregen.exe:3460
coregen.exe:1132
coregen.exe:3624
coregen.exe:336
coregen.exe:3440
coregen.exe:3208
coregen.exe:3392
coregen.exe:3144
coregen.exe:1244
coregen.exe:2060
coregen.exe:3080
coregen.exe:1108
SpeedCheckerService.exe:3264
cmdshell.exe:3740
%original file name%.exe:2192
PCSUSpeedTest.exe:3468
regsvr32.exe:4004
regsvr32.exe:1072
nssCF72.tmp:3656
Skyhook.exe:912
Silverlight.exe:3240
PCSUNotifier.exe:3972
The Trojan injects its code into the following process(es):
MsiExec.exe:2188
DTLite4461-0327.exe:3840
SpeedCheckerService.exe:2188
nsissetup.exe:2868
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process pcspeedup.exe:3936 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-PAARG.tmp\pcspeedup.tmp (50 bytes)
The process install.exe:2612 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SilverlightMSI.log (90000 bytes)
C:\135c1e3ab58ad80afdd7f364\install.res.dll (397 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Silverlight0.log (6780 bytes)
C:\135c1e3ab58ad80afdd7f364\Silverlight.msp (3692 bytes)
The process PCSUService.exe:604 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files% (x86)\PC Speed Up\PCSpeedUp.s3db-journal (13980 bytes)
%Program Files% (x86)\PC Speed Up\PCSUService.log (1858 bytes)
%Program Files% (x86)\PC Speed Up\PCSUService-Timer.log (99 bytes)
%Program Files% (x86)\PC Speed Up\PCSpeedUp.s3db (3898 bytes)
The process PCSUService.exe:3100 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files% (x86)\PC Speed Up\PCSUService.log (521 bytes)
%Program Files% (x86)\PC Speed Up\PCSpeedUp.s3db-journal (27960 bytes)
%Program Files% (x86)\PC Speed Up\PCSpeedUp.s3db (7797 bytes)
The process PCSUService.exe:3444 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files% (x86)\PC Speed Up\PCSUService.log (4961 bytes)
%Program Files% (x86)\PC Speed Up\PCSpeedUp.s3db-journal (20970 bytes)
%Program Files% (x86)\PC Speed Up\PCSUSpeedTest.exe (16 bytes)
%Program Files% (x86)\PC Speed Up\PCSpeedUp.s3db (9551 bytes)
The process cvs_mystartsearch.exe:948 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\Thumbs.db (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\Man_1.ipk (37339 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\quick_searchff#5.4.10.xpi (1209 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\button1.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\MessageBox.xml (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\code\code6.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\uninstallDlg2.xml (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\tmp\XTab_Setup2253.exe (19594 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\code\code2.jpg (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\2[1].zip (291497 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\code\code3.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\unchecked.png (135 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\BFVUpdateM.dll (1137 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\FBFDE863-3C17-4B82-A5D1-9B8ED5BE6B40.tmp (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\UninstallManager.exe (15958 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\code\code4.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\BaofengUpdate.exe (1206 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\loading_bg.png (159 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\bg.png (1209 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\code\code1.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\sweetsearch!1.0.0.1031.xpi (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\tCE1709AA862C234DD936mp.tmp (144 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\DataBase (7769 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\tmp\RegWrite.exe (1137 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\bk_shadow.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\loading_light.png (139 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\close.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\min.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\535559167_198339_B48A115F[1].htm (72 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\conf (83 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\code\code5.jpg (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\535559167_198339_B48A115F[1].htm (72 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\checkbox_select.png (783 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\428.json (520 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\Man_2.ipk (28823 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\bg1.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\button.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\code\Thumbs.db (42 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\tmp\428.db (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\checkbox.png (545 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\1[1].zip (195558 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\tmp\wpm_v20.0.0.2227.exe (3249 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\checked.png (222 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\scrollbar.bmp (37 bytes)
The process BaofengUpdate.exe:3384 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\tmp\428.db (185 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\tmp\wpm_v20.0.0.2227.exe (676 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\tmp\XTab_Setup2253.exe (148 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\WebDataJs (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\tmp\RegWrite.exe (86 bytes)
The process BaofengUpdate.exe:2892 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\skin\googlelogo.png (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\modules\restoreprefs.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\prefs.js (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\modules\properties.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\bk_shadow.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\skin\default_logo.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\code\code5.jpg (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\A987.tmp (110 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\Thumbs.db (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\content\js\pack\xagainit.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\locale\en\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\content\js\module\hotSearch.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\locale\it\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\locale\es-419\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\content\js\module\mostgrid.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\checkbox_select.png (783 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\locale\fr-CA\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\content\js\lib\jquery-2.1.0.min.js (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\bg1.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\content\js\lib\jquery.autocomplete.js (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\locale\en-US\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\content\index.html (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\modules\last_tab.js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\button.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\locale\fr-LU\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\content\js\pack\common.js (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\modules\misc.js (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\locale\ru\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\locale\ru-MO\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions.json (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\content\js\module\search.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\bg.png (673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\locale\pl\locale.properties (1 bytes)
C:\Users\Public\Desktop\Mozilla Firefox.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\skin\icon.png (628 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\button1.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\skin\google_trends.png (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\locale\tr\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome.manifest (1 bytes)
%Program Files% (x86)\Mozilla Firefox\browser\searchplugins\mystartsearch.xml (565 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\checked.png (222 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\loading_bg.png (159 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\locale\pt-BR\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\scrollbar.bmp (37 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\locale\fr\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\unchecked.png (135 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\skin\style.css (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\content\js\module\stat.js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\locale\it-CH\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\modules\addonmanager.js (531 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\locale\zh-TW\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\skin\newtab.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\defaults\preferences\preferences.js (379 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\code\code3.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\code\code1.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\code\Thumbs.db (42 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\skin\logo.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\content\js\js.js (660 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\content\include\tools\urlrequestor.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions.ini (486 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\close.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\locale\fr-BE\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\install.rdf (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\locale\zh-CN\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\content\quick_start.js (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\content\js\pack\ga.js (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\min.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\code\code4.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\uninstallDlg2.xml (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\A998.tmp (110 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\content\include\tools\popup_image_helper.js (693 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\locale\vi\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\modules\remoterequest.js (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\modules\settings.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\content\include\tools\misc.js (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\code\code6.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\428.json (520 bytes)
C:\Users\Public\Desktop\Google Chrome.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\locale\es\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\MessageBox.xml (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\modules\aes.js (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\content\quick_start.xul (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\BFVUpdateM.dll (110 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\content\include\speed_dial.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\UninstallManager.exe (14022 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\checkbox.png (545 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\skin\simple.css (4 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\content\js\lib\doT.min.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\defaults\preferences\fvd.js (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\skin\loading.gif (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\loading_light.png (139 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\content\include\tools\about_blank_hook.js (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\locale\fr-CH\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\code\code2.jpg (4 bytes)
The process nssCF71.tmp:3176 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\0[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi84CA.tmp\inetc.dll (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi84C9.tmp (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\B6Z6HGT4.txt (106 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\0[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nse5ACF.tmp (43 bytes)
The process ProtectWindowsManager.exe:3500 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\up[1].htm (1 bytes)
C:\ProgramData\WindowsMangerProtect\update\conf (1 bytes)
The process PCSUSD.exe:4000 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Windows\Tasks\PC SpeedUp Service Deactivator.job (336 bytes)
%Program Files% (x86)\PC Speed Up\Sqlite3.dll (585 bytes)
%Program Files% (x86)\PC Speed Up\PCSpeedUp.s3db-journal (6990 bytes)
%Program Files% (x86)\PC Speed Up\PCSpeedUp.s3db (8187 bytes)
The process ProtectService.exe:3668 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files% (x86)\XTab\msvcp110.dll (536 bytes)
%Program Files% (x86)\XTab\msvcr110.dll (876 bytes)
The process ProtectService.exe:3684 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\ProgramData\IHProtectUpDate\update\conf (5 bytes)
%Program Files% (x86)\XTab\CmdShell.exe (32 bytes)
The process wpm_v20.0.0.2227.exe:3440 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (2444 bytes)
The process MSI106D.tmp:3272 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\coregen.exe (69 bytes)
The process pcspeedup.tmp:3952 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files% (x86)\PC Speed Up\unins000.exe (49 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up\PC Speed Up.lnk (1 bytes)
%Program Files% (x86)\PC Speed Up\is-SBV4J.tmp (3361 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-TRMF5.tmp\_isetup\_shfoldr.dll (47 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-TRMF5.tmp\Silverlight.exe (1738736 bytes)
%Program Files% (x86)\PC Speed Up\is-0OS0F.tmp (2321 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\is-SNE55.tmp (20 bytes)
%Program Files% (x86)\PC Speed Up\is-29LNJ.tmp (21 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\is-SG3HV.tmp (54589 bytes)
%Program Files% (x86)\PC Speed Up\is-F2546.tmp (31891 bytes)
%Program Files% (x86)\PC Speed Up\is-8PBKC.tmp (673 bytes)
%Program Files% (x86)\PC Speed Up\is-6KBMV.tmp (48 bytes)
%Program Files% (x86)\PC Speed Up\unins000.msg (864 bytes)
%Program Files% (x86)\PC Speed Up\is-3GVGP.tmp (3361 bytes)
%Program Files% (x86)\PC Speed Up\PCSULauncher.exe (81 bytes)
%Program Files% (x86)\PC Speed Up\is-IPS4T.tmp (23 bytes)
%Program Files% (x86)\PC Speed Up\is-8FSMN.tmp (2321 bytes)
%Program Files% (x86)\PC Speed Up\is-65J6L.tmp (1 bytes)
%Program Files% (x86)\PC Speed Up\is-PB612.tmp (601 bytes)
%Program Files% (x86)\PC Speed Up\is-RIIRJ.tmp (673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-TRMF5.tmp\PCSUNotifier.exe (2465 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-TRMF5.tmp\PopupNotification.dll (2321 bytes)
%Program Files% (x86)\PC Speed Up\is-V7JN2.tmp (6841 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-TRMF5.tmp\Sqlite3.dll (3361 bytes)
%Program Files% (x86)\PC Speed Up\SpeedCheckerService.exe (24 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-TRMF5.tmp\itdownload.dll (1489 bytes)
%Program Files% (x86)\PC Speed Up\App.config (3718 bytes)
%Program Files% (x86)\PC Speed Up\is-S2DD8.tmp (55 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-TRMF5.tmp\_isetup\_setup64.tmp (6 bytes)
%Program Files% (x86)\PC Speed Up\is-V94DR.tmp (1425 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\is-S7P3F.tmp (28 bytes)
%Program Files% (x86)\PC Speed Up\is-BSQHS.tmp (2321 bytes)
%Program Files% (x86)\PC Speed Up\PCSUService.conf (605 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\is-JF5OQ.tmp (1 bytes)
%Program Files% (x86)\PC Speed Up\is-EKJKL.tmp (265 bytes)
%Program Files% (x86)\PC Speed Up\is-QCKKO.tmp (889 bytes)
%Program Files% (x86)\PC Speed Up\is-3GHQ8.tmp (4545 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-TRMF5.tmp\delete_me_reportInstall.txt (2 bytes)
%Program Files% (x86)\PC Speed Up\is-1IA04.tmp (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Setup Log 2015-04-26 #001.txt (585081 bytes)
%Program Files% (x86)\PC Speed Up\is-A5LBU.tmp (2105 bytes)
%Program Files% (x86)\PC Speed Up\uninstaller.dat (1281 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-TRMF5.tmp\WebBrowser.dll (2763 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up\Uninstall PC Speed Up.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\is-55LAA.tmp (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\is-C42T5.tmp (7 bytes)
%Program Files% (x86)\PC Speed Up\is-50NHH.tmp (1425 bytes)
C:\Users\"%CurrentUserName%"\Desktop\PC Speed Up.lnk (1 bytes)
%Program Files% (x86)\PC Speed Up\is-QOQI6.tmp (47 bytes)
%Program Files% (x86)\PC Speed Up\unins000.dat (53168 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\is-BA2BP.tmp (601 bytes)
%Program Files% (x86)\PC Speed Up\PCSUSD.exe (405 bytes)
%Program Files% (x86)\PC Speed Up\is-95IRN.tmp (601 bytes)
%Program Files% (x86)\PC Speed Up\is-0OSRR.tmp (7726 bytes)
%Program Files% (x86)\PC Speed Up\PCSUService.exe (446 bytes)
%Program Files% (x86)\PC Speed Up\is-MBUJ4.tmp (35 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-TRMF5.tmp (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\is-MNGUG.tmp (4 bytes)
%Program Files% (x86)\PC Speed Up\is-LMJL1.tmp (12 bytes)
%Program Files% (x86)\PC Speed Up\is-1MP8Q.tmp (601 bytes)
The process VOPackage.exe:1780 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiF41B.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsdD83B.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsoF611.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn8ABB.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nstEEDA.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsy87EC.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssCF71.tmp (3656 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nstD53D.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiF778.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyC0EF.tmp\WmiInspector.dll (2840 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd8944.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiF2E2.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsoFA58.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiD28C.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nst900B.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nst8646.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nst9192.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi8480.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage\Configure.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\stats[1].htm (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyD907.tmp (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsdD134.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyC0EF.tmp\IpConfig.dll (3440 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyD6E3.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\A0804D56-1430018013-6E51-A934-1069B2C7BDD2\vnstF593.tmp (1425 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsy92EA.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd9442.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsoD3E5.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyC0EF.tmp\inetc.dll (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nstEDA1.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\heu39T.nss (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyC0EF.tmp\System.dll (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\VOPackage\VOPackage.exe (1748 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyF1B9.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\VOPackage\Uninstall.exe (1336 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsoF8D1.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd95C9.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\A0804D56-1430018013-6E51-A934-1069B2C7BDD2\Uninstall.exe (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\count_vn[1].htm (2888 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyF080.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyCD6E.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi8E45.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\count_vc[1].htm (5984 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssCF72.tmp (7288 bytes)
The process MsiExec.exe:2188 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\SLMSPRBootstrap.dll (618 bytes)
%Program Files% (x86)\Microsoft Silverlight\xapauthenticodesip.dll (65 bytes)
The process DTLite4461-0327.exe:3840 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\ELL.dll (3406 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\favicon.bmp (894 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\CHT.dll (1601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\SetupHelper.exe (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\GoogleChrome.ini (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\LTH.dll (3722 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\RegPageTrialInfo.ini (796 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\RUS.dll (5110 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\GoogleToolbar.ini (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\nsDialogs.dll (21 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\License.rtf (814 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\modern-header.bmp (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\PTB.dll (5114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\modern-wizard.bmp (7192 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\SLV.dll (1921 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\PLK.dll (3730 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\RegPageEmail.ini (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\ReinstPage.ini (478 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\BIH.dll (3730 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\InstallOptions.dll (31 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\GoogleToolbar.bmp (2392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\SVE.dll (3726 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\setuphlp.dll (165851 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\SKY.dll (3410 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\ESN.dll (5118 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\GoogleChromeIcon.bmp (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\ITA.dll (5118 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\ENU.dll (3722 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\HEB.dll (3402 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\HRV.dll (5110 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\ARA.dll (3402 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsy51F.tmp (316027 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\AFK.dll (29 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\NLB.dll (3718 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\LVI.dll (1913 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\DAN.dll (3726 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\ioSpecial.ini (8566 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\JPN.dll (2461 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\KOR.dll (1601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\FRA.dll (5123 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\OCSetupHlp.dll (27504 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\DAEMON_Chrome.bmp (7192 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\CHS.dll (1601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\MountSpace.ini (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\RegPagePaidInfo.ini (7109 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\CAT.dll (3730 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\translate-icon.bmp (894 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\gcapi_dll.dll (16424 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\share-icon.bmp (838 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\SetupWaitPage.bmp (8184 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\DEU.dll (5118 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\JRYI-Toolbar.exe (20624 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\FIN.dll (3730 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\HUN.dll (3402 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\gtapi.dll (2392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\IND.dll (3722 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\ROM.dll (3406 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\license.bmp (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\CSY.dll (3726 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\TRK.dll (2465 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\KAT.dll (3726 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\moutspace-bg.bmp (22552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\NOR.dll (5110 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\JRYI-Chrome.exe (20624 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\DTSetupHelper.exe (6532 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\GLC.dll (1917 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\BGR.dll (5118 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\WaitPage.ini (642 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\UKR.dll (5110 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\SRL.dll (3730 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\System.dll (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\RegPageType.ini (9662 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\HYE.dll (3402 bytes)
The process XTab_Setup2253.exe:3544 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files% (x86)\XTab\web\img\loading.gif (5 bytes)
%Program Files% (x86)\XTab\skin\btn.png (2 bytes)
%Program Files% (x86)\XTab\install.data (68 bytes)
%Program Files% (x86)\XTab\web\_locales\zh-CN\messages.json (3 bytes)
%Program Files% (x86)\XTab\web\_locales\en-US\messages.json (3 bytes)
%Program Files% (x86)\XTab\HPNotify.exe (18514 bytes)
%Program Files% (x86)\XTab\conf (1638 bytes)
%Program Files% (x86)\XTab\ffsearch_toolbar!1.0.0.1031.xpi (15 bytes)
%Program Files% (x86)\XTab\BrowerWatchFF.dll (23 bytes)
%Program Files% (x86)\XTab\web\_locales\es-419\messages.json (3 bytes)
%Program Files% (x86)\XTab\web\indexIE8.html (1794 bytes)
%Program Files% (x86)\XTab\web\js\library.js (4216 bytes)
%Program Files% (x86)\XTab\web\_locales\pt\messages.json (4 bytes)
%Program Files% (x86)\XTab\web\ver.txt (47 bytes)
%Program Files% (x86)\XTab\web\_locales\fr-BE\messages.json (3 bytes)
%Program Files% (x86)\XTab\skin\input_bk.png (2 bytes)
%Program Files% (x86)\XTab\web\_locales\pl\messages.json (3 bytes)
%Program Files% (x86)\XTab\web\_locales\it-IT\messages.json (4 bytes)
%Program Files% (x86)\XTab\skin\conf_back.png (1623 bytes)
%Program Files% (x86)\XTab\web\_locales\fr-CA\messages.json (3 bytes)
%Program Files% (x86)\XTab\uninstall.exe (1343 bytes)
%Program Files% (x86)\XTab\skin\btn_apply.png (6 bytes)
%Program Files% (x86)\XTab\skin\conf.xml (8 bytes)
%Program Files% (x86)\XTab\CmdShell.exe (29 bytes)
%Program Files% (x86)\XTab\web\indexIE.html (1 bytes)
%Program Files% (x86)\XTab\web\_locales\ru-MO\messages.json (4 bytes)
%Program Files% (x86)\XTab\web\js\xagainit-ie8.js (4 bytes)
%Program Files% (x86)\XTab\skin\about_bk.png (1436 bytes)
%Program Files% (x86)\XTab\web\_locales\es-ES\messages.json (3 bytes)
%Program Files% (x86)\XTab\skin\main.xml (4 bytes)
%Program Files% (x86)\XTab\web\img\icon48.png (3 bytes)
%Program Files% (x86)\XTab\BrowserAction.dll (33992 bytes)
%Program Files% (x86)\XTab\skin\radio_2.png (3 bytes)
%Program Files% (x86)\XTab\msvcr110.dll (21280 bytes)
%Program Files% (x86)\XTab\searchProvider.xml (8 bytes)
%Program Files% (x86)\XTab\web\_locales\it-CH\messages.json (3 bytes)
%Program Files% (x86)\XTab\ProtectService.exe (5469 bytes)
%Program Files% (x86)\XTab\web\js\js.js (18 bytes)
%Program Files% (x86)\XTab\web\_locales\fr-CH\messages.json (3 bytes)
%Program Files% (x86)\XTab\skin\logo.png (5 bytes)
%Program Files% (x86)\XTab\web\js\xagainit2.0.js (4 bytes)
%Program Files% (x86)\XTab\web\main.css (19 bytes)
%Program Files% (x86)\XTab\web\_locales\vi-VI\messages.json (4 bytes)
%Program Files% (x86)\XTab\web\_locales\ru\messages.json (4 bytes)
%Program Files% (x86)\XTab\skin\close.png (3 bytes)
%Program Files% (x86)\XTab\web\data.html (20 bytes)
%Program Files% (x86)\XTab\web\img\logo32.ico (4 bytes)
%Program Files% (x86)\XTab\web\img\icon128.png (9 bytes)
%Program Files% (x86)\XTab\web\js\jquery.autocomplete.js (12 bytes)
%Program Files% (x86)\XTab\skin\about.png (4 bytes)
%Program Files% (x86)\XTab\BrowerWatchCH.dll (23 bytes)
%Program Files% (x86)\XTab\web\_locales\fr-FR\messages.json (3 bytes)
%Program Files% (x86)\XTab\web\img\icon16.png (628 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxE3BA.tmp\System.dll (23 bytes)
%Program Files% (x86)\XTab\skin\settings.png (5 bytes)
%Program Files% (x86)\XTab\web\js\jquery-1.11.0.min.js (4726 bytes)
%Program Files% (x86)\XTab\web\_locales\fr-LU\messages.json (3 bytes)
%Program Files% (x86)\XTab\web\js\ga.js (1568 bytes)
%Program Files% (x86)\XTab\web\js\common.js (2 bytes)
%Program Files% (x86)\XTab\web\_locales\tr-TR\messages.json (4 bytes)
%Program Files% (x86)\XTab\SupTab.dll (15928 bytes)
%Program Files% (x86)\XTab\IeWatchDog.dll (20 bytes)
%Program Files% (x86)\XTab\web\_locales\pt-BR\messages.json (4 bytes)
%Program Files% (x86)\XTab\web\img\google_trends.png (7 bytes)
%Program Files% (x86)\XTab\web\_locales\zh-TW\messages.json (3 bytes)
%Program Files% (x86)\XTab\skin\rigth_arrow.png (2 bytes)
%Program Files% (x86)\XTab\msvcp110.dll (16990 bytes)
%Program Files% (x86)\XTab\skin\radio_1.png (3 bytes)
The process HPNotify.exe:3756 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files% (x86)\XTab\conf (1498 bytes)
%Program Files% (x86)\XTab\BrowerWatchFF.dll (24 bytes)
%Program Files% (x86)\XTab\BrowerWatchCH.dll (24 bytes)
%Program Files% (x86)\XTab\IeWatchDog.dll (24 bytes)
%Program Files% (x86)\XTab\BrowserAction.dll (49 bytes)
The process coregen.exe:3664 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.Windows.RuntimeHost.ni.dll (8729 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.Windows.RuntimeHost.dll (32 bytes)
The process coregen.exe:3576 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.Windows.ni.dll (932 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.Windows.Xna.dll (49 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.Windows.Xna.ni.dll (13798 bytes)
The process coregen.exe:3472 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\Microsoft.Xna.Framework.ni.dll (17751 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\Microsoft.Xna.Framework.dll (49 bytes)
The process coregen.exe:3460 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\Microsoft.Xna.Framework.Graphics.ni.dll (940 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\Microsoft.Xna.Framework.Graphics.Shaders.ni.dll (5844 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\Microsoft.Xna.Framework.Graphics.Shaders.dll (24 bytes)
The process coregen.exe:1132 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.Xml.ni.dll (94223 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.Xml.dll (323 bytes)
The process coregen.exe:3624 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.ServiceModel.ni.dll (123677 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.ServiceModel.dll (520 bytes)
The process coregen.exe:336 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.Windows.ni.dll (413065 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.Windows.dll (49 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.Net.ni.dll (612 bytes)
The process coregen.exe:3440 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\Microsoft.Xna.Framework.ni.dll (652 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\Microsoft.Xna.Framework.Graphics.ni.dll (20039 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\Microsoft.Xna.Framework.Graphics.dll (65 bytes)
The process coregen.exe:3208 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.ServiceModel.Web.ni.dll (17059 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.ServiceModel.Web.dll (73 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.Runtime.Serialization.ni.dll (922 bytes)
The process coregen.exe:3392 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.ServiceModel.Web.ni.dll (460 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.Windows.Browser.dll (131 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.Windows.Browser.ni.dll (40448 bytes)
The process coregen.exe:3144 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\mscorlib.ni.dll (616960 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\coreclr.dll (291 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\mscorrc.dll (12 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\mscorlib.dll (49 bytes)
The process coregen.exe:1244 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.Net.dll (229 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.Net.ni.dll (70955 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.Core.ni.dll (579 bytes)
The process coregen.exe:2060 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.Core.ni.dll (224946 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.Core.dll (561 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.ni.dll (900 bytes)
The process coregen.exe:3080 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\system.dll (241 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\mscorlib.ni.dll (544 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.ni.dll (71603 bytes)
The process coregen.exe:1108 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.Xml.ni.dll (1548 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.Runtime.Serialization.dll (438 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.Runtime.Serialization.ni.dll (106612 bytes)
The process SpeedCheckerService.exe:2188 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E6B84D30E5F69CEB3278532D063D4504 (25 bytes)
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\74FBF93595CFC8459196065CE54AD928 (312 bytes)
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4 (471 bytes)
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D2B5168CDD0EBF4C0C8EA1C3A1FAE07F_87AABC5017C6189B392FD9DCB59F943F (704 bytes)
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D7 (1504 bytes)
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D2B5168CDD0EBF4C0C8EA1C3A1FAE07F_87AABC5017C6189B392FD9DCB59F943F (471 bytes)
%Program Files% (x86)\PC Speed Up\Speedchecker.log (4481 bytes)
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\74FBF93595CFC8459196065CE54AD928 (1 bytes)
%Program Files% (x86)\PC Speed Up\agsXMPP.dll (540 bytes)
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4 (1480 bytes)
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E6B84D30E5F69CEB3278532D063D4504 (324 bytes)
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D7 (727 bytes)
The process SpeedCheckerService.exe:3264 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files% (x86)\PC Speed Up\SpeedCheckerService.InstallState (196 bytes)
%Program Files% (x86)\PC Speed Up\SpeedCheckerService.InstallLog (720 bytes)
C:\Windows\System32\config\SYSTEM (3355 bytes)
%Program Files% (x86)\PC Speed Up\InstallUtil.InstallLog (684 bytes)
C:\Windows\System32\config\SYSTEM.LOG1 (4619 bytes)
%Program Files% (x86)\PC Speed Up\Speedchecker.log (50 bytes)
C:\$Directory (768 bytes)
The process cmdshell.exe:3740 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files% (x86)\XTab\HPNotify.exe (675 bytes)
The process %original file name%.exe:2192 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssD02B.tmp\nsissetup.exe (12626 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssD02B.tmp\setup_plugin.dll (30 bytes)
The process PCSUSpeedTest.exe:3468 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files% (x86)\PC Speed Up\ManagedWifi.dll (36 bytes)
%Program Files% (x86)\PC Speed Up\SharpBrake.dll (49 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4 (1480 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D7 (1504 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D7 (727 bytes)
%Program Files% (x86)\PC Speed Up\Skyhook.exe (184 bytes)
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new (848 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D2B5168CDD0EBF4C0C8EA1C3A1FAE07F_87AABC5017C6189B392FD9DCB59F943F (1520 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4 (471 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D2B5168CDD0EBF4C0C8EA1C3A1FAE07F_87AABC5017C6189B392FD9DCB59F943F (471 bytes)
C:\Windows\System32\config\SOFTWARE (116274 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\74FBF93595CFC8459196065CE54AD928 (1 bytes)
%Program Files% (x86)\PC Speed Up\Speedchecker.log (73491 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\74FBF93595CFC8459196065CE54AD928 (312 bytes)
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new (848 bytes)
C:\Windows\System32\config (5376 bytes)
C:\$Directory (3840 bytes)
C:\Windows\System32\config\SOFTWARE.LOG1 (160036 bytes)
%Program Files% (x86)\PC Speed Up\SpeedChecker.dll (94 bytes)
The process nsissetup.exe:2868 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\last\js\jquery-1.10.2.min.js (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\261dd182d36861fec9a217cc812a9f9a\js\jquery-1.10.2.min.js (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\262bebb37d687dabfd48d85e0de76564\css\style.css (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\261dd182d36861fec9a217cc812a9f9a\css\style.css (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\progress.zip.part (5654 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\043f2a479dd1cbb7e630929e145583f8\index.html (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\last\index.html (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\dad4890a8fda856f77d8f153dc13db68\img\img1.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\exe\dad4890a8fda856f77d8f153dc13db68\VOPackage.exe.part (20091 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\262bebb37d687dabfd48d85e0de76564\uifile.zip.part (1968 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\151.gif (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\progress-bar.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\base\js\jquery-1.10.2.min.js (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\dad4890a8fda856f77d8f153dc13db68\index.html (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\br-bg.png (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\261dd182d36861fec9a217cc812a9f9a\img\img1.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\br-rb.png (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\261dd182d36861fec9a217cc812a9f9a\index.html (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\dad4890a8fda856f77d8f153dc13db68\css\style.css (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\043f2a479dd1cbb7e630929e145583f8\img\img1.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\initWindow\progress.html (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\262bebb37d687dabfd48d85e0de76564\img\img1.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\bar-bg.png (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\last\css\style.css (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\index.html (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\261dd182d36861fec9a217cc812a9f9a\img\progress.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\bar-lb.png (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLGD123.tmp (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\base\index.html (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\exe\261dd182d36861fec9a217cc812a9f9a\DTLite4461-0327.exe.part (903094 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\262bebb37d687dabfd48d85e0de76564\js\jquery-1.10.2.min.js (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\043f2a479dd1cbb7e630929e145583f8\css\style.css (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\262bebb37d687dabfd48d85e0de76564\index.html (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\js\jquery-1.10.2.min.js (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\progress.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\br-lb.png (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\loadingImage\loadingImage.bmp (55014 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\initWindow\css\style.css (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\last\img\img1.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\last\last.zip.part (1968 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\css\style.css (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\br-b.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\dad4890a8fda856f77d8f153dc13db68\js\jquery-1.10.2.min.js (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\043f2a479dd1cbb7e630929e145583f8\js\jquery-1.10.2.min.js (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\exe\043f2a479dd1cbb7e630929e145583f8\pcspeedup.exe.part (421975 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\logo.png50x50[1].jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\icon.png (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\bar-rb.png (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\261dd182d36861fec9a217cc812a9f9a\uifile.zip.part (2937 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\initWindow\noconnection.html (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\043f2a479dd1cbb7e630929e145583f8\uifile.zip.part (2933 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\dad4890a8fda856f77d8f153dc13db68\uifile.zip.part (2933 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\img1.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\base\base.zip.part (1964 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\base\css\style.css (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\261dd182d36861fec9a217cc812a9f9a\img\progress-bar.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\exe\262bebb37d687dabfd48d85e0de76564\cvs_mystartsearch.exe.part (45604 bytes)
The process regsvr32.exe:1072 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files% (x86)\PC Speed Up\PCSUHelper.dll (286 bytes)
The process nssCF72.tmp:3656 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\QGQ329ST.txt (106 bytes)
The process Skyhook.exe:912 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files% (x86)\PC Speed Up\wpsapi.dll (49 bytes)
The process Silverlight.exe:3240 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\135c1e3ab58ad80afdd7f364\silverlight.7z (100007 bytes)
C:\135c1e3ab58ad80afdd7f364\$shtdwn$.req (788 bytes)
C:\135c1e3ab58ad80afdd7f364\install.res.dll (6178 bytes)
C:\135c1e3ab58ad80afdd7f364\silverlight.msi (364 bytes)
C:\135c1e3ab58ad80afdd7f364 (4 bytes)
C:\135c1e3ab58ad80afdd7f364\install.exe (3678 bytes)
The process PCSUNotifier.exe:3972 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-TRMF5.tmp\PopupNotification.dll (442 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-TRMF5.tmp\Sqlite3.dll (585 bytes)
Registry activity
The process install.exe:2612 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"FuncName" = "XAP_IsFileSupportedName"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"FuncName" = "XAP_CryptSIPPutSignedDataMsg"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"FuncName" = "XAP_CryptSIPGetSignedDataMsg"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"FuncName" = "XAP_CryptSIPCreateIndirectData"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"DLL" = "%Program Files% (x86)\Microsoft Silverlight\xapauthenticodesip.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"DLL" = "%Program Files% (x86)\Microsoft Silverlight\xapauthenticodesip.dll"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"DLL" = "%Program Files% (x86)\Microsoft Silverlight\xapauthenticodesip.dll"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer]
"GlobalAssocChangedCounter" = "35"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"DLL" = "%Program Files% (x86)\Microsoft Silverlight\xapauthenticodesip.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"FuncName" = "XAP_CryptSIPRemoveSignedDataMsg"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"DLL" = "%Program Files% (x86)\Microsoft Silverlight\xapauthenticodesip.dll"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"DLL" = "%Program Files% (x86)\Microsoft Silverlight\xapauthenticodesip.dll"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"FuncName" = "XAP_CryptSIPVerifyIndirectData"
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\.NETFramework]
"DbgPackShimPath"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
The process cvs_mystartsearch.exe:948 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "64 D4 4F 80 CE 7F D0 01"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{AAB62F56-1F12-4B3C-A0EE-A1324874AB51}]
"WpadNetworkName" = "Network 4"
"WpadDecisionTime" = "7B 16 12 A0 CE 7F D0 01"
[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\%Program Files% (x86)\Google\Update\1.3.25.11, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\tmp,"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{AAB62F56-1F12-4B3C-A0EE-A1324874AB51}]
"WpadDecisionReason" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 44 00 00 00 09 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{AAB62F56-1F12-4B3C-A0EE-A1324874AB51}]
"WpadDecision" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{AAB62F56-1F12-4B3C-A0EE-A1324874AB51}]
"WpadDetectedUrl"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"
"AutoDetect"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
The process BaofengUpdate.exe:3384 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
The process BaofengUpdate.exe:2892 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Mozilla\Extends]
"AppID" = "quick_searchff@gmail.com"
[HKCU\Software\Classes\Local Settings\MuiCache\2C\52C64B7E\@""%windir%\System32]
"ie4uinit.exe"",-738" = "Start Internet Explorer without ActiveX controls or browser extensions."
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope" = "{33BB0A4E-99AF-4226-BDF6-49120163DE86}"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN]
"Search Page" = "http://www.mystartsearch.com/web/?type=ds&ts=1430017863&from=cvs&uid=535559167_198339_B48A115F&q={searchTerms}"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL" = "http://www.mystartsearch.com/web/?type=ds&ts=1430017863&from=cvs&uid=535559167_198339_B48A115F&q={searchTerms}"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN]
"Default_Search_URL" = "http://www.mystartsearch.com/web/?type=ds&ts=1430017863&from=cvs&uid=535559167_198339_B48A115F&q={searchTerms}"
[HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
"(Default)" = "%Program Files% (x86)\Mozilla Firefox\firefox.exe http://www.mystartsearch.com/?type=sc&ts=1430017863&from=cvs&uid=535559167_198339_B48A115F"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall]
"DisplayName" = "mystartsearch uninstall케猩u"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"DisplayName" = "mystartsearch"
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL" = "http://www.mystartsearch.com/web/?type=ds&ts=1430017863&from=cvs&uid=535559167_198339_B48A115F&q={searchTerms}"
[HKCU\Software\Mozilla\Extends]
"UID" = "535559167_198339_B48A115F"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN]
"Start Page" = "http://www.mystartsearch.com/?type=hp&ts=1430017863&from=cvs&uid=535559167_198339_B48A115F"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL" = "http://www.mystartsearch.com/web/?type=ds&ts=1430017863&from=cvs&uid=535559167_198339_B48A115F&q={searchTerms}"
[HKCU\Software\Classes\Local Settings\MuiCache\2C\52C64B7E]
"LanguageList" = "en-US, en"
[HKCU\Software\Classes\Local Settings\MuiCache\2C\52C64B7E\@""%systemroot%\system32\windowspowershell\v1.0]
"powershell.exe"",-111" = "Performs object-based (command-line) functions"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN]
"Default_Page_URL" = "http://www.mystartsearch.com/?type=hp&ts=1430017863&from=cvs&uid=535559167_198339_B48A115F"
[HKLM\SOFTWARE\Clients\StartMenuInternet\VMWAREHOSTOPEN.EXE\shell\open\command]
"(Default)" = "%Program Files%\VMware\VMware Tools\VMwareHostOpen.exe http://www.mystartsearch.com/?type=sc&ts=1430017863&from=cvs&uid=535559167_198339_B48A115F"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall]
"UninstallString" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\UninstallManager.exe -ptid=cvsï¼€u"
[HKLM\SOFTWARE\Wow6432Node\mystartsearchSoftware\mystartsearchhp]
"Time" = "Type: REG_QWORD, Length: 8"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command]
"(Default)" = "%Program Files% (x86)\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=sc&ts=1430017863&from=cvs&uid=535559167_198339_B48A115F"
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope" = "{33BB0A4E-99AF-4226-BDF6-49120163DE86}"
[HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
"(Default)" = "%Program Files%\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1430017863&from=cvs&uid=535559167_198339_B48A115F"
[HKLM\SOFTWARE\Wow6432Node\mystartsearchSoftware\mystartsearchhp]
"oem" = "cvs"
[HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing]
"NewTabPageShow" = "1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page" = "http://www.mystartsearch.com/?type=hp&ts=1430017863&from=cvs&uid=535559167_198339_B48A115F"
"Search Page" = "http://www.mystartsearch.com/web/?type=ds&ts=1430017863&from=cvs&uid=535559167_198339_B48A115F&q={searchTerms}"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL" = "http://www.mystartsearch.com/?type=hp&ts=1430017863&from=cvs&uid=535559167_198339_B48A115F"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall]
"Publisher" = "mystartsearch"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL" = "http://www.mystartsearch.com/web/?type=ds&ts=1430017863&from=cvs&uid=535559167_198339_B48A115F&q={searchTerms}"
"DisplayName" = "mystartsearch"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page" = "http://www.mystartsearch.com/?type=hp&ts=1430017863&from=cvs&uid=535559167_198339_B48A115F"
[HKCU\Software\Mozilla\Extends]
"ptid" = "cvs"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope" = "{33BB0A4E-99AF-4226-BDF6-49120163DE86}"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL" = "http://www.mystartsearch.com/?type=hp&ts=1430017863&from=cvs&uid=535559167_198339_B48A115F"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall]
"DisplayIcon" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\UninstallManager.exe"
[HKLM\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions]
"quick_searchff@gmail.com" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\quick_searchff@gmail.com"
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"DisplayName" = "mystartsearch"
The process nssCF71.tmp:3176 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "CA C0 4D CF CE 7F D0 01"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{AAB62F56-1F12-4B3C-A0EE-A1324874AB51}]
"WpadNetworkName" = "Network 4"
"WpadDecisionTime" = "EB 6E 2B EB CE 7F D0 01"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{AAB62F56-1F12-4B3C-A0EE-A1324874AB51}]
"WpadDecisionReason" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 4A 00 00 00 09 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{AAB62F56-1F12-4B3C-A0EE-A1324874AB51}]
"WpadDecision" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{AAB62F56-1F12-4B3C-A0EE-A1324874AB51}]
"WpadDetectedUrl"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
The process ProtectWindowsManager.exe:3500 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{AAB62F56-1F12-4B3C-A0EE-A1324874AB51}]
"WpadDecisionReason" = "1"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 05 00 00 00 09 00 00 00 00 00 00 00"
"DefaultConnectionSettings" = "46 00 00 00 04 00 00 00 09 00 00 00 00 00 00 00"
[HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{AAB62F56-1F12-4B3C-A0EE-A1324874AB51}]
"WpadNetworkName" = "Network 4"
"WpadDecisionTime" = "20 E9 C3 CC CE 7F D0 01"
[HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""
[HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{AAB62F56-1F12-4B3C-A0EE-A1324874AB51}]
"WpadDecision" = "0"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"
[HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
[HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"
[HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"
[HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "20 E9 C3 CC CE 7F D0 01"
Proxy settings are disabled:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan deletes the following value(s) in system registry:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoDetect"
[HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{AAB62F56-1F12-4B3C-A0EE-A1324874AB51}]
"WpadDetectedUrl"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
[HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"
The process ProtectWindowsManager.exe:3460 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\System\CurrentControlSet\services\eventlog\Application\WindowsMangerProtect]
"EventMessageFile" = "C:\ProgramData\WindowsMangerProê—“}"
"TypesSupported" = "7"
The process ProtectService.exe:3668 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 47 00 00 00 09 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Wow6432Node\IHProtect]
"ptid" = "cvs"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
"AutoDetect"
The process ProtectService.exe:3684 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 04 00 00 00 09 00 00 00 00 00 00 00"
Proxy settings are disabled:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan deletes the following value(s) in system registry:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"
"AutoConfigURL"
"ProxyServer"
The process wpm_v20.0.0.2227.exe:3440 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\supWindowsMangerProtect]
"ptid" = "cvs"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
The process MSI106D.tmp:3272 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
The process pcspeedup.tmp:3952 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1]
"Inno Setup: Icon Group" = "PC Speed Up"
"MajorVersion" = "3"
[HKLM\SOFTWARE\Speedchecker Limited\PC Speed Up]
"affid" = "2380"
[HKLM\System\CurrentControlSet\services\kbdhid\Parameters]
"CrashOnCtrlScroll" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1]
"UninstallString" = "%Program Files% (x86)\PC Speed Up\unins000.exe"
[HKLM\SOFTWARE\Wow6432Node\Speedchecker Limited\PC Speed Up]
"UniqueID" = "BC8DD994-FD51-4D87-B86E-7BF4AAB4FDC1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1]
"QuietUninstallString" = "%Program Files% (x86)\PC Speed Up\unins000.exe /SILENT"
[HKLM\SOFTWARE\Speedchecker Limited\PC Speed Up]
"UniqueID" = "BC8DD994-FD51-4D87-B86E-7BF4AAB4FDC1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1]
"DisplayIcon" = "%Program Files% (x86)\PC Speed Up\Icon.ico"
"Inno Setup: App Path" = "%Program Files% (x86)\PC Speed Up"
[HKLM\SOFTWARE\Speedchecker Limited\PC Speed Up]
"AVList" = "&av=301"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1]
"DisplayName" = "PC Speed Up"
"InstallLocation" = "%Program Files% (x86)\PC Speed Up\"
"Inno Setup: User" = "%CurrentUserName%"
[HKCU\Software\Speedchecker Limited\PC Speed Up]
"UniqueID" = "BC8DD994-FD51-4D87-B86E-7BF4AAB4FDC1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1]
"InstallDate" = "20150426"
[HKLM\SOFTWARE\Wow6432Node\Speedchecker Limited\PC Speed Up]
"SpeedTest" = "RUN"
[HKLM\SOFTWARE\Speedchecker Limited\PC Speed Up]
"InstallDate" = "20150426"
"CountryCode" = "uk"
"Uninstaller" = "%Program Files% (x86)\PC Speed Up\unins000.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1]
"MinorVersion" = "9"
"Inno Setup: Language" = "uk"
"NoModify" = "1"
[HKLM\SOFTWARE\Speedchecker Limited\PC Speed Up]
"CampaignID" = "ppi_2380_installer"
[HKLM\System\CurrentControlSet\Services\i8042prt\Parameters]
"CrashOnCtrlScroll" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1]
"Publisher" = "Speedchecker Limited"
"EstimatedSize" = "15320"
[HKLM\System\CurrentControlSet\services\PCSUService]
"Group" = "UIGroup"
[HKLM\SOFTWARE\Speedchecker Limited\PC Speed Up]
"RequestID" = ""
[HKLM\SOFTWARE\Wow6432Node\Speedchecker Limited\PC Speed Up]
"ConfigCountryCode" = "UA"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1]
"DisplayVersion" = "3.9.8.0"
[HKLM\System\CurrentControlSet\Control\CrashControl]
"CrashDumpEnabled" = "1"
[HKLM\SOFTWARE\Speedchecker Limited\PC Speed Up]
"keyword" = ""
"ApplicationPath" = "%Program Files% (x86)\PC Speed Up"
"CrashDumpEnabled" = "2"
"Installer" = "C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\exe\043f2a479dd1cbb7e630929e145583f8\pcspeedup.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1]
"URLInfoAbout" = "http://www.pcspeedup.com"
[HKLM\System\CurrentControlSet\Control]
"ServicesPipeTimeout" = "60000"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1]
"Inno Setup: Setup Version" = "5.4.3 (u)"
"NoRepair" = "1"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"PCSpeedUp" = "%Program Files% (x86)\PC Speed Up\PCSUNotifier.exe"
The process VOPackage.exe:1780 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKLM\System\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies]
"(Default)" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{AAB62F56-1F12-4B3C-A0EE-A1324874AB51}]
"WpadDecisionTime" = "CA C0 4D CF CE 7F D0 01"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage]
"source" = "CO18"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "7B 16 12 A0 CE 7F D0 01"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage]
"DisplayVersion" = "1.0.0.0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage]
"DisplayIcon" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\VOPackage\Uninstall.exe"
"Publisher" = "CMI Limited"
"UninstallString" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\VOPackage\Uninstall.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 48 00 00 00 09 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{AAB62F56-1F12-4B3C-A0EE-A1324874AB51}]
"WpadDecision" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{AAB62F56-1F12-4B3C-A0EE-A1324874AB51}]
"WpadNetworkName" = "Network 4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage]
"stats" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{AAB62F56-1F12-4B3C-A0EE-A1324874AB51}]
"WpadDecisionReason" = "1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage]
"DisplayName" = "Remote Desktop Access (VuuPC)"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{AAB62F56-1F12-4B3C-A0EE-A1324874AB51}]
"WpadDetectedUrl"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
The process MsiExec.exe:2188 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"FuncName" = "XAP_IsFileSupportedName"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"FuncName" = "XAP_CryptSIPPutSignedDataMsg"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"FuncName" = "XAP_CryptSIPGetSignedDataMsg"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"FuncName" = "XAP_CryptSIPCreateIndirectData"
[HKLM\SOFTWARE\Microsoft\PlayReady]
"DataPath" = "C:\ProgramData\Microsoft\PlayReady"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"DLL" = "c:\Program Files (x86)\Microsoft Silverlight\xapauthenticodesip.dll"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"DLL" = "c:\Program Files (x86)\Microsoft Silverlight\xapauthenticodesip.dll"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"DLL" = "c:\Program Files (x86)\Microsoft Silverlight\xapauthenticodesip.dll"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"DLL" = "c:\Program Files (x86)\Microsoft Silverlight\xapauthenticodesip.dll"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"FuncName" = "XAP_CryptSIPRemoveSignedDataMsg"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"DLL" = "c:\Program Files (x86)\Microsoft Silverlight\xapauthenticodesip.dll"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"DLL" = "c:\Program Files (x86)\Microsoft Silverlight\xapauthenticodesip.dll"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"FuncName" = "XAP_CryptSIPVerifyIndirectData"
The process DTLite4461-0327.exe:3840 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\DT Soft\DAEMON Tools Pro\View]
"Language" = "1033"
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\DT Soft\DAEMON Tools Pro\Data]
"google_chrome_time"
"(Default)"
"google_chrome_res"
"google_toolbar_res"
The process XTab_Setup2253.exe:3544 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCR\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}\1.0\HELPDIR]
"(Default)" = "%Program Files% (x86)\XTab"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID]
"{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" = "1"
[HKLM\SOFTWARE\Wow6432Node\supTab]
"ptid" = "cvs"
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}]
"URL" = "http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}"
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"TopResultURL" = "http://www.bing.com/search?q={searchTerms}&src=IE-TopResult&FORM=IETR02"
"URL" = "http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 46 00 00 00 09 00 00 00 00 00 00 00"
[HKCR\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}\1.0]
"(Default)" = "SupTabLib"
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"FaviconURL" = "http://www.bing.com/favicon.ico"
[HKCR\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}\1.0\FLAGS]
"(Default)" = "0"
[HKCR\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\XTab\SupTab.dll"
[HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
"(Default)" = "IETabPage Class"
[HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\TypeLib]
"(Default)" = "{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}"
[HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\InprocServer32]
"(Default)" = "%Program Files% (x86)\XTab\SupTab.dll"
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL" = "http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}"
[HKCR\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}]
"(Default)" = "IIETabPage"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved]
"{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" = ""
[HKCR\Wow6432Node\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\TypeLib]
"Version" = "1.0"
[HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\Version]
"(Default)" = "1.0"
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"FaviconPath" = "C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico"
"DisplayName" = "Bing"
[HKCR\Wow6432Node\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\TypeLib]
"(Default)" = "{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}"
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}]
"FaviconURL" = "http://www.google.com/favicon.ico"
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope" = "{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}"
[HKLM\SOFTWARE\Wow6432Node\SupDp]
"dir" = "%Program Files% (x86)\XTab"
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}]
"FaviconURL" = "http://do-search.com//favicon.ico"
[HKCR\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\TypeLib]
"(Default)" = "{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}"
[HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing]
"NewTabPageShow" = "0"
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}]
"URL" = "http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}"
[HKCR\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}]
"(Default)" = "IIETabPage"
[HKCR\Wow6432Node\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\TypeLib]
"Version" = "1.0"
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}]
"FaviconPath" = "C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}.ico"
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}]
"TopResultURL" = "http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"TopResultURL" = "http://www.mystartsearch.com/web/?type=ds&ts=1430017863&from=cvs&uid=535559167_198339_B48A115F&q={searchTerms}"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\PROTECTEDMODESECURITY]
"CheckedValue" = "PMIL"
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"FaviconURLFallback" = "http://www.bing.com/favicon.ico"
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}]
"DisplayName" = "Google"
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}]
"DisplayName" = "e"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\PROTECTEDMODESECURITY]
"DefaultValue" = "PMIL"
[HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}]
"FaviconPath" = "C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{E733165D-CBCF-4FDA-883E-ADEF965B476C}.ico"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
"AutoDetect"
The process SpeedCheckerService.exe:2188 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SpeedCheckerService_RASMANCS]
"EnableFileTracing" = "0"
"EnableConsoleTracing" = "0"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SpeedCheckerService_RASAPI32]
"EnableFileTracing" = "0"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SpeedCheckerService_RASMANCS]
"MaxFileSize" = "1048576"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SpeedCheckerService_RASAPI32]
"EnableConsoleTracing" = "0"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SpeedCheckerService_RASMANCS]
"ConsoleTracingMask" = "4294901760"
[HKU\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E\52C64B7E]
"LanguageList" = "en-US, en"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SpeedCheckerService_RASAPI32]
"MaxFileSize" = "1048576"
"FileTracingMask" = "4294901760"
"FileDirectory" = "%windir%\tracing"
"ConsoleTracingMask" = "4294901760"
[HKU\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E\52C64B7E\@%SystemRoot%\system32]
"p2pcollab.dll,-8042" = "Peer to Peer Trust"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SpeedCheckerService_RASMANCS]
"FileDirectory" = "%windir%\tracing"
[HKU\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\F5AD0BCC1AD56CD150725B1C866C30AD92EF21B0]
"Blob" = "03 00 00 00 01 00 00 00 14 00 00 00 F5 AD 0B CC"
[HKU\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E\52C64B7E\@%SystemRoot%\system32]
"dnsapi.dll,-103" = "Domain Name System (DNS) Server Trust"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SpeedCheckerService_RASMANCS]
"FileTracingMask" = "4294901760"
The Trojan deletes the following value(s) in system registry:
[HKU\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates]
"F5AD0BCC1AD56CD150725B1C866C30AD92EF21B0"
The process SpeedCheckerService.exe:3264 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\System\CurrentControlSet\Services\Eventlog\Application]
"AutoBackupLogFiles" = "0"
[HKCU\Software\Classes\Local Settings\MuiCache\2E\52C64B7E]
"LanguageList" = "en-US, en"
[HKLM\System\CurrentControlSet\services\eventlog\Application\SCService]
"EventMessageFile" = "C:\Windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll"
The process %original file name%.exe:2192 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCR\Wow6432Node\CLSID\{3F23AF0C-4D47-46C6-BBA3-EEDC83B4DAAB}\LocalServer32]
"(Default)" = "C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssD02B.tmp\nsissetup.exe -- %original file name%.exe 890 00000208 00000210 {3F23AF0C-4D47-46C6-BBA3-EEDC83B4DAAB}"
The Trojan deletes the following registry key(s):
[HKCR\Wow6432Node\CLSID\{3F23AF0C-4D47-46C6-BBA3-EEDC83B4DAAB}\LocalServer32]
[HKCR\Wow6432Node\CLSID\{3F23AF0C-4D47-46C6-BBA3-EEDC83B4DAAB}]
The process PCSUSpeedTest.exe:3468 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Classes\Local Settings\MuiCache\2E\52C64B7E]
"LanguageList" = "en-US, en"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"
[HKLM\SOFTWARE\Wow6432Node\Speedchecker Limited\PC Speed Up]
"ST_Progress" = "5"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCSUSpeedTest_RASAPI32]
"FileTracingMask" = "4294901760"
"EnableFileTracing" = "0"
"ConsoleTracingMask" = "4294901760"
[HKCU\Software\Classes\Local Settings\MuiCache\2E\52C64B7E\@%SystemRoot%\system32]
"dnsapi.dll,-103" = "Domain Name System (DNS) Server Trust"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCSUSpeedTest_RASMANCS]
"EnableFileTracing" = "0"
[HKLM\SOFTWARE\Wow6432Node\Speedchecker Limited\PC Speed Up]
"ST_CountryCode" = "CH"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCSUSpeedTest_RASAPI32]
"EnableConsoleTracing" = "0"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCSUSpeedTest_RASMANCS]
"FileTracingMask" = "4294901760"
[HKLM\SOFTWARE\Wow6432Node\Speedchecker Limited\PC Speed Up]
"ST_Ping" = "54"
"ST_Domain" = "151.236.26.173"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCSUSpeedTest_RASAPI32]
"FileDirectory" = "%windir%\tracing"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCSUSpeedTest_RASMANCS]
"FileDirectory" = "%windir%\tracing"
[HKLM\SOFTWARE\Wow6432Node\Speedchecker Limited\PC Speed Up]
"ST_TimeStamp" = "2015-04-26 03:12:24"
[HKCU\Software\Microsoft\SystemCertificates\CA\Certificates\F5AD0BCC1AD56CD150725B1C866C30AD92EF21B0]
"Blob" = "03 00 00 00 01 00 00 00 14 00 00 00 F5 AD 0B CC"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCSUSpeedTest_RASMANCS]
"ConsoleTracingMask" = "4294901760"
[HKLM\SOFTWARE\Wow6432Node\Speedchecker Limited\PC Speed Up]
"ST_Download" = "16618.204"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCSUSpeedTest_RASMANCS]
"MaxFileSize" = "1048576"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"
[HKLM\SOFTWARE\Wow6432Node\Speedchecker Limited\PC Speed Up]
"ST_Status" = "Started"
[HKCU\Software\Classes\Local Settings\MuiCache\2E\52C64B7E\@%SystemRoot%\system32]
"p2pcollab.dll,-8042" = "Peer to Peer Trust"
[HKLM\SOFTWARE\Wow6432Node\Speedchecker Limited\PC Speed Up]
"ST_AvailableServers" = "SE;Stockholm;46.246.126.220|CH;Zurich;151.236.26.173|IT;Milano 1;149.154.157.241|"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCSUSpeedTest_RASMANCS]
"EnableConsoleTracing" = "0"
[HKLM\SOFTWARE\Wow6432Node\Speedchecker Limited\PC Speed Up]
"ST_Upload" = "27110.400"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCSUSpeedTest_RASAPI32]
"MaxFileSize" = "1048576"
[HKLM\SOFTWARE\Wow6432Node\Speedchecker Limited\PC Speed Up]
"ST_Server" = "Zurich"
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Speedchecker Limited\PC Speed Up]
"ST_Ping"
[HKCU\Software\Microsoft\SystemCertificates\CA\Certificates]
"F5AD0BCC1AD56CD150725B1C866C30AD92EF21B0"
[HKLM\SOFTWARE\Wow6432Node\Speedchecker Limited\PC Speed Up]
"ST_Status"
"ST_TimeStamp"
"ST_Progress"
"ST_AvailableServers"
"SpeedTest"
"ST_Download"
"ST_Upload"
"ST_Server"
The process nsissetup.exe:2868 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm]
"fdwSupport" = "1"
"aFormatTagCache" = "01 00 00 00 10 00 00 00 02 00 00 00 32 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{AAB62F56-1F12-4B3C-A0EE-A1324874AB51}]
"WpadDecisionTime" = "64 D4 4F 80 CE 7F D0 01"
[HKCU\Software\Classes\Local Settings\MuiCache\2E\52C64B7E]
"LanguageList" = "en-US, en"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711]
"cFormatTags" = "3"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 43 00 00 00 09 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm]
"cFormatTags" = "2"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711]
"cFilterTags" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm]
"cFilterTags" = "0"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610]
"fdwSupport" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "25 CC 85 1E BF 72 D0 01"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610]
"cFormatTags" = "2"
"aFormatTagCache" = "01 00 00 00 10 00 00 00 31 00 00 00 14 00 00 00"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711]
"fdwSupport" = "1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm]
"aFormatTagCache" = "01 00 00 00 10 00 00 00 11 00 00 00 14 00 00 00"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm]
"cFilterTags" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{AAB62F56-1F12-4B3C-A0EE-A1324874AB51}]
"WpadDecision" = "0"
[HKCU\Software\Microsoft\Windows Script\Settings]
"JITDebug" = "0"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610]
"cFilterTags" = "0"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm]
"fdwSupport" = "1"
"cFormatTags" = "2"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{AAB62F56-1F12-4B3C-A0EE-A1324874AB51}]
"WpadDecisionReason" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{AAB62F56-1F12-4B3C-A0EE-A1324874AB51}]
"WpadNetworkName" = "Network 4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"
"WpadDecision" = "0"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711]
"aFormatTagCache" = "01 00 00 00 10 00 00 00 06 00 00 00 12 00 00 00"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{AAB62F56-1F12-4B3C-A0EE-A1324874AB51}]
"WpadDetectedUrl"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
The process regsvr32.exe:4004 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCR\Wow6432Node\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}\ProgID]
"(Default)" = "PCSU.SysUtils.1"
[HKCR\Wow6432Node\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}\Version]
"(Default)" = "1.0"
[HKCR\Wow6432Node\Interface\{873C7DA8-195D-4D5A-B830-C5E2831901EA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{873C7DA8-195D-4D5A-B830-C5E2831901EA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\Interface\{6C42038D-817A-472C-8C2A-EF46F1DA576D}\TypeLib]
"(Default)" = "{3157E247-2784-4028-BF0F-52D6DDC70E1B}"
[HKCR\PCSU.Registry]
"(Default)" = "RegistryHelper Class"
[HKCR\Wow6432Node\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\Wow6432Node\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}]
"(Default)" = "SysUtils Class"
[HKCR\PCSU.SysUtils.1\CLSID]
"(Default)" = "{B89F5C49-51DB-4974-AB5A-E25901AA339C}"
[HKCR\Interface\{6C42038D-817A-472C-8C2A-EF46F1DA576D}]
"(Default)" = "IRegistryHelper"
[HKCR\TypeLib\{3157E247-2784-4028-BF0F-52D6DDC70E1B}\1.0\HELPDIR]
"(Default)" = "%Program Files% (x86)\PC Speed Up"
[HKCR\Wow6432Node\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}\TypeLib]
"(Default)" = "{3157E247-2784-4028-BF0F-52D6DDC70E1B}"
[HKCR\Interface\{6C42038D-817A-472C-8C2A-EF46F1DA576D}\TypeLib]
"Version" = "1.0"
[HKCR\Wow6432Node\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}\ProgID]
"(Default)" = "PCSU.Registry.1"
[HKCR\TypeLib\{3157E247-2784-4028-BF0F-52D6DDC70E1B}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\PC Speed Up\PCSUHelper.dll"
[HKCR\Wow6432Node\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}\TypeLib]
"(Default)" = "{3157E247-2784-4028-BF0F-52D6DDC70E1B}"
[HKCR\Wow6432Node\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}]
"(Default)" = "RegistryHelper Class"
[HKCR\Wow6432Node\Interface\{6C42038D-817A-472C-8C2A-EF46F1DA576D}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\TypeLib\{3157E247-2784-4028-BF0F-52D6DDC70E1B}\1.0]
"(Default)" = "PCSUHelperLib"
[HKCR\Wow6432Node\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}\InprocServer32]
"(Default)" = "%Program Files% (x86)\PC Speed Up\PCSUHelper.dll"
[HKCR\Interface\{873C7DA8-195D-4D5A-B830-C5E2831901EA}]
"(Default)" = "ISysUtils"
[HKCR\Wow6432Node\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}\VersionIndependentProgID]
"(Default)" = "PCSU.SysUtils"
[HKCR\PCSU.SysUtils.1]
"(Default)" = "SysUtils Class"
[HKCR\PCSU.SysUtils]
"(Default)" = "SysUtils Class"
[HKCR\Wow6432Node\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}\Version]
"(Default)" = "1.0"
[HKCR\Interface\{6C42038D-817A-472C-8C2A-EF46F1DA576D}\TypeLib]
"(Default)" = "{3157E247-2784-4028-BF0F-52D6DDC70E1B}"
[HKCR\Wow6432Node\Interface\{6C42038D-817A-472C-8C2A-EF46F1DA576D}]
"(Default)" = "IRegistryHelper"
[HKCR\PCSU.Registry\CurVer]
"(Default)" = "PCSU.Registry.1"
[HKCR\Interface\{873C7DA8-195D-4D5A-B830-C5E2831901EA}\TypeLib]
"Version" = "1.0"
[HKCR\TypeLib\{3157E247-2784-4028-BF0F-52D6DDC70E1B}\1.0\FLAGS]
"(Default)" = "0"
[HKCR\Wow6432Node\Interface\{873C7DA8-195D-4D5A-B830-C5E2831901EA}\TypeLib]
"(Default)" = "{3157E247-2784-4028-BF0F-52D6DDC70E1B}"
[HKCR\PCSU.SysUtils\CurVer]
"(Default)" = "PCSU.SysUtils.1"
[HKCR\Wow6432Node\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\Interface\{6C42038D-817A-472C-8C2A-EF46F1DA576D}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\PCSU.Registry.1\CLSID]
"(Default)" = "{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}"
[HKCR\Wow6432Node\Interface\{873C7DA8-195D-4D5A-B830-C5E2831901EA}]
"(Default)" = "ISysUtils"
[HKCR\Wow6432Node\Interface\{873C7DA8-195D-4D5A-B830-C5E2831901EA}\TypeLib]
"Version" = "1.0"
[HKCR\Wow6432Node\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}\InprocServer32]
"(Default)" = "%Program Files% (x86)\PC Speed Up\PCSUHelper.dll"
[HKCR\Wow6432Node\Interface\{6C42038D-817A-472C-8C2A-EF46F1DA576D}\TypeLib]
"Version" = "1.0"
[HKCR\Wow6432Node\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}\VersionIndependentProgID]
"(Default)" = "PCSU.Registry"
[HKCR\Interface\{873C7DA8-195D-4D5A-B830-C5E2831901EA}\TypeLib]
"(Default)" = "{3157E247-2784-4028-BF0F-52D6DDC70E1B}"
[HKCR\PCSU.Registry.1]
"(Default)" = "RegistryHelper Class"
The process nssCF72.tmp:3656 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "CA C0 4D CF CE 7F D0 01"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{AAB62F56-1F12-4B3C-A0EE-A1324874AB51}]
"WpadNetworkName" = "Network 4"
"WpadDecisionTime" = "A9 26 1D EB CE 7F D0 01"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{AAB62F56-1F12-4B3C-A0EE-A1324874AB51}]
"WpadDecisionReason" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 49 00 00 00 09 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{AAB62F56-1F12-4B3C-A0EE-A1324874AB51}]
"WpadDecision" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{AAB62F56-1F12-4B3C-A0EE-A1324874AB51}]
"WpadDetectedUrl"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
Dropped PE files
MD5 | File path |
---|---|
44a7a613955e6346114916eb3c117f3f | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\Microsoft.VisualBasic.dll |
2d30a65d2152d72a610f0fe655d01b3a | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\Microsoft.Xna.Framework.Graphics.Shaders.dll |
d2e99a5ce4a6efa6bd95204f7ae1b823 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\Microsoft.Xna.Framework.Graphics.Shaders.ni.dll |
83b3db8c65d6c7652ddf49bf1c4d8c81 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\Microsoft.Xna.Framework.Graphics.dll |
8b89c45532b7b07cf713a7c0a3c883ba | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\Microsoft.Xna.Framework.Graphics.ni.dll |
48b41e220f21695c167fc14d3955588e | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\Microsoft.Xna.Framework.dll |
62847c2c65e237ebbe43a996c5789778 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\Microsoft.Xna.Framework.ni.dll |
4924780102d2b69938c03068b7c0434c | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\SLMSPRBootstrap.dll |
c10d58e141182bc336b2f14e384a32d7 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe |
85559ad0709874a7549642e8e0f86b28 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\Silverlight.ConfigurationUI.dll |
56c8a1037f2375349c1fbb901b851426 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\System.Core.dll |
276241c60d7362b1155b8883bad57504 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\System.Core.ni.dll |
6c6de2aabcda5387f6aa7d54f3f73fef | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\System.Net.dll |
e5e29b8cdaa45c68fd4fd28982433b73 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\System.Net.ni.dll |
ee74def85ed6a7481af475a5dc65d7c9 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\System.Runtime.Serialization.dll |
d544ce7b48c5c48d205dfee0f8e9815b | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\System.Runtime.Serialization.ni.dll |
2f012e35c12e683e913a50a59b8aedd8 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\System.ServiceModel.Web.dll |
708454805d9182e135f3ab4642baa24a | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\System.ServiceModel.Web.ni.dll |
5e06acd3f66dd01700c89b61df135aa4 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\System.ServiceModel.dll |
c630e411a1c9a991c0e8543200f44656 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\System.ServiceModel.ni.dll |
eabad6b4b57655c9c8bb25970f32a964 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\System.Windows.Browser.dll |
f5f5034e67d00fce80bd3f5c9df494dc | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\System.Windows.Browser.ni.dll |
c9409e4b4c35f5720a572f4963471c0e | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\System.Windows.RuntimeHost.dll |
a3f8a97c0b0efabc8213ddebc9230323 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\System.Windows.RuntimeHost.ni.dll |
342288601aa90e1b270419249ec6e43b | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\System.Windows.Xna.dll |
e9eef35471cbef94e520a62d20efdd73 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\System.Windows.Xna.ni.dll |
a937f6473a8db558ca1e2ba5351938c6 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\System.Windows.dll |
d48ccdf3f666c7562029aa96628857a2 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\System.Windows.ni.dll |
15e78e524918f73f22b9a798eace9ae3 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\System.Xml.dll |
3e947c88a7f04e4896928b58fd896af7 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\System.Xml.ni.dll |
53d9b6167e73d48c94dd30d8d114ecde | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\System.ni.dll |
4ee7f6e2852c7afa7fbc95bc6d1da5ce | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\agcore.dll |
4315c405baf5bf92f92cf478dffc9ca5 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\agcp.exe |
aead1b166e25e4794d47778e6af76dff | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\ar\Microsoft.VisualBasic.resources.dll |
4491868178049c94979fe1b92ce0e425 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\ar\mscorlib.resources.dll |
345e2d39fbfe27b8828b8ac42abe2435 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\ar\mscorrc.dll |
2faefe792fa8bb78d6f5ef20443bd673 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\ar\system.resources.dll |
18e30e5d7e9385a22881a9b21b67f1f6 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\bg\Microsoft.VisualBasic.resources.dll |
5f41f2f7487fd53388b522e798a27dda | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\bg\mscorlib.resources.dll |
a46bc4c044564141ae33dd6f531602b0 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\bg\mscorrc.dll |
264927cd33c64e23a84eaaa14b572655 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\bg\system.resources.dll |
841d35b03c37cfaba9c079003a5afd92 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\ca\Microsoft.VisualBasic.resources.dll |
ac67be81d31b85f3d6296ad5ad7a6a0f | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\ca\mscorlib.resources.dll |
4127e7f310e9e33027a53cf7ff8d461f | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\ca\mscorrc.dll |
55e4488dd13515c21e808797e7dc2ecf | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\ca\system.resources.dll |
f769a78b415031fb8c62b64a4df70402 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\coreclr.dll |
a6eb1d987243861267101e7a07a94cd6 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\coregen.exe |
3f4e34200e3062cbad41d672e96b58be | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\cs\Microsoft.VisualBasic.resources.dll |
f1fbfd6acfcfa2ea15493f45ca6e8359 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\cs\mscorlib.resources.dll |
23ba8ffaac071f05bdb95c651122dd14 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\cs\mscorrc.dll |
8b5929a2e8f6f2f2f8dd14400bc6f15f | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\cs\system.resources.dll |
f31c8c869f1a5709da849bb658da7c1b | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\da\Microsoft.VisualBasic.resources.dll |
73708f057fddf619d99cfd8a0c29eed4 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\da\mscorlib.resources.dll |
4f044fe5f71a79eb50be78c314216dec | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\da\mscorrc.dll |
bd2af65cfb0e30301dffecc06dfa03e7 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\da\system.resources.dll |
2319c9029c693d636ff96a47f327b624 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\de\Microsoft.VisualBasic.resources.dll |
588858360fc177afea606f569b90e502 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\de\mscorlib.resources.dll |
795da5b7057c9c268030690ee253e288 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\de\mscorrc.dll |
784f0445fdda500cb8b834d67f5e175a | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\de\system.resources.dll |
180c41dedde5bcdfdb3b817b76ed6803 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\el\Microsoft.VisualBasic.resources.dll |
e9f11e43483e0dde9fa3f81f9bcf95e1 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\el\mscorlib.resources.dll |
70cde4f000da32fe0ef5e629aaf64e84 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\el\mscorrc.dll |
70a17515b2680d7f4494589c0313a939 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\el\system.resources.dll |
09df8b997b28f189436064a26be6d992 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\es\Microsoft.VisualBasic.resources.dll |
fe3dafda9a7f64fb55edfa5dc9db5763 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\es\mscorlib.resources.dll |
5d17519c98e3667247d94ad450ade2fe | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\es\mscorrc.dll |
3474490c9110675524110d76ebff5388 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\es\system.resources.dll |
e9294d118f6f7f901bdcad6ca413eb65 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\et\Microsoft.VisualBasic.resources.dll |
10ed5feb6cdfc797446b4343e0e678ba | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\et\mscorlib.resources.dll |
447180e743e96e61726a2935bb6320ac | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\et\mscorrc.dll |
b90f99d3bd937b2d013939a353d033fe | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\et\system.resources.dll |
ac0608c0d022738f5bd28d9556309d5c | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\eu\Microsoft.VisualBasic.resources.dll |
c55916d87f40793d84088365b9989326 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\eu\mscorlib.resources.dll |
96f9a1fa5ac8fab13401bda693dd87ba | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\eu\mscorrc.dll |
f548d99f60c55eb0cb3ae769a1b5b0d7 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\eu\system.resources.dll |
a8318822f2b610798015442411be8219 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\fi\Microsoft.VisualBasic.resources.dll |
9361a64298ee0d54390afcbecd004bff | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\fi\mscorlib.resources.dll |
254757711a62fb942c331beba8b80a47 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\fi\mscorrc.dll |
0a3ebba35f4796a45a529e97810abdc4 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\fi\system.resources.dll |
4821acd9b8bfd6e7e8594e7d272bca9f | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\fr\Microsoft.VisualBasic.resources.dll |
c09c612d1c02d171de368b4fcb3a1132 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\fr\mscorlib.resources.dll |
1fed4926c3f3f0a0a15ba69dc7132bb9 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\fr\mscorrc.dll |
0b5ed90dc3901e881a9d445e28bd0b54 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\fr\system.resources.dll |
bea69ced18cfebf0f67007d0769d55f2 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\he\Microsoft.VisualBasic.resources.dll |
18860994ab1d09ff10c059804bf02a2f | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\he\mscorlib.resources.dll |
2c589401d3fd26878caa33cb1d8b0400 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\he\mscorrc.dll |
0a77717b4ec2f62b6d0f1aa9f20d563c | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\he\system.resources.dll |
28d60dc96ce0a9d22d0718a3b65b876c | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\hr\Microsoft.VisualBasic.resources.dll |
549ff0dd051b70c441bd54691e4cc739 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\hr\mscorlib.resources.dll |
f0cc18d981ce20108d2c8f1a06c886c7 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\hr\mscorrc.dll |
75e304bc278fe41f9bc3f90a2a000811 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\hr\system.resources.dll |
14e68af2041d601dc928f74ae9e36f6c | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\hu\Microsoft.VisualBasic.resources.dll |
34489de23d4bfbf02f7381caa6eec6ec | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\hu\mscorlib.resources.dll |
4f86a4f6dfe5c6eca2a26604e0f5e1ad | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\hu\mscorrc.dll |
4a47045e3db6b295792c03b91ce3cf60 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\hu\system.resources.dll |
820edb415ccdc654b2202a1cc3d369f8 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\id\Microsoft.VisualBasic.resources.dll |
a11cb549a8acbdaf5a9e25daf319c157 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\id\mscorlib.resources.dll |
0ad56078008c35ea46e70e4753c9ba55 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\id\mscorrc.dll |
9f899aec8f7d21c4ef05a1e40fcfb13f | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\id\system.resources.dll |
137677a2e5623b754ac4306589d7df52 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\it\Microsoft.VisualBasic.resources.dll |
8c34a24d9d358cdec09438389ff74940 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\it\mscorlib.resources.dll |
ff66d398dfff7b706661cacd91eb1d7c | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\it\mscorrc.dll |
bfb50b8c5d4673ec46003a5cf2e22ba7 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\it\system.resources.dll |
4016a5ae3fedc51a6e5b4f71a31ff476 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\ja\Microsoft.VisualBasic.resources.dll |
fc92e1abcf9a37c07d1f56a9d14a131e | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\ja\mscorlib.resources.dll |
6d4ef84a43957ed53e17076b49c25a49 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\ja\mscorrc.dll |
1014172ed25c43f771e370a272d89605 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\ja\system.resources.dll |
7cd93f2d2462d65e92eb75c5065662d5 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\ko\Microsoft.VisualBasic.resources.dll |
d3eec38f0735ea0546adf199f9a42d42 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\ko\mscorlib.resources.dll |
4c518a6e2967ef659e352a6c834bdc89 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\ko\mscorrc.dll |
20ff98ad45e7b1082295ff4d3655d7f3 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\ko\system.resources.dll |
fb1715aa866cab7db7e1fa6a75718e82 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\lt\Microsoft.VisualBasic.resources.dll |
7d3c2857974ff7043088b0b8d32243e7 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\lt\mscorlib.resources.dll |
360b0cd903015fd1a443bce16d06d983 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\lt\mscorrc.dll |
351e338b52777247c7e62a2880de6a5b | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\lt\system.resources.dll |
289aec20f98defd43fe7b16eea402fed | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\lv\Microsoft.VisualBasic.resources.dll |
3fc989186d7ed0da90f7da49e9baa874 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\lv\mscorlib.resources.dll |
16fc0902a1a7af7c76a8ddfa84f8ff57 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\lv\mscorrc.dll |
5ac55d999c52c254c5329b5347d297e9 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\lv\system.resources.dll |
f458ff1a4c2d48254b24f44e3950c250 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\ms\Microsoft.VisualBasic.resources.dll |
b5680243f335b28af8473c1328c31584 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\ms\mscorlib.resources.dll |
ca502c22de889a9f28a29caacb9545d6 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\ms\mscorrc.dll |
1b45a994c693ba7d388d4b64050c63df | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\ms\system.resources.dll |
1cb16e581e2355fbb86c78cde60ff3e3 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\mscorlib.dll |
03a718e09ea1e561c261e1dd0ffd4afc | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\mscorlib.ni.dll |
756cfae0b81be30f903fde796267e368 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\mscorrc.dll |
16e0ae792ed1b7814ad52c37587323bb | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\nl\Microsoft.VisualBasic.resources.dll |
54e38ff06897fc4bc27630a73a971e0b | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\nl\mscorlib.resources.dll |
80268fbe25edb57486bfca9773cbb79c | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\nl\mscorrc.dll |
dd90d0551aeea77ee44dcde76fe1715a | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\nl\system.resources.dll |
87a905bafa19225e970d032971a5bb3c | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\no\Microsoft.VisualBasic.resources.dll |
df4bd2a6ad2f73b5015d93c6c3c228d5 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\no\mscorlib.resources.dll |
7d0c626e2dc8f0376f13ce2d42608322 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\no\mscorrc.dll |
d88b57a1b3e5da5ee33258721b1b16d5 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\no\system.resources.dll |
893bf7d2261c56c24f813405d9d018e0 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll |
8da2ed6b04ea33f2eae8ba883f903729 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll |
8162e6043daba4971f6b8bdf47968de3 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\pl\Microsoft.VisualBasic.resources.dll |
971562b310cf55a0405b811c57c06f7f | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\pl\mscorlib.resources.dll |
10741b4b1d22fa77c2c77f2ca7d599bc | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\pl\mscorrc.dll |
facf9822ff983e641934fd0a12cfdaba | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\pl\system.resources.dll |
ca29c362b39e008913aee94492410f69 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\pt-BR\Microsoft.VisualBasic.resources.dll |
36ff74cc03c17b353413e51716f53cc5 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\pt-BR\mscorlib.resources.dll |
8402aa257ae8c85544aedce3ca94e550 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\pt-BR\mscorrc.dll |
7d6c1223a1b36af1091ece13e37e2c79 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\pt-BR\system.resources.dll |
dcfe976a4e2b277820b1cd8118fbbce4 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\pt\Microsoft.VisualBasic.resources.dll |
792af39f32f13ea2eafc8e1415ce9af0 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\pt\mscorlib.resources.dll |
c0c215cdf31ba724d72a575dcfcd1cba | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\pt\mscorrc.dll |
e5fca8e93c103c44fce9e3782d33de81 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\pt\system.resources.dll |
87517a204f53f92cbaede953464c2c44 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\ro\Microsoft.VisualBasic.resources.dll |
52f469cdf0c02fae4afc0efd433569a3 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\ro\mscorlib.resources.dll |
c687cf1bfba5c29100c7badfb70d6bae | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\ro\mscorrc.dll |
fe910815fe7b7dfd59e2aa14492ca109 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\ro\system.resources.dll |
2b2eafc59ea959cfc4c3f0c5d11a43cd | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\ru\Microsoft.VisualBasic.resources.dll |
a11a0a637a17cbbc7ff7b194aeba1c72 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\ru\mscorlib.resources.dll |
3b504eba88b956c14279151f803b4a85 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\ru\mscorrc.dll |
809625ef867dfdfe8d3b7e0d1d27234b | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\ru\system.resources.dll |
8d1494e7e8a2f83e4d962f87259d22b8 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\sk\Microsoft.VisualBasic.resources.dll |
ee3a2d02aa33bd8e2ded883c870a71bc | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\sk\mscorlib.resources.dll |
3cd628af65cf85f0a02fab784c31595f | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\sk\mscorrc.dll |
fabd9bf37e4471343b188ebfb5820f18 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\sk\system.resources.dll |
f47733116d55209cce9f9da10402ffa0 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\sl\Microsoft.VisualBasic.resources.dll |
a092710a007cbe654f8c987a8338201b | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\sl\mscorlib.resources.dll |
dae6994e8ba5c665b72bd1adf0288db9 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\sl\mscorrc.dll |
28dd0107ed3238180063f3a3f41d11ee | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\sl\system.resources.dll |
41b91f0782e500cf8b63ded7fbcd812f | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\sr-Cyrl-CS\Microsoft.VisualBasic.resources.dll |
2d0d3475f078db74be9eabb9ec1c6ac1 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\sr-Cyrl-CS\mscorlib.resources.dll |
c9e6c96c732306cc9d871dcbcb357c93 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\sr-Cyrl-CS\mscorrc.dll |
839e7abcdb6a058bbb1cce9161265f81 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\sr-Cyrl-CS\system.resources.dll |
37b3eacf8145fafa57af5278378ce21f | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\sr-Latn-CS\Microsoft.VisualBasic.resources.dll |
39cc6097739bf44c14ef036cf1f310cc | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\sr-Latn-CS\mscorlib.resources.dll |
f74ea592c35fc8ec9eaa4ed7897cf879 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\sr-Latn-CS\mscorrc.dll |
40f8462e48da5dd64037a9107c634ea1 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\sr-Latn-CS\system.resources.dll |
419c5c54cfcf5af26d7dd5ce8321309e | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\sv\Microsoft.VisualBasic.resources.dll |
da25d839a93068d7ef2bf78e4b986519 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\sv\mscorlib.resources.dll |
4b82085a57061df5f4e5505d3c76880a | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\sv\mscorrc.dll |
516d1dc039a784e67f73c679416e8cc1 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\sv\system.resources.dll |
9c641e70ad7f26f6ef006d0bc22875be | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\system.dll |
073b16bd67f4b43a7736f6a728ce5b25 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\th\Microsoft.VisualBasic.resources.dll |
75db1e8393968bfb2c86207f8eaf604a | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\th\mscorlib.resources.dll |
e125316ed76cf593cedadddcc3e077d9 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\th\mscorrc.dll |
c94daf3826915f9c67f889e2f938d19f | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\th\system.resources.dll |
3a5a482e5735c0cc0612f6ec585d1aab | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\tr\Microsoft.VisualBasic.resources.dll |
f1d96b7609c5a295d768a09a26ccca01 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\tr\mscorlib.resources.dll |
905d9bf18ea3365fbc18938cf9916551 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\tr\mscorrc.dll |
83da04138530cce3c46e8586445996b7 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\tr\system.resources.dll |
d9f7b2f82160cd2c77fee6a6b544e93b | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\uk\Microsoft.VisualBasic.resources.dll |
8edd44b943235871a720bd52baae189c | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\uk\mscorlib.resources.dll |
93ad5c3edd47fe400154ab70fe2f1029 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\uk\mscorrc.dll |
f5c3130a6532d8b620e428f2a61753dc | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\uk\system.resources.dll |
73bf154dc7ec08897aeac36f768e62d2 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\vi\Microsoft.VisualBasic.resources.dll |
a258474d2b4ef33ac3fe2e26c7727adb | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\vi\mscorlib.resources.dll |
bb90c2f8c1ed522b924169f0e131884f | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\vi\mscorrc.dll |
255dcdf47229587046a8597d4e8af5af | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\vi\system.resources.dll |
044312764bb4a8b842bb192c4f4216b4 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\zh-Hans\Microsoft.VisualBasic.resources.dll |
27e68fa359d4940aff22708fd10fbc2d | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\zh-Hans\mscorlib.resources.dll |
34dda034e940f6adf325a430bd7cf5b7 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\zh-Hans\mscorrc.dll |
d499f0165528a2d08fa299ffd2792c63 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\zh-Hans\system.resources.dll |
edb4930390c4995447bebe75b5ae19de | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\zh-Hant\Microsoft.VisualBasic.resources.dll |
7e9597fb7f0b7d15ef698601981da6ba | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\zh-Hant\mscorlib.resources.dll |
8e71d73c5dd196346fe580864c354231 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\zh-Hant\mscorrc.dll |
eddaf9f8b76b6c2355e24eab0825b057 | c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\zh-Hant\system.resources.dll |
be0de0030a07c0e2adcb2d00c2b5bb1c | c:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe |
cfbe6ac308ddcbcef06658a5a1b82948 | c:\Program Files (x86)\Microsoft Silverlight\xapauthenticodesip.dll |
0ecc954ab71b850e438d0b8526db9e01 | c:\Program Files (x86)\PC Speed Up\Common.Logging.dll |
b42ca2d572854bb967800bba8b6e2e6b | c:\Program Files (x86)\PC Speed Up\FileUploader.exe |
49ca5298b7ffbe3e7a6310461dd146da | c:\Program Files (x86)\PC Speed Up\ManagedWifi.dll |
a0e65e9c544769db4f93fc5218360d00 | c:\Program Files (x86)\PC Speed Up\PCSUHelper.dll |
265eeda920d608d7858a37a519b6e212 | c:\Program Files (x86)\PC Speed Up\PCSULauncher.exe |
d909405a1af3faefec58113fb89a8fb4 | c:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe |
7d3cc1e5a02079da66a28dc636dcfd64 | c:\Program Files (x86)\PC Speed Up\PCSUQuickScan.exe |
f45785ae72c6fa7e645597542e33cb19 | c:\Program Files (x86)\PC Speed Up\PCSUSD.exe |
e6bd031b2eaf9c5e966d0535569e4f4a | c:\Program Files (x86)\PC Speed Up\PCSUService.exe |
3ceda9c3318d4e5aa13d64572bdfa09b | c:\Program Files (x86)\PC Speed Up\PCSUSpeedTest.exe |
a5d866d482a18d324492e7d1de9b57ca | c:\Program Files (x86)\PC Speed Up\PCSUUCC.exe |
0744c4851a307a9258b6750fe8fd5872 | c:\Program Files (x86)\PC Speed Up\PCSpeedUp.sys |
6f41ef91f5744f70a0bc59f6c0edff98 | c:\Program Files (x86)\PC Speed Up\PopupNotification.dll |
4925c74a98afbaf271d6513599be7155 | c:\Program Files (x86)\PC Speed Up\SharpBrake.dll |
94794cb85a65beca0c153528faa27bdf | c:\Program Files (x86)\PC Speed Up\Skyhook.exe |
b84604b780b136e5b81345b06d4d0551 | c:\Program Files (x86)\PC Speed Up\SpeedChecker.dll |
7c8c94cb80a9a83f6dc04894d6e843c6 | c:\Program Files (x86)\PC Speed Up\SpeedCheckerService.exe |
24d9f00e1604db8ff49f599dea248fac | c:\Program Files (x86)\PC Speed Up\Sqlite3.dll |
0fbe91d8b0bb7f5784a31bd5c2875aa2 | c:\Program Files (x86)\PC Speed Up\agsXMPP.dll |
a1e59cd38160bcdfc61f383741ba7ade | c:\Program Files (x86)\PC Speed Up\qs64.dll |
6b2b214c4bc2dad2e86b1cc41f42ab92 | c:\Program Files (x86)\PC Speed Up\unins000.exe |
916672bbbecfb618456cd1b99eb4399c | c:\Program Files (x86)\PC Speed Up\wpsapi.dll |
0183c88583bbf1c99d67acce017c9beb | c:\Program Files (x86)\XTab\BrowerWatchCH.dll |
fd0b82d24d162e240931cfd5540d3021 | c:\Program Files (x86)\XTab\BrowerWatchFF.dll |
5785680870eff9ba7b4f58c726552013 | c:\Program Files (x86)\XTab\BrowserAction.dll |
b124f96efd0010e4f7e262f08519e9e4 | c:\Program Files (x86)\XTab\CmdShell.exe |
77ccf1c943665ececf9a5ce699560500 | c:\Program Files (x86)\XTab\HPNotify.exe |
4a345a11cc64ab72cb09ff391611dad0 | c:\Program Files (x86)\XTab\IeWatchDog.dll |
cc709fa63d5a536a2f8275c0cea39070 | c:\Program Files (x86)\XTab\ProtectService.exe |
efa257c845943b84922117758c955434 | c:\Program Files (x86)\XTab\SupTab.dll |
3e29914113ec4b968ba5eb1f6d194a0a | c:\Program Files (x86)\XTab\msvcp110.dll |
4ba25d2cbe1587a841dcfb8c8c4a6ea6 | c:\Program Files (x86)\XTab\msvcr110.dll |
e29708f3781e5790424ca59a0fbb1bd3 | c:\Program Files (x86)\XTab\uninstall.exe |
8a8f5ebe2fd9c2e6325723209b9cdf32 | c:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe |
8a8f5ebe2fd9c2e6325723209b9cdf32 | c:\Users\All Users\WindowsMangerProtect\ProtectWindowsManager.exe |
b3113668f356c345dd1efae531e257f8 | c:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\count_vc[1].htm |
f99ba617f06b2dfd62cd23ae7c9484fd | c:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\count_vn[1].htm |
08caec472db03f5ea68e2b097fdfb502 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\exe\043f2a479dd1cbb7e630929e145583f8\pcspeedup.exe |
beb43f12e33b63594c924db62cfe7c3c | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\exe\261dd182d36861fec9a217cc812a9f9a\DTLite4461-0327.exe |
148bdbdcbac38fbf0b4d3c145e9b0199 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\exe\262bebb37d687dabfd48d85e0de76564\cvs_mystartsearch.exe |
64caebfbdca2ef8ec782c7ad90e20360 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\exe\dad4890a8fda856f77d8f153dc13db68\VOPackage.exe |
f02155fa3e59a8fc48a74a236b2bb42e | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi84CA.tmp\inetc.dll |
4f88bef9204d347c0d1c99d7be7baae8 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\DTSetupHelper.exe |
67d8f4d5acdb722e9cb7a99570b3ded1 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\InstallOptions.dll |
7062b63645101a612ce0f69e7453abbb | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\JRYI-Chrome.exe |
35798a34ca30a4a4a37b635318d8c959 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\JRYI-Toolbar.exe |
d932447f25f3a284fcf7191231867e55 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\AFK.dll |
a41dbfb0724d40810e97726ba2bbb7ca | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\ARA.dll |
587017cdee10b1899638489737c04c0b | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\BGR.dll |
dc0b79c33d48466f5260ea87421b23ca | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\BIH.dll |
9d364f08d8d0a0271ece8dd3b26efd82 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\CAT.dll |
23b0a273336d3e55daf1bee481569dac | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\CHS.dll |
56c05b61e6d34f64a86dd938746f0fe6 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\CHT.dll |
13c02b3862d5f4df0a6d97fb04c192f6 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\CSY.dll |
780175961ed15067d17e2ca33102e040 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\DAN.dll |
9ccefd9de90dba00f2e87acb15f28257 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\DEU.dll |
31d21a47452ad4054de43ea84bf086a5 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\ELL.dll |
64353d862197de70e813ea385c71cd70 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\ENU.dll |
425420280f09987b6354dcdaa70acbda | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\ESN.dll |
903a1ba5bb47b9e70818d565004d14c7 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\FIN.dll |
3a5a4ac2f9d8b76fcaa0fcf477d66feb | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\FRA.dll |
07c509d1d4298a59f3fc1f84bcc0adbd | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\GLC.dll |
ed58d1766f15770175a94af2fdacfcff | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\HEB.dll |
219d08d6af054298d19d2f40ec7b57f0 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\HRV.dll |
85069620b785602b5721842bf4245dd8 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\HUN.dll |
50d93fbb149d210ce5132f6bec8dbd8f | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\HYE.dll |
ecdf1900557afaea53a458b21d826b41 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\IND.dll |
10ca143d83a7655994af434cb19bb0d6 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\ITA.dll |
78f48e394542c0b5160f2c584672a3bb | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\JPN.dll |
c443e20a057a8bfb968d05c99d2d5f14 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\KAT.dll |
8146c0f238fb5ea36e495cba62f9e83b | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\KOR.dll |
5991794939c6019129934beabb2df27a | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\LTH.dll |
1bef1cce3a582cfdd7eee57d7cc4caef | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\LVI.dll |
45896e78ae455c17a9538b1cc8a8394d | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\NLB.dll |
225b686f7985c10f529418a236ea7151 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\NOR.dll |
02172c552b7fac544f302a69c9d94655 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\PLK.dll |
4c4d4741f7499eecc4e73b925f8bbe82 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\PTB.dll |
4e2aefb336983043faf5a7434761fcc5 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\ROM.dll |
096b3d2003c36b823f2185fd80f7c08f | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\RUS.dll |
38acaf5e059d114d767468842d893ab2 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\SKY.dll |
5c8b4989bb0f17084916a0f7fc658fc3 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\SLV.dll |
3a3fb7287719e29415e1666c91c1c873 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\SRL.dll |
3499a25e08dd7ad84d699202e7f0fa21 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\SVE.dll |
adeeeecb5603b5ed7ba7a87926b5b510 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\TRK.dll |
77c025ed15ff18b5f964008d238ffed5 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\UKR.dll |
243e820e072b7a0a8be07e736445408f | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\OCSetupHlp.dll |
1323d01fc1b3ec2ac91365a37dc0be0c | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\SetupHelper.exe |
959ea64598b9a3e494c00e8fa793be7e | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\System.dll |
fc5b2ac8d68459ec61f653676d8bcd5d | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\gcapi_dll.dll |
61bc40d1fad9e0faa9a07219b90ba0e4 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\gtapi.dll |
f7b92b78f1a00a872c8a38f40afa7d65 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\nsDialogs.dll |
ad010a6d16dc872b9df1ae719d4255db | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\setuphlp.dll |
f99ba617f06b2dfd62cd23ae7c9484fd | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssCF71.tmp |
b3113668f356c345dd1efae531e257f8 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssCF72.tmp |
8b8a54e9f3416ba5f4f63fd210b9df40 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssD02B.tmp\nsissetup.exe |
0d2c31cb2284ab5804e63b486aedf027 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssD02B.tmp\setup_plugin.dll |
3a30d6a48390fa807156aa161f6a8189 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\BFVUpdateM.dll |
e02f396387f8aa59fa7cc942638d67ee | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\BaofengUpdate.exe |
a5bfd6a87161d5dfa81cb5c2c6d29488 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\UninstallManager.exe |
a96619564071df84cc892752df062a6d | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\tmp\RegWrite.exe |
e7b4b146a101093e11ce45d203dd907b | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\tmp\XTab_Setup2253.exe |
8a8f5ebe2fd9c2e6325723209b9cdf32 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\tmp\wpm_v20.0.0.2227.exe |
c12e34c6137b6ae3cc141e81dccf0f84 | c:\Users\"%CurrentUserName%"\AppData\Roaming\A0804D56-1430018013-6E51-A934-1069B2C7BDD2\Uninstall.exe |
64caebfbdca2ef8ec782c7ad90e20360 | c:\Users\"%CurrentUserName%"\AppData\Roaming\A0804D56-1430018013-6E51-A934-1069B2C7BDD2\vnstF593.tmp |
c12e34c6137b6ae3cc141e81dccf0f84 | c:\Users\"%CurrentUserName%"\AppData\Roaming\VOPackage\Uninstall.exe |
64caebfbdca2ef8ec782c7ad90e20360 | c:\Users\"%CurrentUserName%"\AppData\Roaming\VOPackage\VOPackage.exe |
a5bfd6a87161d5dfa81cb5c2c6d29488 | c:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\UninstallManager.exe |
086bf9f68879020f08e62f33807f5842 | c:\Windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIconDll |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
pcspeedup.exe:3936
install.exe:2612
PCSUService.exe:604
PCSUService.exe:3100
PCSUService.exe:3444
cvs_mystartsearch.exe:948
BaofengUpdate.exe:3384
BaofengUpdate.exe:2892
nssCF71.tmp:3176
ProtectWindowsManager.exe:3500
ProtectWindowsManager.exe:3460
PCSUSD.exe:4000
ProtectService.exe:3668
ProtectService.exe:3684
wpm_v20.0.0.2227.exe:3440
MSI106D.tmp:3272
pcspeedup.tmp:3952
VOPackage.exe:1780
XTab_Setup2253.exe:3544
HPNotify.exe:3756
coregen.exe:3664
coregen.exe:3576
coregen.exe:3472
coregen.exe:3460
coregen.exe:1132
coregen.exe:3624
coregen.exe:336
coregen.exe:3440
coregen.exe:3208
coregen.exe:3392
coregen.exe:3144
coregen.exe:1244
coregen.exe:2060
coregen.exe:3080
coregen.exe:1108
SpeedCheckerService.exe:3264
cmdshell.exe:3740
%original file name%.exe:2192
PCSUSpeedTest.exe:3468
regsvr32.exe:4004
regsvr32.exe:1072
nssCF72.tmp:3656
Skyhook.exe:912
Silverlight.exe:3240
PCSUNotifier.exe:3972 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-PAARG.tmp\pcspeedup.tmp (50 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SilverlightMSI.log (90000 bytes)
C:\135c1e3ab58ad80afdd7f364\install.res.dll (397 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Silverlight0.log (6780 bytes)
C:\135c1e3ab58ad80afdd7f364\Silverlight.msp (3692 bytes)
%Program Files% (x86)\PC Speed Up\PCSpeedUp.s3db-journal (13980 bytes)
%Program Files% (x86)\PC Speed Up\PCSUService.log (1858 bytes)
%Program Files% (x86)\PC Speed Up\PCSUService-Timer.log (99 bytes)
%Program Files% (x86)\PC Speed Up\PCSUSpeedTest.exe (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\Thumbs.db (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\Man_1.ipk (37339 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\quick_searchff#5.4.10.xpi (1209 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\button1.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\MessageBox.xml (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\code\code6.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\uninstallDlg2.xml (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\tmp\XTab_Setup2253.exe (19594 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\code\code2.jpg (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\2[1].zip (291497 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\code\code3.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\unchecked.png (135 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\BFVUpdateM.dll (1137 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\FBFDE863-3C17-4B82-A5D1-9B8ED5BE6B40.tmp (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\UninstallManager.exe (15958 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\code\code4.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\BaofengUpdate.exe (1206 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\loading_bg.png (159 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\bg.png (1209 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\code\code1.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\sweetsearch!1.0.0.1031.xpi (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\tCE1709AA862C234DD936mp.tmp (144 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\DataBase (7769 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\tmp\RegWrite.exe (1137 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\bk_shadow.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\loading_light.png (139 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\close.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\min.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\535559167_198339_B48A115F[1].htm (72 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\conf (83 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\code\code5.jpg (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\535559167_198339_B48A115F[1].htm (72 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\checkbox_select.png (783 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\428.json (520 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\Man_2.ipk (28823 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\bg1.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\button.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\code\Thumbs.db (42 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\tmp\428.db (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\checkbox.png (545 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\1[1].zip (195558 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\tmp\wpm_v20.0.0.2227.exe (3249 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\checked.png (222 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tmp-RunningMan\images\scrollbar.bmp (37 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\WebDataJs (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\skin\googlelogo.png (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\modules\restoreprefs.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\prefs.js (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\modules\properties.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\bk_shadow.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\skin\default_logo.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\code\code5.jpg (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\A987.tmp (110 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\Thumbs.db (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\content\js\pack\xagainit.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\locale\en\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\content\js\module\hotSearch.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\locale\it\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\locale\es-419\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\content\js\module\mostgrid.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\checkbox_select.png (783 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\locale\fr-CA\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\content\js\lib\jquery-2.1.0.min.js (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\bg1.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\content\js\lib\jquery.autocomplete.js (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\locale\en-US\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\content\index.html (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\modules\last_tab.js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\button.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\locale\fr-LU\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\content\js\pack\common.js (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\modules\misc.js (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\locale\ru\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\locale\ru-MO\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions.json (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\content\js\module\search.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\bg.png (673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\locale\pl\locale.properties (1 bytes)
C:\Users\Public\Desktop\Mozilla Firefox.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\skin\icon.png (628 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\button1.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\skin\google_trends.png (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\locale\tr\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome.manifest (1 bytes)
%Program Files% (x86)\Mozilla Firefox\browser\searchplugins\mystartsearch.xml (565 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\checked.png (222 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\loading_bg.png (159 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\locale\pt-BR\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\scrollbar.bmp (37 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\locale\fr\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\unchecked.png (135 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\skin\style.css (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\content\js\module\stat.js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\locale\it-CH\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\modules\addonmanager.js (531 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\locale\zh-TW\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\skin\newtab.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\defaults\preferences\preferences.js (379 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\code\code3.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\code\code1.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\code\Thumbs.db (42 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\skin\logo.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\content\js\js.js (660 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\content\include\tools\urlrequestor.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions.ini (486 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\close.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\locale\fr-BE\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\install.rdf (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\locale\zh-CN\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\content\quick_start.js (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\content\js\pack\ga.js (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\min.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\code\code4.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\uninstallDlg2.xml (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\A998.tmp (110 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\content\include\tools\popup_image_helper.js (693 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\locale\vi\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\modules\remoterequest.js (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\modules\settings.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\content\include\tools\misc.js (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\code\code6.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\428.json (520 bytes)
C:\Users\Public\Desktop\Google Chrome.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\locale\es\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\MessageBox.xml (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\modules\aes.js (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\content\quick_start.xul (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\content\include\speed_dial.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\UninstallManager.exe (14022 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\checkbox.png (545 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\skin\simple.css (4 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\content\js\lib\doT.min.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\defaults\preferences\fvd.js (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\skin\loading.gif (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\loading_light.png (139 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\content\include\tools\about_blank_hook.js (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1430017864_xpi\chrome\locale\fr-CH\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\mystartsearch\images\code\code2.jpg (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\0[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi84CA.tmp\inetc.dll (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi84C9.tmp (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\B6Z6HGT4.txt (106 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\0[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nse5ACF.tmp (43 bytes)
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\up[1].htm (1 bytes)
C:\ProgramData\WindowsMangerProtect\update\conf (1 bytes)
C:\Windows\Tasks\PC SpeedUp Service Deactivator.job (336 bytes)
%Program Files% (x86)\PC Speed Up\Sqlite3.dll (585 bytes)
%Program Files% (x86)\XTab\msvcp110.dll (536 bytes)
%Program Files% (x86)\XTab\msvcr110.dll (876 bytes)
C:\ProgramData\IHProtectUpDate\update\conf (5 bytes)
%Program Files% (x86)\XTab\CmdShell.exe (32 bytes)
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (2444 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\coregen.exe (69 bytes)
%Program Files% (x86)\PC Speed Up\unins000.exe (49 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up\PC Speed Up.lnk (1 bytes)
%Program Files% (x86)\PC Speed Up\is-SBV4J.tmp (3361 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-TRMF5.tmp\_isetup\_shfoldr.dll (47 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-TRMF5.tmp\Silverlight.exe (1738736 bytes)
%Program Files% (x86)\PC Speed Up\is-0OS0F.tmp (2321 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\is-SNE55.tmp (20 bytes)
%Program Files% (x86)\PC Speed Up\is-29LNJ.tmp (21 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\is-SG3HV.tmp (54589 bytes)
%Program Files% (x86)\PC Speed Up\is-F2546.tmp (31891 bytes)
%Program Files% (x86)\PC Speed Up\is-8PBKC.tmp (673 bytes)
%Program Files% (x86)\PC Speed Up\is-6KBMV.tmp (48 bytes)
%Program Files% (x86)\PC Speed Up\unins000.msg (864 bytes)
%Program Files% (x86)\PC Speed Up\is-3GVGP.tmp (3361 bytes)
%Program Files% (x86)\PC Speed Up\PCSULauncher.exe (81 bytes)
%Program Files% (x86)\PC Speed Up\is-IPS4T.tmp (23 bytes)
%Program Files% (x86)\PC Speed Up\is-8FSMN.tmp (2321 bytes)
%Program Files% (x86)\PC Speed Up\is-65J6L.tmp (1 bytes)
%Program Files% (x86)\PC Speed Up\is-PB612.tmp (601 bytes)
%Program Files% (x86)\PC Speed Up\is-RIIRJ.tmp (673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-TRMF5.tmp\PCSUNotifier.exe (2465 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-TRMF5.tmp\PopupNotification.dll (2321 bytes)
%Program Files% (x86)\PC Speed Up\is-V7JN2.tmp (6841 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-TRMF5.tmp\Sqlite3.dll (3361 bytes)
%Program Files% (x86)\PC Speed Up\SpeedCheckerService.exe (24 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-TRMF5.tmp\itdownload.dll (1489 bytes)
%Program Files% (x86)\PC Speed Up\App.config (3718 bytes)
%Program Files% (x86)\PC Speed Up\is-S2DD8.tmp (55 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-TRMF5.tmp\_isetup\_setup64.tmp (6 bytes)
%Program Files% (x86)\PC Speed Up\is-V94DR.tmp (1425 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\is-S7P3F.tmp (28 bytes)
%Program Files% (x86)\PC Speed Up\is-BSQHS.tmp (2321 bytes)
%Program Files% (x86)\PC Speed Up\PCSUService.conf (605 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\is-JF5OQ.tmp (1 bytes)
%Program Files% (x86)\PC Speed Up\is-EKJKL.tmp (265 bytes)
%Program Files% (x86)\PC Speed Up\is-QCKKO.tmp (889 bytes)
%Program Files% (x86)\PC Speed Up\is-3GHQ8.tmp (4545 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-TRMF5.tmp\delete_me_reportInstall.txt (2 bytes)
%Program Files% (x86)\PC Speed Up\is-1IA04.tmp (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Setup Log 2015-04-26 #001.txt (585081 bytes)
%Program Files% (x86)\PC Speed Up\is-A5LBU.tmp (2105 bytes)
%Program Files% (x86)\PC Speed Up\uninstaller.dat (1281 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-TRMF5.tmp\WebBrowser.dll (2763 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up\Uninstall PC Speed Up.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\is-55LAA.tmp (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\is-C42T5.tmp (7 bytes)
%Program Files% (x86)\PC Speed Up\is-50NHH.tmp (1425 bytes)
C:\Users\"%CurrentUserName%"\Desktop\PC Speed Up.lnk (1 bytes)
%Program Files% (x86)\PC Speed Up\is-QOQI6.tmp (47 bytes)
%Program Files% (x86)\PC Speed Up\unins000.dat (53168 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\is-BA2BP.tmp (601 bytes)
%Program Files% (x86)\PC Speed Up\PCSUSD.exe (405 bytes)
%Program Files% (x86)\PC Speed Up\is-95IRN.tmp (601 bytes)
%Program Files% (x86)\PC Speed Up\is-0OSRR.tmp (7726 bytes)
%Program Files% (x86)\PC Speed Up\PCSUService.exe (446 bytes)
%Program Files% (x86)\PC Speed Up\is-MBUJ4.tmp (35 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\is-MNGUG.tmp (4 bytes)
%Program Files% (x86)\PC Speed Up\is-LMJL1.tmp (12 bytes)
%Program Files% (x86)\PC Speed Up\is-1MP8Q.tmp (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiF41B.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsdD83B.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsoF611.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn8ABB.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nstEEDA.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsy87EC.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssCF71.tmp (3656 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nstD53D.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiF778.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyC0EF.tmp\WmiInspector.dll (2840 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd8944.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiF2E2.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsoFA58.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiD28C.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nst900B.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nst8646.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nst9192.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi8480.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage\Configure.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\stats[1].htm (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyD907.tmp (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsdD134.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyC0EF.tmp\IpConfig.dll (3440 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyD6E3.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\A0804D56-1430018013-6E51-A934-1069B2C7BDD2\vnstF593.tmp (1425 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsy92EA.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd9442.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsoD3E5.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyC0EF.tmp\inetc.dll (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nstEDA1.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\heu39T.nss (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyC0EF.tmp\System.dll (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\VOPackage\VOPackage.exe (1748 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyF1B9.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\VOPackage\Uninstall.exe (1336 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsoF8D1.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd95C9.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\A0804D56-1430018013-6E51-A934-1069B2C7BDD2\Uninstall.exe (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\count_vn[1].htm (2888 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyF080.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyCD6E.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi8E45.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\count_vc[1].htm (5984 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssCF72.tmp (7288 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\SLMSPRBootstrap.dll (618 bytes)
%Program Files% (x86)\Microsoft Silverlight\xapauthenticodesip.dll (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\ELL.dll (3406 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\favicon.bmp (894 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\CHT.dll (1601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\SetupHelper.exe (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\GoogleChrome.ini (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\LTH.dll (3722 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\RegPageTrialInfo.ini (796 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\RUS.dll (5110 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\GoogleToolbar.ini (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\nsDialogs.dll (21 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\License.rtf (814 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\modern-header.bmp (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\PTB.dll (5114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\modern-wizard.bmp (7192 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\SLV.dll (1921 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\PLK.dll (3730 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\RegPageEmail.ini (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\ReinstPage.ini (478 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\BIH.dll (3730 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\InstallOptions.dll (31 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\GoogleToolbar.bmp (2392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\SVE.dll (3726 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\setuphlp.dll (165851 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\SKY.dll (3410 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\ESN.dll (5118 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\GoogleChromeIcon.bmp (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\ITA.dll (5118 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\ENU.dll (3722 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\HEB.dll (3402 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\HRV.dll (5110 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\ARA.dll (3402 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsy51F.tmp (316027 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\AFK.dll (29 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\NLB.dll (3718 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\LVI.dll (1913 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\DAN.dll (3726 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\ioSpecial.ini (8566 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\JPN.dll (2461 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\KOR.dll (1601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\FRA.dll (5123 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\OCSetupHlp.dll (27504 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\DAEMON_Chrome.bmp (7192 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\CHS.dll (1601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\MountSpace.ini (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\RegPagePaidInfo.ini (7109 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\CAT.dll (3730 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\translate-icon.bmp (894 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\gcapi_dll.dll (16424 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\share-icon.bmp (838 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\SetupWaitPage.bmp (8184 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\DEU.dll (5118 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\JRYI-Toolbar.exe (20624 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\FIN.dll (3730 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\HUN.dll (3402 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\gtapi.dll (2392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\IND.dll (3722 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\ROM.dll (3406 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\license.bmp (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\CSY.dll (3726 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\TRK.dll (2465 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\KAT.dll (3726 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\moutspace-bg.bmp (22552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\NOR.dll (5110 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\JRYI-Chrome.exe (20624 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\DTSetupHelper.exe (6532 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\GLC.dll (1917 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\BGR.dll (5118 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\WaitPage.ini (642 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\UKR.dll (5110 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\SRL.dll (3730 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\System.dll (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\RegPageType.ini (9662 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\Lang\HYE.dll (3402 bytes)
%Program Files% (x86)\XTab\web\img\loading.gif (5 bytes)
%Program Files% (x86)\XTab\skin\btn.png (2 bytes)
%Program Files% (x86)\XTab\install.data (68 bytes)
%Program Files% (x86)\XTab\web\_locales\zh-CN\messages.json (3 bytes)
%Program Files% (x86)\XTab\web\_locales\en-US\messages.json (3 bytes)
%Program Files% (x86)\XTab\HPNotify.exe (18514 bytes)
%Program Files% (x86)\XTab\conf (1638 bytes)
%Program Files% (x86)\XTab\ffsearch_toolbar!1.0.0.1031.xpi (15 bytes)
%Program Files% (x86)\XTab\BrowerWatchFF.dll (23 bytes)
%Program Files% (x86)\XTab\web\_locales\es-419\messages.json (3 bytes)
%Program Files% (x86)\XTab\web\indexIE8.html (1794 bytes)
%Program Files% (x86)\XTab\web\js\library.js (4216 bytes)
%Program Files% (x86)\XTab\web\_locales\pt\messages.json (4 bytes)
%Program Files% (x86)\XTab\web\ver.txt (47 bytes)
%Program Files% (x86)\XTab\web\_locales\fr-BE\messages.json (3 bytes)
%Program Files% (x86)\XTab\skin\input_bk.png (2 bytes)
%Program Files% (x86)\XTab\web\_locales\pl\messages.json (3 bytes)
%Program Files% (x86)\XTab\web\_locales\it-IT\messages.json (4 bytes)
%Program Files% (x86)\XTab\skin\conf_back.png (1623 bytes)
%Program Files% (x86)\XTab\web\_locales\fr-CA\messages.json (3 bytes)
%Program Files% (x86)\XTab\uninstall.exe (1343 bytes)
%Program Files% (x86)\XTab\skin\btn_apply.png (6 bytes)
%Program Files% (x86)\XTab\skin\conf.xml (8 bytes)
%Program Files% (x86)\XTab\web\indexIE.html (1 bytes)
%Program Files% (x86)\XTab\web\_locales\ru-MO\messages.json (4 bytes)
%Program Files% (x86)\XTab\web\js\xagainit-ie8.js (4 bytes)
%Program Files% (x86)\XTab\skin\about_bk.png (1436 bytes)
%Program Files% (x86)\XTab\web\_locales\es-ES\messages.json (3 bytes)
%Program Files% (x86)\XTab\skin\main.xml (4 bytes)
%Program Files% (x86)\XTab\web\img\icon48.png (3 bytes)
%Program Files% (x86)\XTab\BrowserAction.dll (33992 bytes)
%Program Files% (x86)\XTab\skin\radio_2.png (3 bytes)
%Program Files% (x86)\XTab\searchProvider.xml (8 bytes)
%Program Files% (x86)\XTab\web\_locales\it-CH\messages.json (3 bytes)
%Program Files% (x86)\XTab\ProtectService.exe (5469 bytes)
%Program Files% (x86)\XTab\web\js\js.js (18 bytes)
%Program Files% (x86)\XTab\web\_locales\fr-CH\messages.json (3 bytes)
%Program Files% (x86)\XTab\skin\logo.png (5 bytes)
%Program Files% (x86)\XTab\web\js\xagainit2.0.js (4 bytes)
%Program Files% (x86)\XTab\web\main.css (19 bytes)
%Program Files% (x86)\XTab\web\_locales\vi-VI\messages.json (4 bytes)
%Program Files% (x86)\XTab\web\_locales\ru\messages.json (4 bytes)
%Program Files% (x86)\XTab\skin\close.png (3 bytes)
%Program Files% (x86)\XTab\web\data.html (20 bytes)
%Program Files% (x86)\XTab\web\img\logo32.ico (4 bytes)
%Program Files% (x86)\XTab\web\img\icon128.png (9 bytes)
%Program Files% (x86)\XTab\web\js\jquery.autocomplete.js (12 bytes)
%Program Files% (x86)\XTab\skin\about.png (4 bytes)
%Program Files% (x86)\XTab\BrowerWatchCH.dll (23 bytes)
%Program Files% (x86)\XTab\web\_locales\fr-FR\messages.json (3 bytes)
%Program Files% (x86)\XTab\web\img\icon16.png (628 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxE3BA.tmp\System.dll (23 bytes)
%Program Files% (x86)\XTab\skin\settings.png (5 bytes)
%Program Files% (x86)\XTab\web\js\jquery-1.11.0.min.js (4726 bytes)
%Program Files% (x86)\XTab\web\_locales\fr-LU\messages.json (3 bytes)
%Program Files% (x86)\XTab\web\js\ga.js (1568 bytes)
%Program Files% (x86)\XTab\web\js\common.js (2 bytes)
%Program Files% (x86)\XTab\web\_locales\tr-TR\messages.json (4 bytes)
%Program Files% (x86)\XTab\SupTab.dll (15928 bytes)
%Program Files% (x86)\XTab\IeWatchDog.dll (20 bytes)
%Program Files% (x86)\XTab\web\_locales\pt-BR\messages.json (4 bytes)
%Program Files% (x86)\XTab\web\img\google_trends.png (7 bytes)
%Program Files% (x86)\XTab\web\_locales\zh-TW\messages.json (3 bytes)
%Program Files% (x86)\XTab\skin\rigth_arrow.png (2 bytes)
%Program Files% (x86)\XTab\skin\radio_1.png (3 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.Windows.RuntimeHost.ni.dll (8729 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.Windows.RuntimeHost.dll (32 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.Windows.ni.dll (932 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.Windows.Xna.dll (49 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.Windows.Xna.ni.dll (13798 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\Microsoft.Xna.Framework.ni.dll (17751 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\Microsoft.Xna.Framework.dll (49 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\Microsoft.Xna.Framework.Graphics.ni.dll (940 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\Microsoft.Xna.Framework.Graphics.Shaders.ni.dll (5844 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\Microsoft.Xna.Framework.Graphics.Shaders.dll (24 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.Xml.ni.dll (94223 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.Xml.dll (323 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.ServiceModel.ni.dll (123677 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.ServiceModel.dll (520 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.Windows.dll (49 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.Net.ni.dll (612 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\Microsoft.Xna.Framework.Graphics.dll (65 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.ServiceModel.Web.ni.dll (17059 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.ServiceModel.Web.dll (73 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.Runtime.Serialization.ni.dll (922 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.Windows.Browser.dll (131 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.Windows.Browser.ni.dll (40448 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\mscorlib.ni.dll (616960 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\coreclr.dll (291 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\mscorrc.dll (12 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\mscorlib.dll (49 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.Net.dll (229 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.Core.ni.dll (579 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.Core.dll (561 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.ni.dll (900 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\system.dll (241 bytes)
%Program Files% (x86)\Microsoft Silverlight\5.1.30514.0\System.Runtime.Serialization.dll (438 bytes)
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E6B84D30E5F69CEB3278532D063D4504 (25 bytes)
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\74FBF93595CFC8459196065CE54AD928 (312 bytes)
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4 (471 bytes)
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D2B5168CDD0EBF4C0C8EA1C3A1FAE07F_87AABC5017C6189B392FD9DCB59F943F (704 bytes)
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D7 (1504 bytes)
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D2B5168CDD0EBF4C0C8EA1C3A1FAE07F_87AABC5017C6189B392FD9DCB59F943F (471 bytes)
%Program Files% (x86)\PC Speed Up\Speedchecker.log (4481 bytes)
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\74FBF93595CFC8459196065CE54AD928 (1 bytes)
%Program Files% (x86)\PC Speed Up\agsXMPP.dll (540 bytes)
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4 (1480 bytes)
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E6B84D30E5F69CEB3278532D063D4504 (324 bytes)
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D7 (727 bytes)
%Program Files% (x86)\PC Speed Up\SpeedCheckerService.InstallState (196 bytes)
%Program Files% (x86)\PC Speed Up\SpeedCheckerService.InstallLog (720 bytes)
C:\Windows\System32\config\SYSTEM (3355 bytes)
%Program Files% (x86)\PC Speed Up\InstallUtil.InstallLog (684 bytes)
C:\Windows\System32\config\SYSTEM.LOG1 (4619 bytes)
C:\$Directory (768 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssD02B.tmp\nsissetup.exe (12626 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssD02B.tmp\setup_plugin.dll (30 bytes)
%Program Files% (x86)\PC Speed Up\ManagedWifi.dll (36 bytes)
%Program Files% (x86)\PC Speed Up\SharpBrake.dll (49 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4 (1480 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D7 (1504 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D7 (727 bytes)
%Program Files% (x86)\PC Speed Up\Skyhook.exe (184 bytes)
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new (848 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D2B5168CDD0EBF4C0C8EA1C3A1FAE07F_87AABC5017C6189B392FD9DCB59F943F (1520 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4 (471 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D2B5168CDD0EBF4C0C8EA1C3A1FAE07F_87AABC5017C6189B392FD9DCB59F943F (471 bytes)
C:\Windows\System32\config\SOFTWARE (116274 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\74FBF93595CFC8459196065CE54AD928 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\74FBF93595CFC8459196065CE54AD928 (312 bytes)
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new (848 bytes)
C:\Windows\System32\config\SOFTWARE.LOG1 (160036 bytes)
%Program Files% (x86)\PC Speed Up\SpeedChecker.dll (94 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\last\js\jquery-1.10.2.min.js (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\261dd182d36861fec9a217cc812a9f9a\js\jquery-1.10.2.min.js (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\262bebb37d687dabfd48d85e0de76564\css\style.css (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\261dd182d36861fec9a217cc812a9f9a\css\style.css (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\progress.zip.part (5654 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\043f2a479dd1cbb7e630929e145583f8\index.html (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\last\index.html (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\dad4890a8fda856f77d8f153dc13db68\img\img1.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\exe\dad4890a8fda856f77d8f153dc13db68\VOPackage.exe.part (20091 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\262bebb37d687dabfd48d85e0de76564\uifile.zip.part (1968 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\151.gif (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\progress-bar.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\base\js\jquery-1.10.2.min.js (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\dad4890a8fda856f77d8f153dc13db68\index.html (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\br-bg.png (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\261dd182d36861fec9a217cc812a9f9a\img\img1.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\br-rb.png (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\261dd182d36861fec9a217cc812a9f9a\index.html (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\dad4890a8fda856f77d8f153dc13db68\css\style.css (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\043f2a479dd1cbb7e630929e145583f8\img\img1.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\initWindow\progress.html (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\262bebb37d687dabfd48d85e0de76564\img\img1.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\bar-bg.png (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\last\css\style.css (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\index.html (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\261dd182d36861fec9a217cc812a9f9a\img\progress.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\bar-lb.png (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLGD123.tmp (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\base\index.html (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\exe\261dd182d36861fec9a217cc812a9f9a\DTLite4461-0327.exe.part (903094 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\262bebb37d687dabfd48d85e0de76564\js\jquery-1.10.2.min.js (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\043f2a479dd1cbb7e630929e145583f8\css\style.css (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\262bebb37d687dabfd48d85e0de76564\index.html (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\js\jquery-1.10.2.min.js (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\progress.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\br-lb.png (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\loadingImage\loadingImage.bmp (55014 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\initWindow\css\style.css (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\last\img\img1.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\last\last.zip.part (1968 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\css\style.css (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\br-b.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\dad4890a8fda856f77d8f153dc13db68\js\jquery-1.10.2.min.js (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\043f2a479dd1cbb7e630929e145583f8\js\jquery-1.10.2.min.js (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\exe\043f2a479dd1cbb7e630929e145583f8\pcspeedup.exe.part (421975 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\logo.png50x50[1].jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\icon.png (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\bar-rb.png (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\261dd182d36861fec9a217cc812a9f9a\uifile.zip.part (2937 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\initWindow\noconnection.html (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\043f2a479dd1cbb7e630929e145583f8\uifile.zip.part (2933 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\dad4890a8fda856f77d8f153dc13db68\uifile.zip.part (2933 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\img1.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\base\base.zip.part (1964 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\base\css\style.css (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\261dd182d36861fec9a217cc812a9f9a\img\progress-bar.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\exe\262bebb37d687dabfd48d85e0de76564\cvs_mystartsearch.exe.part (45604 bytes)
%Program Files% (x86)\PC Speed Up\PCSUHelper.dll (286 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\QGQ329ST.txt (106 bytes)
%Program Files% (x86)\PC Speed Up\wpsapi.dll (49 bytes)
C:\135c1e3ab58ad80afdd7f364\silverlight.7z (100007 bytes)
C:\135c1e3ab58ad80afdd7f364\$shtdwn$.req (788 bytes)
C:\135c1e3ab58ad80afdd7f364\silverlight.msi (364 bytes)
C:\135c1e3ab58ad80afdd7f364\install.exe (3678 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"PCSpeedUp" = "%Program Files% (x86)\PC Speed Up\PCSUNotifier.exe" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 22738 | 23040 | 4.45908 | c69726ed422d3dcfdec9731986daa752 |
.rdata | 28672 | 4496 | 4608 | 3.59034 | a2c7710fa66fcbb43c7ef0ab9eea5e9a |
.data | 36864 | 110456 | 1024 | 3.20082 | e59cdcb732e4bfbc84cc61dd68354f78 |
.ndata | 147456 | 32768 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
.rsrc | 180224 | 15944 | 16384 | 4.37926 | ea72fff0d02b00b8667f1681d6590832 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
URL | IP |
---|---|
hxxp://dlg-configs-weu.cloudapp.net/ | |
hxxp://dlg-configs-weu.cloudapp.net/config-from-production | |
hxxp://dlg-messages-weu.cloudapp.net/1/dg/3 | |
hxxp://cs1.wpc.v0cdn.net/public-source/downloadguide/soft-warenet/1.0/default/campaigns/product website/ui/base.zip | |
hxxp://cs1.wpc.v0cdn.net/public-source/downloadguide/soft-warenet/1.0/default/campaigns/product website/ui/soft-warenet-flow-5-text-en-us.zip | |
hxxp://cs1.wpc.v0cdn.net/public-source/downloadguide/soft-warenet/1.0/default/campaigns/product website/ui/progress.zip | |
hxxp://cs1.wpc.v0cdn.net/public-source/downloadguide/soft-warenet/1.0/default/campaigns/product website/ui/vuupc-single-text-en-us.zip | |
hxxp://cs1.wpc.v0cdn.net/public-source/downloadguide/soft-warenet/1.0/default/campaigns/product website/ui/last.zip | |
hxxp://cs1.wpc.v0cdn.net/public-source/downloadguide/soft-warenet/1.0/default/campaigns/product website/ui/websearches-single-text-en-us.zip | |
hxxp://cs1.wpc.v0cdn.net/public-source/downloadguide/soft-warenet/1.0/default/campaigns/product website/ui/pcspeedup-single-text-en-us.zip | |
hxxp://www.soft-ware.net/media/e5/65/4fd8d03e8d89a93218c9e565/images/resized/logo.png50x50.jpg | 148.251.96.144 |
hxxp://d2drfrdurj6mvo.cloudfront.net/liyan/cvs_mystartsearch.exe | 54.239.168.138 |
hxxp://xa.xingcloud.com/v4/sof-installer/535559167_198339_B48A115F?action1=xa.geoip&action2=visit&action3=cvs.visit.mystartsearch&update1=ref,cvs&update2=identifier,installer&update3=version,6.3.7602.2124&update4=nation,us&update5=language,en | 65.255.35.150 |
hxxp://dzqx32c9j9ub.cloudfront.net/3493/1 | 54.239.168.165 |
hxxp://dlrkbt247pbk6.cloudfront.net/3493_bd05aad78249b1c64e2595545bff63b4/1.zip | 54.230.201.145 |
hxxp://xa.xingcloud.com/v4/sof-installer/535559167_198339_B48A115F?action=cvs.dlzip1.mystartsearch.finish,1 | 65.255.35.150 |
hxxp://log.very911.com/install.gif?bundle=mystartsearch&ptid=cvs&uid=535559167_198339_B48A115F | 184.173.191.224 |
hxxp://xa.xingcloud.com/v4/sof-installer/535559167_198339_B48A115F?action=cvs.installer.mystartsearch.ds | 65.255.35.150 |
hxxp://xa.xingcloud.com/v4/sof-installer/535559167_198339_B48A115F?action=cvs.installer.mystartsearch.hp | 65.255.35.150 |
hxxp://xa.xingcloud.com/v4/sof-installer/535559167_198339_B48A115F?action=cvs.installer.mystartsearch.regok | 65.255.35.150 |
hxxp://download.dynect.mozilla.net/?product=firefox-34.0.5-complete&os=win&lang=en-US | |
hxxp://www.google.com/ | 173.194.113.208 |
hxxp://www.google.com.ua/?gfe_rd=cr&ei=Slc8VYfXDM2DNMm7geAF | 173.194.113.216 |
hxxp://a1284.g.akamai.net/pub/firefox/releases/34.0.5/update/win32/en-US/firefox-34.0.5.complete.mar | |
hxxp://xa.xingcloud.com/v4/sof-installer/535559167_198339_B48A115F?action=cvs.installer.mystartsearch.nt.ff.tab | 65.255.35.150 |
hxxp://xa.xingcloud.com/v4/sof-installer/535559167_198339_B48A115F?action=cvs.installer.mystartsearch.finish | 65.255.35.150 |
hxxp://dzqx32c9j9ub.cloudfront.net/3493/2 | 54.239.168.165 |
hxxp://dlrkbt247pbk6.cloudfront.net/3493_819a0752ed22bbe95df8b308cb03ea5a/2.zip | 54.230.201.145 |
hxxp://xa.xingcloud.com/v4/sof-installer/535559167_198339_B48A115F?action=cvs.installer.mystartsearch.wpm | 65.255.35.150 |
hxxp://xa.xingcloud.com/v4/sof-installer/535559167_198339_B48A115F?action=cvs.installer.mystartsearch.ient | 65.255.35.150 |
hxxp://xa.xingcloud.com/v4/sof-installer/535559167_198339_B48A115F?action=cvs.installer.mystartsearch.RegWrite | 65.255.35.150 |
hxxp://xa.xingcloud.com/v4/sof-ient/535559167_198339_B48A115F?action0=xa.geoip&action2=visit&update0=ref,cvs&update1=nation,us&update2=language,en&update3=version,2.8.8.2102&update4=chptid,cvs | 65.255.35.150 |
hxxp://xa.xingcloud.com/v4/sof-ient/535559167_198339_B48A115F?action1=install.cvs | 65.255.35.150 |
hxxp://p-rumo00.kxcdn.com/partners/pcspeedup.exe | |
hxxp://xa.xingcloud.com/v4/searchprotect/535559167_198339_B48A115F?action=visit.heartbeat.cvs&update0=ref,cvs&update1=nation,us&update2=language,en&update3=version,4.0.1.2253 | 65.255.35.150 |
hxxp://pcspeeduplog.com/log?index=cc9534a2adc111e286841231390e9c34&sourcetype=installer | |
hxxp://pcspeeduplog.com/1/inputs/http?index=cc9534a2adc111e286841231390e9c34&sourcetype=installer | |
hxxp://a767.dscms.akamai.net/download/F/8/C/F8C0EACB-92D0-4722-9B18-965DD2A681E9/30514.00/Silverlight.exe | |
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8375aa7c3aaffcf1 | |
hxxp://a1284.g.akamai.net/pki/crl/products/MicCodSigPCA_08-31-2010.crl | |
hxxp://pcspeeduplog.com/1/inputs/http?index=cc9534a2adc111e286841231390e9c34&sourcetype=service | |
hxxp://safedownloadapi.cloudapp.net/featurelimit.aspx?productID=1&uniqueID=BC8DD994-FD51-4D87-B86E-7BF4AAB4FDC1&requestID=&version=3.9.8.0&language=&campaignID=&QuickScan=0 | |
hxxp://crt.comodoca.com/COMODORSAAddTrustCA.crt | 178.255.83.2 |
hxxp://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI= | 178.255.83.1 |
hxxp://safedownloadapi.cloudapp.net/reportInstall.aspx?productID=1&version=3.9.8.0&uniqueID=BC8DD994-FD51-4D87-B86E-7BF4AAB4FDC1&affID=2380&keyword=installer&campaignID=ppi_2380_installer&requestID= | |
hxxp://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69+Aj36pvE8hI6t7jiY7NkyMtQCEC58h8wOk0pS/pT9HLfNNK8= | 178.255.83.1 |
hxxp://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSSdxXdG447ymkRNPVViULv3rkBzQQUKZFg/4pN+uv5pmq4z/nmS71JzhICEHdZvl5azuWSrxlVW1KM5y8= | 178.255.83.1 |
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/authrootstl.cab?8d62786b8a611e50 | |
hxxp://broadbandspeedchecker.cloudapp.net/Servers.svc | |
hxxp://a1284.g.akamai.net/pki/crl/products/microsoftrootcert.crl | |
hxxp://151.236.26.173/random10.jpg?guid=938a2fae-271d-42f8-b7a6-73a7e588e39f&ticks=9T635656147234101936 | |
hxxp://151.236.26.173/random10.jpg?guid=938a2fae-271d-42f8-b7a6-73a7e588e39f&ticks=8T635656147234101936 | |
hxxp://151.236.26.173/random10.jpg?guid=938a2fae-271d-42f8-b7a6-73a7e588e39f&ticks=7T635656147234101936 | |
hxxp://crt.comodoca.com/COMODORSACodeSigningCA.crl | 178.255.83.2 |
hxxp://151.236.26.173/upload.php | |
hxxp://54.235.117.243/ | |
hxxp://23.97.200.175/SessionBot.svc/LogIn?uniqueID=bc8dd994-fd51-4d87-b86e-7bf4aab4fdc1&JID=143335088114301794224503@performancetests.pcspeedup.com/ua|1.0.14.0|bc8dd994-fd51-4d87-b86e-7bf4aab4fdc1|0|null&version=1.0.14.0&countryCode=ua | |
hxxp://95.211.189.17/SysInfo/count_vn.php?ch=test | |
hxxp://broadbandspeedchecker.cloudapp.net/TakenTests.svc | |
hxxp://pcspeeduplog.com/1/inputs/http?index=cc9534a2adc111e286841231390e9c34&sourcetype=speedtest | |
hxxp://95.211.189.17/SysInfo/count_vc.php?ch=test | |
hxxp://95.211.189.17/SysInfo/glob.php?ch=test&sof=4 | |
hxxp://ec2-54-235-117-243.compute-1.amazonaws.com/ | |
hxxp://sstatic1.histats.com/0.gif?2920545&101 | 208.43.241.181 |
hxxp://sstatic1.histats.com/0.gif?2920516&101 | 208.43.241.181 |
hxxp://www.theviilage.com/searchprotect/up?ptid=cvs&sid=IHProtectPlugin&ln=en_us&ver=4.0.1.2253&uid=535559167_198339_B48A115F&dp=0 | 50.97.33.37 |
hxxp://95.211.189.17/vuupc/stats.php | |
hxxp://www.soft-ware.net/media/e5/65/4fd8d03e8d89a93218c9e565/download/b | 148.251.96.144 |
hxxp://dt.web-search-home.com/getsettings?query=nS4a1/oVbU6Q99uIRNKVE+/vPOOkGCX04WBXR7pdK/UKcGWB+Rqy0NTAeyD4Sb/ziarEhWj7HN5nXXj2qWaNwxVXn6EikLycAMKB/i3j0PQE9RFK9YaMPY1tOXp7CoA5I0G8etbIuG9ofZP1IeMKZP4ShkeXaNCevjkr0AZe+vo= | 50.7.244.109 |
hxxp://a767.dscms.akamai.net/pki/crl/products/WinPCA.crl | |
hxxp://a767.dscms.akamai.net/pki/crl/products/MicrosoftTimeStampPCA.crl | |
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/D69B561148F01C77C54578C10926DF5B856976AD.crt?fb2283c00361ac01 | |
hxxp://crl.globalsign.net/root-r3.crl | 108.162.232.196 |
hxxp://crl.globalsign.net/gscodesignsha2g2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQpEOCqbmTiQA9OjY//t2aa8NSkuwQUGUq4WuRNMaUU5V7sL6Mc+oCMMmsCEhEhJz1lhSyxS2RYZQVJ48M2bQ== | 108.162.232.196 |
hxxp://crl.globalsign.net/root.crl | 108.162.232.196 |
hxxp://crl.globalsign.net/gscodesigng2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRruLd2WRFk6cRYGFIqkQ4J8hxDogQUCG7YtpyKv+0+18N0XcyAH6gvUHoCEhEhhrE10BUs2OqNBLZ9KgzPNA== | 108.162.232.196 |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c= | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEALa8SdwQh28+NjkQGqVhx8= | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEGO+CyDUoFQBjrKVo87pCRc= | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= | |
hxxp://ocsp.godaddy.com.akadns.net//MEIwQDA+MDwwOjAJBgUrDgMCGgUABBQdI2+OBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc= | 72.167.239.239 |
hxxp://ocsp.godaddy.com.akadns.net//MEowSDBGMEQwQjAJBgUrDgMCGgUABBS2CA1fbGt26xPkOKX4ZguoUjM0TgQUQMK9J47MNIMwojPX+2yz8LQsgM4CCQD+rJ0jfxxchg== | 72.167.239.239 |
hxxp://crl.globalsign.net/gs/gscodesigng2.crl | 108.162.232.196 |
hxxp://sstatic1.histats.com/0.gif?2920547&101 | 208.43.241.181 |
hxxp://sstatic1.histats.com/0.gif?2920520&101 | 208.43.241.181 |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAKQll6RM0DNpmNM7zH3/Qc= | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTEemCaVgs8Tuh2B9fGVE0pKKNyzgQUTF+nNhcF4oZhIkk5jLmo40rgOBoCEC6utoKGY/7ZdVX4/iTzOxo= | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRODEXefhs/UZFum2o8YfzOFwceMwQUkz5j3yJ0BOBkhDHd2yOfDq+2TZMCEA89qsgV9niZmSI6gIO0S/U= | |
hxxp://www.pcspeeduplog.com/log?index=cc9534a2adc111e286841231390e9c34&sourcetype=installer | 212.71.248.160 |
hxxp://az687722.vo.msecnd.net/public-source/downloadguide/soft-warenet/1.0/default/campaigns/product website/ui/vuupc-single-text-en-us.zip | 68.232.34.200 |
hxxp://crl.comodoca.com/COMODORSACodeSigningCA.crl | |
hxxp://pcspeedup-7ff.kxcdn.com/partners/pcspeedup.exe | 194.63.141.18 |
hxxp://livestatscounter.com/SysInfo/count_vc.php?ch=test | |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEALa8SdwQh28+NjkQGqVhx8= | 23.51.123.27 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c= | 23.51.123.27 |
hxxp://clients1.google.com/ocsp | 216.58.209.174 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRODEXefhs/UZFum2o8YfzOFwceMwQUkz5j3yJ0BOBkhDHd2yOfDq+2TZMCEA89qsgV9niZmSI6gIO0S/U= | 23.51.123.27 |
hxxp://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69+Aj36pvE8hI6t7jiY7NkyMtQCEC58h8wOk0pS/pT9HLfNNK8= | 178.255.83.1 |
hxxp://az687722.vo.msecnd.net/public-source/downloadguide/soft-warenet/1.0/default/campaigns/product website/ui/websearches-single-text-en-us.zip | 68.232.34.200 |
hxxp://download.cdn.mozilla.net/pub/firefox/releases/34.0.5/update/win32/en-US/firefox-34.0.5.complete.mar | 87.245.216.26 |
hxxp://az687722.vo.msecnd.net/public-source/downloadguide/soft-warenet/1.0/default/campaigns/product website/ui/base.zip | 68.232.34.200 |
hxxp://dlg-configs.buzzrin.de/config-from-production | |
hxxp://www.pcspeeduplog.com/1/inputs/http?index=cc9534a2adc111e286841231390e9c34&sourcetype=speedtest | 212.71.248.160 |
hxxp://download.microsoft.com/download/F/8/C/F8C0EACB-92D0-4722-9B18-965DD2A681E9/30514.00/Silverlight.exe | 87.245.216.35 |
hxxp://crl.microsoft.com/pki/crl/products/WinPCA.crl | 87.245.216.33 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTEemCaVgs8Tuh2B9fGVE0pKKNyzgQUTF+nNhcF4oZhIkk5jLmo40rgOBoCEC6utoKGY/7ZdVX4/iTzOxo= | 23.51.123.27 |
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/D69B561148F01C77C54578C10926DF5B856976AD.crt?fb2283c00361ac01 | 87.245.216.19 |
hxxp://www.pcspeeduplog.com/1/inputs/http?index=cc9534a2adc111e286841231390e9c34&sourcetype=service | 212.71.248.160 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAKQll6RM0DNpmNM7zH3/Qc= | 23.51.123.27 |
hxxp://download.mozilla.org/?product=firefox-34.0.5-complete&os=win&lang=en-US | 63.245.217.36 |
hxxp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl | 87.245.216.33 |
hxxp://www.speedcheckerapi.com/TakenTests.svc | 137.116.198.61 |
hxxp://www.pcspeeduplog.com/1/inputs/http?index=cc9534a2adc111e286841231390e9c34&sourcetype=installer | 212.71.248.160 |
hxxp://ocsp2.globalsign.com/gscodesigng2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRruLd2WRFk6cRYGFIqkQ4J8hxDogQUCG7YtpyKv+0+18N0XcyAH6gvUHoCEhEhhrE10BUs2OqNBLZ9KgzPNA== | 108.162.232.204 |
hxxp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl | 87.245.216.33 |
hxxp://www.speedcheckerapi.com/Servers.svc | 137.116.198.61 |
hxxp://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl | 87.245.216.33 |
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8375aa7c3aaffcf1 | 87.245.216.19 |
hxxp://livestatscounter.com/SysInfo/count_vn.php?ch=test | |
hxxp://dlg-configs.buzzrin.de/ | |
hxxp://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSSdxXdG447ymkRNPVViULv3rkBzQQUKZFg/4pN+uv5pmq4z/nmS71JzhICEHdZvl5azuWSrxlVW1KM5y8= | 178.255.83.1 |
hxxp://ibf-cmi-1938953175.us-east-1.elb.amazonaws.com/ | |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEGO+CyDUoFQBjrKVo87pCRc= | 23.51.123.27 |
hxxp://az687722.vo.msecnd.net/public-source/downloadguide/soft-warenet/1.0/default/campaigns/product website/ui/soft-warenet-flow-5-text-en-us.zip | 68.232.34.200 |
hxxp://livestatscounter.com/vuupc/stats.php | |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= | 23.51.123.27 |
hxxp://livestatscounter.com/SysInfo/glob.php?ch=test&sof=4 | |
hxxp://www.pcsuapi.com/featurelimit.aspx?productID=1&uniqueID=BC8DD994-FD51-4D87-B86E-7BF4AAB4FDC1&requestID=&version=3.9.8.0&language=&campaignID=&QuickScan=0 | 168.63.102.240 |
hxxp://az687722.vo.msecnd.net/public-source/downloadguide/soft-warenet/1.0/default/campaigns/product website/ui/progress.zip | 68.232.34.200 |
hxxp://crl.globalsign.com/gs/gscodesigng2.crl | 108.162.232.196 |
hxxp://dlg-messages.buzzrin.de/1/dg/3 | |
hxxp://az687722.vo.msecnd.net/public-source/downloadguide/soft-warenet/1.0/default/campaigns/product website/ui/last.zip | 68.232.34.200 |
hxxp://ocsp2.globalsign.com/gscodesignsha2g2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQpEOCqbmTiQA9OjY//t2aa8NSkuwQUGUq4WuRNMaUU5V7sL6Mc+oCMMmsCEhEhJz1lhSyxS2RYZQVJ48M2bQ== | 108.162.232.204 |
hxxp://ocsp.godaddy.com//MEowSDBGMEQwQjAJBgUrDgMCGgUABBS2CA1fbGt26xPkOKX4ZguoUjM0TgQUQMK9J47MNIMwojPX+2yz8LQsgM4CCQD+rJ0jfxxchg== | 72.167.239.239 |
hxxp://az687722.vo.msecnd.net/public-source/downloadguide/soft-warenet/1.0/default/campaigns/product website/ui/pcspeedup-single-text-en-us.zip | 68.232.34.200 |
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?8d62786b8a611e50 | 87.245.216.19 |
hxxp://www.pcsuapi.com/reportInstall.aspx?productID=1&version=3.9.8.0&uniqueID=BC8DD994-FD51-4D87-B86E-7BF4AAB4FDC1&affID=2380&keyword=installer&campaignID=ppi_2380_installer&requestID= | 168.63.102.240 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= | 23.51.123.27 |
hxxp://ocsp.godaddy.com//MEIwQDA+MDwwOjAJBgUrDgMCGgUABBQdI2+OBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc= | 72.167.239.239 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= | 23.51.123.27 |
www.gstatic.com | 216.58.209.195 |
ssl.gstatic.com | 216.58.209.163 |
apis.google.com | 216.58.209.174 |
performancetests.pcspeedup.com |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 403
Connection: Close
{"BuildId":"5b3bffc2-063e-4276-ac76-962e903512c2","Client":"freemium","DlgVersion":"3.1.0.197","Culture":"en-US","LocalTime":"2015-04-26T03:10:33 03:00","SessionId":"605fd6a5-e52b-46e1-aac0-e9001bb68656","MessageName":"OfferShown","Product":"soft-warenet","ProductVersion":"1.0","Region":"default","Campaign":"product website","Offer":"speedchecker/pcspeedup/1.0/default","TrackBackUrl":"","SubId":null}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Sun, 26 Apr 2015 03:10:32 GMT
Connection: close
Content-Length: 0
GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8375aa7c3aaffcf1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 24 Mar 2015 16:17:41 GMT
If-None-Match: "804047d4e66d01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com
HTTP/1.1 304 Not Modified
Content-Type: application/octet-stream
Last-Modified: Tue, 24 Mar 2015 16:17:41 GMT
ETag: "804047d4e66d01:0"
Cache-Control: max-age=86400
Date: Sun, 26 Apr 2015 03:11:25 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/octet-stream..Last-Modified: Tue, 24 Mar 2015 16:17:41 GMT..ETag: "804047d4e66d01:0"..Cache-Control: max-age=86400..Date: Sun, 26 Apr 2015 03:11:25 GMT..Connection: keep-alive..
GET /gscodesigng2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRruLd2WRFk6cRYGFIqkQ4J8hxDogQUCG7YtpyKv+0+18N0XcyAH6gvUHoCEhEhhrE10BUs2OqNBLZ9KgzPNA== HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com
HTTP/1.1 200 OK
Date: Sun, 26 Apr 2015 03:14:44 GMT
Content-Type: application/ocsp-response
Content-Length: 1474
Connection: keep-alive
Set-Cookie: __cfduid=d04b4fc2a5b979841552e18e098c02af51430018084; expires=Mon, 25-Apr-16 03:14:44 GMT; path=/; domain=.globalsign.com; HttpOnly
X-Powered-By: Servlet/3.0; JBossAS-6
ETag: 1db1d660627ce015fa77de973e5530ef2b8acbda
Expires: Sun, 26 Apr 2015 14:51:50 GMT
Last-Modified: Sun, 26 Apr 2015 02:51:50 GMT
Cache-Control: max-age=180, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 1dcf1e84624501b1-FRA
0..........0..... .....0......0...0......6.K....Z....a.B&Y.....20150426025150Z0u0s0K0... ........k..vY.d..X.R*.....C....n......>..t]..../Pz...!..5..,.....}*..4....20150426025150Z....20150426145150Z0...*.H............(...}...PZ..[G.b..y......7...M.\.........@2.^..#1z.k......_.......>.....`o0..3.....*,..g..i...'...Fj.*N.y...0.8..F......<.."...?>......<7.......a.j4.....c..lp?2_.M=........w....:.......e..-..:.......q{..M.;.....X.s...E.!.=M.).,..R..........8.....5A.[56..'....0...0...0...........!:.D.....3...7..(0...*.H........0Q1.0...U....BE1.0...U....GlobalSign nv-sa1'0%..U....GlobalSign CodeSigning CA - G20...150303092435Z..150603082435Z0}1.0...U....BE1.0...U....GlobalSign nv-sa1:08..U...1GlobalSign CodeSigning CA - G2 OCSP responder - 21.0...U....201503031024000.."0...*.H.............0...........z..N#.)I{6&_.f.. ..*.-W....Z....."......(.u:..9...ET...}.._Z.sr);:.....~.t..&4.~....d....- ...p{..7.E}......:C.. R../.J.w...Q.-.c....Y!.r:.."..X...V............&&z,K..Z...sg.PN.:C.....0f...o..(..w.s.6..%.}.ktU..HmK........!1hy`..(.w.`a......=s..,cYt6).-........0..0...U....0.0...U...........0...U.%..0... .......0... .....0......0...U......6.K....Z....a.B&Y...0...U.#..0....n......>..t]..../Pz0...*.H..............."...Y...f.=...d..........Q.n.S.....=..5[.F..F..=*.S..;....6.j...VNR|#.h.=..' ..T..PD.J.......k....3..h....s...y.'.?....m...k.....V.^..uynl....6....<.[....x..#.Q..9.P%s)-.I...m.?.j*.2..?;.P..X7w.........$.*.t.....5.p....4U.....R..Dc..q....'.e#uA*.FG].xz~...
<<< skipped >>>
GET /searchprotect/up?ptid=cvs&sid=IHProtectPlugin&ln=en_us&ver=4.0.1.2253&uid=535559167_198339_B48A115F&dp=0 HTTP/1.1
Host: VVV.theviilage.com
User-Agent: Mozilla/4.0
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 26 Apr 2015 03:13:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14p1
1..0..0..
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEGO+CyDUoFQBjrKVo87pCRc= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1725
content-transfer-encoding: binary
Cache-Control: max-age=458926, public, no-transform, must-revalidate
Last-Modified: Fri, 24 Apr 2015 10:39:56 GMT
Expires: Fri, 1 May 2015 10:39:56 GMT
Date: Sun, 26 Apr 2015 03:14:53 GMT
Connection: keep-alive
0..........0..... .....0......0...0......N$p...v....1.;..vn....20150424103956Z0s0q0I0... ...................F....0.yV......{&.K......&.......c.. ..T.............20150424103956Z....20150501103956Z0...*.H..............n..)........bWh...hI..W.j.&...{..{W.8...H........a.....z...r.I...#.E.e....PIgJ,..m..%".O ...............%....X..Hr..fIm..qQ......GR.$.....gl_.UI..f.T..C.T.e...Ir.^......./..B.q.yB..9.a.U.>..Z..([.......!m\.M.3.......f..JVm.B.m.y.......{..t.I.op..._ LCs.......0...0...0............F...I]A(M..s@.0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at https://VVV.verisign.com/rpa (c)101.0,..U...%VeriSign Class 3 Code Signing 2010 CA0...150225000000Z..150526235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1VeriSign Class 3 Code Signing 2010 OCSP Responder0.."0...*.H.............0.........q<...A...#......A...u..Lz.............o..D.vQ%..s.......f....e../jI.d.W.....|K;.j5...#.B%.]..~S.... .|;S.&.....N..`...5.....!D.p....M/.. ..;j...q..`6...2.Ck..BnLHvCZn%....,.w.Ooi..z'...\.Yx......b..L...5.o..o..{..}.........%e.....N..._i........*Bc....:yQg.........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-31830...*.H..............-..^.........f.P`...s.....8.....V.......... .... B.(@-)6.Rf.
<<< skipped >>>
POST /1/inputs/http?index=cc9534a2adc111e286841231390e9c34&sourcetype=service HTTP/1.1
Connection: close
Content-Type: text/plain
User-Agent: WinHttpClient
Content-Length: 104
Host: VVV.pcspeeduplog.com
"uniqueID":"BC8DD994-FD51-4D87-B86E-7BF4AAB4FDC1","productID":1,"version":"3.9.8.0","serviceConnected":1
HTTP/1.1 200 OK
Server: nginx/1.4.2
Date: Sun, 26 Apr 2015 03:11:44 GMT
Content-Type: text/plain
Content-Length: 17
Connection: close
Last-Modified: Mon, 12 Aug 2013 21:11:59 GMT
ETag: "52094f9f-11"
Accept-Ranges: bytes
log completed: OK..
POST /ocsp HTTP/1.1
Host: clients1.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Length: 107
Content-Type: application/ocsp-request
Connection: keep-alive
0i0g0E0C0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./...1o..2. ..0.0... .....0...0... .....0..
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 26 Apr 2015 03:11:06 GMT
Expires: Thu, 30 Apr 2015 03:11:06 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 80:quic,p=1
0..........0..... .....0......0...0......J......h.v....b..Z./..20150425191119Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./...1o..2. ....20150425191119Z....20150502191119Z0...*.H.............},.{.....Gj...;..C...0.......V.C.._.j}.:..8r...>....h8F.........h?W.......p..>@Bc.M...Sw_.d...,..#..R........Pv..yjv..gX|L:..b.T...<....5..7'R,..x,VU).S..tI*.-$p....e..oD.?.pM..U:e....;.c..O.!.....(.xTcE_......."R....&_..C{E.kS}ML.....a.....X0..*[.........HTTP/1.1 200 OK..Content-Type: application/ocsp-response..Date: Sun, 26 Apr 2015 03:11:06 GMT..Expires: Thu, 30 Apr 2015 03:11:06 GMT..Cache-Control: public, max-age=345600..Server: ocsp_responder..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Alternate-Protocol: 80:quic,p=1..0..........0..... .....0......0...0......J......h.v....b..Z./..20150425191119Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./...1o..2. ....20150425191119Z....20150502191119Z0...*.H.............},.{.....Gj...;..C...0.......V.C.._.j}.:..8r...>....h8F.........h?W.......p..>@Bc.M...Sw_.d...,..#..R........Pv..yjv..gX|L:..b.T...<....5..7'R,..x,VU).S..tI*.-$p....e..oD.?.pM..U:e....;.c..O.!.....(.xTcE_......."R....&_..C{E.kS}ML.....a.....X0..*[.............
<<< skipped >>>
POST /ocsp HTTP/1.1
Host: clients1.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Length: 107
Content-Type: application/ocsp-request
Connection: keep-alive
0i0g0E0C0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..Tj!.T.w...0.0... .....0...0... .....0..
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 26 Apr 2015 03:11:07 GMT
Expires: Thu, 30 Apr 2015 03:11:07 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 80:quic,p=1
0..........0..... .....0......0...0......J......h.v....b..Z./..20150425191657Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..Tj!.T.w.....20150425191657Z....20150502191657Z0...*.H...............Z.Y......W.V....H..h..36....WmO;r..[.....}..8...3..t.;r........i."...|_|..2?e^5.;b.d..'9..`gS...O..a..so.u...8=....H..Y|.s.......)=.Zgw...(..e....L.....|.,.]....v..f.W...@..'...9.Y...-....|..K.;.....9..(..H........(t.......b.j..[.'.u[$&:...!.....[F....HTHTTP/1.1 200 OK..Content-Type: application/ocsp-response..Date: Sun, 26 Apr 2015 03:11:07 GMT..Expires: Thu, 30 Apr 2015 03:11:07 GMT..Cache-Control: public, max-age=345600..Server: ocsp_responder..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Alternate-Protocol: 80:quic,p=1..0..........0..... .....0......0...0......J......h.v....b..Z./..20150425191657Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..Tj!.T.w.....20150425191657Z....20150502191657Z0...*.H...............Z.Y......W.V....H..h..36....WmO;r..[.....}..8...3..t.;r........i."...|_|..2?e^5.;b.d..'9..`gS...O..a..so.u...8=....H..Y|.s.......)=.Zgw...(..e....L.....|.,.]....v..f.W...@..'...9.Y...-....|..K.;.....9..(..H........(t.......b.j..[.'.u[$&:...!.....[F....HT..
<<< skipped >>>
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 417
Connection: Close
{"BuildId":"5b3bffc2-063e-4276-ac76-962e903512c2","Client":"freemium","DlgVersion":"3.1.0.197","Culture":"en-US","LocalTime":"2015-04-26T03:10:06 03:00","SessionId":"605fd6a5-e52b-46e1-aac0-e9001bb68656","MessageName":"RequirementsCheckStarted","Product":"soft-warenet","ProductVersion":"1.0","Region":"default","Campaign":"product website","Offer":"speedchecker/pcspeedup/1.0/default","TrackBackUrl":"","SubId":null}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Sun, 26 Apr 2015 03:10:08 GMT
Connection: close
Content-Length: 0
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 388
Connection: Close
{"BuildId":"5b3bffc2-063e-4276-ac76-962e903512c2","Client":"freemium","DlgVersion":"3.1.0.197","Culture":"en-US","LocalTime":"2015-04-26T03:10:07 03:00","SessionId":"605fd6a5-e52b-46e1-aac0-e9001bb68656","MessageName":"LoadingPrerequisitesCompleted","Product":"soft-warenet","ProductVersion":"1.0","Region":"default","Campaign":"product website","Offer":"","TrackBackUrl":"","SubId":null}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Sun, 26 Apr 2015 03:10:10 GMT
Connection: close
Content-Length: 0
GET /public-source/downloadguide/soft-warenet/1.0/default/campaigns/product website/ui/vuupc-single-text-en-us.zip HTTP/1.1
Cache-Control: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: az687722.vo.msecnd.net
Connection: Close
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: public, max-age=3600
Content-MD5: h9NMolU10veq9lx9L2PUxg==
Content-Type: application/octet-stream
Date: Sun, 26 Apr 2015 03:10:09 GMT
Etag: 0x8D218DF91E231F0
Last-Modified: Tue, 17 Feb 2015 15:43:11 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 4731d885-0001-0032-38ce-7f3de0000000
x-ms-version: 2009-09-19
Content-Length: 43261
Connection: close
PK......../I.D"G..I....L......index.html.\.o#7v.y.......|...4I..m.k Y...a..[.EA.P..3C....;,p.A...%}_...4.:.....4C.=....H...W....w#.,........ .......L.K]f......^....B.:V?Uz}..4E...x.]..H..Y.T?.'H..H..:U.=L.?.../...Q.0..O....... ..rK...XZ5?....z:.Q'.2..zU.g...Gw...J......../.....]....`...........").).G.....ZZa.se..8..].f3...-d6....W..R....P.ee-l..g......i..N_..........8.`...pn....^w.L2.<F,z._<..Z...d...a..J..r...=.mR.R].e.Pio ...i.........2..Yi .)p.ki.V&...?Q d.`m.."I..$>z.A...HG:pK...1,|?.^.-.T.h.........,. .....u17.N...U..D...!s.K....|.&.M.s.l.i..[? ...$3Na..k.K.K[r.....8.s....P=......".Y.b.t.......h....7..R..=.l6xP.8......Nu.LUv0......O.....y..W/_.|.D$E......2Ds?.sL....Sx..:(......... k.*)..`...g._2_..d....."...._....Ge..\..Cl.x|$..=../..!b.kO:........Y`l.ei.=.?.......V....8V<.|B\t.z% 1....3.....o.]5s.....r ^}{$..D.G....../..,2PU....._..h..z.U.@$..7."U?.D...}.4^..Z.z..L..r.......$...C.'...q....{...k.....U....)..6OHgg..6g..UD.-.u..f7.~.. ....r..k..6.k........W.S..wr.'..g..,DF.K..nD^.2.h.O.z...1J1ae6.(....._?;*..2<.....I...Ne*)AM..T.......=x.Z.8......\...[.*S..I&.;.m,.^...%&.!...B..W..h ..:=.....RZ..z.|.U...eI......J.u.....,1.:....Ng...H.......qW`/.......W.*..:=..w%..lgw..ki.4 V..w..2<...9...~L..].~n.lL..............*.9.5.....*......*...hb....aA.D....yD..t>*R..`.k.(.pq....PK.3....i.......t|9..[.0....z..'........w..ft}.^\....x3..... .~.....n.C!.|.........X\\^...=?...._.........1..L/..q8.........o...0};.......@u >.>........]..l.......?......g......an..}....... 1...o.........[..,.....P...
<<< skipped >>>
GET /public-source/downloadguide/soft-warenet/1.0/default/campaigns/product website/ui/last.zip HTTP/1.1
Cache-Control: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: az687722.vo.msecnd.net
Connection: Close
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: public, max-age=3600
Content-MD5: fgXouqoJyZc91T1FRhXKXg==
Content-Type: application/octet-stream
Date: Sun, 26 Apr 2015 03:10:09 GMT
Etag: 0x8D218DF91AACE40
Last-Modified: Tue, 17 Feb 2015 15:43:11 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: f58d6015-0001-0021-28ce-7f0801000000
x-ms-version: 2009-09-19
Content-Length: 37851
Connection: close
PK........(h&F._.a....W.......index.html..]o.6.....8..d...b..E2...S..u.a..u..H.JRN...}GJ..G..v2`Q...}1......?...........M..2`i...V..f..~...X..l9./.X.t...i'7..(..WL-<...pEx.....y.~..m3...#...|n.%.......d...L.2......aM.l.....h..[3..R..L.....7a!dxk(.R.!.h..........%.1y.[.5.DW..,IL.,7pU....... '....p.xe..U'.....D4.FbI.F...A...5....Z.....;H.x..ht/d..C..Z.<de.....F...$[..SaJfy..m..9..*.....<W..k...i<..@...pG........5e-K..........&..^..jG.M....d...\6....._..z....5{......{E.._7....G.z...j.P..V..C..h.,.d.J{)...0)A...J.}5W)<us.....Lwv}e.X....OB..........,0H.>U.%h."d.."..N..B.2m..]......3.1....Ui\........1...}w(3.D=.3.i .OT.....p....vwF?."....R......0.y_..vQ|f....Q...4.Yu<....|3yVI.E...o..u..1.=..Z.8.d.X...GVo....W.w.....w...?v....... 0m.1Q...Q.@.......l..i....f.>..e.l..:..CD*.......kt....X..h....D...c$...".....V..f1..'..@.2..].Gr.`e....7.\..%..aQ....Gx.q."..#JfsU.9X.....1...........x...(.....QT.....8Y2y.....!.4...)..........=.......V7..^.Z.W..".Ui.....<%.3$...;.<..O.>uN.9w.-f..]RY..........J..r}J.J..="!...6...#h1.;..{.YW.V........5..p..K..%.....3...^t.Hs ..v5..{2.X.....F......ow...PK.........`=FX..8............css\style.css.V...0.}N....Q.....&M.[.....Xq.e.M...{.7.u....RX{....1)._..j..)x..t&M.K...v..?h.o..(.7.....R.Z..g,KZ'(<".......Z.Y-WK..3..L.:4.3U....d\bE9`..&.iR.."=......d.c....x.%l..7.....,.....*B.J%....& ..&..yN....J,.....j.q.pvQ..r.........F..~u...TJ.~...?/J..........H..!.....}....%[.Eq.&....g(,..b.9Z.P..7..g..i#.~M..u.....t.;.....aE..o/.} ..b{f....}...<.d..g.......... ..{..4
<<< skipped >>>
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 383
Connection: Close
{"BuildId":"5b3bffc2-063e-4276-ac76-962e903512c2","Client":"freemium","DlgVersion":"3.1.0.197","Culture":"en-US","LocalTime":"2015-04-26T03:13:37 03:00","SessionId":"605fd6a5-e52b-46e1-aac0-e9001bb68656","MessageName":"ProductDownloadCompleted","Product":"soft-warenet","ProductVersion":"1.0","Region":"default","Campaign":"product website","Offer":"","TrackBackUrl":"","SubId":null}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Sun, 26 Apr 2015 03:13:37 GMT
Connection: close
Content-Length: 0
GET /random10.jpg?guid=938a2fae-271d-42f8-b7a6-73a7e588e39f&ticks=9T635656147234101936 HTTP/1.1
Host: 151.236.26.173
Cache-Control: no-store,no-cache
Pragma: no-cache
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.2.1
Date: Sun, 26 Apr 2015 03:12:03 GMT
Content-Type: image/jpeg
Content-Length: 100101963
Last-Modified: Thu, 11 Sep 2014 08:52:17 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin,X-Requested-With,Content-Type
raw-nginx-upload: 1
Accept-Ranges: bytes
.....MExif..MM.*.............................b...........j.(...........1..... ...r.2...........i....................'.......'.Adobe Photoshop CS6 (Macintosh).2013:03:22 14:39:08............................ ........... ..............................."...........*.(.....................2...................H.......H.........XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC hXXp://VVV.iec.ch............IEC hXXp://VVV.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................view.........._...............\.....XYZ .....L.V.P...W..meas................................sig ....CRT curv.......................#.(.-.2.7.;.@.E.J.O.T.Y.^.c.h.m.r.w.|.........................................
<<< skipped >>>
GET /0.gif?2920547&101 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: sstatic1.histats.com
Cache-Control: no-cache
Cookie: CountUid=5447eecb-9eym-433b-b267-e4aef67e236e
HTTP/1.1 200 OK
Date: Sun, 26 Apr 2015 03:15:09 GMT
Content-Type: image/gif
Content-Length: 43
Connection: close
GIF89a.............!.......,...........D..;..
GET /reportInstall.aspx?productID=1&version=3.9.8.0&uniqueID=BC8DD994-FD51-4D87-B86E-7BF4AAB4FDC1&affID=2380&keyword=installer&campaignID=ppi_2380_installer&requestID= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: PCSUInstaller
Host: VVV.pcsuapi.com
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.0
Set-Cookie: ASP.NET_SessionId=rlmbshgtjzbsoaxrlrwnriuy; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sun, 26 Apr 2015 03:11:45 GMT
Content-Length: 2
UAHTTP/1.1 200 OK..Cache-Control: private..Content-Type: text/html; charset=utf-8..Server: Microsoft-IIS/8.0..Set-Cookie: ASP.NET_SessionId=rlmbshgtjzbsoaxrlrwnriuy; path=/; HttpOnly..X-AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..Date: Sun, 26 Apr 2015 03:11:45 GMT..Content-Length: 2..UA..
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 406
Connection: Close
{"BuildId":"5b3bffc2-063e-4276-ac76-962e903512c2","Client":"freemium","DlgVersion":"3.1.0.197","Culture":"en-US","LocalTime":"2015-04-26T03:10:59 03:00","SessionId":"605fd6a5-e52b-46e1-aac0-e9001bb68656","MessageName":"OfferInstallStarted","Product":"soft-warenet","ProductVersion":"1.0","Region":"default","Campaign":"product website","Offer":"elex/websearches/1.0/default","TrackBackUrl":"","SubId":null}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Sun, 26 Apr 2015 03:10:58 GMT
Connection: close
Content-Length: 0
GET /install.gif?bundle=mystartsearch&ptid=cvs&uid=535559167_198339_B48A115F HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: log.very911.com
HTTP/1.1 404 Not Found
Server: Tengine/1.2.2
Date: Sun, 26 Apr 2015 03:11:05 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 671
Connection: keep-alive
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">..<html>..<head><title>404 Not Found</title></head>..<body bgcolor="white">..<h1>404 Not Found</h1>..<p>The requested URL was not found on this server. Sorry for the inconvenience.<br/>..Please report this message and include the following information to us.<br/>..Thank you very much!</p>..<table>..<tr>..<td>URL:</td>..<td>hXXp://log.very911.com:8080/install.gif?bundle=mystartsearch&ptid=cvs&uid=535559167_198339_B48A115F</td>..</tr>..<tr>..<td>Server:</td>..<td>us-pub00.v9.com</td>..</tr>..<tr>..<td>Date:</td>..<td>2015/04/25 22:11:05</td>..</tr>..</table>..<hr/>Powered by Tengine/1.2.2..</body>..</html>..HTTP/1.1 404 Not Found..Server: Tengine/1.2.2..Date: Sun, 26 Apr 2015 03:11:05 GMT..Content-Type: text/html; charset=utf-8..Content-Length: 671..Connection: keep-alive..<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">..<html>..<head><title>404 Not Found</title></head>..<body bgcolor="white">..<h1>404 Not Found</h1>..<p>The requested URL was not found on this server. Sorry for the inconvenience.<br/>..Please report this message and include the following information to us.<br/>..Thank you very much!</p>..<table>..<tr>..<td>URL:</td>..<td&
<<< skipped >>>
GET /media/e5/65/4fd8d03e8d89a93218c9e565/images/resized/logo.png50x50.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.soft-ware.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 26 Apr 2015 03:09:51 GMT
Content-Type: image/jpeg
Content-Length: 5887
Last-Modified: Wed, 19 Feb 2014 11:26:31 GMT
Connection: keep-alive
ETag: "530494e7-16ff"
Expires: Tue, 26 May 2015 03:09:51 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
.PNG........IHDR...2...2......]......IDATx..Yg.U...<_4.........K,.....(..4. `.BD,..A...,.4.: E:.u.af....rn9......}..........?w..g.{..........q....Q.-....B).S.U...Cv..|....2..X...\.2.....B..,.?...A.B.@.@.".l..0.....@.............,...=...........xP .@i~z....K.......#..m.8..K...4b....._.}....e<.......D.H.....O.6..\...[....|...X.A..@w...qM_".;....c.....AK^..pC>{.."..)j.m.r.Wb./..>I.^Pq...7..z..M....-c.f....g3...=.2!...0.].2.0D.A..UX.?..~Z.'l.....}..6....'.U.....b.J...X....f..o..G.D.....Z..S..w......}....#f.;V.$C..[3.eY.......z....e..._.E....lC2...}.._....2..2>..cT....9<..]Q...j..[..h.Zg-9-?. .. .Y..yEs.....G..].u..3?.....&..L....g.G.x..xH._..(....S.n.s.......g4. ..u.tH.i...Cy9?.......#.L..G.....#..<........C7........&.t....?...-^.Ht..3Yd.e...k....o..a../.....fM..M...J.dk..-..!.r..Ek....b&4.....2.lZ...............i...`...A3r&.v..Us {<^...r.....~.h._.v...?J$P."..m..MHD...U.mQ..}.....)^..V....La........B^!...K..-MG..~.[t8u...s.~.....b.....[.....2..c...d.4J..;......%ks#:.@..n`l.T.BP..,F..F..FN........~8w*..n.1......._..o4w6g..W....C.-.5'............{&.D..M..8....)?.r.ui.....Y'..5..y....R..|...i...#...P.PC%.......~.....r.,.v7..J.w.....P".T..u...Ve..\.....)..5..Fn...&...../...BJ.......3,..t8.BU...6.%z.....J..c.,....$.4&Ri.j..V...#J.Q.....O.8...><..;.\\...3^..YV./?!...(..Q.\..ZU..J.%iR.W...|/..19....`yJ.l<..$./.V....FS...O?<..WJ01...X..NR..B...'4..e.I....l.=.>...n.......].....{....g.(...a.Y=-.x..-B..I.*)....m.W.......8...z$....9.3,...9[........%~*......*.j*)r.e.....JQ..mY..l5..u...s.
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1453
content-transfer-encoding: binary
Cache-Control: max-age=435192, public, no-transform, must-revalidate
Last-Modified: Fri, 24 Apr 2015 04:05:12 GMT
Expires: Fri, 1 May 2015 04:05:12 GMT
Date: Sun, 26 Apr 2015 03:14:51 GMT
Connection: keep-alive
0..........0..... .....0......0...0......T3t.%..O.E..~..F.=....20150424040512Z0s0q0I0... ........H.dI.....3..^B...d6Q....ZL%."..1.m..._)..a..eR&.....Y.)..".\....20150424040512Z....20150501040512Z0...*.H................UJN.z...%sp.&.Wp..WX.W..D.R..Y..`.*A..4%....|,.8z.8.R.,....@..OJ.....zMp.$!..a..L......~^.y.. YB h..L.",.......7....3|......3L..M.F.........C. a.!{.&.T.....5..E.!vc.%j.....*)..01...fd..........67.....|.0w* ..9."...........b[..C.........m..K......v..........0...0...0..3......./...b.v..-....l}0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority0...141202000000Z..151216235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G1 OCSP Responder Certificate 30.."0...*.H.............0..........'......Y..x.3B1.7..Q..`..d.. ....s..t.$a.....j2R.{ ,*..c{.3.....H..3-; ).....0._...*..9M..V...... ...{m...-.......)..tR..{D....~...M...T..pS.p..^|o....S..v.).).....r.v.qo$......C.V!....@.h#qh...u1T.].G0.]E...=._...... ........TE...Sa.s4........r...3.............0..0...U....0.0l..U. .e0c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U........0... .....0......0!..U....0...0.1.0...U....TGV-B-2730...*.H.............$..H......oU....Y!.z{*.V.M..u.._z..3>.. 0....3..m.....e.......a..D...........e..F6:.y.....di.......<y.Z.......x}..q.2....UZ1 :,....
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=493277, public, no-transform, must-revalidate
Last-Modified: Fri, 24 Apr 2015 20:15:13 GMT
Expires: Fri, 1 May 2015 20:15:13 GMT
Date: Sun, 26 Apr 2015 03:14:51 GMT
Connection: keep-alive
0..........0..... .....0......0...0......'.V.8.F.V....H....JW..20150424201513Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5........M.s.Q~...@?j.......20150424201513Z....20150501201513Z0...*.H................'..n..........0.Z-(...H..L..@.kR...U..o*K..z..._>...M......h...:Z.....t?.1..`..@".9j.....G.p /1.l bH...Q3{."..j....Z.M.....l..}...M?.; H......3..<..].......J..W....j.......J..{.........X.v..y...Zl`f.D&[.oT....f..=.m^.,...6}k...(......6.....1Uu..%.X.x./....#0...0...0..........r..?.*......y"..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA0...150226000000Z..150527235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.............m5*R........2....>...yU4..L.. ...........u..Hez..Pn.....d...nz(...V7.}^...d!RX...bl..[..a...L.. .~..Ij......%..%p.-...u..:..i..F*]...*....{NH..|0...gHX.Q.r....S..........._.9.(w...suC...N..s.....&."...:.C.Q.i~rl..<..krS..8.B..o].y..L.4...iB@..s.....mw.........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-32010...*.H
<<< skipped >>>
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 415
Connection: Close
{"BuildId":"5b3bffc2-063e-4276-ac76-962e903512c2","Client":"freemium","DlgVersion":"3.1.0.197","Culture":"en-US","LocalTime":"2015-04-26T03:11:21 03:00","SessionId":"605fd6a5-e52b-46e1-aac0-e9001bb68656","MessageName":"OfferDownloadCompleted","Product":"soft-warenet","ProductVersion":"1.0","Region":"default","Campaign":"product website","Offer":"speedchecker/pcspeedup/1.0/default","TrackBackUrl":"","SubId":null}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Sun, 26 Apr 2015 03:11:20 GMT
Connection: close
Content-Length: 0
GET /pki/crl/products/WinPCA.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Sat, 07 Mar 2015 06:01:44 GMT
Accept-Ranges: bytes
ETag: "dde36a309c58d01:0"
Server: Microsoft-IIS/8.0
VTag: 438569342300000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 561
Cache-Control: max-age=900
Date: Sun, 26 Apr 2015 03:14:15 GMT
Connection: keep-alive
0..-0......0...*.H........0..1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1 0)..U..."Microsoft Windows Verification PCA..150306223202Z..150605105201Z._0]0...U.#..0.......p............<.J0... .....7.......0...U......40... .....7......150604224201Z0...*.H.............4......n[.t........'....Dx.P3R.!3.|D.6vL.."k..9'....L..k......e.4......._..N..TJ......N.fP...H.....8...TJA...fGA.e...^"{../...H?..E.Y.U....h..0/.......d...6..K..V?QM...{..h.....{.3...v.....\~.7n..5..'..k.Ia.YL..LP.b....._7.V..%......z*$q..Y..f.b..L8<~..v.w....
GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Thu, 05 Mar 2015 06:01:35 GMT
Accept-Ranges: bytes
ETag: "cf2633d6957d01:0"
Server: Microsoft-IIS/8.5
VTag: 438481415700000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 550
Cache-Control: max-age=900
Date: Sun, 26 Apr 2015 03:14:15 GMT
Connection: keep-alive
0.."0......0...*.H........0w1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1!0...U....Microsoft Time-Stamp PCA..150304221607Z..150603103607Z._0]0...U.#..0...#4..RFp..@.v.. ..5..0... .....7.......0...U......20... .....7......150602222607Z0...*.H.............Y..}y`....T.Z..`B<..I.N..O... E:....7......a..).........._|W5laoqi(..>t~.."...&`.._.7J...:..{bO_Kyi...R...!...B.s..I.c&j...(I\.S{._;@B...[i.e.[."...R` \...........M^k.=q[.V...9y..G.1o#k3<.W.......H.$>}...U...2qyd2|b.fB.....r....H.P...;....Q...b......5%.P.#..
GET /liyan/cvs_mystartsearch.exe HTTP/1.1
Cache-Control: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: d2drfrdurj6mvo.cloudfront.net
Connection: Close
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 722528
Connection: close
Date: Fri, 24 Apr 2015 12:38:00 GMT
Last-Modified: Tue, 21 Apr 2015 02:41:57 GMT
ETag: "148bdbdcbac38fbf0b4d3c145e9b0199"
Accept-Ranges: bytes
Server: AmazonS3
Age: 52329
X-Cache: Hit from cloudfront
Via: 1.1 de7a549023f0ea5ae15f58d27aeb67c7.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 5zwCg7nBKh-WABgusRJwcU7TYRxpKHnlkCxpN_qwzVzJiT9_qMBDGw==
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|...8...8...8...^a$.&...^a9....../0.?....I:......I8.v....I9.....1.d. ...8.......^a8.5...^a>.9...8.`.9...^a;.9...Rich8...........PE..L...~..U..........................................@..........................@......1o....@.................................P........ ..................`....0..lV......8...........................P(..@...............T............................text...G........................... ..`.rdata..............................@..@.data...@u.......R..................@....rsrc........ ......................@..@.reloc.......0......................@..B..................................................................................................................................................................................................................................................................................................................~...F.r.......3.f..Aj\3.j..M..E......U.f.E...&..j.j..E.P...E......t*...}..r..u...o......M.d......Y^.M.3.. |....]..........Vj.QhD.H....P&.....u/.~...F.....r...3.Pf..R...>"..^.3...PRf...."..^...t.Pj....."..^..............A...t&.P.;.v".y..r......Q..\t.../t.3........2..h\.H..o.........U..j.h..G.d.....P..`.8.I.3..E.P.E.d.....RQ.M.......M..E......]z..3..E...H..E......E.....f.E.j.P.E.P.M..E...."...E..E..E..E.hLrI..E.P.E....{.....U..j.h..G.d.....PQVW.8.I.3.P.E.d........u...y...E......N.....H.3..A......A.....f...}..E...G.;.
<<< skipped >>>
GET /v4/searchprotect/535559167_198339_B48A115F?action=visit.heartbeat.cvs&update0=ref,cvs&update1=nation,us&update2=language,en&update3=version,4.0.1.2253 HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) in my heart of heart.
Host: xa.xingcloud.com
HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sun, 26 Apr 2015 03:11:20 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"1.37 ms","message":"store 2 action and 4 update "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Sun, 26 Apr 2015 03:11:20 GMT..Content-Type: text/html; charset=utf-8..Transfer-Encoding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api-version: v4..48..{"stats":"ok","time":"1.37 ms","message":"store 2 action and 4 update "}..0..
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab?8d62786b8a611e50 HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 24 Feb 2015 00:37:01 GMT
If-None-Match: "80b4d90ca4fd01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com
HTTP/1.1 304 Not Modified
Content-Type: application/octet-stream
Last-Modified: Tue, 24 Feb 2015 00:37:01 GMT
ETag: "80b4d90ca4fd01:0"
Cache-Control: max-age=604800
Date: Sun, 26 Apr 2015 03:11:56 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/octet-stream..Last-Modified: Tue, 24 Feb 2015 00:37:01 GMT..ETag: "80b4d90ca4fd01:0"..Cache-Control: max-age=604800..Date: Sun, 26 Apr 2015 03:11:56 GMT..Connection: keep-alive..
GET /v4/sof-installer/535559167_198339_B48A115F?action=cvs.installer.mystartsearch.ds HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: xa.xingcloud.com
HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sun, 26 Apr 2015 03:11:03 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"1.25 ms","message":"store 1 action and 0 update "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Sun, 26 Apr 2015 03:11:03 GMT..Content-Type: text/html; charset=utf-8..Transfer-Encoding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api-version: v4..48..{"stats":"ok","time":"1.25 ms","message":"store 1 action and 0 update "}..0......
GET /v4/sof-installer/535559167_198339_B48A115F?action=cvs.installer.mystartsearch.nt.ff.tab HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: xa.xingcloud.com
HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sun, 26 Apr 2015 03:11:10 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"1.43 ms","message":"store 1 action and 0 update "}..0..
POST /1/inputs/http?index=cc9534a2adc111e286841231390e9c34&sourcetype=installer HTTP/1.1
Connection: close
Content-Type: text/plain
User-Agent: PCSUNotifier
Content-Length: 216
Host: VVV.pcspeeduplog.com
"uniqueID":"BC8DD994-FD51-4D87-B86E-7BF4AAB4FDC1","productID":1,"version":"3.9.8.0","Silverlight":"Install","OK":1,"silent":1,"affID":"2380","srcExe":"pcspeedup.exe","OS":"6.1.7601-SP1","ShowUSBCache":1,"noBrowser":1
HTTP/1.1 200 OK
Server: nginx/1.4.2
Date: Sun, 26 Apr 2015 03:11:40 GMT
Content-Type: text/plain
Content-Length: 17
Connection: close
Last-Modified: Mon, 12 Aug 2013 21:11:59 GMT
ETag: "52094f9f-11"
Accept-Ranges: bytes
log completed: OK..
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 409
Connection: Close
{"BuildId":"5b3bffc2-063e-4276-ac76-962e903512c2","Client":"freemium","DlgVersion":"3.1.0.197","Culture":"en-US","LocalTime":"2015-04-26T03:10:59 03:00","SessionId":"605fd6a5-e52b-46e1-aac0-e9001bb68656","MessageName":"OfferDownloadCompleted","Product":"soft-warenet","ProductVersion":"1.0","Region":"default","Campaign":"product website","Offer":"elex/websearches/1.0/default","TrackBackUrl":"","SubId":null}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Sun, 26 Apr 2015 03:10:58 GMT
Connection: close
Content-Length: 0
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 408
Connection: Close
{"BuildId":"5b3bffc2-063e-4276-ac76-962e903512c2","Client":"freemium","DlgVersion":"3.1.0.197","Culture":"en-US","LocalTime":"2015-04-26T03:11:20 03:00","SessionId":"605fd6a5-e52b-46e1-aac0-e9001bb68656","MessageName":"OfferInstallCompleted","Product":"soft-warenet","ProductVersion":"1.0","Region":"default","Campaign":"product website","Offer":"elex/websearches/1.0/default","TrackBackUrl":"","SubId":null}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Sun, 26 Apr 2015 03:11:19 GMT
Connection: close
Content-Length: 0
GET /v4/sof-installer/535559167_198339_B48A115F?action=cvs.installer.mystartsearch.ient HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: xa.xingcloud.com
HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sun, 26 Apr 2015 03:11:19 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"1.22 ms","message":"store 1 action and 0 update "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Sun, 26 Apr 2015 03:11:19 GMT..Content-Type: text/html; charset=utf-8..Transfer-Encoding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api-version: v4..48..{"stats":"ok","time":"1.22 ms","message":"store 1 action and 0 update "}..0..
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 400
Connection: Close
{"BuildId":"5b3bffc2-063e-4276-ac76-962e903512c2","Client":"freemium","DlgVersion":"3.1.0.197","Culture":"en-US","LocalTime":"2015-04-26T03:10:32 03:00","SessionId":"605fd6a5-e52b-46e1-aac0-e9001bb68656","MessageName":"OfferAccepted","Product":"soft-warenet","ProductVersion":"1.0","Region":"default","Campaign":"product website","Offer":"elex/websearches/1.0/default","TrackBackUrl":"","SubId":null}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Sun, 26 Apr 2015 03:10:32 GMT
Connection: close
Content-Length: 0
HEAD / HTTP/1.1
Connection: Close
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-configs.buzzrin.de
Content-Length: 0
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 11
Content-Type: text/html
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sun, 26 Apr 2015 03:10:57 GMT
Connection: close
GET /root.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.globalsign.net
HTTP/1.1 200 OK
Date: Sun, 26 Apr 2015 03:14:44 GMT
Content-Type: application/x-pkcs7-crl
Content-Length: 649
Connection: keep-alive
Set-Cookie: __cfduid=d0ccd6d612d65033b9b993d2fd020301d1430018084; expires=Mon, 25-Apr-16 03:14:44 GMT; path=/; domain=.globalsign.net; HttpOnly
Expires: Wed, 15 Jul 2015 00:00:00 GMT
Last-Modified: Mon, 23 Mar 2015 00:00:00 GMT
Cache-Control: public, max-age=6900316
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 1dcf1e839e190f63-FRA
0...0..m...0...*.H........0W1.0...U....BE1.0...U....GlobalSign nv-sa1.0...U....Root CA1.0...U....GlobalSign Root CA..150323000000Z..150715000000Z0..0*.........D.....141125000000Z0.0...U.......0*........)E.....141125000000Z0.0...U.......0*........ ...h..141125000000Z0.0...U.......0*........,^.....141125000000Z0.0...U......../0-0...U......00...U.#..0...`{f.E....P/}..4....K0...*.H.............&...f#...5.[4........{pV.#.F........:...*Q.....Mx9}....,.S.D.>@.Ju.[)c...`.?.j~...-..{.FHj.....#.C2.[.,`.......)...Bj2........n...........%......p.6......Q.....1..pd......F.........mJO.!y.W.......V.M).N.R.....V..|...7.ry. ..gy..I\.........j....... .z.E..".HTTP/1.1 200 OK..Date: Sun, 26 Apr 2015 03:14:44 GMT..Content-Type: application/x-pkcs7-crl..Content-Length: 649..Connection: keep-alive..Set-Cookie: __cfduid=d0ccd6d612d65033b9b993d2fd020301d1430018084; expires=Mon, 25-Apr-16 03:14:44 GMT; path=/; domain=.globalsign.net; HttpOnly..Expires: Wed, 15 Jul 2015 00:00:00 GMT..Last-Modified: Mon, 23 Mar 2015 00:00:00 GMT..Cache-Control: public, max-age=6900316..CF-Cache-Status: HIT..Accept-Ranges: bytes..Server: cloudflare-nginx..CF-RAY: 1dcf1e839e190f63-FRA..0...0..m...0...*.H........0W1.0...U....BE1.0...U....GlobalSign nv-sa1.0...U....Root CA1.0...U....GlobalSign Root CA..150323000000Z..150715000000Z0..0*.........D.....141125000000Z0.0...U.......0*........)E.....141125000000Z0.0...U.......0*........ ...h..141125000000Z0.0...U.......0*........,^.....141125000000Z0.0...U......../0-0...U......00...U.#..0...`{f.E....P/}..4....K0.
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.usertrust.com
HTTP/1.1 200 OK
Date: Sun, 26 Apr 2015 03:11:58 GMT
Server: Apache/2.2.22 (Debian)
Last-Modified: Sat, 25 Apr 2015 04:29:13 GMT
Expires: Wed, 29 Apr 2015 04:29:13 GMT
ETag: D60CF3FEA10920BFD9223C04D2095561967D1DBA
Cache-Control: max-age=263234,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: h6edcaocsp11
Content-Length: 471
Connection: close
Content-Type: application/ocsp-response
0..........0..... .....0......0...0.........z4.&...&T....$.T...20150425042913Z0s0q0I0... ........|.fT...D.b&...e{.z.......z4.&...&T....$.T...'f.V.I....p...."....20150425042913Z....20150429042913Z0...*.H.............M.he.#b$...d.<....x.....8.n|..ak,....P..z...K....... .......,....qv..!...........s..........8&.D....>..$e..L,L.V..Z.......z........z...!..O..1....1>.%.F...\...m...7..[1.]..l..//B,.OG........Q.h..:b.~F_.\;..eb..~... .........TI*p........e0.C....).....b=..k...
GET /v4/sof-installer/535559167_198339_B48A115F?action=cvs.installer.mystartsearch.regok HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: xa.xingcloud.com
HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sun, 26 Apr 2015 03:11:03 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"1.29 ms","message":"store 1 action and 0 update "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Sun, 26 Apr 2015 03:11:03 GMT..Content-Type: text/html; charset=utf-8..Transfer-Encoding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api-version: v4..48..{"stats":"ok","time":"1.29 ms","message":"store 1 action and 0 update "}..0......
GET /v4/sof-installer/535559167_198339_B48A115F?action=cvs.installer.mystartsearch.finish HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: xa.xingcloud.com
HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sun, 26 Apr 2015 03:11:10 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"1.21 ms","message":"store 1 action and 0 update "}..0..
GET /COMODORSAAddTrustCA.crt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crt.comodoca.com
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 26 Apr 2015 03:11:52 GMT
Content-Type: application/x-x509-ca-cert
Content-Length: 1400
Last-Modified: Tue, 30 May 2000 10:48:38 GMT
Connection: close
X-CCACDN-Mirror-ID: h6edcacrl6
Accept-Ranges: bytes
0..t0..\.......'f.V.I....p...."0...*.H........0o1.0...U....SE1.0...U....AddTrust AB1&0$..U....AddTrust External TTP Network1"0 ..U....AddTrust External CA Root0...000530104838Z..200530104838Z0..1.0...U....GB1.0...U....Greater Manchester1.0...U....Salford1.0...U....COMODO CA Limited1 0)..U..."COMODO RSA Certification Authority0.."0...*.H.............0..........T...V...$...Dgt. 7.}#p.q.S...*..K..V..pr.a..K...=...a.......>..>\...4z..k......zv.q.......l......~..../O.....gCr......k,.......~..n.....$.Ckb.U....l........li..xH0E....<E`.2.Q'.g....k.F.. ...e.H...N...F7.....HCgNr*.\.L.(.\"{......Q...FNm>.....|3WA<.Q...\.,c..W.?..]...E...Z$...V=.o..IX........7.....:..CB...........`..(V......q....=...H.<...."L....V;....[..."R...i..Le...-pt...g.)iR....PjUF...(a.p....,!.G.(..Ev...'.....P.k.L.q0........@...B...3:.\.A..c..qk ....1\:jG..yY. ...j..r.WJ.K.....LA...=^(.....Q..G..S........0..0...U.#..0......z4.&...&T....$.T.0...U........~.=...<....8...22.0...U...........0...U.......0....0...U. ..0.0...U. .0D..U...=0;09.7.5.3hXXp://crl.usertrust.com/AddTrustExternalCARoot.crl05.. ........)0'0%.. .....0...hXXp://ocsp.usertrust.com0...*.H.............d..._......)W..Z...>.v.n.Rp..<.M.tj...%...*]L....m.T.u..'.].y7@.w.....;.....4.~ .y..WE..(....P.....Wi}..R.s......nf.....-....Y.L...qL|G.;.....l.>\.........HM.....s...{#....MU.zaE..h.^@k#.yz...k..oF.{.=K....YZ.A$....`XG..nF...._......@...9.............;o.8o..
<<< skipped >>>
GET /3493_bd05aad78249b1c64e2595545bff63b4/1.zip HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Connection: Keep-Alive
Host: dlrkbt247pbk6.cloudfront.net
HTTP/1.1 200 OK
Content-Type: application/zip
Content-Length: 2170109
Connection: keep-alive
Date: Sat, 25 Apr 2015 20:53:09 GMT
Last-Modified: Sat, 25 Apr 2015 20:13:54 GMT
ETag: "8e00c35a80f9125823c5b5ced168308d"
Accept-Ranges: bytes
Server: AmazonS3
Age: 22672
X-Cache: Hit from cloudfront
Via: 1.1 b56fc979704f01acc351fd21f5c956db.cloudfront.net (CloudFront)
X-Amz-Cf-Id: u5KctQS9zOCmrAkDz0l3nM83-yxbCVgr4BjdLJFqrGZfYv1_Nbi-4Q==
PK...........F0D`.............428.json.....].jRYa..w.........L@.\...q...%.v..Q..~DO.M.|.Wj.N.........'?.}...n..0..5.^1.........#..z.n...t..#.1jq`....*.>#.............m..V.&.vc~.<.w.R.'xD....q..qQ|.H.P6....l..&3....g.t/....|7p.......3......~...B|..@.48.qu.I.}...P......^1........AO...t...HT,t.v.4.)......]._.u-g..f..M....:.x~.......vSM.Y....W]...~C..M...:]...{..-.e...8.i.2....aO...w...#i.^1......K........|~.k.........b......Nr.s.....!*l..5.D(L.w.J.kh.b..S...~..-..Y../.ap......q..j..%....a.M=E.k}.0....g.`.$SaH...u...I.*h.Y.0.3s~.......a.w...............7AP49piUPK...........Fg&`......<......uninstallDlg2.xml.[m..6..~@..........v.b.....4..Z..".%.fW&U......7.(Y...\s.].v.X.4.....3b..._%....r6...m!.".S..Z...gl.Lb...32..Hf..^.....)........O..;q-..T.....z6.......s.p1.>.........|....1..Y......%; t..xjI...Q...M.9N2.<;@.~.p....\..A....\..u.....Q%...u..e.... ..'9\........\~.. .!I......v....x.t_D.$Bw0.V.......4..8...Es....0L..lF..ET..8... p.k-x..qR.....~Kn.gK..'.d....%;...%GK..B.k.[.w....H.$y.Em.R...:Y.....l.v#..'.g...N3.u&........o..''..85....Cm..lE. .z.yQYH=.S.rJC........^.. .'...)..-..{..B{B$A......z.....^.....Oe*..Su.[.."...g6.<...t..dk......xj..?.....N.".T#..:.7.m~.......{...;.X......:.........PK..........KF.QN.............BFVUpdateM.dll...@TU.0~...``F.CE...B.E..?..@..D.I.I...h......b......l.v5k..mw...2c..4..c..-j..4lQ..I....s.0 ........._..s>....<...|....3*.a.`D.a.1./.....0.S_.f...y.!E......W.*l....7...........6..P\fH\.a.X^PxWPP@...}.W;.>?..lb...[Fbo. ..k...E...UJ..[...RN|.@...9.2.F}. .}.\Y..
<<< skipped >>>
GET /3493_819a0752ed22bbe95df8b308cb03ea5a/2.zip HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Connection: Keep-Alive
Host: dlrkbt247pbk6.cloudfront.net
HTTP/1.1 200 OK
Content-Type: application/zip
Content-Length: 2824344
Connection: keep-alive
Date: Sat, 25 Apr 2015 22:53:14 GMT
Last-Modified: Sat, 25 Apr 2015 22:10:55 GMT
ETag: "4c86938e51066bff5850c4d13bd04972"
Accept-Ranges: bytes
Server: AmazonS3
Age: 15477
X-Cache: Hit from cloudfront
Via: 1.1 b56fc979704f01acc351fd21f5c956db.cloudfront.net (CloudFront)
X-Amz-Cf-Id: ToidNhpZRgQAOOlzz_9Ubx7rR0C8DCE6FOA8WzVaSXwUFehH9T4sPw==
PK...........Ft.`j............428.db...7..qD..'.....<..A#.<y....\...... ....<....g...R.gcsw(.xa..'.3g..EX.....'S.....a.K.s.|{W[.-...K....D2..^..^.Y.m.......N..(1...p1...b. 0......?......G.!;Q`......b....B.q....c.gnVp.................7AP49piUPK...........Fadb......$......wpm_v20.0.0.2227.exe..S.fO.7..m.....i...9.i..m..m....F..^.7..oco..Du.S'3OVfe./.!..I..........[*..qD]..g..A. ....M. .u?&............F..,.~T...p.// ...V..U`MY....T..Q................e..B....d...niB..06.a*..G.7.B.fK...-..945.....2=..........N.\...'.|3..z.4.*........7h.M.$H........ccC..l.p...;...Am........?......p7.}3pvE.x........}.Y......h.4..'....Ls......Z.e.l.... y..@....p.^L.].*..].. TV[`.}......\.!.j.2.Z......,.V.].q,.G....{L....BV....d.....&...K...z...0^C#.5.,..V.q............5\$..|$#........z~.s..xZW..=..%.p.W..;-.....C...t2.N....U...=B9#W...;w.....c>.......}JZ.}...l..=........u..D.......h....J...D..f..J7o$..;...\.sn....p.".O..L...'.....wW.y.M...((.Z.XE'.....N{........NxW.;.3.....s.f........A.. .......a)p....Ul....HN..?}....H?t...d...A.....B<..]....Y?...wF..#..e..Km...w@...9W..CBV..5.. .E>...9.........U...w..F.....]o}7....q..../7.....O.....=%O,.^..../...%...R6. r.g.[...q....sE......T..L...2P.3.5..f....E.K'aI.K.I..bu<`f...Ie.G...E......w]H.....9p.<....X<....q.p..^8..\L..K. w.]65u?.....*.m.G.:.c...=..e.8..G....yj.....GyC!.t.{ 5n.......N.,......./.Sg2.z.Zy.M.fk$N.\e..u`......l./.....@5V|0..!.?.;.Ia*.8.).VF/..~/G..>...(........d.....K..].b....'.' i.............X9..G....=.9.*.&.....=...?..oP.1.\`B.....5....*........J.
<<< skipped >>>
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 412
Connection: Close
{"BuildId":"5b3bffc2-063e-4276-ac76-962e903512c2","Client":"freemium","DlgVersion":"3.1.0.197","Culture":"en-US","LocalTime":"2015-04-26T03:11:21 03:00","SessionId":"605fd6a5-e52b-46e1-aac0-e9001bb68656","MessageName":"OfferInstallStarted","Product":"soft-warenet","ProductVersion":"1.0","Region":"default","Campaign":"product website","Offer":"speedchecker/pcspeedup/1.0/default","TrackBackUrl":"","SubId":null}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Sun, 26 Apr 2015 03:11:20 GMT
Connection: close
Content-Length: 0
GET /3493/1 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dzqx32c9j9ub.cloudfront.net
Connection: Keep-Alive
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Date: Sun, 26 Apr 2015 03:10:27 GMT
Location: hXXp://dlrkbt247pbk6.cloudfront.net/3493_bd05aad78249b1c64e2595545bff63b4/1.zip
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 2d2eb60d814c8202a5a69fa957cd569d.cloudfront.net (CloudFront)
X-Amz-Cf-Id: lfGEGgdK0mVn-5Kt_-UNdKN6mfUUHKOm62L8LbnjCXACsb2zakrfFQ==
HTTP/1.1 302 Moved Temporarily..Content-Type: text/html..Content-Length: 0..Connection: keep-alive..Date: Sun, 26 Apr 2015 03:10:27 GMT..Location: hXXp://dlrkbt247pbk6.cloudfront.net/3493_bd05aad78249b1c64e2595545bff63b4/1.zip..Server: nginx..X-Cache: Miss from cloudfront..Via: 1.1 2d2eb60d814c8202a5a69fa957cd569d.cloudfront.net (CloudFront)..X-Amz-Cf-Id: lfGEGgdK0mVn-5Kt_-UNdKN6mfUUHKOm62L8LbnjCXACsb2zakrfFQ==..nt>....
GET /3493/2 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dzqx32c9j9ub.cloudfront.net
Connection: Keep-Alive
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Date: Sun, 26 Apr 2015 03:10:38 GMT
Location: hXXp://dlrkbt247pbk6.cloudfront.net/3493_819a0752ed22bbe95df8b308cb03ea5a/2.zip
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 2d2eb60d814c8202a5a69fa957cd569d.cloudfront.net (CloudFront)
X-Amz-Cf-Id: Im_8czHimjKnGAcNNfyGUj0qJz-0ENwcmi_8AuK2DU-NjYOPJ5OKWA==
HTTP/1.1 302 Moved Temporarily..Content-Type: text/html..Content-Length: 0..Connection: keep-alive..Date: Sun, 26 Apr 2015 03:10:38 GMT..Location: hXXp://dlrkbt247pbk6.cloudfront.net/3493_819a0752ed22bbe95df8b308cb03ea5a/2.zip..Server: nginx..X-Cache: Miss from cloudfront..Via: 1.1 2d2eb60d814c8202a5a69fa957cd569d.cloudfront.net (CloudFront)..X-Amz-Cf-Id: Im_8czHimjKnGAcNNfyGUj0qJz-0ENwcmi_8AuK2DU-NjYOPJ5OKWA==..
HEAD / HTTP/1.1
Connection: Close
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-configs.buzzrin.de
Content-Length: 0
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 11
Content-Type: text/html
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sun, 26 Apr 2015 03:10:08 GMT
Connection: close
POST /1/inputs/http?index=cc9534a2adc111e286841231390e9c34&sourcetype=service HTTP/1.1
Connection: close
Content-Type: text/plain
User-Agent: WinHttpClient
Content-Length: 111
Host: VVV.pcspeeduplog.com
"uniqueID":"BC8DD994-FD51-4D87-B86E-7BF4AAB4FDC1","productID":1,"version":"3.9.8.0","serviceAction":"--install"
HTTP/1.1 200 OK
Server: nginx/1.4.2
Date: Sun, 26 Apr 2015 03:11:44 GMT
Content-Type: text/plain
Content-Length: 17
Connection: close
Last-Modified: Mon, 12 Aug 2013 21:11:59 GMT
ETag: "52094f9f-11"
Accept-Ranges: bytes
log completed: OK..
GET /media/e5/65/4fd8d03e8d89a93218c9e565/download/b HTTP/1.1
Cache-Control: no-cache
Range: bytes=13927868-14682175
If-Match: "530494e7-e00840"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.soft-ware.net
Connection: Close
<<< skipped >>>
GET /?gfe_rd=cr&ei=Slc8VYfXDM2DNMm7geAF HTTP/1.1
Host: VVV.google.com.ua
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 302 Found
Location: hXXps://VVV.google.com.ua/?gfe_rd=cr&ei=Slc8VYfXDM2DNMm7geAF&gws_rd=ssl
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Set-Cookie: PREF=ID=0b33c0232bbc0542:FF=0:TM=1430017866:LM=1430017866:S=fe1czZG40Qeq5D8J; expires=Tue, 25-Apr-2017 03:11:06 GMT; path=/; domain=.google.com.ua
Set-Cookie: NID=67=mqPMZDz1cCx0Pj-pvR1nwH-gbdP6DogTst7rrF7YMYiAhqkWKGa_ICVWoN0Cp0DIZ4jJ3xGo2QEc5d0q7mjxyEImReYryKsiuer_xpbFJsPlmWB462RCtdz4Oyhu4UH6; expires=Mon, 26-Oct-2015 03:11:06 GMT; path=/; domain=.google.com.ua; HttpOnly
P3P: CP="This is not a P3P policy! See hXXp://VVV.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Date: Sun, 26 Apr 2015 03:11:06 GMT
Server: gws
Content-Length: 276
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 80:quic,p=1
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXps://VVV.google.com.ua/?gfe_rd=cr&ei=Slc8VYfXDM2DNMm7geAF&gws_rd=ssl">here</A>...</BODY></HTML>..HTTP/1.1 302 Found..Location: hXXps://VVV.google.com.ua/?gfe_rd=cr&ei=Slc8VYfXDM2DNMm7geAF&gws_rd=ssl..Cache-Control: private..Content-Type: text/html; charset=UTF-8..Set-Cookie: PREF=ID=0b33c0232bbc0542:FF=0:TM=1430017866:LM=1430017866:S=fe1czZG40Qeq5D8J; expires=Tue, 25-Apr-2017 03:11:06 GMT; path=/; domain=.google.com.ua..Set-Cookie: NID=67=mqPMZDz1cCx0Pj-pvR1nwH-gbdP6DogTst7rrF7YMYiAhqkWKGa_ICVWoN0Cp0DIZ4jJ3xGo2QEc5d0q7mjxyEImReYryKsiuer_xpbFJsPlmWB462RCtdz4Oyhu4UH6; expires=Mon, 26-Oct-2015 03:11:06 GMT; path=/; domain=.google.com.ua; HttpOnly..P3P: CP="This is not a P3P policy! See hXXp://VVV.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."..Date: Sun, 26 Apr 2015 03:11:06 GMT..Server: gws..Content-Length: 276..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Alternate-Protocol: 80:quic,p=1..<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXps://VVV.google.com.ua/?gfe_rd=cr&ei=Slc8VYfXDM2DNMm7geAF&gws_rd=ssl">here</A>...</
<<< skipped >>>
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 377
Connection: Close
{"BuildId":"5b3bffc2-063e-4276-ac76-962e903512c2","Client":"freemium","DlgVersion":"3.1.0.197","Culture":"en-US","LocalTime":"2015-04-26T03:10:06 03:00","SessionId":"605fd6a5-e52b-46e1-aac0-e9001bb68656","MessageName":"ApplicationStarted","Product":"soft-warenet","ProductVersion":"1.0","Region":"default","Campaign":"product website","Offer":"","TrackBackUrl":"","SubId":null}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Sun, 26 Apr 2015 03:10:08 GMT
Connection: close
Content-Length: 0
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=372324, public, no-transform, must-revalidate
Last-Modified: Thu, 23 Apr 2015 10:40:21 GMT
Expires: Thu, 30 Apr 2015 10:40:21 GMT
Date: Sun, 26 Apr 2015 03:14:57 GMT
Connection: keep-alive
0..........0..... .....0......0...0......'.V.8.F.V....H....JW..20150423104021Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5.......A..2.....:...:......20150423104021Z....20150430104021Z0...*.H..................o.}"^O8.[....i...8..o4.....|..aJ.J...U..E[.../...\ .%.o..;.,r~.0....xgZ...8..K..V.CQ..U...F1..D1..VwQ....<h~.*#........ .R@.s...-.6Y,Be...l*?.e@g.........u......*.0.`U.U4...?_......>r..H.......q...f..0.BD.w.m..-.f.@.%...LH.7..{........AV5......E.%.c.....#0...0...0..........r..?.*......y"..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA0...150226000000Z..150527235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.............m5*R........2....>...yU4..L.. ...........u..Hez..Pn.....d...nz(...V7.}^...d!RX...bl..[..a...L.. .~..Ij......%..%p.-...u..:..i..F*]...*....{NH..|0...gHX.Q.r....S..........._.9.(w...suC...N..s.....&."...:.C.Q.i~rl..<..krS..8.B..o].y..L.4...iB@..s.....mw.........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-32010...*.H
<<< skipped >>>
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 377
Connection: Close
{"BuildId":"5b3bffc2-063e-4276-ac76-962e903512c2","Client":"freemium","DlgVersion":"3.1.0.197","Culture":"en-US","LocalTime":"2015-04-26T03:10:07 03:00","SessionId":"605fd6a5-e52b-46e1-aac0-e9001bb68656","MessageName":"ApplicationVisible","Product":"soft-warenet","ProductVersion":"1.0","Region":"default","Campaign":"product website","Offer":"","TrackBackUrl":"","SubId":null}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Sun, 26 Apr 2015 03:10:10 GMT
Connection: close
Content-Length: 0
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTEemCaVgs8Tuh2B9fGVE0pKKNyzgQUTF+nNhcF4oZhIkk5jLmo40rgOBoCEC6utoKGY/7ZdVX4/iTzOxo= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1552
content-transfer-encoding: binary
Cache-Control: max-age=369998, public, no-transform, must-revalidate
Last-Modified: Thu, 23 Apr 2015 10:00:09 GMT
Expires: Thu, 30 Apr 2015 10:00:09 GMT
Date: Sun, 26 Apr 2015 03:15:11 GMT
Connection: keep-alive
0..........0..... .....0......0...0........C...4N...@..6...v...20150423100009Z0s0q0I0... .........z`.V.<N.v...TM)(.r...L_.6....a"I9....J.8........c..uU..$.;.....20150423100009Z....20150430100009Z0...*.H..............{...M...p.....?.T.}....;.. .....P...}....b.Q.)6.{....`;........23.P|9.S....C.......B.....?....k..N>........B..t6.$.o...(.@.x.=......P...I.lm.J.M.}[`.@...P..h.a.G3.o-#5.6si..M]...m.9....m.0.0..Tkf.....t...hx...\...Q.#...YE.p....W. .4.7-.k...g..b..\.k..0.N....50..10..-0..........y.P}~.EY....T]. 0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1<0:..U...3Class 3 Public Primary Certification Authority - G21:08..U...1(c) 1998 VeriSign, Inc. - For authorized use only1.0...U....VeriSign Trust Network0...141202000000Z..151216235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G2 OCSP Responder Certificate 30.."0...*.H.............0..........6..]......w';.r........I..c..4.... .........TyW......hd_.....!C.k......SE<?o.H.. .me.c..9N.&....e.^-..a.....i\:..*."..u...|....".Nf3.~.L...QW...p.....-]UV8U...J&.<./.G.....I...4.T....#I*.i.E0\..~q$.I.......X?G....f.t......v.l.U.Ld.I...B.....=...Sf...H.s.........0..0...U....0.0l..U. .e0c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U........0... .....0......0!..U....0...0.1.0...U....TGV-B-2740...*.H............1.`...i.....H.C.i.9~.i..Z.r.*$..(./.ag9.....J.Q.~.`.$?b..C....<.h.........d&....3.kV.....f...3
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRODEXefhs/UZFum2o8YfzOFwceMwQUkz5j3yJ0BOBkhDHd2yOfDq+2TZMCEA89qsgV9niZmSI6gIO0S/U= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1725
content-transfer-encoding: binary
Cache-Control: max-age=433884, public, no-transform, must-revalidate
Last-Modified: Fri, 24 Apr 2015 03:44:50 GMT
Expires: Fri, 1 May 2015 03:44:50 GMT
Date: Sun, 26 Apr 2015 03:15:11 GMT
Connection: keep-alive
0..........0..... .....0......0...0......%bn.$..5.......?'4....20150424034450Z0s0q0I0... ........N.E.~.?Q.n.j<a.....3...>c."t..d.1..#....M....=....x..":...K.....20150424034450Z....20150501034450Z0...*.H.............t........=..O...i...9....... .J.5.]... ...[r.$M.!.bD...z....o...30^.u..l...6.N!.K.C......S.,'2......4.....l.... ....I..2.}.&..x../C2..x?$n..`.....-l.2..'.>9@.V..iYp......$.x.....A.;....)U*R..r..i.[]..T....5Q......t..R6..4.7u....3..`..c..xLk....i|.S....1.~.....0...0...0..........7.R.~|..r."....#0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091.0,..U...%VeriSign Class 3 Code Signing 2009 CA0...150401000000Z..150630235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1VeriSign Class 3 Code Signing 2009 OCSP Responder0.."0...*.H.............0..........z..|..>.....5.Z ...2.C MWIH.5......M.\.... ...eW..`.B=..`:..R. ...Z.k.Y.....p@.(3.c....a.;..[E....J:'...`...B....M..&......{. (........%......^[v[....m....*.T.o&4..3.....3.........G...e)...'?.K..2s..8=?..z.:..T..-.8R..8wv7*U.K..c...<s...]{.........6.?_...........0...0...U....0.0....U. ...0..0......
<<< skipped >>>
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 381
Connection: Close
{"BuildId":"5b3bffc2-063e-4276-ac76-962e903512c2","Client":"freemium","DlgVersion":"3.1.0.197","Culture":"en-US","LocalTime":"2015-04-26T03:13:35 03:00","SessionId":"605fd6a5-e52b-46e1-aac0-e9001bb68656","MessageName":"ProductDownloadStarted","Product":"soft-warenet","ProductVersion":"1.0","Region":"default","Campaign":"product website","Offer":"","TrackBackUrl":"","SubId":null}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Sun, 26 Apr 2015 03:13:35 GMT
Connection: close
Content-Length: 0
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69+Aj36pvE8hI6t7jiY7NkyMtQCEC58h8wOk0pS/pT9HLfNNK8= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.comodoca.com
HTTP/1.1 200 OK
Date: Sun, 26 Apr 2015 03:11:45 GMT
Server: Apache/2.2.22 (Debian)
Last-Modified: Sat, 25 Apr 2015 04:29:13 GMT
Expires: Wed, 29 Apr 2015 04:29:13 GMT
ETag: 24EB23ED03882CA15E50420D66220C73B4B82DDC
Cache-Control: max-age=263247,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: h6edcaocsp11
Content-Length: 727
Connection: close
Content-Type: application/ocsp-response
0..........0..... .....0......0...0........~.=...<....8...22...20150425042913Z0s0q0I0... ........^..hl\.....W....r.=.....~.=...<....8...22....|....JR......4.....20150425042913Z....20150429042913Z0...*.H................|.....4........o&E.L.?oP........k9f.....j....m....}...%...%l#....z...%.G...bf.Ks2v.,F..F..|g...v....)...T..{.>^.....!P.bg"............7..s.....*....)d....jp...iLF.'..[H|.F....a.....t.....X*.j.. .8......3..<'q......X...2\;9..R......3.....VmD-C.....<.....%S.P...g..!.`../(.V...?..!s.Y.2w.........i..)]8..r.jI.uk."....K`.c..2h..`t....j..G..j............w1`.GG....BM`&,.... \NA.8..t.6x....'.u.@.G....\.Q.:...XR:..Z......<....=..U.0\........YWM._.....z~.e..2.......0..H..q..RRc..7~....:....%.[H...9S..5`1.....@......
GET / HTTP/1.1
Host: VVV.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Location: hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=Slc8VYfXDM2DNMm7geAF
Content-Length: 260
Date: Sun, 26 Apr 2015 03:11:06 GMT
Server: GFE/2.0
Alternate-Protocol: 80:quic,p=1
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=Slc8VYfXDM2DNMm7geAF">here</A>...</BODY></HTML>..HTTP/1.1 302 Found..Cache-Control: private..Content-Type: text/html; charset=UTF-8..Location: hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=Slc8VYfXDM2DNMm7geAF..Content-Length: 260..Date: Sun, 26 Apr 2015 03:11:06 GMT..Server: GFE/2.0..Alternate-Protocol: 80:quic,p=1..<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=Slc8VYfXDM2DNMm7geAF">here</A>...</BODY></HTML>....
POST /upload.php HTTP/1.1
Content-Type: multipart/form-data; boundary=8d24dff12ad36c6
Host: 151.236.26.173
Cache-Control: no-store,no-cache
Pragma: no-cache
Content-Length: 104857685
Expect: 100-continue
Connection: Close
HTTP/1.1 100 Continue
....
GET /random10.jpg?guid=938a2fae-271d-42f8-b7a6-73a7e588e39f&ticks=8T635656147234101936 HTTP/1.1
Host: 151.236.26.173
Cache-Control: no-store,no-cache
Pragma: no-cache
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.2.1
Date: Sun, 26 Apr 2015 03:12:03 GMT
Content-Type: image/jpeg
Content-Length: 100101963
Last-Modified: Thu, 11 Sep 2014 08:52:17 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin,X-Requested-With,Content-Type
raw-nginx-upload: 1
Accept-Ranges: bytes
.....MExif..MM.*.............................b...........j.(...........1..... ...r.2...........i....................'.......'.Adobe Photoshop CS6 (Macintosh).2013:03:22 14:39:08............................ ........... ..............................."...........*.(.....................2...................H.......H.........XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC hXXp://VVV.iec.ch............IEC hXXp://VVV.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................view.........._...............\.....XYZ .....L.V.P...W..meas................................sig ....CRT curv.......................#.(.-.2.7.;.@.E.J.O.T.Y.^.c.h.m.r.w.|.........................................
<<< skipped >>>
POST /1/inputs/http?index=cc9534a2adc111e286841231390e9c34&sourcetype=installer HTTP/1.1
Connection: close
Content-Type: text/plain
User-Agent: PCSUNotifier
Content-Length: 329
Host: VVV.pcspeeduplog.com
"uniqueID":"BC8DD994-FD51-4D87-B86E-7BF4AAB4FDC1","productID":1,"version":"3.9.8.0","ReportInstall":"affID=2380|keyword=installer|campaignID=ppi_2380_installer|uniqueID=BC8DD994-FD51-4D87-B86E-7BF4AAB4FDC1|requestID=","Error":1,"silent":1,"affID":"2380","srcExe":"pcspeedup.exe","OS":"6.1.7601-SP1","ShowUSBCache":1,"noBrowser":1
HTTP/1.1 200 OK
Server: nginx/1.4.2
Date: Sun, 26 Apr 2015 03:11:45 GMT
Content-Type: text/plain
Content-Length: 17
Connection: close
Last-Modified: Mon, 12 Aug 2013 21:11:59 GMT
ETag: "52094f9f-11"
Accept-Ranges: bytes
log completed: OK..
POST /Servers.svc HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction: "hXXp://tempuri.org/IServers/GetServers"
Host: VVV.speedcheckerapi.com
Content-Length: 797
Expect: 100-continue
Connection: Keep-Alive
HTTP/1.1 100 Continue
....
GET /public-source/downloadguide/soft-warenet/1.0/default/campaigns/product website/ui/pcspeedup-single-text-en-us.zip HTTP/1.1
Cache-Control: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: az687722.vo.msecnd.net
Connection: Close
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: public, max-age=3600
Content-MD5: MRI81vfcQ vh8/lDL LOAg==
Content-Type: application/octet-stream
Date: Sun, 26 Apr 2015 03:10:08 GMT
Etag: 0x8D244DC9EE7A8CA
Last-Modified: Tue, 14 Apr 2015 15:12:56 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 1a704b88-0001-0013-33ce-7f50d1000000
x-ms-version: 2009-09-19
Content-Length: 42673
Connection: close
PK...........D.........D......index.html.\...Gv......fa.V..d...if.j......$....A..H....]U=.. .....H.$.y..@^!....H.H.B.\..,........S.9....g...Fb......:..>8^).....^.L......(W^.._... }{.;3.W.?.mJ....;.y...!.g"YI..?...8.C..d........s=aUv.s~.).R......I.......:b...........;...J......../....?..p...S.....,."..........[i.Y,....D.u.....S...@...).r..).\*.VY.[~.3..R.<....N.1a..o.z../.. .{8X..r....}.d:.i..8|p.S...x%....R.J...........^..d.Ti./...i.i.p_.t...2x.m..E.~.....fH..j....f^.I.JO|...6/..tK.ne..0.....D..M...P.."^..}b...V..2....2..., ...>......^w...i...8..f...x.w...(..S.#..........Gt8....i..T.....3\...T1.u.......h..../6..N....l.N9..fX...;..2....G..6.........o.<~...$")...H..m.h..|...'..W.0..Y)..w...o....U...`. ..t.d.....3..."q........;e..\.......C.H...G..!.......j1.m...%.V..=....G..U.HW..".p..7....nt) 1...-2.....o.\5w..by../....89.=.q..G.3.-.Yf.S.....B..P....jt.>.\.$..HTt_$..7."Uo.......k<~&.8.k.2U,...=z..D..........8.Zj.{.Y.h.g...U........O....5.(...J.Q.-..q.W...v..C.b|1...|7>...7..K.....D.)>..*...0:..5p...R.......W.".TK...jec...z.en.D.....n.s.gA[U....g.&< ..F....^P;Q......7Hue......4.....s0...^'U&.8...r.L.....wzW..l.Cp...EZ.(..J`..=...F...b*..l8..../9>F-./N.....x6.6.......f4.C....G...d...v.Vs...cZa.ws[.O4 ......Z. .@.F]xd...B.J.a..7.T......*...:..b ..,..5. d.C._.;..!.".m~AV53. VD\.uV... .,...9...J...B[........=..X..66..&...%.{.....9..z1..@#3C.a* ....1dC.(...v!.U@.6..;.Nu...:q*]....v.....IN..H...e.H".C..v. ..${\1.m.>..Zs.%...`=8......%.aq.."gdp@...-...M...........d.t.B..H%,........L....Oq
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69+Aj36pvE8hI6t7jiY7NkyMtQCEC58h8wOk0pS/pT9HLfNNK8= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.comodoca.com
HTTP/1.1 200 OK
Date: Sun, 26 Apr 2015 03:12:03 GMT
Server: Apache/2.2.22 (Debian)
Last-Modified: Sat, 25 Apr 2015 04:29:13 GMT
Expires: Wed, 29 Apr 2015 04:29:13 GMT
ETag: 24EB23ED03882CA15E50420D66220C73B4B82DDC
Cache-Control: max-age=263229,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: h6edcaocsp11
Content-Length: 727
Connection: close
Content-Type: application/ocsp-response
0..........0..... .....0......0...0........~.=...<....8...22...20150425042913Z0s0q0I0... ........^..hl\.....W....r.=.....~.=...<....8...22....|....JR......4.....20150425042913Z....20150429042913Z0...*.H................|.....4........o&E.L.?oP........k9f.....j....m....}...%...%l#....z...%.G...bf.Ks2v.,F..F..|g...v....)...T..{.>^.....!P.bg"............7..s.....*....)d....jp...iLF.'..[H|.F....a.....t.....X*.j.. .8......3..<'q......X...2\;9..R......3.....VmD-C.....<.....%S.P...g..!.`../(.V...?..!s.Y.2w.........i..)]8..r.jI.uk."....K`.c..2h..`t....j..G..j............w1`.GG....BM`&,.... \NA.8..t.6x....'.u.@.G....\.Q.:...XR:..Z......<....=..U.0\........YWM._.....z~.e..2.......0..H..q..RRc..7~....:....%.[H...9S..5`1.....@......
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 417
Connection: Close
{"BuildId":"5b3bffc2-063e-4276-ac76-962e903512c2","Client":"freemium","DlgVersion":"3.1.0.197","Culture":"en-US","LocalTime":"2015-04-26T03:10:06 03:00","SessionId":"605fd6a5-e52b-46e1-aac0-e9001bb68656","MessageName":"RequirementsCheckStarted","Product":"soft-warenet","ProductVersion":"1.0","Region":"default","Campaign":"product website","Offer":"clickmein ltd/vuupc fs/1.0/default","TrackBackUrl":"","SubId":null}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Sun, 26 Apr 2015 03:10:08 GMT
Connection: close
Content-Length: 0
GET /v4/sof-installer/535559167_198339_B48A115F?action1=xa.geoip&action2=visit&action3=cvs.visit.mystartsearch&update1=ref,cvs&update2=identifier,installer&update3=version,6.3.7602.2124&update4=nation,us&update5=language,en HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: xa.xingcloud.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sun, 26 Apr 2015 03:10:59 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
Content-Encoding: gzip
57.............V*.I,)V.R..V.Q*..M....LL.r......... .....T........<.....S......T..Z.]. .H.....0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Sun, 26 Apr 2015 03:10:59 GMT..Content-Type: text/html; charset=utf-8..Transfer-Encoding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api-version: v4..Content-Encoding: gzip..57.............V*.I,)V.R..V.Q*..M....LL.r......... .....T........<.....S......T..Z.]. .H.....0......
GET /v4/sof-installer/535559167_198339_B48A115F?action=cvs.dlzip1.mystartsearch.finish,1 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: xa.xingcloud.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sun, 26 Apr 2015 03:11:01 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
Content-Encoding: gzip
56..............A..0....,9.XO.o..R$...$..z....2d.v. ,n.i..x.p....`...........3 ..~.P6>H.....0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Sun, 26 Apr 2015 03:11:01 GMT..Content-Type: text/html; charset=utf-8..Transfer-Encoding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api-version: v4..Content-Encoding: gzip..56..............A..0....,9.XO.o..R$...$..z....2d.v. ,n.i..x.p....`...........3 ..~.P6>H.....0..
GET /COMODORSACodeSigningCA.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.comodoca.com
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 26 Apr 2015 03:12:13 GMT
Content-Type: application/x-pkcs7-crl
Content-Length: 25839
Last-Modified: Sat, 25 Apr 2015 08:50:59 GMT
Connection: close
X-CCACDN-Mirror-ID: h6edcacrl6
Accept-Ranges: bytes
0.d.0.c....0...*.H........0}1.0...U....GB1.0...U....Greater Manchester1.0...U....Salford1.0...U....COMODO CA Limited1#0!..U....COMODO RSA Code Signing CA..150425085059Z..150429085059Z0.b.0".......,i....P.'.7...130725153017Z0"......6(...U..)V.6...130731153941Z0!.._#..I..$.d..$%....140105072902Z0!..H.2...@.N...d.....140130091916Z0!.......~...}....*...140327125438Z0!..xtW.u....tf. T.h..140407130614Z0!..^uc..'.....p......140407130622Z0!..2..v.s..f..3#.'...140414130006Z0"....R|..Z.I...U47....140429145655Z0!..h..&.Oe..j.L.}....140502134858Z0!..R.x ..c\.;.-n.j...140505165508Z0!..6...Ci.WM.........140519192807Z0!..e..IJ... .[.C.....140520152605Z0"......>.-.n..f]...(..140526042357Z0"....,b...3fP.}...d...140527111014Z0!..o.K....'.U..KH.-..140527152547Z0".........%.....<.....140528165921Z0!.....~2.....f$j.....140530162719Z0"....4q....e[.........140602104040Z0!..*...ox..BTt..R!...140605144057Z0!......y.j*......1...140606161714Z0"....W..~....l........140606190404Z0".......|BP[...5L ....140606190440Z0"........1(...v...>a..140610185012Z0!..AI..y}I...v.......140610185029Z0!..4..k...,G.DJH.N...140610210158Z0"....T.q..i.1....T....140611033025Z0!..f.<.M]@......9.|..140616152648Z0!.......O*<R..SHx.C..140620190555Z0"......oU.fU..........140623111824Z0!../,V..r.&.uNn..*...140707151821Z0!..O..].9/.M;........140711123959Z0".........i[.....a{...140723190533Z0!..).'..\.H....z.pP..140725193446Z0"....__.H....Y...B.|..140729143516Z0"....v.>.D.D..g`#.@e..140731221657Z0!...J.>j.1K/..Qt.....140801080058Z0!..pc.yB..,.w.J..
<<< skipped >>>
GET /0.gif?2920516&101 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: sstatic1.histats.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 26 Apr 2015 03:13:08 GMT
Content-Type: image/gif
Content-Length: 43
Connection: close
Set-Cookie: CountUid=5447eecb-9eym-433b-b267-e4aef67e236e; domain=.histats.com; Max-Age=31536000; Expires=Wed, 13-May-2015 03:53:37 GMT
GIF89a.............!.......,...........D..;..
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSSdxXdG447ymkRNPVViULv3rkBzQQUKZFg/4pN+uv5pmq4z/nmS71JzhICEHdZvl5azuWSrxlVW1KM5y8= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.comodoca.com
HTTP/1.1 200 OK
Date: Sun, 26 Apr 2015 03:12:09 GMT
Server: Apache/2.2.22 (Debian)
Last-Modified: Fri, 24 Apr 2015 22:51:17 GMT
Expires: Tue, 28 Apr 2015 22:51:17 GMT
ETag: 9EE11AD5AC8713D60F5AFA8AE83EEB12ACE092D7
Cache-Control: max-age=242947,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: h6edcaocsp11
Content-Length: 471
Connection: close
Content-Type: application/ocsp-response
0..........0..... .....0......0...0......).`..M....j....K.I....20150424225117Z0s0q0I0... .........w....;.i.4.U.B.......).`..M....j....K.I....wY.^Z.....U[R../....20150424225117Z....20150428225117Z0...*.H.................7.a(..p..-^o9v.m...bJ...g.$o&.1.,.X.I.fO].W.......#..o.....M.....P...pV.....e,.......a.7aji...$..q..n._.....t..Mb....WY..........E/.....u..%..Z.U..a..7.k.....k&.Q...:.D*...4.....B....6$ZN)..A.@.=..qd..( oGw........'.o...\K(.pl..........Svs..i.y]._..q0F..
POST /upload.php HTTP/1.1
Content-Type: multipart/form-data; boundary=8d24dff12ad36c6
Host: 151.236.26.173
Cache-Control: no-store,no-cache
Pragma: no-cache
Content-Length: 104857685
Expect: 100-continue
Connection: Close
--8d24dff12ad36c6
Content-Disposition: form-data; name="data"
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
HTTP/1.1 200 OK
Server: nginx/1.2.1
Date: Sun, 26 Apr 2015 03:12:13 GMT
Content-Type: text/plain
Content-Length: 14
Connection: close
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin,X-Requested-With,Content-Type
raw-nginx-upload: 1
size=104857685....
GET /featurelimit.aspx?productID=1&uniqueID=BC8DD994-FD51-4D87-B86E-7BF4AAB4FDC1&requestID=&version=3.9.8.0&language=&campaignID=&QuickScan=0 HTTP/1.1
Connection: Keep-Alive
User-Agent: PCSUService
Host: VVV.pcsuapi.com
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.0
Set-Cookie: ASP.NET_SessionId=qetcfykw3vkgigcqmryiy12j; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sun, 26 Apr 2015 03:11:44 GMT
Content-Length: 1
6HTTP/1.1 200 OK..Cache-Control: private..Content-Type: text/html; charset=utf-8..Server: Microsoft-IIS/8.0..Set-Cookie: ASP.NET_SessionId=qetcfykw3vkgigcqmryiy12j; path=/; HttpOnly..X-AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..Date: Sun, 26 Apr 2015 03:11:44 GMT..Content-Length: 1..6..
GET /v4/sof-installer/535559167_198339_B48A115F?action=cvs.installer.mystartsearch.hp HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: xa.xingcloud.com
HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sun, 26 Apr 2015 03:11:04 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"1.19 ms","message":"store 1 action and 0 update "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Sun, 26 Apr 2015 03:11:04 GMT..Content-Type: text/html; charset=utf-8..Transfer-Encoding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api-version: v4..48..{"stats":"ok","time":"1.19 ms","message":"store 1 action and 0 update "}..0..
POST /1/inputs/http?index=cc9534a2adc111e286841231390e9c34&sourcetype=speedtest HTTP/1.1
Content-Type: text/plain
Host: VVV.pcspeeduplog.com
Content-Length: 485
Expect: 100-continue
Connection: Keep-Alive
HTTP/1.1 100 Continue
....
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 420
Connection: Close
{"BuildId":"5b3bffc2-063e-4276-ac76-962e903512c2","Client":"freemium","DlgVersion":"3.1.0.197","Culture":"en-US","LocalTime":"2015-04-26T03:10:06 03:00","SessionId":"605fd6a5-e52b-46e1-aac0-e9001bb68656","MessageName":"RequirementsCheckSuccessful","Product":"soft-warenet","ProductVersion":"1.0","Region":"default","Campaign":"product website","Offer":"speedchecker/pcspeedup/1.0/default","TrackBackUrl":"","SubId":null}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Sun, 26 Apr 2015 03:10:08 GMT
Connection: close
Content-Length: 0
GET /public-source/downloadguide/soft-warenet/1.0/default/campaigns/product website/ui/soft-warenet-flow-5-text-en-us.zip HTTP/1.1
Cache-Control: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: az687722.vo.msecnd.net
Connection: Close
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: public, max-age=3600
Content-MD5: evzyomLfdykbHeHg wF1rg==
Content-Type: application/octet-stream
Date: Sun, 26 Apr 2015 03:10:08 GMT
Etag: 0x8D218DF91BA1080
Last-Modified: Tue, 17 Feb 2015 15:43:11 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 7a5ce9f7-0001-0009-57ce-7f7fbe000000
x-ms-version: 2009-09-19
Content-Length: 47048
Connection: close
PK........t.GE........>.......index.html.Wmo.6.......W.6:Kq[.C".H......I7..@I'..E.$e....w.$G..4...6.;.=..K....g..\....b..OQ.K.....v...[..(l~{..,C.......cz...i....(I.]L-...i8!i......~?......o...-.j.%.DL...0........i.?..W..cR. K.Nczc...5..|.,..WA.epc(......$..'/.y-S..........bJ....D.t..*..tv..N..T...'....l...&@&....UU.`.`....$[..2n*f....N..,.=......JV.=&..G...<.}..PY.....c.J.v.,M.6....u.,..i..L.....IL.&}.^....2...V.jA;%<'.=.>.....]....s.n.v{.M....v....yD.'&..x.3J.o;.W...p..X...........P.U.3'{.s........H..m/x..]?r...*.S .?.z.>..4_u.}R....B.a{. .o..6...0...9.......'&a_..U..,T.k.!.J."f..RL*....8!.%.....Q.s..Wk...:. .^{...m......X..[k...$g.t'...f.1...w....R....5I.3&....b......" .......3"..,...aP2[...7.8._....]..q..9..xf.7.T....2J...U..Sz....F(..s....`.0G."..........Z..._,F(....XEl...VL....u.-.....T'Y...|..J.......z..u...lL.!.T....D.h.V.......L.1.c`.Ey).a7O..o...(pP`...I W..~?>qY..b.......(b.......%X......D0.of.7....f.....|.4..lXa.2![%ty...i..1....Jf..K..}...s..{#..@3..D...5....h.*......(.......T...5.c.zqT...}..,^..%K...Tk.;.R..&.....V...9...Kh.@....t..A...w@5.....p.../......PK........CK.D-.b.....C.......css\style.css.V...0.]'R..mT.]..y4%......Xq.e...^..;~....TP..3...9.'.. z[-.\..U...ipI...O....."..bqG........{..eI...'$p.....W....j.=~....Z..r...U...K.(......M*.B....{.s"........r..}.M...c..$..:....RI(.'....o..h...dcn....!xC-?N.....\n4WU....s.h{..N......;p..qU..?q.$n..c"I...2 .n.-.g. ..(.S.8.e..@c...........I..."..`.5A..%.R...I.....$.;..|....I...w...K..A.....^=...BY.u.....A}v........A..*z.x.]...y|...).
<<< skipped >>>
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 406
Connection: Close
{"BuildId":"5b3bffc2-063e-4276-ac76-962e903512c2","Client":"freemium","DlgVersion":"3.1.0.197","Culture":"en-US","LocalTime":"2015-04-26T03:10:58 03:00","SessionId":"605fd6a5-e52b-46e1-aac0-e9001bb68656","MessageName":"OfferAccepted","Product":"soft-warenet","ProductVersion":"1.0","Region":"default","Campaign":"product website","Offer":"clickmein ltd/vuupc fs/1.0/default","TrackBackUrl":"","SubId":null}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Sun, 26 Apr 2015 03:10:57 GMT
Connection: close
Content-Length: 0
GET /v4/sof-ient/535559167_198339_B48A115F?action0=xa.geoip&action2=visit&update0=ref,cvs&update1=nation,us&update2=language,en&update3=version,2.8.8.2102&update4=chptid,cvs HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) in my heart of heart.
Host: xa.xingcloud.com
HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sun, 26 Apr 2015 03:11:19 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"1.36 ms","message":"store 3 action and 5 update "}..0......
GET /v4/sof-ient/535559167_198339_B48A115F?action1=install.cvs HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) in my heart of heart.
Host: xa.xingcloud.com
HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sun, 26 Apr 2015 03:11:19 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"1.66 ms","message":"store 1 action and 0 update "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Sun, 26 Apr 2015 03:11:19 GMT..Content-Type: text/html; charset=utf-8..Transfer-Encoding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api-version: v4..48..{"stats":"ok","time":"1.66 ms","message":"store 1 action and 0 update "}..0..
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 397
Connection: Close
{"BuildId":"5b3bffc2-063e-4276-ac76-962e903512c2","Client":"freemium","DlgVersion":"3.1.0.197","Culture":"en-US","LocalTime":"2015-04-26T03:10:20 03:00","SessionId":"605fd6a5-e52b-46e1-aac0-e9001bb68656","MessageName":"OfferShown","Product":"soft-warenet","ProductVersion":"1.0","Region":"default","Campaign":"product website","Offer":"elex/websearches/1.0/default","TrackBackUrl":"","SubId":null}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Sun, 26 Apr 2015 03:10:19 GMT
Connection: close
Content-Length: 0
GET /media/e5/65/4fd8d03e8d89a93218c9e565/download/b HTTP/1.1
Cache-Control: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.soft-ware.net
Connection: Close
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 26 Apr 2015 03:13:16 GMT
Content-Type: application/octet-stream
Content-Length: 14682176
Last-Modified: Wed, 19 Feb 2014 11:26:31 GMT
Connection: close
ETag: "530494e7-e00840"
Expires: Tue, 26 May 2015 03:13:16 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<.ydx..7x..7x..7_Hz7{..7_Hl7i..7x..7...7q..7s..7q..7y..7q..7y..7Richx..7........................PE..L....l.K.................d.......B..K5............@...........................3......`................................................3.P)...........................................................................................................text....c.......d.................. ..`.rdata...............h..............@..@.data....f..........................@....ndata....,..............................rsrc...P)....3..*..................@..@................................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H......G..H.P.u..u..u...|.@..K...SV.5..G.W.E.P.u.....@..e...E..E.P.u.....@..}..e....D.@........FR..VV..U... M..........M........E...FQ.....NU..M.......M...VT..U........FP..E...............E.P.M...H.@..E..P.E..E.P.u.....@..u....E..9}...n....~X.te.v4..L.@..E...tU.}.j.W.E......E.......P.@..vXW..T.@..u..5X.@.W..h ....E..E.Pj.h..F.W....@..u.W...u....E.P.u.....@._^3.[.....L$....G...i. @...T.....tUVW.q.3.;5..G.sD..i. @...D..S.....t.G.....t...O..t .....u...3....3...F. @..;5..G.r.[_^...U..QQ
<<< skipped >>>
GET /0.gif?2920520&101 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: sstatic1.histats.com
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: CountUid=5447eecb-9eym-433b-b267-e4aef67e236e
HTTP/1.1 200 OK
Date: Sun, 26 Apr 2015 03:15:09 GMT
Content-Type: image/gif
Content-Length: 43
Connection: close
GIF89a.............!.......,...........D..;..
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.usertrust.com
HTTP/1.1 200 OK
Date: Sun, 26 Apr 2015 03:11:45 GMT
Server: Apache/2.2.22 (Debian)
Last-Modified: Sat, 25 Apr 2015 04:29:13 GMT
Expires: Wed, 29 Apr 2015 04:29:13 GMT
ETag: D60CF3FEA10920BFD9223C04D2095561967D1DBA
Cache-Control: max-age=263247,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: h6edcaocsp11
Content-Length: 471
Connection: close
Content-Type: application/ocsp-response
0..........0..... .....0......0...0.........z4.&...&T....$.T...20150425042913Z0s0q0I0... ........|.fT...D.b&...e{.z.......z4.&...&T....$.T...'f.V.I....p...."....20150425042913Z....20150429042913Z0...*.H.............M.he.#b$...d.<....x.....8.n|..ak,....P..z...K....... .......,....qv..!...........s..........8&.D....>..$e..L,L.V..Z.......z........z...!..O..1....1>.%.F...\...m...7..[1.]..l..//B,.OG........Q.h..:b.~F_.\;..eb..~... .........TI*p........e0.C....).....b=..k...
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1762
content-transfer-encoding: binary
Cache-Control: max-age=487986, public, no-transform, must-revalidate
Last-Modified: Fri, 24 Apr 2015 18:45:16 GMT
Expires: Fri, 1 May 2015 18:45:16 GMT
Date: Sun, 26 Apr 2015 03:14:52 GMT
Connection: keep-alive
0..........0..... .....0......0...0......;O}a.!..u...au..eUNp..20150424184516Z0s0q0I0... ...................B.>.I.$&.....e......0..C9...313..R...%V.......K3.....20150424184516Z....20150501184516Z0...*.H.............|.k`.#..:..."...8....:Hu%.....Pf...sS.!.Og.....4.......R.Y..e......mG.-.&.Q....}..*.S......!.^.. .&S.)..o...ij.2.....^4.D.Y..N...a...a.-".p_E]..M....c..9.!8.%..u<...)........z}......R.j3B..l.................@...!......=m....<.Ep.....,...|......1.BwP.9"........0...0...0...........2...'U.BM...g.B0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For authorized use only1E0C..U...<VeriSign Class 3 Public Primary Certification Authority - G50...141202000000Z..151216235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G5 OCSP Responder Certificate 30.."0...*.H.............0...............2&..PL...,..2....:..tH...`JG.%..*...s.c%...?t..J..0.q....~..k@X.l.i....0..kk..h.9"1.5?..s.....3[...u......]...R0..Z}....l..I.Y.....j\H.q...#.uw.4qz.#.J.....@2$"..$l.B.......D.ye..(..2.........@...... ...."... E..0M,..b{.^..s'....f.6.pr4.J........'j..........0...0...U.......0.0l..U. .e0c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U...........0... .....0......0!..U....0...0.1.0...U....TGV-B-2760...U......;O}a.!..u...au..eUNp0...U.#..0.....e......0..C9...3130...*.H.............(.&..Dgr.Ve..#...5
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEALa8SdwQh28+NjkQGqVhx8= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1725
content-transfer-encoding: binary
Cache-Control: max-age=433801, public, no-transform, must-revalidate
Last-Modified: Fri, 24 Apr 2015 03:44:53 GMT
Expires: Fri, 1 May 2015 03:44:53 GMT
Date: Sun, 26 Apr 2015 03:14:52 GMT
Connection: keep-alive
0..........0..... .....0......0...0......N$p...v....1.;..vn....20150424034453Z0s0q0I0... ...................F....0.yV......{&.K......&..........'pB.....@j.......20150424034453Z....20150501034453Z0...*.H.............$S....KNR".3....>E..y..c.C.=......{Z..=bOT....f...5...eE.........<....I..:..'....T.JI.;..&:p...'TQ.9J.zg/B...Y ...}X9.K.>..R.../Z.o].3"..l....}..;.%.."D.tm..B...7UKV.......D...r..o|..e......&...........6...../xV.*p..T.._......!x..G...C...d....l...yIaQCi.......0...0...0............F...I]A(M..s@.0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)101.0,..U...%VeriSign Class 3 Code Signing 2010 CA0...150225000000Z..150526235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1VeriSign Class 3 Code Signing 2010 OCSP Responder0.."0...*.H.............0.........q<...A...#......A...u..Lz.............o..D.vQ%..s.......f....e../jI.d.W.....|K;.j5...#.B%.]..~S.... .|;S.&.....N..`...5.....!D.p....M/.. ..;j...q..`6...2.Ck..BnLHvCZn%....,.w.Ooi..z'...\.Yx......b..L...5.o..o..{..}.........%e.....N..._i........*Bc....:yQg.........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-31830...*.H..............-..^.........f.P`...s.....8.....V.......... .... B.(@-
<<< skipped >>>
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 403
Connection: Close
{"BuildId":"5b3bffc2-063e-4276-ac76-962e903512c2","Client":"freemium","DlgVersion":"3.1.0.197","Culture":"en-US","LocalTime":"2015-04-26T03:10:45 03:00","SessionId":"605fd6a5-e52b-46e1-aac0-e9001bb68656","MessageName":"OfferShown","Product":"soft-warenet","ProductVersion":"1.0","Region":"default","Campaign":"product website","Offer":"clickmein ltd/vuupc fs/1.0/default","TrackBackUrl":"","SubId":null}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Sun, 26 Apr 2015 03:10:45 GMT
Connection: close
Content-Length: 0
GET /gscodesignsha2g2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQpEOCqbmTiQA9OjY//t2aa8NSkuwQUGUq4WuRNMaUU5V7sL6Mc+oCMMmsCEhEhJz1lhSyxS2RYZQVJ48M2bQ== HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com
HTTP/1.1 200 OK
Date: Sun, 26 Apr 2015 03:14:44 GMT
Content-Type: application/ocsp-response
Content-Length: 1493
Connection: keep-alive
Set-Cookie: __cfduid=d7f9e022abe6711ba67b77f3cb2fa0be01430018084; expires=Mon, 25-Apr-16 03:14:44 GMT; path=/; domain=.globalsign.com; HttpOnly
X-Powered-By: Servlet/3.0; JBossAS-6
ETag: e1d3bf0704693f9610586c5ad76eac842e52e7bd
Expires: Sun, 26 Apr 2015 11:19:01 GMT
Last-Modified: Sat, 25 Apr 2015 23:19:01 GMT
Cache-Control: max-age=180, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 1dcf1e8163e21595-FRA
0..........0..... .....0......0...0.......9e.K.....__..........20150425231901Z0u0s0K0... ........)...nd.@.N....f........J.Z.M1...^./.....2k...!'=e.,.KdXe.I..6m....20150425231901Z....20150426111901Z0...*.H...........A...Xh8....S.]P..9...=..h... !......%.>.o...B..Yg%f....o.z.........._..."$C...H.gl.h)..3.......u...H/..W..!.Va.......c....-.g.n...`.......i-._..%....a..zR._.\..:</...!.I.....u..U.'.5..0.{...=..>...].a..}...M7....].......l....e...(...f.... [q_..W|.ma.(...hI....0...0...0...........!J .v...._......60...*.H........0Z1.0...U....BE1.0...U....GlobalSign nv-sa100...U...'GlobalSign CodeSigning CA - SHA256 - G20...150324152349Z..150624142349Z0..1.0...U....BE1.0...U....GlobalSign nv-sa1C0A..U...:GlobalSign CodeSigning CA - SHA256 - G2 OCSP responder - 11.0...U....201503241623000.."0...*.H.............0.........8..|Z.....|j......q..*d....Q...{.;G....%.!(9.gD...k.. ....(....~&.(........a'.o...%..ap...x...5*.........Vx.......55.....7..5....kL..E1M...L....?...s....#...,n........../...'..:...z..R.....w...Fw.n...nd.e....0v.^.......">G..}|..z.Y*<:./.D&.j.9.)../...rD.A........0..0...U....0.0...U...........0...U.%..0... .......0... .....0......0...U.......9e.K.....__........0...U.#..0....J.Z.M1...^./.....2k0...*.H................}[...xH..t-N..e...cSd..0.4.&.m......2J...r.....4.d..m... .>..uS.w...4.>.(...A.....h...:=..\q.l.hf.t"...=........=..Z...Z.....K.v...Y. ........'B.C...U3........h?....b...!1.<h.%4...o.h.{..!.!Y.G....."...H.Q.q.>..a.<.......G.7..X.OM..>7|b.....i.q....u..kF..
<<< skipped >>>
GET /download/F/8/C/F8C0EACB-92D0-4722-9B18-965DD2A681E9/30514.00/Silverlight.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: PCSUInstaller
Host: download.microsoft.com
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Last-Modified: Wed, 14 May 2014 07:41:33 GMT
Accept-Ranges: bytes
ETag: "3a12baed476fcf1:0"
Server: Microsoft-IIS/8.5
Content-Disposition: attachment
Content-Length: 6958304
Date: Sun, 26 Apr 2015 03:11:22 GMT
Connection: keep-alive
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........K...K...K.......D...K...!......._.......J.......J...RichK...................PE..L...Hn.@.................x...........X... ........... ................................k.......... .......................... .........................i..<...........!............................................... ...............................text...`w... ...x.................. ..`.data................|..............@....rsrc............ri..~..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................n...D...4...................................Z...............|...................................&...2...:...T...n...........................................&...:...P...n...x...........................................>...L...f...~..............................."...<...R...h.......N...\...8...(.......................................b...........>...&...................n...:...H...T...`...................................................................................Hn.@.............&..............
<<< skipped >>>
GET /partners/pcspeedup.exe HTTP/1.1
Cache-Control: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: pcspeedup-7ff.kxcdn.com
Connection: Close
HTTP/1.1 200 OK
Server: keycdn-engine
Date: Sun, 26 Apr 2015 03:11:20 GMT
Content-Length: 6929152
Connection: close
Last-Modified: Mon, 13 Apr 2015 09:48:40 GMT
ETag: "552b90f8-69bb00"
X-Edge-Location: rumo
Content-Type: application/octet-stream
Content-Disposition: attachment
Accept-Ranges: bytes
MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......N.................P..........xd.......p....@..................................>j..........@..................................................8.i.............................................................P...L............................text....C.......D.................. ..`.itext.......`.......H.............. ..`.data........p.......T..............@....bss.....W...........b...................idata...............b..............@....tls.................r...................rdata...............r..............@..@.rsrc................t..............@..@.....................&..............@..@..................................................................................................................................................................@...AnsiChar............@...string(.@...AnsiString......@...............................@.........p9@.x9@..:@..:@..:@..:@..:@..:@.L8@.h8@..8@..TObject..@...TObject..@........System...%..A....%..A....%..A....%..A....%..A....%..A....%|.A....%..A....%x.A....%..A....%..A....%..A....%..A....%..A....%..A....%..A....%..A....%..A....%..A....%..A....%t.A....%..A....%..A....%..A....%h.A....%d.A....%`.A....%..A....%..A....%X.A....%T.A....%P.A....%..A....%..A....%..A....%..A....%..A...S..........$D...T.J....D$,.t.
<<< skipped >>>
GET /media/e5/65/4fd8d03e8d89a93218c9e565/download/b HTTP/1.1
Cache-Control: no-cache
Range: bytes=11255344-14682175
If-Match: "530494e7-e00840"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.soft-ware.net
Connection: Close
HTTP/1.1 206 Partial Content
Server: nginx
Date: Sun, 26 Apr 2015 03:13:17 GMT
Content-Type: application/octet-stream
Content-Length: 3426832
Last-Modified: Wed, 19 Feb 2014 11:26:31 GMT
Connection: close
ETag: "530494e7-e00840"
Expires: Tue, 26 May 2015 03:13:17 GMT
Cache-Control: max-age=2592000
Content-Range: bytes 11255344-14682175/14682176
|.zv.y...3..O .K.&Xh^T)......k\.$..........._.).#.l.X..VFe....`......=.Dz.Q.L....@.9....6.E ...Y.......9.. h......(.}.#*"bD..c.z*....R&c.U]^o,<lB...DG.....bB1DR...........O]..%..>{3~.....y...)....e..|.*u.....X...2....*.}..Ek..Y.N#..v?.".";Ltx...N....BT.f..X....*.&...3...R.h.7 ..n@.v..lqL.)..C..L.#<.z.?....L=.!...l.U.L3.?.....,..M8..9.N~..../.>...K...<..O..?.?.!.....8.<.m.Hc.8..d....U[.E..p..#..f.?...!.kt..r...L[..A..}....M.AF...........=.SdTcd-....p......T...p;:.......%>.I.d..32..5$W..E5.......[......L...S.O.E.Q...q.h.I.@..C.S........<.z.R.yln...h...8.T......d^.T.9.I'.I......|.;.U..&..0....,.....tpz{k.....o#..6t.cO..4......b..}..a..BKN....U1..U..........9......[.....*Y..>d..T........i.\.r.l...:......"......66.A.....N..R.x&...b...../j..... 3.O.h...{.9{ ...{.g. g..!.....ZYz...@...`=..q;..tJ....M..zOm....@.Yg..e@..8.,G.......J.v.Z... -......>3.y\ ..1vg.j......,..Lj..HI...T......Z.j\.{..1..PiE..<..6O......?.....v....d(h....b..|./..a..$\.TU.....C.|8(&v...g..qw.".Rn#..Im........"^8...|.S....M{P....*r.]^.......:%......U.M...B..'So.V..r....... hQ9.Z...ps......,G................v..S,...T.?Kc..y.t.,.j. ...^..t.|%.S.?N|.92.5U"U....Q..j..o.\..hpiq.G..... ..s.7..85vo...KG...N..h... ..i.d.^S..........*.p.@i...Vl.r..1P.:.. ..n.......e.b..:c....zU..]..k.....R|b...3.%...7LX..........S...].......$..9NO#w.mA@....SQ6..%..........Xz......Mb......'T.nay.........J.........%r>.....Y^,.U.d..]R..."..Q....>'.V....HKt&.j.}(.d......,.[. .W.....r..C....w..# .'.L$.. ...M..:uq...C...vr...0.I{....R.6....q
<<< skipped >>>
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 411
Connection: Close
{"BuildId":"5b3bffc2-063e-4276-ac76-962e903512c2","Client":"freemium","DlgVersion":"3.1.0.197","Culture":"en-US","LocalTime":"2015-04-26T03:10:06 03:00","SessionId":"605fd6a5-e52b-46e1-aac0-e9001bb68656","MessageName":"RequirementsCheckStarted","Product":"soft-warenet","ProductVersion":"1.0","Region":"default","Campaign":"product website","Offer":"elex/websearches/1.0/default","TrackBackUrl":"","SubId":null}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Sun, 26 Apr 2015 03:10:08 GMT
Connection: close
Content-Length: 0
POST /1/inputs/http?index=cc9534a2adc111e286841231390e9c34&sourcetype=installer HTTP/1.1
Connection: close
Content-Type: text/plain
User-Agent: PCSUNotifier
Content-Length: 219
Host: VVV.pcspeeduplog.com
"uniqueID":"BC8DD994-FD51-4D87-B86E-7BF4AAB4FDC1","productID":1,"version":"3.9.8.0","Silverlight":"Download","OK":200,"silent":1,"affID":"2380","srcExe":"pcspeedup.exe","OS":"6.1.7601-SP1","ShowUSBCache":1,"noBrowser":1
HTTP/1.1 200 OK
Server: nginx/1.4.2
Date: Sun, 26 Apr 2015 03:11:23 GMT
Content-Type: text/plain
Content-Length: 17
Connection: close
Last-Modified: Mon, 12 Aug 2013 21:11:59 GMT
ETag: "52094f9f-11"
Accept-Ranges: bytes
log completed: OK..
GET //MEIwQDA+MDwwOjAJBgUrDgMCGgUABBQdI2+OBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.godaddy.com
HTTP/1.1 200 OK
Date: Sun, 26 Apr 2015 03:14:57 GMT
Server: Apache
Content-Transfer-Encoding: Binary
Cache-Control: max-age=116023, public, no-transform, must-revalidate
Last-Modified: Sun, 26 Apr 2015 01:10:27 GMT
Expires: Mon, 27 Apr 2015 13:10:27 GMT
ETag: "c30fade8d543f5204181f6438f822d3f1b5d2cff"
Content-Length: 1741
Connection: close
Content-Type: application/ocsp-response
0..........0..... .....0......0...0.....0..1.0...U....US1.0...U....Arizona1.0...U....Scottsdale1.0...U....GoDaddy.com, Inc.100...U...'Go Daddy Root Validation Authority - G2..20150426011027Z0d0b0:0... .........#o..K......#..... ...:....g(.....An ............20150426011027Z....20150427131027Z0...*.H.............f...>N../_..*........*.......#.....a.......2.....&jB3.!!9s/o.(3.....-.z....).*.k..n..'<Q.../..I.....G.U~.V.E5 .......2...e... . .!)(L.<pf.......-........\ .1.1(..|.....0..?.>...4y..W.!..0l.Qd).....iN$:>&..O.m.s... ....N.........!.le......|.D.. ....#Dv|y.......0...0...0..q..........t....o0...*.H........0..1.0...U....US1.0...U....Arizona1.0...U....Scottsdale1.0...U....GoDaddy.com, Inc.110/..U...(Go Daddy Root Certificate Authority - G20...150316070000Z..160316070000Z0..1.0...U....US1.0...U....Arizona1.0...U....Scottsdale1.0...U....GoDaddy.com, Inc.100...U...'Go Daddy Root Validation Authority - G20.."0...*.H.............0.........xo(....QQ.`L.~...&...a.F.=.....d=....."......?...\..........b.D....l=.HS.N......A..;....C)...(..T........XA-N....k1 .....ag...,4.L{.I..hEKb..K......!.(...7....p.O...X.._........8.B..k[4...........e.../....^.S..7A.b.oB..\......2%.|c...A....Fk.T..24.0B...p.........0..0...U.......0.0...U...........0...U.%..0... ......... .......0...U.......O........f...e..r..0... .....0......0@..U...90705.3.1./hXXp://crl.godaddy.com/repository/gdroot-g2.crl0J..U. .C0A0?..`.H...m....000... ........"hXXp://crl.godaddy.com/repository/0...*.H.............bW%D.2.X..U[0d..........|.BaG.Y.?.u.
<<< skipped >>>
GET /random10.jpg?guid=938a2fae-271d-42f8-b7a6-73a7e588e39f&ticks=7T635656147234101936 HTTP/1.1
Host: 151.236.26.173
Cache-Control: no-store,no-cache
Pragma: no-cache
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.2.1
Date: Sun, 26 Apr 2015 03:12:03 GMT
Content-Type: image/jpeg
Content-Length: 100101963
Last-Modified: Thu, 11 Sep 2014 08:52:17 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin,X-Requested-With,Content-Type
raw-nginx-upload: 1
Accept-Ranges: bytes
.....MExif..MM.*.............................b...........j.(...........1..... ...r.2...........i....................'.......'.Adobe Photoshop CS6 (Macintosh).2013:03:22 14:39:08............................ ........... ..............................."...........*.(.....................2...................H.......H.........XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC hXXp://VVV.iec.ch............IEC hXXp://VVV.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................view.........._...............\.....XYZ .....L.V.P...W..meas................................sig ....CRT curv.......................#.(.-.2.7.;.@.E.J.O.T.Y.^.c.h.m.r.w.|.........................................
<<< skipped >>>
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 407
Connection: Close
{"BuildId":"5b3bffc2-063e-4276-ac76-962e903512c2","Client":"freemium","DlgVersion":"3.1.0.197","Culture":"en-US","LocalTime":"2015-04-26T03:10:58 03:00","SessionId":"605fd6a5-e52b-46e1-aac0-e9001bb68656","MessageName":"OfferDownloadStarted","Product":"soft-warenet","ProductVersion":"1.0","Region":"default","Campaign":"product website","Offer":"elex/websearches/1.0/default","TrackBackUrl":"","SubId":null}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Sun, 26 Apr 2015 03:10:58 GMT
Connection: close
Content-Length: 0
POST /1/inputs/http?index=cc9534a2adc111e286841231390e9c34&sourcetype=installer HTTP/1.1
Connection: close
Content-Type: text/plain
User-Agent: PCSUNotifier
Content-Length: 204
Host: VVV.pcspeeduplog.com
"uniqueID":"BC8DD994-FD51-4D87-B86E-7BF4AAB4FDC1","productID":1,"version":"3.9.8.0","installerStart":1,"silent":1,"affID":"2380","srcExe":"pcspeedup.exe","OS":"6.1.7601-SP1","ShowUSBCache":1,"noBrowser":1
HTTP/1.1 200 OK
Server: nginx/1.4.2
Date: Sun, 26 Apr 2015 03:11:21 GMT
Content-Type: text/plain
Content-Length: 17
Connection: close
Last-Modified: Mon, 12 Aug 2013 21:11:59 GMT
ETag: "52094f9f-11"
Accept-Ranges: bytes
log completed: OK..
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSSdxXdG447ymkRNPVViULv3rkBzQQUKZFg/4pN+uv5pmq4z/nmS71JzhICEHdZvl5azuWSrxlVW1KM5y8= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.comodoca.com
HTTP/1.1 200 OK
Date: Sun, 26 Apr 2015 03:11:45 GMT
Server: Apache/2.2.22 (Debian)
Last-Modified: Fri, 24 Apr 2015 22:51:17 GMT
Expires: Tue, 28 Apr 2015 22:51:17 GMT
ETag: 9EE11AD5AC8713D60F5AFA8AE83EEB12ACE092D7
Cache-Control: max-age=242971,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: h6edcaocsp11
Content-Length: 471
Connection: close
Content-Type: application/ocsp-response
0..........0..... .....0......0...0......).`..M....j....K.I....20150424225117Z0s0q0I0... .........w....;.i.4.U.B.......).`..M....j....K.I....wY.^Z.....U[R../....20150424225117Z....20150428225117Z0...*.H.................7.a(..p..-^o9v.m...bJ...g.$o&.1.,.X.I.fO].W.......#..o.....M.....P...pV.....e,.......a.7aji...$..q..n._.....t..Mb....WY..........E/.....u..%..Z.U..a..7.k.....k&.Q...:.D*...4.....B....6$ZN)..A.@.=..qd..( oGw........'.o...\K(.pl..........Svs..i.y]._..q0F..
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 148
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"3530\",\"guid\": \"\",\"channel_id\": \"\", \"utm_addition\":\"pr=vo&v=26&civ=2&pac=\"}"}POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 183
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"3531\",\"guid\": \"\",\"channel_id\": \"\", \"utm_addition\":\"command_parameters=/start /ch=CO18&pr=vo&v=26&civ=2&pac=\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Sun, 26 Apr 2015 03:13:05 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Sun, 26 Apr 2015 03:13:05 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 183
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"3532\",\"guid\": \"\",\"channel_id\": \"\", \"utm_addition\":\"command_parameters=/start /ch=CO18&pr=vo&v=26&civ=2&pac=\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Sun, 26 Apr 2015 03:13:05 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Sun, 26 Apr 2015 03:13:05 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 219
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"3533\",\"guid\": \"A0804D56-A87A-6E51-A934-1069B2C7BDD2\",\"channel_id\": \"\", \"utm_addition\":\"command_parameters=/start /ch=CO18&pr=vo&v=26&civ=2&pac=\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Sun, 26 Apr 2015 03:13:06 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Sun, 26 Apr 2015 03:13:06 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 219
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"3220\",\"guid\": \"A0804D56-A87A-6E51-A934-1069B2C7BDD2\",\"channel_id\": \"\", \"utm_addition\":\"command_parameters=/start /ch=CO18&pr=vo&v=26&civ=2&pac=\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Sun, 26 Apr 2015 03:13:06 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Sun, 26 Apr 2015 03:13:06 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 249
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"3412\",\"guid\": \"A0804D56-A87A-6E51-A934-1069B2C7BDD2\",\"channel_id\": \"CO18\", \"utm_addition\":\"dloc_stage=1&command_parameters=/start /ch=CO18&vostage=main&pr=vo&v=26&civ=2&pac=\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Sun, 26 Apr 2015 03:13:06 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Sun, 26 Apr 2015 03:13:06 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 249
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"3413\",\"guid\": \"A0804D56-A87A-6E51-A934-1069B2C7BDD2\",\"channel_id\": \"CO18\", \"utm_addition\":\"dloc_stage=2&command_parameters=/start /ch=CO18&vostage=main&pr=vo&v=26&civ=2&pac=\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Sun, 26 Apr 2015 03:13:07 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Sun, 26 Apr 2015 03:13:07 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 249
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"3414\",\"guid\": \"A0804D56-A87A-6E51-A934-1069B2C7BDD2\",\"channel_id\": \"CO18\", \"utm_addition\":\"dloc_stage=3&command_parameters=/start /ch=CO18&vostage=main&pr=vo&v=26&civ=2&pac=\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Sun, 26 Apr 2015 03:13:08 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Sun, 26 Apr 2015 03:13:08 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 249
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"3415\",\"guid\": \"A0804D56-A87A-6E51-A934-1069B2C7BDD2\",\"channel_id\": \"CO18\", \"utm_addition\":\"dloc_stage=4&command_parameters=/start /ch=CO18&vostage=main&pr=vo&v=26&civ=2&pac=\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Sun, 26 Apr 2015 03:13:08 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Sun, 26 Apr 2015 03:13:08 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 249
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"3416\",\"guid\": \"A0804D56-A87A-6E51-A934-1069B2C7BDD2\",\"channel_id\": \"CO18\", \"utm_addition\":\"dloc_stage=5&command_parameters=/start /ch=CO18&vostage=main&pr=vo&v=26&civ=2&pac=\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Sun, 26 Apr 2015 03:13:09 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Sun, 26 Apr 2015 03:13:09 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 249
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"3650\",\"guid\": \"A0804D56-A87A-6E51-A934-1069B2C7BDD2\",\"channel_id\": \"CO18\", \"utm_addition\":\"dloc_stage=9&command_parameters=/start /ch=CO18&vostage=main&pr=vo&v=26&civ=2&pac=\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Sun, 26 Apr 2015 03:13:09 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Sun, 26 Apr 2015 03:13:09 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 250
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"3652\",\"guid\": \"A0804D56-A87A-6E51-A934-1069B2C7BDD2\",\"channel_id\": \"CO18\", \"utm_addition\":\"dloc_stage=10&command_parameters=/start /ch=CO18&vostage=main&pr=vo&v=26&civ=2&pac=\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Sun, 26 Apr 2015 03:13:09 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Sun, 26 Apr 2015 03:13:09 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 266
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"3654\",\"guid\": \"A0804D56-A87A-6E51-A934-1069B2C7BDD2\",\"channel_id\": \"CO18\", \"utm_addition\":\"dloc_stage=12&command_parameters=/start /ch=CO18&vostage=main&reason=00:50:56&pr=vo&v=26&civ=2&pac=\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Sun, 26 Apr 2015 03:13:24 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Sun, 26 Apr 2015 03:13:24 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 250
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"3655\",\"guid\": \"A0804D56-A87A-6E51-A934-1069B2C7BDD2\",\"channel_id\": \"CO18\", \"utm_addition\":\"dloc_stage=13&command_parameters=/start /ch=CO18&vostage=main&pr=vo&v=26&civ=2&pac=\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Sun, 26 Apr 2015 03:13:25 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Sun, 26 Apr 2015 03:13:25 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 257
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"3675\",\"guid\": \"A0804D56-A87A-6E51-A934-1069B2C7BDD2\",\"channel_id\": \"CO18\", \"utm_addition\":\"dloc_stage=21&command_parameters=/start /ch=CO18&vostage=main&dloc=1&pr=vo&v=26&civ=2&pac=\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Sun, 26 Apr 2015 03:13:25 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Sun, 26 Apr 2015 03:13:25 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 223
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"2066\",\"guid\": \"A0804D56-A87A-6E51-A934-1069B2C7BDD2\",\"channel_id\": \"CO18\", \"utm_addition\":\"command_parameters=/start /ch=CO18&pr=vo&v=26&civ=2&pac=\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Sun, 26 Apr 2015 03:13:26 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Sun, 26 Apr 2015 03:13:26 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 223
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"3510\",\"guid\": \"A0804D56-A87A-6E51-A934-1069B2C7BDD2\",\"channel_id\": \"CO18\", \"utm_addition\":\"command_parameters=/start /ch=CO18&pr=vo&v=26&civ=2&pac=\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Sun, 26 Apr 2015 03:13:26 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Sun, 26 Apr 2015 03:13:26 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 188
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"3534\",\"guid\": \"A0804D56-A87A-6E51-A934-1069B2C7BDD2\",\"channel_id\": \"CO18\", \"utm_addition\":\"pr=vo&v=26&civ=2&pac=\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Sun, 26 Apr 2015 03:13:26 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Sun, 26 Apr 2015 03:13:26 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 188
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"3638\",\"guid\": \"A0804D56-A87A-6E51-A934-1069B2C7BDD2\",\"channel_id\": \"CO18\", \"utm_addition\":\"pr=vo&v=26&civ=2&pac=\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Sun, 26 Apr 2015 03:13:32 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Sun, 26 Apr 2015 03:13:32 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 188
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"3637\",\"guid\": \"A0804D56-A87A-6E51-A934-1069B2C7BDD2\",\"channel_id\": \"CO18\", \"utm_addition\":\"pr=vo&v=26&civ=2&pac=\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Sun, 26 Apr 2015 03:13:32 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Sun, 26 Apr 2015 03:13:32 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 188
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"3502\",\"guid\": \"A0804D56-A87A-6E51-A934-1069B2C7BDD2\",\"channel_id\": \"CO18\", \"utm_addition\":\"pr=vo&v=26&civ=2&pac=\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Sun, 26 Apr 2015 03:13:32 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Sun, 26 Apr 2015 03:13:32 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 188
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"3503\",\"guid\": \"A0804D56-A87A-6E51-A934-1069B2C7BDD2\",\"channel_id\": \"CO18\", \"utm_addition\":\"pr=vo&v=26&civ=2&pac=\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Sun, 26 Apr 2015 03:13:33 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Sun, 26 Apr 2015 03:13:33 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 188
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"3504\",\"guid\": \"A0804D56-A87A-6E51-A934-1069B2C7BDD2\",\"channel_id\": \"CO18\", \"utm_addition\":\"pr=vo&v=26&civ=2&pac=\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Sun, 26 Apr 2015 03:13:33 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Sun, 26 Apr 2015 03:13:33 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 188
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"3505\",\"guid\": \"A0804D56-A87A-6E51-A934-1069B2C7BDD2\",\"channel_id\": \"CO18\", \"utm_addition\":\"pr=vo&v=26&civ=2&pac=\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Sun, 26 Apr 2015 03:13:33 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Sun, 26 Apr 2015 03:13:33 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 188
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"3506\",\"guid\": \"A0804D56-A87A-6E51-A934-1069B2C7BDD2\",\"channel_id\": \"CO18\", \"utm_addition\":\"pr=vo&v=26&civ=2&pac=\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Sun, 26 Apr 2015 03:13:34 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Sun, 26 Apr 2015 03:13:34 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 188
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"3507\",\"guid\": \"A0804D56-A87A-6E51-A934-1069B2C7BDD2\",\"channel_id\": \"CO18\", \"utm_addition\":\"pr=vo&v=26&civ=2&pac=\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Sun, 26 Apr 2015 03:13:34 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Sun, 26 Apr 2015 03:13:34 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 188
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"3508\",\"guid\": \"A0804D56-A87A-6E51-A934-1069B2C7BDD2\",\"channel_id\": \"CO18\", \"utm_addition\":\"pr=vo&v=26&civ=2&pac=\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Sun, 26 Apr 2015 03:13:35 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *..Content-Type: text/html; charset=utf-8..Date: Sun, 26 Apr 2015 03:13:35 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-alive..{"Status":"OK"}....
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 223
Connection: Keep-Alive
Cache-Control: no-cache
{"table": "event_has_user","data": "{\"event_event_id\": \"3527\",\"guid\": \"A0804D56-A87A-6E51-A934-1069B2C7BDD2\",\"channel_id\": \"CO18\", \"utm_addition\":\"command_parameters=/start /ch=CO18&pr=vo&v=26&civ=2&pac=\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Sun, 26 Apr 2015 03:13:35 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}..
GET /public-source/downloadguide/soft-warenet/1.0/default/campaigns/product website/ui/progress.zip HTTP/1.1
Cache-Control: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: az687722.vo.msecnd.net
Connection: Close
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: public, max-age=3600
Content-MD5: fJIiuJo 0/ih6f3fHKFgHw==
Content-Type: application/octet-stream
Date: Sun, 26 Apr 2015 03:10:08 GMT
Etag: 0x8D218DF91A5C530
Last-Modified: Tue, 17 Feb 2015 15:43:11 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 01583424-0001-0048-20ce-7f57ad000000
x-ms-version: 2009-09-19
Content-Length: 85732
Connection: close
PK..........=F..?.....F.......index.html..io.6....?0\..H-...$..6M..k. ...).J.-:2.R.. ...#uQ...i;..h..|.)g...g..\..@....O....q.J.|..K&C:q...XXPI.....S..c|.qI..\...#/.5..~.C...y.......o..a.X..-....{I.....'...I@..(.t:..6......d.O.X.Dxc<O..O).w..=:......<..K.....c.{..4..d....^O....!.E4.4I.KD6.$...K..DR4FR....*....$.......h...v"....n....}H....F._.}....*.... .^1_.V........9....K..X..x..4....}E.!q.bSd.zW.=Ae*x.....a.^].cP#`>...0.@.F Da. ZU......?..^F..&..^..1...0Q.4a6.k......0....Q.......5.. G-.2G..!:xz....c[.j.....8..........X1.G .(P.Ih.8........l8..,..2.%..K.....D.!....@4...}.7.#.r.N..>F....L..."...G..vPtR.O.@.....2.s..T."...wbln.-.hfA0...:.m......J.........4.......%.eR...K...V\..W>....j.,.......u.k.O..jc.@>S...%2.=..]......R..TaP_s.. sZGzX.$..B.W.m...3...b...&X.U....Y..E.8.....U...u/.."Z.....:.WFjIy....9..ut......d{.U2...6...;p.W....m._./.Lw@v._......[.!..M|...@G..._G .F./,..7..K.Gq.p.`.1W...p.....TK........'...t.-....c.#..,../..En].D...|G...%.......Y...N...t....!.3.@.ya..:[.<I.D..u.T(.......v......0...8.|..8...../*..D..me.1.%...GXu..n.0...9......).;......."R:NW.[.[z.[....5...........n........p..#.[.Pn..lFs..F.RPL.m.rv..).......Q.....%;...>BC...Q.yKe..m}O...0.._l*....yd......9.~.....v.Ot-<..*.........v..e........,.#........bH...c.Y.s.c....S.........a<N%..1V..b..1..=..z.n..g..73.1.=2...NT.B..pr.S./.....p..g.i..I@...:....qe.u=Z.c..E.6..).K|T. ..p^li=....U{.o..%E.`.!...^..T14..b.Vi..c[. .?.. .X...F-.T.W|7...f.e..Wd.y-..h|.7..7 .1k.#.p^..=..Fm..s#<K..(.-Y...k.. ..."..Y..7{.....wk....o..
<<< skipped >>>
POST /1/inputs/http?index=cc9534a2adc111e286841231390e9c34&sourcetype=service HTTP/1.1
Connection: close
Content-Type: text/plain
User-Agent: WinHttpClient
Content-Length: 113
Host: VVV.pcspeeduplog.com
"uniqueID":"BC8DD994-FD51-4D87-B86E-7BF4AAB4FDC1","productID":1,"version":"3.9.8.0","serviceAction":"--speedtest"
HTTP/1.1 200 OK
Server: nginx/1.4.2
Date: Sun, 26 Apr 2015 03:11:44 GMT
Content-Type: text/plain
Content-Length: 17
Connection: close
Last-Modified: Mon, 12 Aug 2013 21:11:59 GMT
ETag: "52094f9f-11"
Accept-Ranges: bytes
log completed: OK..
GET /COMODORSAAddTrustCA.crt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crt.comodoca.com
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 26 Apr 2015 03:11:45 GMT
Content-Type: application/x-x509-ca-cert
Content-Length: 1400
Last-Modified: Tue, 30 May 2000 10:48:38 GMT
Connection: close
X-CCACDN-Mirror-ID: h6edcacrl6
Accept-Ranges: bytes
0..t0..\.......'f.V.I....p...."0...*.H........0o1.0...U....SE1.0...U....AddTrust AB1&0$..U....AddTrust External TTP Network1"0 ..U....AddTrust External CA Root0...000530104838Z..200530104838Z0..1.0...U....GB1.0...U....Greater Manchester1.0...U....Salford1.0...U....COMODO CA Limited1 0)..U..."COMODO RSA Certification Authority0.."0...*.H.............0..........T...V...$...Dgt. 7.}#p.q.S...*..K..V..pr.a..K...=...a.......>..>\...4z..k......zv.q.......l......~..../O.....gCr......k,.......~..n.....$.Ckb.U....l........li..xH0E....<E`.2.Q'.g....k.F.. ...e.H...N...F7.....HCgNr*.\.L.(.\"{......Q...FNm>.....|3WA<.Q...\.,c..W.?..]...E...Z$...V=.o..IX........7.....:..CB...........`..(V......q....=...H.<...."L....V;....[..."R...i..Le...-pt...g.)iR....PjUF...(a.p....,!.G.(..Ev...'.....P.k.L.q0........@...B...3:.\.A..c..qk ....1\:jG..yY. ...j..r.WJ.K.....LA...=^(.....Q..G..S........0..0...U.#..0......z4.&...&T....$.T.0...U........~.=...<....8...22.0...U...........0...U.......0....0...U. ..0.0...U. .0D..U...=0;09.7.5.3hXXp://crl.usertrust.com/AddTrustExternalCARoot.crl05.. ........)0'0%.. .....0...hXXp://ocsp.usertrust.com0...*.H.............d..._......)W..Z...>.v.n.Rp..<.M.tj...%...*]L....m.T.u..'.].y7@.w.....;.....4.~ .y..WE..(....P.....Wi}..R.s......nf.....-....Y.L...qL|G.;.....l.>\.........HM.....s...{#....MU.zaE..h.^@k#.yz...k..oF.{.=K....YZ.A$....`XG..nF...._......@...9.............;o.8o..
<<< skipped >>>
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 413
Connection: Close
{"BuildId":"5b3bffc2-063e-4276-ac76-962e903512c2","Client":"freemium","DlgVersion":"3.1.0.197","Culture":"en-US","LocalTime":"2015-04-26T03:11:20 03:00","SessionId":"605fd6a5-e52b-46e1-aac0-e9001bb68656","MessageName":"OfferDownloadStarted","Product":"soft-warenet","ProductVersion":"1.0","Region":"default","Campaign":"product website","Offer":"speedchecker/pcspeedup/1.0/default","TrackBackUrl":"","SubId":null}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Sun, 26 Apr 2015 03:11:19 GMT
Connection: close
Content-Length: 0
GET /media/e5/65/4fd8d03e8d89a93218c9e565/download/b HTTP/1.1
Cache-Control: no-cache
Range: bytes=7599136-14682175
If-Match: "530494e7-e00840"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.soft-ware.net
Connection: Close
HTTP/1.1 206 Partial Content
Server: nginx
Date: Sun, 26 Apr 2015 03:13:16 GMT
Content-Type: application/octet-stream
Content-Length: 7083040
Last-Modified: Wed, 19 Feb 2014 11:26:31 GMT
Connection: close
ETag: "530494e7-e00840"
Expires: Tue, 26 May 2015 03:13:16 GMT
Cache-Control: max-age=2592000
Content-Range: bytes 7599136-14682175/14682176
..<.`.n..B5..C........:..........S..k...~...>B%U./|...`..I.ll..P.u...iB..|..W..P...k.3..t..ADD{..n@A.[...T.#N.....%.......<*Q..L....(.2._...:..`........q.u.W^=....O...r...,h......t.....P!X...C{.n...#N.y.i'...1(........5c=TGpD.....^.B..`......\.\..d..{z.l..0.vh..B.Pn..h.JYM....=`.....z.IW..\....n.T!GR.......iP...1...fo.......aR....y..X]..EG..A'.N"D....m..?..M.N.[N.f...kQ[m......].[..;.......0.............lL..Bv. ..B<yp.-.."..7.....f...&wO$..{(@ .z:.T5.R.{d.v..m....kM..~...'...~.?4..).Bd......].P..%..T*....l..[.....R........~..g.......J...H...~tT0....V.j.)3......rd._..E=H...h:..1...Ez!.Jp.u..**F .l(........S/a....EU.(/.c....{..5..T....-3...........q...1l....JT.@B!.q..Q. ..6pYr...G%...X..*.5..".8.'1...q....F;(.....=...3.....L ..i.MG.]..U..L.].....Lh.S...X.].4.1..X......m8.$iPLu..[.q..9.{`..6.k.FY.r.uy....)....s..K..@...w.*n......Ql..lx..7...bD..)...!.`{..<../8E&T.rz.&...]........R..!. .....m.l.r..].y.g ..b..Tv..t..S.$.&...F..<...w.i!.y.....|..0&....,.I...$...c.......9wV....p..wQ]\s...).....D=...._.. X.....tx:..*_...hw.....~...4...0..G$s..W..o?.8=X|_...(........x:u,jR$[&S.7.@?..-up...#.b...h:]R.5)...H.y......[./R...*.=..E'..^....q..... N..h.(o=.....b....ls..................{...W..=.....g..\;...c.|.#.k..............wH 4.r.g.]....K.... ...Rr.h?.sn..#...1^S.......U.G...v..~.a.v..O,Z&..|....[...p..Vz...ej.q.g.q..iJ..'!.. .qa.F...e.n......]c..Rm........V&.,..`..n..p..G%.).z.C2VW_....m.j.....0..8.m.......QD..l#.R...R..r..DO..A..m.Wj...........d...>.S.a.......SNc........g.g....l..[.z..q..3DT..6`..X...
<<< skipped >>>
GET /getsettings?query=nS4a1/oVbU6Q99uIRNKVE+/vPOOkGCX04WBXR7pdK/UKcGWB+Rqy0NTAeyD4Sb/ziarEhWj7HN5nXXj2qWaNwxVXn6EikLycAMKB/i3j0PQE9RFK9YaMPY1tOXp7CoA5I0G8etbIuG9ofZP1IeMKZP4ShkeXaNCevjkr0AZe+vo= HTTP/1.1
Connection: Keep-Alive
Host: dt.web-search-home.com
HTTP/1.1 200 OK
Server: nginx/1.0.15
Date: Sun, 26 Apr 2015 03:13:39 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.3.15
Set-Cookie: PHPSESSID=8n9t762i99mdunrqb7q2iha045; path=/; domain=web-search-home.com
Content-Length: 54060
BgJdlSPe24tHz9J/E97T4BDe92S9A71i36gQ4DJZdX/LSknzlGjR/9vR6FQP0845 X23TGNFYdAq3iFB2MfphSIxDQg31SyUxnsLWO 7aROBtZTruqkvJxlmWeGchDnnqJLV7uuu8/h5AEbsejilcUz7bBSksdFi7TD1J1i103mGwvcrc9hwjq9W5YT E PihjARI43nSNiUCGeNk mnRJ4kR1zhx2tcxZaP vFyIzEkV6oKiAsqJH8gM68vrY7uaHGR2/OtPCwEstfg/UZuWvO4f8A 1fHXKMZ9tizYnVK5m8t h6ns7qVYlR5wHxxMN68hnOuJvMvArTFd2gDrolt7Luh02q7C19zw4 c8RKJY2tJ8AUmtuLuOf/aBf0nOa/QeGoao6WCxbouws0vWZgRMVxqXqyjQ9/gqNu8Dyudeke/oqGNM5/tM0CT73NE 0xlWZzjS1JXeLn9FfDkCBauaBDQXa41mXhhcmaxznd5vmvjoEeEO9qfiYMmyo/LTbyQ5p4hjWR2IMzVAQ9oWyG5jcmoBBQVtfgdDJo59UnXy5pkvS8RgrCIpBiOgK9fgc2Rh4DjN6HR4hBGAIzb91vlZEOZz9FSdEQhx4/fYbJlN3eFqkH7bDyuPvtjjbfW3TNq5aJAyKBlJEJ9Pr3JW/JJliOz zJfmHrpjlXHhXRBpk9BGFlOm7BCorwFBWFiqa3lMXW5Mo6ZRzkevDI834hNO7jFmRXv3FYmIplgndkFRvQ1wn42J0LTSyfuVeJOQ6lQHy1ySUvt2N 4FJxwmgzsZ6zT RPSE2Mjq1 1miOXmzK8FhHP2EUn IzlUCVdF7FxM4lM0153021acbhFgLvcY5J87g9mld2VEm0tQKbEkvjZBN876/LQ86A2Ppdmj4vm997Z9W64XIiP7MpaSt6qcdUz0Uffj3QD9rm9K6glVFL0fRddPJ4JhlRS8uGEH20ZfegHLBMYroeHfR7faDkhkn3bo1e9CD4H2x tq1kunUEW4dngu4rOecZ/HbnZYrYeNNtFowc8gHoobe 7pKRvCx n9PIyNygVgJ7TAuR903AkT3s LUzMRNuPj7DA/JD/LgxdisER/bjphGwWPKrsA9j0mO3iNWo0x4xd9PtGYlKMHINdZppsdQfCIGLgrudhZ2yBGVklUy44OGcoJigk14nuTqS2IyngQHr2mBsuP8O4eGZKBVIdoHTL39qRLHQ2YsLVrkdFr2xjaGmo2h1Mjd8QLgWzWgeit48Ug7jnjM5o2BKKse4tqRqIGQuTI2gQCX8f15bwT0qL8QMBXDP2Ed9pDpRFcLBAHd6kYjTwIGA5d1WYNJrdKZzejzMKm6nGz3tANZTKcft1j0B iV6FkW0vL3SCjeN0HWrHfRDh QMx2Rxd/VPoE1oX9ecx7Ft iZP7lMtKyuFbYzyYsqrLhiYS8Gm8RBP1IwjbGSk9LClw2Dp1jM6ciTrf9syQORFUWcEYFSzFpxHltm2NmhYTwQhmpfHKTL 3XAl/1IiT/7WRKR319gZK7YPwXTTr
<<< skipped >>>
GET /root-r3.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.globalsign.net
HTTP/1.1 200 OK
Date: Sun, 26 Apr 2015 03:14:43 GMT
Content-Type: application/x-pkcs7-crl
Content-Length: 594
Connection: keep-alive
Set-Cookie: __cfduid=da63f65db910aeeeb6637ef4c2b031fa41430018083; expires=Mon, 25-Apr-16 03:14:43 GMT; path=/; domain=.globalsign.net; HttpOnly
Expires: Wed, 15 Jul 2015 00:00:00 GMT
Last-Modified: Mon, 23 Mar 2015 00:00:00 GMT
Cache-Control: public, max-age=6900317
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 1dcf1e8011e715d7-FRA
0..N0..6...0...*.H........0L1 0...U....GlobalSign Root CA - R31.0...U....GlobalSign1.0...U....GlobalSign..150323000000Z..150715000000Z0..0*........1..F...141125000000Z0.0...U.......0*........%..@...141125000000Z0.0...U.......0*........%..D...141125000000Z0.0...U......../0-0...U.......0...U.#..0.....K...E$.MP.c.......0...*.H...............Z.v..&...B.....x)....'.u.}.r8.. ..i.......-..........@.:.5.v..?.. ....~V.=....R. .....rS....t.T_.....Y.R......p OS..2.s........(C.e.x3.#.d6L.d=.UI.;T..G...mx....... .......-........-.....J....$.Ko.e#......3....*..3.s...0.........N..W?'.U...f..h..e...m.9.HTTP/1.1 200 OK..Date: Sun, 26 Apr 2015 03:14:43 GMT..Content-Type: application/x-pkcs7-crl..Content-Length: 594..Connection: keep-alive..Set-Cookie: __cfduid=da63f65db910aeeeb6637ef4c2b031fa41430018083; expires=Mon, 25-Apr-16 03:14:43 GMT; path=/; domain=.globalsign.net; HttpOnly..Expires: Wed, 15 Jul 2015 00:00:00 GMT..Last-Modified: Mon, 23 Mar 2015 00:00:00 GMT..Cache-Control: public, max-age=6900317..CF-Cache-Status: HIT..Accept-Ranges: bytes..Server: cloudflare-nginx..CF-RAY: 1dcf1e8011e715d7-FRA..0..N0..6...0...*.H........0L1 0...U....GlobalSign Root CA - R31.0...U....GlobalSign1.0...U....GlobalSign..150323000000Z..150715000000Z0..0*........1..F...141125000000Z0.0...U.......0*........%..@...141125000000Z0.0...U.......0*........%..D...141125000000Z0.0...U......../0-0...U.......0...U.#..0.....K...E$.MP.c.......0...*.H...............Z.v..&...B.....x)....'.u.}.r8.. ..i.......-..........@.:.5.v..?.. ....~V.=....R. .....rS....t
<<< skipped >>>
POST /1/inputs/http?index=cc9534a2adc111e286841231390e9c34&sourcetype=service HTTP/1.1
Connection: close
Content-Type: text/plain
User-Agent: WinHttpClient
Content-Length: 104
Host: VVV.pcspeeduplog.com
"uniqueID":"BC8DD994-FD51-4D87-B86E-7BF4AAB4FDC1","productID":1,"version":"3.9.8.0","SpeedTest":"Silent"
HTTP/1.1 200 OK
Server: nginx/1.4.2
Date: Sun, 26 Apr 2015 03:11:45 GMT
Content-Type: text/plain
Content-Length: 17
Connection: close
Last-Modified: Mon, 12 Aug 2013 21:11:59 GMT
ETag: "52094f9f-11"
Accept-Ranges: bytes
log completed: OK..
GET /public-source/downloadguide/soft-warenet/1.0/default/campaigns/product website/ui/base.zip HTTP/1.1
Cache-Control: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: az687722.vo.msecnd.net
Connection: Close
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: public, max-age=3600
Content-MD5: yfeb6HeSX7QcohHPlnHtCg==
Content-Type: application/octet-stream
Date: Sun, 26 Apr 2015 03:10:09 GMT
Etag: 0x8D218DF9198F3F0
Last-Modified: Tue, 17 Feb 2015 15:43:11 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: e4e619cd-0001-004c-62ce-7fa22f000000
x-ms-version: 2009-09-19
Content-Length: 34496
Connection: close
PK.........`nEP...............index.html.VQ..8.~...a..........&=q.Ew.`.....M..wS;........N....p.....=.?.3cO...W..O....y1~.(n.A.#..F.[a.....>~.....r2...?W.!a.%-J;.Y.. ......F5...9..m.........B..%.f~j...E..].hrD. .8M..E.7.gE. pDM.Ei..4aw&..\.^....a.,.....F.......k..*[.AL5.#|u].Bd6...g......Q.r;....}..}kW.,.r6.ac5.z&.h.1..v..../.V2.BI.R....k.3.Vs.5...,.n...;.1......H`!d..!I.Z.".e..5.9...o.....0...{ga..5.m&U.q.. ..z.k)..Z...I..RQ.It..jN......."#....zwRM.v...B.\-...bo..%uk.@......}....l1.....$...I@.f.....e....2v.I.....r..J.9-..#.w...........G.:9P.X.-............>4.........;.............g} p..G5O._...d.t#`..e..|O.H.vE..VZ....[?...@#................Ai......q#..*....,j.wY.......O....).0.i....H...e........v..N.o.J.7.gn..\U.;3... v7....Y..Eu......H.n.].T...P.....g...1au..|9.Jb.N.........-l0B....\...*.9n...Q.JSp..{.z..Q9...%.....0..W..ug......q.G.L....]%lg6.<qD<v............k%_j....TMc.....2...G....{.T7..k...C2.'.9....T..Tj...:N.C.M..?..C.DD=...mR:.uD.Ymd9..qYp..qSz.J&_>.J.>.V.-?......U:C..!...*..$B..uA.5...PK.........`nE....m...5.......css\style.css...n.0...C... .@aLZw.a..&..H.(...../M...].............4q.......n..YXL...x4k....g<z..v..X.,.(...q3*.7&./M.2T..P.,-H.....L)YT.....y].>.p......)Y.....|.) U.oCp&..Y./....EL...q..m........C....s..;.e2.@...x..6....>..=5..".....9...5O.d.;d7K..h;.aUH.'.. ..K-.u.s4nX'. ...W.|...6.W.W........?#...............Q.^..y.h.m...n.4L_.i=.....................R._A....W.... sC.1]V...PK.........`nE.H}.1....k......js\jquery-1.10.2.min.js..i....0.}....D4m@.f...'.]....N....;
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAKQll6RM0DNpmNM7zH3/Qc= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=364887, public, no-transform, must-revalidate
Last-Modified: Thu, 23 Apr 2015 08:35:12 GMT
Expires: Thu, 30 Apr 2015 08:35:12 GMT
Date: Sun, 26 Apr 2015 03:15:10 GMT
Connection: keep-alive
0..........0..... .....0......0...0......'.V.8.F.V....H....JW..20150423083512Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5..........^.3@..cL.1.......20150423083512Z....20150430083512Z0...*.H.............._J.r.R......~..^'r...w..H-C3.].Y....1.X.j .........Dd..........z.*.B/...V....WB.q..9....mY.<.$...]........r.D'.....mm.....lHp.......@..............nQ.w>.......R..'.!.........i..^......h...AB.....IJI.......).8~...dC*7*.?....l.....C.'Lb...,...N....;../W.......#0...0...0..........r..?.*......y"..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA0...150226000000Z..150527235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.............m5*R........2....>...yU4..L.. ...........u..Hez..Pn.....d...nz(...V7.}^...d!RX...bl..[..a...L.. .~..Ij......%..%p.-...u..:..i..F*]...*....{NH..|0...gHX.Q.r....S..........._.9.(w...suC...N..s.....&."...:.C.Q.i~rl..<..krS..8.B..o].y..L.4...iB@..s.....mw.........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-32010...*.H
<<< skipped >>>
GET //MEowSDBGMEQwQjAJBgUrDgMCGgUABBS2CA1fbGt26xPkOKX4ZguoUjM0TgQUQMK9J47MNIMwojPX+2yz8LQsgM4CCQD+rJ0jfxxchg== HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.godaddy.com
HTTP/1.1 200 OK
Date: Sun, 26 Apr 2015 03:14:58 GMT
Server: Apache
Content-Transfer-Encoding: Binary
Cache-Control: max-age=121159, public, no-transform, must-revalidate
Last-Modified: Sun, 26 Apr 2015 02:40:34 GMT
Expires: Mon, 27 Apr 2015 14:40:34 GMT
ETag: "3111f9e04d8ebef8ea6a55fe00deee5518579974"
Content-Length: 1788
Connection: close
Content-Type: application/ocsp-response
0..........0..... .....0......0...0...z0x1.0...U....US1.0...U....Arizona1.0...U....Scottsdale1.0...U....GoDaddy Inc.1 0)..U..."Go Daddy Validation Authority - G2..20150426024034Z0l0j0B0... ..........._lkv...8..f..R34N..@..'..4.0.3..l...,........#..\.....20150426024034Z....20150427144034Z0...*.H...............Q.D1..f...@h;R.|.O......CO*...P.<...v..6.q.........^..r...!o...yk.t>65h.z.7k....O...].5t*.E......"$d.[...H'A...G%b.C.k;=|..{;*sqi......i..S.}..A.7..... @./}.j.3E.P.~\... ....b..y"...y.J...w!..Ea{..5....Vir...ih.}..[......J..Su.....V......5.e..A..q..[uB^*....0...0...0..........,.z.Hl..0...*.H........0..1.0...U....US1.0...U....Arizona1.0...U....Scottsdale1.0...U....GoDaddy.com, Inc.1-0 ..U...$hXXp://certs.godaddy.com/repository/1301..U...*Go Daddy Secure Certificate Authority - G20...150316070000Z..160316070000Z0x1.0...U....US1.0...U....Arizona1.0...U....Scottsdale1.0...U....GoDaddy Inc.1 0)..U..."Go Daddy Validation Authority - G20.."0...*.H.............0.........xo(....QQ.`L.~...&...a.F.=.....d=....."......?...\..........b.D....l=.HS.N......A..;HTTP/1.1 200 OK..Date: Sun, 26 Apr 2015 03:14:58 GMT..Server: Apache..Content-Transfer-Encoding: Binary..Cache-Control: max-age=121159, public, no-transform, must-revalidate..Last-Modified: Sun, 26 Apr 2015 02:40:34 GMT..Expires: Mon, 27 Apr 2015 14:40:34 GMT..ETag: "3111f9e04d8ebef8ea6a55fe00deee5518579974"..Content-Length: 1788..Connection: close..Content-Type: application/ocsp-response..0..........0..... .....0......0...0...z0x1.0...U....US1.0...U....Arizona
<<< skipped >>>
GET /v4/sof-installer/535559167_198339_B48A115F?action=cvs.installer.mystartsearch.wpm HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: xa.xingcloud.com
HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sun, 26 Apr 2015 03:11:19 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"0.61 ms","message":"store 1 action and 0 update "}..0..
GET /0.gif?2920545&101 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: sstatic1.histats.com
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 26 Apr 2015 03:13:08 GMT
Content-Type: image/gif
Content-Length: 43
Connection: close
Set-Cookie: CountUid=b3ea9fc7-f8pi-4cbb-9ea2-8658212e6140; domain=.histats.com; Max-Age=31536000; Expires=Wed, 13-May-2015 03:53:37 GMT
GIF89a.............!.......,...........D..;..
POST /1/inputs/http?index=cc9534a2adc111e286841231390e9c34&sourcetype=service HTTP/1.1
Connection: close
Content-Type: text/plain
User-Agent: WinHttpClient
Content-Length: 100
Host: VVV.pcspeeduplog.com
"uniqueID":"BC8DD994-FD51-4D87-B86E-7BF4AAB4FDC1","productID":1,"version":"3.9.8.0","serviceStart":1
HTTP/1.1 200 OK
Server: nginx/1.4.2
Date: Sun, 26 Apr 2015 03:11:44 GMT
Content-Type: text/plain
Content-Length: 17
Connection: close
Last-Modified: Mon, 12 Aug 2013 21:11:59 GMT
ETag: "52094f9f-11"
Accept-Ranges: bytes
log completed: OK..
GET /v4/sof-installer/535559167_198339_B48A115F?action=cvs.installer.mystartsearch.RegWrite HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: xa.xingcloud.com
HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sun, 26 Apr 2015 03:11:18 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"1.23 ms","message":"store 1 action and 0 update "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Sun, 26 Apr 2015 03:11:18 GMT..Content-Type: text/html; charset=utf-8..Transfer-Encoding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api-version: v4..48..{"stats":"ok","time":"1.23 ms","message":"store 1 action and 0 update "}..0..
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 414
Connection: Close
{"BuildId":"5b3bffc2-063e-4276-ac76-962e903512c2","Client":"freemium","DlgVersion":"3.1.0.197","Culture":"en-US","LocalTime":"2015-04-26T03:10:06 03:00","SessionId":"605fd6a5-e52b-46e1-aac0-e9001bb68656","MessageName":"RequirementsCheckSuccessful","Product":"soft-warenet","ProductVersion":"1.0","Region":"default","Campaign":"product website","Offer":"elex/websearches/1.0/default","TrackBackUrl":"","SubId":null}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Sun, 26 Apr 2015 03:10:08 GMT
Connection: close
Content-Length: 0
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 378
Connection: Close
{"BuildId":"5b3bffc2-063e-4276-ac76-962e903512c2","Client":"freemium","DlgVersion":"3.1.0.197","Culture":"en-US","LocalTime":"2015-04-26T03:10:58 03:00","SessionId":"605fd6a5-e52b-46e1-aac0-e9001bb68656","MessageName":"DownloadScreenShown","Product":"soft-warenet","ProductVersion":"1.0","Region":"default","Campaign":"product website","Offer":"","TrackBackUrl":"","SubId":null}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Sun, 26 Apr 2015 03:10:58 GMT
Connection: close
Content-Length: 0
GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Tue, 14 Apr 2015 05:02:07 GMT
Accept-Ranges: bytes
ETag: "2711f7277076d01:0"
Server: Microsoft-IIS/8.5
VTag: 791500626200000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 554
Cache-Control: max-age=900
Date: Sun, 26 Apr 2015 03:11:25 GMT
Connection: keep-alive
0..&0......0...*.H........0y1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1#0!..U....Microsoft Code Signing PCA..150413163223Z..150713045223Z.a0_0...U.#..0..........X..7.3...L...0... .....7.........0...U......Z0... .....7......150712164223Z0...*.H.............WK....e.\.-.n......./......."]..E!.. //=...[....w... ..........#...[.l.J..f|..... .s......w...J._.......3.[..#.z....ko.I..Q{....e.nV......F..d}..rF\H.jlH]dQ.E....x......W............j....&L. 2.$.?...X?.#.(.....pK.v.......y..r....t......=.AW......K.G.gJD.b.HTTP/1.1 200 OK..Content-Type: application/pkix-crl..Last-Modified: Tue, 14 Apr 2015 05:02:07 GMT..Accept-Ranges: bytes..ETag: "2711f7277076d01:0"..Server: Microsoft-IIS/8.5..VTag: 791500626200000000..P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"..X-Powered-By: ASP.NET..Content-Length: 554..Cache-Control: max-age=900..Date: Sun, 26 Apr 2015 03:11:25 GMT..Connection: keep-alive..0..&0......0...*.H........0y1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1#0!..U....Microsoft Code Signing PCA..150413163223Z..150713045223Z.a0_0...U.#..0..........X..7.3...L...0... .....7.........0...U......Z0... .....7......150712164223Z0...*.H.............WK....e.\.-.n......./......."]..E!.. //=...[....w... ..........#...[.l.J..f|..... .s......w...J._.......3.[..#.z....ko.I..Q{....e.nV......F..d}..rF\H.jlH]dQ.E....x......W............j....&L. 2.$.?...X?.#.(.....pK.v.......y..r....t...
<<< skipped >>>
GET /pub/firefox/releases/34.0.5/update/win32/en-US/firefox-34.0.5.complete.mar HTTP/1.1
Host: download.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Range: bytes=900000-1199999
Connection: keep-alive
HTTP/1.1 206 Partial Content
Last-Modified: Wed, 26 Nov 2014 16:59:55 GMT
ETag: "4b1e700-2dc5623-508c5f506dac8"
Server: Apache
X-Backend-Server: ftp3.dmz.scl3.mozilla.com
Content-Type: application/octet-stream
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache-Info: cached
Cache-Control: max-age=110518
Expires: Mon, 27 Apr 2015 09:53:04 GMT
Date: Sun, 26 Apr 2015 03:11:06 GMT
Content-Range: bytes 900000-1199999/47994403
Content-Length: 300000
Connection: keep-alive
d,.f.\s..H.vB9..b.I`.b..8%..g..m....x..*.....{....?..u;f....._nU._......y q....].~..N...=....c.:..wuz. g...O?....*-..U..,..]u.iE...9..s.gN..5.A.v....;BK..H.....>.J..T.n.#. .......^:...9.giR..h.s..dX[:..D..3...I.`.5..pb.s.-..........P...M.3.,.Z.....t.&Z$nJ."o'.\..O.h.B,Y.......W.........!<.eu.BWsJ.=...Z.l....~..l'...l..9l|....d.x....Fw.B.Gv8....2.XJ.Ed..r...V.J.%.$.~^..N..b.....!..w h-..3.......C[m......R.*/.@.mJg..L.......t.#A....X......D.B.....w.d...$6....8.I....GP..e...o\.UJ.u..yX.I....c..<KG..T......L..mT..,7rA..g..".?....../.&...dI......&.. .k..p.....s..J\..J..p....!.1(...U...A=.......D.....{.H.....v..5!..w.......&.s|......=...V...Ig..Dp..@k..*...o".......Q..r..l]u.u/...(.i......(..j........1.g7..f._N..eVm..~...)%.hX0Zm............z.w...R.".^.hI.Q..nZ@..|....@l4....z...f..ll..._.....(!$....gR..;O.$$#...w.{.k.hB.4.?.....u.$...&}.......Od.. ....".......;[.7@.......n....h$.n.[...B?n......$.\%2........!S...l.(.k...:......c...h.f/...x..VZ..A..R*~....dHh.....9...I.m IW..a1.$u8..o..@........h<...i.v./-.\-......d..~h..H. ..6.M..0....Z.A.T....N..K @....j%....U:.^..z...~.I.....F"..J...`.......1F$...s.D......x$O6....;r.P./.es4.*......n.{g._.U..R?(......|.....B.......m.N....p&.Z......*..ZQ..VR..[..8@".1xy.P..........z.n^.<....^...n3...1...'Ki../...n.A.........cs...0n@Zh.W....B..<.M$..2..|.v.n/6...V........lE/......w8-........-R..\e...WA...756.H.]/d.....-......'......... ..4J@.<.S.4....Fu6%...du.iP.....*>........%/..>#..}....._...c.b.f..!...D%L...../.......,...o&u...#..1...Ex.k.P.. .S.J/......
<<< skipped >>>
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 414
Connection: Close
{"BuildId":"5b3bffc2-063e-4276-ac76-962e903512c2","Client":"freemium","DlgVersion":"3.1.0.197","Culture":"en-US","LocalTime":"2015-04-26T03:13:35 03:00","SessionId":"605fd6a5-e52b-46e1-aac0-e9001bb68656","MessageName":"OfferInstallCompleted","Product":"soft-warenet","ProductVersion":"1.0","Region":"default","Campaign":"product website","Offer":"clickmein ltd/vuupc fs/1.0/default","TrackBackUrl":"","SubId":null}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Sun, 26 Apr 2015 03:13:35 GMT
Connection: close
Content-Length: 0
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 420
Connection: Close
{"BuildId":"5b3bffc2-063e-4276-ac76-962e903512c2","Client":"freemium","DlgVersion":"3.1.0.197","Culture":"en-US","LocalTime":"2015-04-26T03:10:06 03:00","SessionId":"605fd6a5-e52b-46e1-aac0-e9001bb68656","MessageName":"RequirementsCheckSuccessful","Product":"soft-warenet","ProductVersion":"1.0","Region":"default","Campaign":"product website","Offer":"clickmein ltd/vuupc fs/1.0/default","TrackBackUrl":"","SubId":null}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Sun, 26 Apr 2015 03:10:08 GMT
Connection: close
Content-Length: 0
POST /1/inputs/http?index=cc9534a2adc111e286841231390e9c34&sourcetype=service HTTP/1.1
Connection: close
Content-Type: text/plain
User-Agent: WinHttpClient
Content-Length: 102
Host: VVV.pcspeeduplog.com
"uniqueID":"BC8DD994-FD51-4D87-B86E-7BF4AAB4FDC1","productID":1,"version":"3.9.8.0","serviceRunning":1
HTTP/1.1 200 OK
Server: nginx/1.4.2
Date: Sun, 26 Apr 2015 03:11:44 GMT
Content-Type: text/plain
Content-Length: 17
Connection: close
Last-Modified: Mon, 12 Aug 2013 21:11:59 GMT
ETag: "52094f9f-11"
Accept-Ranges: bytes
log completed: OK..
GET /SysInfo/count_vn.php?ch=test HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: livestatscounter.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 26 Apr 2015 03:12:24 GMT
Content-Type: text/html
Content-Length: 45438
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.5.21
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................^...........0.......p....@..........................................................................t.......p...............................................................................p...............................text...L\.......^.................. ..`.rdata.......p.......b..............@..@.data...X\...........v..............@....ndata...................................rsrc........p.......z..............@..@........................................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H....h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G.....t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>
GET /SysInfo/count_vc.php?ch=test HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: livestatscounter.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 26 Apr 2015 03:12:39 GMT
Content-Type: text/html
Content-Length: 98816
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.5.21
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v.<.2mR.2mR.2mR.]..."mR.]....mR.]...QmR.;...5mR.2mS.fmR.]...1mR.]...3mR.Rich2mR.........................PE..L......T.....................r......pH....... ....@.......................................@.................................L[..P....................................!..............................8L..@............ ..D............................text...{........................... ..`.rdata...B... ...D..................@..@.data...@1...p.......T..............@....rsrc................f..............@..@.reloc..l............h..............@..B........................................................................................................................................................................................................................................................................................................................................................U.............rA.3...$....S... A.VW3...JA.9~.u9h.....D$.j.P. ........Qh.KA..T$..L...h.JA..L$............h.........;=..A.v...$...._^[3.3..a4....]................U...M..E.PQjdR..5.....].........3...............U...E..V....dKA.t.V..3.......^]..........j.j.j.j.P..8!A..]..u...........t).N........u..........F........u....B......E...u...t).N........u..........F........u....B......E...u...t).N........u..........F........u....B......M.Q.E......1...2........t).V........u..........N........u....P......E...u...t).F.
<<< skipped >>>
GET /SysInfo/glob.php?ch=test&sof=4 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: livestatscounter.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 26 Apr 2015 03:12:54 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.5.21
0..HTTP/1.1 200 OK..Server: nginx..Date: Sun, 26 Apr 2015 03:12:54 GMT..Content-Type: text/html..Transfer-Encoding: chunked..Connection: keep-alive..Vary: Accept-Encoding..X-Powered-By: PHP/5.5.21..0......
GET /vuupc/stats.php HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: livestatscounter.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 26 Apr 2015 03:13:31 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.5.21
e..21430018110LP7..0..HTTP/1.1 200 OK..Server: nginx..Date: Sun, 26 Apr 2015 03:13:31 GMT..Content-Type: text/html..Transfer-Encoding: chunked..Connection: keep-alive..Vary: Accept-Encoding..X-Powered-By: PHP/5.5.21..e..21430018110LP7..0..
GET /?product=firefox-34.0.5-complete&os=win&lang=en-US HTTP/1.1
Host: download.mozilla.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Range: bytes=900000-1199999
Cookie: optimizelySegments={"245617832":"none","245875585":"direct","245677587":"ff","246048108":"false","869421433":"true"}; optimizelyEndUserId=oeu1401956287616r0.2603029596469415; optimizelyBuckets={}; __utma=150903082.1617578787.1401956289.1401956289.1401956289.1
Connection: keep-alive
HTTP/1.1 302 Found
Server: Apache
X-Backend-Server: bouncer4.webapp.phx1.mozilla.com
Cache-Control: max-age=60
Content-Type: text/html; charset=UTF-8
Date: Sun, 26 Apr 2015 03:11:02 GMT
Location: hXXp://download.cdn.mozilla.net/pub/firefox/releases/34.0.5/update/win32/en-US/firefox-34.0.5.complete.mar
Keep-Alive: timeout=3, max=489
Content-Length: 0
Connection: Keep-Alive
X-Cache-Info: cached
HTTP/1.1 302 Found..Server: Apache..X-Backend-Server: bouncer4.webapp.phx1.mozilla.com..Cache-Control: max-age=60..Content-Type: text/html; charset=UTF-8..Date: Sun, 26 Apr 2015 03:11:02 GMT..Location: hXXp://download.cdn.mozilla.net/pub/firefox/releases/34.0.5/update/win32/en-US/firefox-34.0.5.complete.mar..Keep-Alive: timeout=3, max=489..Content-Length: 0..Connection: Keep-Alive..X-Cache-Info: cached..
GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 24 Mar 2015 05:02:25 GMT
If-None-Match: "a1132b8ef65d01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 304 Not Modified
Content-Type: application/pkix-crl
Last-Modified: Tue, 24 Mar 2015 05:02:25 GMT
ETag: "a1132b8ef65d01:0"
Cache-Control: max-age=900
Date: Sun, 26 Apr 2015 03:11:56 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/pkix-crl..Last-Modified: Tue, 24 Mar 2015 05:02:25 GMT..ETag: "a1132b8ef65d01:0"..Cache-Control: max-age=900..Date: Sun, 26 Apr 2015 03:11:56 GMT..Connection: keep-alive..
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 371
Connection: Close
{"BuildId":"5b3bffc2-063e-4276-ac76-962e903512c2","Client":"freemium","DlgVersion":"3.1.0.197","Culture":"en-US","LocalTime":"2015-04-26T03:10:07 03:00","SessionId":"605fd6a5-e52b-46e1-aac0-e9001bb68656","MessageName":"ProductShown","Product":"soft-warenet","ProductVersion":"1.0","Region":"default","Campaign":"product website","Offer":"","TrackBackUrl":"","SubId":null}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Sun, 26 Apr 2015 03:10:10 GMT
Connection: close
Content-Length: 0
POST /config-from-production HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-configs.buzzrin.de
Content-Length: 219
Connection: Close
{"os":"WinNT","osver":"6.1.7601 (Service Pack 1) SP: 1.0","lang":"en-US","uid":"c0322acd-5e5d-42f0-b163-c591ee6ff5b9","prod":"soft-warenet/1.0/campaigns/product website/","expiresOn":"2115-04-17T05:29:59.9719135 00:00"}
HTTP/1.1 200 OK
Content-Type: text/plain
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sun, 26 Apr 2015 03:10:08 GMT
Connection: close
Content-Length: 10123
{"certificate":"cyberservices","productSetup":"downloadguide/temp/e4b8f397-103f-4dc2-b462-a5bf20471890/DoNothing.exe","windowHeight":389,"windowWidth":506,"product":{"version":"1.0","displayName":"Soft-WareNet","installCodeJs":"","installTest":"true","files":[{"url":"hXXp://az687722.vo.msecnd.net/public-source/downloadguide/soft-warenet/1.0/default/campaigns/product website/exe/DoNothing.exe","localFile":"DoNothing.exe","cmdParametersJs":"","fileType":{"name":"Product","assemblyQualifiedName":"Freemium.Domain.Campaign.Product, Freemium.Domain"},"etag":null,"hash":null,"isExternalFile":false,"region":"default","version":"1.0","id":"donothing/1.0/default","name":"DoNothing","isEncoded":false}],"uiFile":"hXXp://az687722.vo.msecnd.net/public-source/downloadguide/soft-warenet/1.0/default/campaigns/product website/ui/soft-warenet-flow-5-text-en-us.zip","logo":"hXXp://az687722.vo.msecnd.net/public-source/downloadguide/soft-warenet/1.0/default/campaigns/product website/ui/DoNothing.png","installationPath":"","infoText":"<p>We will not save either your IP address or other user data. We will only evaluate anonymised statistics for the optimization of the usability and our product. By using the downloader you agree to the usage of such data according to our strict privacy policy guidelines. Please read our detailed licence agreement (EULA) as well.</p><p>In order to finance our service we permit software producers to advertise their products in the downloader. Before the integration every product of our
<<< skipped >>>
GET /public-source/downloadguide/soft-warenet/1.0/default/campaigns/product website/ui/websearches-single-text-en-us.zip HTTP/1.1
Cache-Control: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: az687722.vo.msecnd.net
Connection: Close
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: public, max-age=3600
Content-MD5: t5d9xFrjre0T4zeVhcBpwg==
Content-Type: application/octet-stream
Date: Sun, 26 Apr 2015 03:10:09 GMT
Etag: 0x8D2292EAEAAFDBD
Last-Modified: Tue, 10 Mar 2015 09:49:48 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 4587b7e4-0001-003a-71ce-7f2693000000
x-ms-version: 2009-09-19
Content-Length: 40632
Connection: close
PK........'f[F..U...... ......index.html.Z.n.Ir.[...}...u.(.... J.%.6.K.Dj.'....&..pf.{.4....I.....(y.|U.=.R?,....Lr......=...bx>.p...r....?u..^w.dB_....Su.=t..h.J.-eq..\..It.g......P......T..Cby,..4V.'........Tgw...O.[........T..Re$.FMO".....Q.:.66.(.5.I...~.s.....s......Y......5.....Z.*.K.g.}..~...F...2.D.....|..8e2.vdQt...B.l...Ty^......Z.Tk..\::9v...?......2...;.<.lk....8..]..G...(...K....$.....}z.......:..l...-...$.9(....l)...JS......,...z...er...a...*J..1.&.g.n......h.......}...f....S...l.......u6......Ee.,.k..!.Z...?_f.X...9[..V.T..>..q.[E5r..B.Y.-..O..........=...M.$.: .. '.>.!..D.P...8..:Q..r...v .....s.z...|..W.....m........^.|.,.H.z.Y..w....R.9.OT.......I......|C[.<.....D....~.t.6s$.r}.&A...o`D~.E....\...G....".....!...^tpAm....i>..*...".?H...BL...=....O6.P........xn.. *...V.V.[...Z/...O...DDDq...4g....,.....~U..zA!.. ..K.5.%[r3&2...qexe.%..N.....!......evR...9..x....v.....zA........<......(yW...j.6&....d..88j......ai.......c..5..y.@7..6..M..&G........OL...s!4.z!........k..|./.....e....F}.$2..E.....q.$.V..4;..'.....#.@..*...~......o.,U.........U..~..?;.Rb8mEt....!...N.......m.4e?..y..[....5.UZ..|e.!..x1..L....Z.b..6.......;....3.R..H7S.D[.#.&F..[...O.Be.....H.R....$Z.(..[.ZI...z1;.k{]..:9.....HR.O.?.[$.J..%..[v......{.U........;9..P=7...ic.....2i<...HU...=.8.H.......yQ..._.......zu_...O.a..A.........k..U..s.X...,1.U..o[$.....Y"2....t....{.%:.Fhw~t:..\..........f.8.~...........}......"..{7.....}.g....>..Wo.c0...g..........|x5....X.]....~...5....~.J./.D..,Gd..;...J:........!.
<<< skipped >>>
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 406
Connection: Close
{"BuildId":"5b3bffc2-063e-4276-ac76-962e903512c2","Client":"freemium","DlgVersion":"3.1.0.197","Culture":"en-US","LocalTime":"2015-04-26T03:10:45 03:00","SessionId":"605fd6a5-e52b-46e1-aac0-e9001bb68656","MessageName":"OfferAccepted","Product":"soft-warenet","ProductVersion":"1.0","Region":"default","Campaign":"product website","Offer":"speedchecker/pcspeedup/1.0/default","TrackBackUrl":"","SubId":null}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Sun, 26 Apr 2015 03:10:45 GMT
Connection: close
Content-Length: 0
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 380
Connection: Close
{"BuildId":"5b3bffc2-063e-4276-ac76-962e903512c2","Client":"freemium","DlgVersion":"3.1.0.197","Culture":"en-US","LocalTime":"2015-04-26T03:13:37 03:00","SessionId":"605fd6a5-e52b-46e1-aac0-e9001bb68656","MessageName":"ProductInstallStarted","Product":"soft-warenet","ProductVersion":"1.0","Region":"default","Campaign":"product website","Offer":"","TrackBackUrl":"","SubId":null}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Sun, 26 Apr 2015 03:13:37 GMT
Connection: close
Content-Length: 0
GET /gs/gscodesigng2.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.globalsign.com
HTTP/1.1 200 OK
Date: Sun, 26 Apr 2015 03:15:01 GMT
Content-Type: application/x-pkcs7-crl
Content-Length: 3023
Connection: keep-alive
Set-Cookie: __cfduid=d4aa5625df3b911142708b6d8e18392451430018101; expires=Mon, 25-Apr-16 03:15:01 GMT; path=/; domain=.globalsign.com; HttpOnly
Expires: Sun, 03 May 2015 01:00:00 GMT
Last-Modified: Sun, 26 Apr 2015 01:00:00 GMT
Cache-Control: public, max-age=596699
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 1dcf1eeb52e00f75-FRA
0...0......0...*.H........0Q1.0...U....BE1.0...U....GlobalSign nv-sa1'0%..U....GlobalSign CodeSigning CA - G2..150426010000Z..150503010000Z0...0#...!......{O...f...D..120801152402Z0#...! ......eq.8.\..v..121119212403Z0#...!.#.... ...;.h..8..121119212406Z0#...!....:...#f5&u..i..121119212410Z0#...!...J~.^.t.........121119212413Z0#...!r.y.....5=..h([I..121119212416Z0#...!...T.}......td.n..121119212419Z0#...!.e....U.G.........121119213604Z0#...!qiS13S... ny...#..121119222403Z0#...!U. !..QQ....~..'..121119222411Z0#...!...ta..mXks.`7....121119222413Z0#...!....:,.opI>...b...121119222415Z0#...!i...d..........X..121119222417Z0#...!..........-..'....121119222419Z0#...!.{U.s.J..|.G;.....121119222422Z0#...!....7M........./..121119222425Z0#...!......tu.......-..121119222427Z0#...!..........m.......121119222430Z0#...!.pj@.i(S<....k....121119223603Z0#...!H....{.....>......121119223613Z0#...!_...Lg....s-.k....121119224803Z0#...!......iS...2{..A..121119224807Z0#...!....E.i...E.\I ...121119224809Z0#...!....j.Y....%u..d..121119224811Z0#...!S......c.......,..121119224814Z0#...!I.d.6..q..........121119224816Z0#...!.7T..T..E.........121119224818Z0#...!.8V...|.c.1.<..$..121119224821Z0#...!..5H..A.PA".......121119224823Z0#...!..9|....p..A...~..121119224825Z0#...!...z..g{g.Mt..G...121120180003Z0#...!5....u.H.5.n..K...121121154803Z0#...!a. ..5.Q.....g.Y..121127202406Z0#...!.9...^............130118021202Z0#...!.g.|.d..-,...A....130201163603Z0#...!......R..B.....h..130212223046Z0#...!....oL$Ds.|...IN..130327184808Z0#...!,oYM;.
<<< skipped >>>
POST /upload.php HTTP/1.1
Content-Type: multipart/form-data; boundary=8d24dff12ad36c6
Host: 151.236.26.173
Cache-Control: no-store,no-cache
Pragma: no-cache
Content-Length: 104857685
Expect: 100-continue
Connection: Close
HTTP/1.1 100 Continue
....
POST /log?index=cc9534a2adc111e286841231390e9c34&sourcetype=installer HTTP/1.1
Connection: close
Content-Type: text/plain; Charset=UTF-8
Accept: */*
User-Agent: PCSUInstaller
Content-Length: 124
Host: VVV.pcspeeduplog.com
"productID":1,"version":"3.9.8.0","uniqueID":"BC8DD994-FD51-4D87-B86E-7BF4AAB4FDC1","Start":1,"OS":"6.1.7601-SP1","silent":1
HTTP/1.1 200 OK
Server: nginx/1.4.2
Date: Sun, 26 Apr 2015 03:11:21 GMT
Content-Type: text/plain
Content-Length: 17
Connection: close
Last-Modified: Mon, 12 Aug 2013 21:11:59 GMT
ETag: "52094f9f-11"
Accept-Ranges: bytes
log completed: OK..
GET /msdownload/update/v3/static/trustedr/en/D69B561148F01C77C54578C10926DF5B856976AD.crt?fb2283c00361ac01 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com
HTTP/1.1 200 OK
Content-Type: application/x-x509-ca-cert
Last-Modified: Fri, 20 Feb 2015 20:14:50 GMT
Accept-Ranges: bytes
ETag: "05934e1494dd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 867
Date: Sun, 26 Apr 2015 03:14:43 GMT
Connection: keep-alive
0.._0..G.............!XS..0...*.H........0L1 0...U....GlobalSign Root CA - R31.0...U....GlobalSign1.0...U....GlobalSign0...090318100000Z..290318100000Z0L1 0...U....GlobalSign Root CA - R31.0...U....GlobalSign1.0...U....GlobalSign0.."0...*.H.............0.........%v.y.x".......(...v....r.F.C....._$..K.`.F.R...Gpl.d...,...=. .......y.;..w...I.jb/.^..h..'.8...>..&Y.s....&.....[...`.I.(.i;...(....aW7.t..t.:.r/.......=...3.. .S.:.s..A. :......O..2`.W....hh.8&`u..w..... I..@.H..1a.^....w.d.z._....b..l.Ti....n...qv.i.........B0@0...U...........0...U.......0....0...U........K...E$.MP.c.......0...*.H.............K@..P.......TEI....A.....(.3.k.t...-..........sgJ..D{x..nlo.).39E....Wl.....S.-.$l..c..ShgV>...5!..h....S......]F...zX(./....7A..Dm.S(.~.g.........L'.L.ssv.....z..-....,.<.U...~6..WI...-|`..AQ.#...2k.....,3.:;%..@.;,.x.a/....Uo.....M.(.r..bPe.....1....GX?_HTTP/1.1 200 OK..Content-Type: application/x-x509-ca-cert..Last-Modified: Fri, 20 Feb 2015 20:14:50 GMT..Accept-Ranges: bytes..ETag: "05934e1494dd01:0"..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Content-Length: 867..Date: Sun, 26 Apr 2015 03:14:43 GMT..Connection: keep-alive..0.._0..G.............!XS..0...*.H........0L1 0...U....GlobalSign Root CA - R31.0...U....GlobalSign1.0...U....GlobalSign0...090318100000Z..290318100000Z0L1 0...U....GlobalSign Root CA - R31.0...U....GlobalSign1.0...U....GlobalSign0.."0...*.H.............0.........%v.y.x".......(...v....r.F.C....._$..K.`.F.R...Gpl.d...,...=. .......y.;..w...I.jb/.^..h..'.8...>..&Y.s....&.
<<< skipped >>>
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
%original file name%.exe_2192:
.text
.text
`.rdata
`.rdata
@.data
@.data
.ndata
.ndata
.rsrc
.rsrc
uDSSh
uDSSh
.DEFAULT\Control Panel\International
.DEFAULT\Control Panel\International
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
GetWindowsDirectoryA
GetWindowsDirectoryA
KERNEL32.dll
KERNEL32.dll
ExitWindowsEx
ExitWindowsEx
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
SHFileOperationA
SHFileOperationA
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
RegEnumKeyA
RegEnumKeyA
RegCreateKeyExA
RegCreateKeyExA
RegCloseKey
RegCloseKey
RegDeleteKeyA
RegDeleteKeyA
RegOpenKeyExA
RegOpenKeyExA
ADVAPI32.dll
ADVAPI32.dll
COMCTL32.dll
COMCTL32.dll
ole32.dll
ole32.dll
VERSION.dll
VERSION.dll
verifying installer: %d%%
verifying installer: %d%%
hXXp://nsis.sf.net/NSIS_Error
hXXp://nsis.sf.net/NSIS_Error
... %d%%
... %d%%
~nsu.tmp
~nsu.tmp
%u.%u%s%s
%u.%u%s%s
RegDeleteKeyExA
RegDeleteKeyExA
%s=%s
%s=%s
*?|/":
*?|/":
rs\"%CurrentUserName%"\AppData\Local\Temp\nssD02B.tmp\setup_plugin.dll
rs\"%CurrentUserName%"\AppData\Local\Temp\nssD02B.tmp\setup_plugin.dll
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssD02B.tmp\setup_plugin.dll
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssD02B.tmp\setup_plugin.dll
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssD02B.tmp
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssD02B.tmp
h-g}j
h-g}j
vT%SJLAu
vT%SJLAu
.reloc
.reloc
GetProcessHeap
GetProcessHeap
setup_plugin.dll
setup_plugin.dll
/.yy\\
/.yy\\
{{ssHH
{{ssHH
7;;??##'' //
7;;??##'' //
12::""**
12::""**
1266::>>""&&**..
1266::>>""&&**..
2377;;??##'' //
2377;;??##'' //
=>::6622..**&&""
=>::6622..**&&""
34
34
4511==99%%!!--))
4511==99%%!!--))
78
78
9:>>2266**..""&&
9:>>2266**..""&&
>?;;7733// ''##
>?;;7733// ''##
9:22**""
9:22**""
23;;##
23;;##
=>66..&&
=>66..&&
0199!!))
0199!!))
8911))!!
8911))!!
;
;
.NP,"
.NP,"
u%c$#
u%c$#
|%Sp&
|%Sp&
L-3}c
L-3}c
nssD02B.tmp
nssD02B.tmp
:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssD02B.tmp
:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssD02B.tmp
c:\%original file name%.exe
c:\%original file name%.exe
%original file name%.exe
%original file name%.exe
ers\"%CurrentUserName%"\AppData\Local\Temp\nssD02A.tmp
ers\"%CurrentUserName%"\AppData\Local\Temp\nssD02A.tmp
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\
)-.Yln
)-.Yln
Nullsoft Install System v2.46
Nullsoft Install System v2.46
nsissetup.exe_2868:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
8%uEP3
8%uEP3
?.uEW
?.uEW
operator
operator
GetProcessWindowStation
GetProcessWindowStation
RegOpenKeyTransactedW
RegOpenKeyTransactedW
RegCreateKeyTransactedW
RegCreateKeyTransactedW
RegDeleteKeyTransactedW
RegDeleteKeyTransactedW
RegDeleteKeyExW
RegDeleteKeyExW
F3.1.0.197
F3.1.0.197
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
RegCloseKey
RegCloseKey
RegOpenKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryInfoKeyW
ADVAPI32.dll
ADVAPI32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
SHLWAPI.dll
SHLWAPI.dll
GetProcessHeap
GetProcessHeap
GetCPInfo
GetCPInfo
%s '%s' [err=%d]
%s '%s' [err=%d]
%s [f='%s']
%s [f='%s']
%s [n=%d] -> hr=0xx
%s [n=%d] -> hr=0xx
%s [f=0x%p,t=%u]->id=%u
%s [f=0x%p,t=%u]->id=%u
%s -> watch for self-living object 0x%p
%s -> watch for self-living object 0x%p
%s -> self-living object 0x%p has finished the work -> wait when it is done
%s -> self-living object 0x%p has finished the work -> wait when it is done
%s -> drop self-living object 0x%p as it is done
%s -> drop self-living object 0x%p as it is done
- got tag of %d bytes
- got tag of %d bytes
%s [id=%u,call=%d]
%s [id=%u,call=%d]
- hr=0xx
- hr=0xx
DLG ENTRY v%s WIN%d.%d.%d ÛIT IE%d.%d
DLG ENTRY v%s WIN%d.%d.%d ÛIT IE%d.%d
).uE(
).uE(
{P:d T:d S:%d D:d.d.d} %s
{P:d T:d S:%d D:d.d.d} %s
!>%s [
!>%s [
name='%s'
name='%s'
%s, f='%s'
%s, f='%s'
%s [f='%s',len(d)=%d]
%s [f='%s',len(d)=%d]
%s [id=%s,type=%s]
%s [id=%s,type=%s]
- size: %d
- size: %d
%d.%d
%d.%d
kernel32.dll
kernel32.dll
user32.dll
user32.dll
wininet.dll
wininet.dll
DeleteUrlCacheEntryW
DeleteUrlCacheEntryW
HttpOpenRequestA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpAddRequestHeadersA
HttpQueryInfoA
HttpQueryInfoA
HttpSendRequestA
HttpSendRequestA
InternetCrackUrlW
InternetCrackUrlW
urlmon.dll
urlmon.dll
shell32.dll
shell32.dll
ShellExecuteExW
ShellExecuteExW
shlwapi.dll
shlwapi.dll
oleaut32.dll
oleaut32.dll
advapi32.dll
advapi32.dll
CryptImportKey
CryptImportKey
CryptDestroyKey
CryptDestroyKey
psapi.dll
psapi.dll
%s [this=0x%p]
%s [this=0x%p]
JsFileExecution::JsFileExecution
JsFileExecution::JsFileExecution
JsFileExecution::~JsFileExecution
JsFileExecution::~JsFileExecution
JsFileExecution::doWorkRoutine
JsFileExecution::doWorkRoutine
- queue #%d: %d items, add 0x%p
- queue #%d: %d items, add 0x%p
- queue #%d: %d items, run 0x%p
- queue #%d: %d items, run 0x%p
- request start: this=0x%p (v=%d)
- request start: this=0x%p (v=%d)
- request end: this=0x%p, hr=0xx
- request end: this=0x%p, hr=0xx
- drop cache for '%s'
- drop cache for '%s'
this=0x%p,f='%s',d='%s'
this=0x%p,f='%s',d='%s'
- DefWinProc -> %d
- DefWinProc -> %d
%s [this=0x%p,show=%d]
%s [this=0x%p,show=%d]
%s [file='%s']
%s [file='%s']
%s [this=0x%p, root=lx, path='%s', f=0xlx] -> %d
%s [this=0x%p, root=lx, path='%s', f=0xlx] -> %d
- ID:='%s'
- ID:='%s'
len(code)=%d
len(code)=%d
f='%s'
f='%s'
%s, count=%d
%s, count=%d
%s, name='%s'
%s, name='%s'
Eval, len(expr)=%d, ns='%s', hr=0xx
Eval, len(expr)=%d, ns='%s', hr=0xx
CScriptSiteObj::GetItemInfo, name='%s'
CScriptSiteObj::GetItemInfo, name='%s'
- unpack `this`, hr=0xx
- unpack `this`, hr=0xx
%s [this=0x%p,main=%d,url='%s']
%s [this=0x%p,main=%d,url='%s']
%s [url='%s']
%s [url='%s']
%s, hwnd=0x%p
%s, hwnd=0x%p
- enum http_response_headers: '%s' (0xx)
- enum http_response_headers: '%s' (0xx)
- enum http_response_headers '%s' -> '%s'
- enum http_response_headers '%s' -> '%s'
- start a %sloader at %lu
- start a %sloader at %lu
HTTP/1.1
HTTP/1.1
- request range %lu-%lu by '%s'
- request range %lu-%lu by '%s'
%s, this=0x%p
%s, this=0x%p
%s, this=0x%p, auto=%d
%s, this=0x%p, auto=%d
- send, counter=%d
- send, counter=%d
- status: %d
- status: %d
- stop on range write, hr=0xx
- stop on range write, hr=0xx
- read %lu bytes by %lu portions
- read %lu bytes by %lu portions
- has etag: %s
- has etag: %s
%s, this=0x%p, handle=0x%p, status=%d
%s, this=0x%p, handle=0x%p, status=%d
^-- server IP is '%s'
^-- server IP is '%s'
^-- host is '%s'
^-- host is '%s'
i)%UUUUUU\
i)%UUUUUU\
(h(%UU
(h(%UU
-1N}wZ
-1N}wZ
X.saN
X.saN
wQ.SsD
wQ.SsD
M.uix
M.uix
0$0(0,0|0
0$0(0,0|0
5,585\5|5
5,585\5|5
4$4,484\4|4
4$4,484\4|4
mscoree.dll
mscoree.dll
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
KERNEL32.DLL
KERNEL32.DLL
WUSER32.DLL
WUSER32.DLL
Advapi32.dll
Advapi32.dll
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
HKEY_DYN_DATA
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
Floating point (%%e, %%f, %%g, and %%G) is not supported by the WTL::CString class.
Floating point (%%e, %%f, %%g, and %%G) is not supported by the WTL::CString class.
scriptMain.js
scriptMain.js
ScriptInterfaces.tlb
ScriptInterfaces.tlb
.part
.part
http_response_headers
http_response_headers
SupportsRange
SupportsRange
Range%d
Range%d
http_response_status
http_response_status
http_response_body
http_response_body
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssD02B.tmp\nsissetup.exe
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssD02B.tmp\nsissetup.exe
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLGD123.tmp
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLGD123.tmp
ProtectWindowsManager.exe_3500:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
j.Yf;
j.Yf;
_tcPVj@
_tcPVj@
.PjRW
.PjRW
?456789:;
?456789:;
!"#$%&'()* ,-./0123
!"#$%&'()* ,-./0123
SHELL32.dll
SHELL32.dll
function not supported
function not supported
operation canceled
operation canceled
address_family_not_supported
address_family_not_supported
operation_in_progress
operation_in_progress
operation_not_supported
operation_not_supported
protocol_not_supported
protocol_not_supported
operation_would_block
operation_would_block
address family not supported
address family not supported
broken pipe
broken pipe
inappropriate io control operation
inappropriate io control operation
not supported
not supported
operation in progress
operation in progress
operation not permitted
operation not permitted
operation not supported
operation not supported
operation would block
operation would block
protocol not supported
protocol not supported
GetProcessWindowStation
GetProcessWindowStation
operator
operator
SHLWAPI.dll
SHLWAPI.dll
%dYeArdMoNthdDaY
%dYeArdMoNthdDaY
URLDownloadToFileA
URLDownloadToFileA
file_url
file_url
ShellExecuteExW
ShellExecuteExW
SHDeleteKeyW
SHDeleteKeyW
GetWindowsDirectoryA
GetWindowsDirectoryA
GetProcessHeap
GetProcessHeap
GetSystemWindowsDirectoryW
GetSystemWindowsDirectoryW
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
RegCreateKeyExW
RegCreateKeyExW
RegCloseKey
RegCloseKey
RegOpenKeyExW
RegOpenKeyExW
RegCreateKeyW
RegCreateKeyW
ReportEventW
ReportEventW
ADVAPI32.dll
ADVAPI32.dll
PSAPI.DLL
PSAPI.DLL
USERENV.dll
USERENV.dll
VERSION.dll
VERSION.dll
GetCPInfo
GetCPInfo
zcÁ
zcÁ
263f3k3z3
263f3k3z3
=>>_> ?`?}?
=>>_> ?`?}?
5 5$5(5,5
5 5$5(5,5
? ?$?(?,?0?4?8?
? ?$?(?,?0?4?8?
:$:,:8:\:|:
:$:,:8:\:|:
%s_%s
%s_%s
\\.\Phys
\\.\Phys
..\Src\json\src\json_value.cpp
..\Src\json\src\json_value.cpp
..\Src\json\src\json_reader.cpp
..\Src\json\src\json_reader.cpp
xxxx
xxxx
..\Src\json\src\json_writer.cpp
..\Src\json\src\json_writer.cpp
kernel32.dll
kernel32.dll
mscoree.dll
mscoree.dll
- CRT not initialized
- CRT not initialized
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- floating point support not loaded
- floating point support not loaded
USER32.DLL
USER32.DLL
portuguese-brazilian
portuguese-brazilian
WindowsMangerProtect
WindowsMangerProtect
SOFTWARE\supWindowsMangerProtect
SOFTWARE\supWindowsMangerProtect
xa.geoip
xa.geoip
visit.heartbeat
visit.heartbeat
ProtectWindowsManager.exe
ProtectWindowsManager.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
TypesSupported
TypesSupported
%s is already installed
%s is already installed
%s installed
%s installed
%s failed to install. Error %d
%s failed to install. Error %d
%s is not installed
%s is not installed
Could not remove %s. Error %d
Could not remove %s. Error %d
WindowsProtectManger
WindowsProtectManger
Advapi32.dll
Advapi32.dll
/c ping 127.0.0.1 -n 2 > nul && del
/c ping 127.0.0.1 -n 2 > nul && del
"%s" %s
"%s" %s
psapi.dll
psapi.dll
Explorer.exe
Explorer.exe
urlmon.dll
urlmon.dll
update.exe
update.exe
Assertion failed: %s, file %s, line %d
Assertion failed: %s, file %s, line %d
WindowsMangerProtect Service
WindowsMangerProtect Service
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
WindowsMangerProtect service
WindowsMangerProtect service
SysTool PasSame LIMITED
SysTool PasSame LIMITED
Windows SysTool Svr
Windows SysTool Svr
20.0.0.2227
20.0.0.2227
Windows SysTool.exe
Windows SysTool.exe
ProtectService.exe_3684:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
GET %s%s%s HTTP/1.1
GET %s%s%s HTTP/1.1
Host: %s
Host: %s
%sUser-Agent: Mozilla/4.0
%sUser-Agent: Mozilla/4.0
POST %s HTTP/1.1
POST %s HTTP/1.1
%sContent-Type: %s
%sContent-Type: %s
User-Agent: Mozilla/4.0
User-Agent: Mozilla/4.0
Content-Length: %u
Content-Length: %u
%*s %d %*s
%*s %d %*s
%*[ ]%[^
%*[ ]%[^
?456789:;
?456789:;
!"#$%&'()* ,-./0123
!"#$%&'()* ,-./0123
file_url
file_url
E:\supsoft\SupSearchProtectV4\SearchProtect\Bin\Release\ProtectService.pdb
E:\supsoft\SupSearchProtectV4\SearchProtect\Bin\Release\ProtectService.pdb
GetProcessHeap
GetProcessHeap
GetSystemWindowsDirectoryW
GetSystemWindowsDirectoryW
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
RegOpenKeyW
RegOpenKeyW
RegCloseKey
RegCloseKey
RegOpenKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCreateKeyExW
ADVAPI32.dll
ADVAPI32.dll
SHELL32.dll
SHELL32.dll
MSVCP110.dll
MSVCP110.dll
InternetCrackUrlW
InternetCrackUrlW
WININET.dll
WININET.dll
WS2_32.dll
WS2_32.dll
SHLWAPI.dll
SHLWAPI.dll
MSVCR110.dll
MSVCR110.dll
_crt_debugger_hook
_crt_debugger_hook
__crtUnhandledException
__crtUnhandledException
__crtTerminateProcess
__crtTerminateProcess
_calloc_crt
_calloc_crt
__crtGetShowWindowMode
__crtGetShowWindowMode
_amsg_exit
_amsg_exit
_wcmdln
_wcmdln
__crtSetUnhandledExceptionFilter
__crtSetUnhandledExceptionFilter
WinHttpCloseHandle
WinHttpCloseHandle
WinHttpOpen
WinHttpOpen
WinHttpSetTimeouts
WinHttpSetTimeouts
WinHttpCrackUrl
WinHttpCrackUrl
WinHttpConnect
WinHttpConnect
WinHttpOpenRequest
WinHttpOpenRequest
WinHttpSetOption
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpSendRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpGetProxyForUrl
WinHttpWriteData
WinHttpWriteData
WinHttpReceiveResponse
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpReadData
WINHTTP.dll
WINHTTP.dll
SensApi.dll
SensApi.dll
VERSION.dll
VERSION.dll
PSAPI.DLL
PSAPI.DLL
USERENV.dll
USERENV.dll
.?AVCHttpClient@@
.?AVCHttpClient@@
.?AVCTcpipSocket@@
.?AVCTcpipSocket@@
2-2v2
2-2v2
hXXp://
hXXp://
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings
http=
http=
WinHttpClient
WinHttpClient
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) in my heart of heart.
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) in my heart of heart.
hXXp://xa.xingcloud.com
hXXp://xa.xingcloud.com
xxxx
xxxx
%u_%u
%u_%u
%s_%s
%s_%s
%s_X
%s_X
\\.\PhysicalDrive%d
\\.\PhysicalDrive%d
UpDateProcess.exe
UpDateProcess.exe
hXXp://VVV.theviilage.com/searchprotect/up?ptid=%s&sid=%s&ln=%s_%s&ver=%s&uid=%s&dp=%s
hXXp://VVV.theviilage.com/searchprotect/up?ptid=%s&sid=%s&ln=%s_%s&ver=%s&uid=%s&dp=%s
g{2EFFE99D-743D-44D0-BBF2-F9DDDEA2F92D}
g{2EFFE99D-743D-44D0-BBF2-F9DDDEA2F92D}
Global\{5F26509F-29FE-4598-8800-FA22CE9CC17F}__Mutex
Global\{5F26509F-29FE-4598-8800-FA22CE9CC17F}__Mutex
Report HeartBeat
Report HeartBeat
cmdshell.exe
cmdshell.exe
hXXp://xa.xingcloud.com/v4/searchprotect/%s?action=visit.heartbeat.%s&update0=ref,%s&update1=nation,%s&update2=language,%s&update3=version,%s
hXXp://xa.xingcloud.com/v4/searchprotect/%s?action=visit.heartbeat.%s&update0=ref,%s&update1=nation,%s&update2=language,%s&update3=version,%s
hXXp://xa.xingcloud.com/v4/searchprotect/%s?action0=xa.geoip&action1=visit&action2=install
hXXp://xa.xingcloud.com/v4/searchprotect/%s?action0=xa.geoip&action1=visit&action2=install
hXXp://xa.xingcloud.com/v4/searchprotect/%s?action=uninstall
hXXp://xa.xingcloud.com/v4/searchprotect/%s?action=uninstall
explorer.exe
explorer.exe
Advapi32.dll
Advapi32.dll
"%s" %s
"%s" %s
psapi.dll
psapi.dll
Explorer.exe
Explorer.exe
json_value.cpp
json_value.cpp
ljson_reader.cpp
ljson_reader.cpp
ProtectSvc.exe
ProtectSvc.exe
4.0.1.2253
4.0.1.2253
HPNotify.exe_3756:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
wszUrl
wszUrl
strUrlTemp
strUrlTemp
hKEY
hKEY
strSelUrl
strSelUrl
strUrl
strUrl
strConfUrlTemp
strConfUrlTemp
strDsUrl
strDsUrl
strHpUrl
strHpUrl
strCmdLine
strCmdLine
tCPW
tCPW
%UUUU
%UUUU
e_GetBrowserCurrentHpUrl
e_GetBrowserCurrentHpUrl
e_GetBrowserCurrentDsUrl
e_GetBrowserCurrentDsUrl
URLDownloadToFileW
URLDownloadToFileW
URLDownloadToFileW ret:0XX
URLDownloadToFileW ret:0XX
Error : %d
Error : %d
inflate 1.1.3 Copyright 1995-1998 Mark Adler
inflate 1.1.3 Copyright 1995-1998 Mark Adler
1.1.3
1.1.3
monochrome
monochrome
unsupported bit depth
unsupported bit depth
`'\%D,3
`'\%D,3
Run-Time Check Failure #%d - %s
Run-Time Check Failure #%d - %s
%s%s%p%s%ld%s%d%s
%s%s%p%s%ld%s%d%s
%s%s%s%s
%s%s%s%s
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
del /s/q %1\*.*
del /s/q %1\*.*
%suninstall.bat
%suninstall.bat
E:\supsoft\SupSearchProtectV4\SearchProtect\bin\Release\HPNotify.pdb
E:\supsoft\SupSearchProtectV4\SearchProtect\bin\Release\HPNotify.pdb
KERNEL32.dll
KERNEL32.dll
GetKeyState
GetKeyState
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteW
ShellExecuteW
ShellExecuteA
ShellExecuteA
ShellExecuteExW
ShellExecuteExW
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
SHDeleteKeyW
SHDeleteKeyW
SHLWAPI.dll
SHLWAPI.dll
MSVCP110.dll
MSVCP110.dll
MSVCR110.dll
MSVCR110.dll
_calloc_crt
_calloc_crt
_CRT_RTC_INITW
_CRT_RTC_INITW
__crtGetShowWindowMode
__crtGetShowWindowMode
_amsg_exit
_amsg_exit
_wcmdln
_wcmdln
_crt_debugger_hook
_crt_debugger_hook
__crtUnhandledException
__crtUnhandledException
__crtTerminateProcess
__crtTerminateProcess
__crtSetUnhandledExceptionFilter
__crtSetUnhandledExceptionFilter
GdiplusShutdown
GdiplusShutdown
gdiplus.dll
gdiplus.dll
IMM32.dll
IMM32.dll
DeleteUrlCacheEntryW
DeleteUrlCacheEntryW
WININET.dll
WININET.dll
COMCTL32.dll
COMCTL32.dll
GetProcessHeap
GetProcessHeap
#*1892 $
#*1892 $
%,3:;4-&
%,3:;4-&
.?AVCActiveXEnum@DuiLib@@
.?AVCActiveXEnum@DuiLib@@
.?AVCWebBrowserUI@DuiLib@@
.?AVCWebBrowserUI@DuiLib@@
3?3
3?3
1-2}2
1-2}2
77t7
77t7
9":,:6:@:
9":,:6:@:
12u2
12u2
9 9$9(9,9094989
9 9$9(9,9094989
0 1@1\1|1
0 1@1\1|1
hXXp://VVV.bing.com/
hXXp://VVV.bing.com/
hXXp://VVV.yahoo.com/
hXXp://VVV.yahoo.com/
hXXp://VVV.google.com/
hXXp://VVV.google.com/
%sconf
%sconf
web/?type=dspp&
web/?type=dspp&
web/?type=dspp
web/?type=dspp
hXXp://VVV.v9.com/
hXXp://VVV.v9.com/
Itemd
Itemd
BrowserAction.dll
BrowserAction.dll
%u_%u
%u_%u
%s_%s
%s_%s
%s_X
%s_X
\\.\PhysicalDrive%d
\\.\PhysicalDrive%d
\\.\Scsi%d:
\\.\Scsi%d:
UrlEdit
UrlEdit
conf.xml
conf.xml
hXXp://v9.com/license_agreement.html
hXXp://v9.com/license_agreement.html
hXXp://v9.com/privacy_policy.html
hXXp://v9.com/privacy_policy.html
hXXp://xa.xingcloud.com/v4/searchprotect/%s?action=set.show.%s
hXXp://xa.xingcloud.com/v4/searchprotect/%s?action=set.show.%s
hXXp://xa.xingcloud.com/v4/searchprotect/%s?action=set.other.%s
hXXp://xa.xingcloud.com/v4/searchprotect/%s?action=set.other.%s
%stmp%d.tmp
%stmp%d.tmp
urlmon.dll
urlmon.dll
main.xml
main.xml
explorer.exe
explorer.exe
Global\{5F26509F-29FE-4598-8800-FA22CE9CC17F}__Mutex
Global\{5F26509F-29FE-4598-8800-FA22CE9CC17F}__Mutex
IeWatchDog.dll
IeWatchDog.dll
BrowerWatchFF.dll
BrowerWatchFF.dll
BrowerWatchCH.dll
BrowerWatchCH.dll
Global\GUID(6D05BFEC-4307-4649-8963-962A24345DF4)
Global\GUID(6D05BFEC-4307-4649-8963-962A24345DF4)
msimg32.dll
msimg32.dll
User32.dll
User32.dll
WM_KEYDOWN
WM_KEYDOWN
WM_KEYUP
WM_KEYUP
WM_SYSKEYDOWN
WM_SYSKEYDOWN
WM_SYSKEYUP
WM_SYSKEYUP
0xX
0xX
keyboard
keyboard
msftedit.dll
msftedit.dll
password
password
%s%s%s
%s%s%s
Correct password required
Correct password required
%s\%s
%s\%s
WebBrowser
WebBrowser
transshadow
transshadow
transshadow1
transshadow1
dest='%d,%d,%d,%d'
dest='%d,%d,%d,%d'
dest='%d,%d,%d,%d' source='%d,%d,%d,%d'
dest='%d,%d,%d,%d' source='%d,%d,%d,%d'
source='%d,%d,%d,%d' dest='%d,%d,%d,%d'
source='%d,%d,%d,%d' dest='%d,%d,%d,%d'
M-d-d
M-d-d
WebBrowserUI
WebBrowserUI
errorUrl
errorUrl
{D27CDB6E-AE6D-11CF-96B8-444553540000}
{D27CDB6E-AE6D-11CF-96B8-444553540000}
user32.dll
user32.dll
MSPDB110.DLL
MSPDB110.DLL
ADVAPI32.DLL
ADVAPI32.DLL
/c ping 127.0.0.1 -n 2 > nul && del /s/q
/c ping 127.0.0.1 -n 2 > nul && del /s/q
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
%Program Files% (x86)\XTab\skin\
%Program Files% (x86)\XTab\skin\
SupHPNot.exe
SupHPNot.exe
4,0,1,2253
4,0,1,2253
SupHPNty.exe
SupHPNty.exe
PCSUService.exe_604:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
SSSSSh
SSSSSh
xSSSh
xSSSh
FTPjKS
FTPjKS
FtPj;S
FtPj;S
C.PjRV
C.PjRV
Visual C CRT: Not enough memory to complete call to strerror.
Visual C CRT: Not enough memory to complete call to strerror.
Broken pipe
Broken pipe
Inappropriate I/O control operation
Inappropriate I/O control operation
Operation not permitted
Operation not permitted
portuguese-brazilian
portuguese-brazilian
operator
operator
GetProcessWindowStation
GetProcessWindowStation
127.0.0.1
127.0.0.1
C:\Projects\PCSU-SL\PCSpeedUp\Release\PCSUService.pdb
C:\Projects\PCSU-SL\PCSpeedUp\Release\PCSUService.pdb
WS2_32.dll
WS2_32.dll
IPHLPAPI.DLL
IPHLPAPI.DLL
sqlite3_exec
sqlite3_exec
sqlite3_free
sqlite3_free
sqlite3_open16
sqlite3_open16
sqlite3_close
sqlite3_close
sqlite3_extended_result_codes
sqlite3_extended_result_codes
sqlite3.dll
sqlite3.dll
CreatePipe
CreatePipe
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
RegEnumKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteKeyW
ADVAPI32.dll
ADVAPI32.dll
SHELL32.dll
SHELL32.dll
OLEAUT32.dll
OLEAUT32.dll
pdh.dll
pdh.dll
WinHttpCloseHandle
WinHttpCloseHandle
WinHttpOpen
WinHttpOpen
WinHttpSetTimeouts
WinHttpSetTimeouts
WinHttpCrackUrl
WinHttpCrackUrl
WinHttpConnect
WinHttpConnect
WinHttpOpenRequest
WinHttpOpenRequest
WinHttpSetOption
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpSendRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpGetProxyForUrl
WinHttpWriteData
WinHttpWriteData
WinHttpReceiveResponse
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpReadData
WINHTTP.dll
WINHTTP.dll
Secur32.dll
Secur32.dll
GetCPInfo
GetCPInfo
PeekNamedPipe
PeekNamedPipe
zcÁ
zcÁ
.PA_W
.PA_W
1&282R2
2,2f2
2,2 3@3g3w3
= =7=?={=
?$?(?,?0?4?8?@?
0(0/040800&1,10141815#5(575^57.747(8?8498 8$8(8,808? ?$?(?,?0?4?8?@?2 2$2(2,20242srclient.dllmscoree.dllnKERNEL32.DLL- Attempt to initialize the CRT more than once.- CRT not initialized- floating point support not loadedWUSER32.DLLPCSUService-Timer.logWevtapi.dllERROR: GetWindowsBoottimes(): could not load Wevtapi.dllSubscribing for Microsoft-Windows-Diagnostics-Performance/Operational - Event/System[EventID=100]Microsoft-Windows-Diagnostics-Performance/Operationalntdll.dllERROR: WaitUntilSystemIdle(): could not load Wevtapi.dllERROR: InitializePerformanceCounters(): check the registry keys in: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflibiexplore.exefirefox.exechrome.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution OptionsRemoveExeImageHook(%s)...DeleteValue failed: %dDeleteKey failed: %dregistry key is not empty!HKEY_LOCAL_MACHINEERROR: ProcessHelper.Start: hChildProcess != NULLCreateOutputPipeCreateInputPipe\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell FoldersRegistryHelper::GetValue():RegOpenKeyEx()HKEY_CURRENT_CONFIGHKEY_PERFORMANCE_DATAHKEY_USERSHKEY_CURRENT_USERHKEY_CLASSES_ROOTWinHttpClient3.9.8.0
dddddd.d000
WindowsBoottimes
|userlogin|
PCSUBootTimes.log
,"LoginToIdle":
INSERT OR REPLACE INTO Boots(Idle, LoginToIdle, WinlogonToIdle, UptimeAtIdle, USBCacheActive) VALUES('
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
/update.aspx?uniqueID=
\PCSpeedUp-Silent-Update.exe
/SP- /VERYSILENT /updateMode=true /LOG=update.log /countryCode=
HKEY_CURRENT_USER\Software\Speedchecker Limited\PC Speed Up
ERROR:RegistryHelper::CreateValue(HKEY_CURRENT_USER\Software\Speedchecker Limited\PC Speed Up, UpdateChecked):
FileUploader.exe
Checking HKEY_CURRENT_USER\Software\Speedchecker Limited\PC Speed Up key for USBCacheFill value...
DELETE FROM UC_STAT WHERE file LIKE '%.sys';
DELETE FROM UC_STAT WHERE file LIKE '%.tmp' AND read_counterDELETE FROM UC_STAT WHERE file NOT LIKE '%.exe%' AND file NOT LIKE '%.dll%' AND read_counter=1;hXXp://VVV.pcspeeduplog.com/1/inputs/http?index=cc9534a2adc111e286841231390e9c34&sourcetype=servicePCSUService: WinHttpClient.SendHttpRequest():PCSUService: SendHTTPRequestAsync:PCSUSD.exePCSUUCC.exeHKEY_LOCAL_MACHINE\SOFTWARE\Speedchecker Limited\PC Speed UpPCSUService.exePCSUQuickScan.exehXXp://qslimit.pcspeedup.co/qs_limit.aspx?productID=1&uniqueID=SendHttpRequestPCSUSpeedTest.exehXXp://VVV.pcsuapi.comhXXp://VVV.pcsuapi.nethXXp://VVV.pcsuservice.comhXXp://VVV.pcsuapi.infohXXp://VVV.pcsuapi.orghXXp://VVV.sdapi.cohXXp://VVV.sdltdapi.comhXXp://VVV.sdservice.cohXXp://VVV.sdltdapi.net/featurelimit.aspx?productID=1&uniqueID=PCSUSpeedTestGUI.exePCSUSpeedTest.exe /L /SPCSUSpeedTestWifi.exePCSUSpeedTest.exe /L /SLRegistryHelper.SetValueRegistryHelper.DeleteValueRegistryHelper.CreateKeyRegistryHelper.DeleteKeySysUtils.SetRestorePointIOHelper.FileCopyIOHelper.DeleteProcess.StartThe Process.Start didn't receive 7 arguments.Process.HasExitedThe Process.HasExited didn't receive 2 arguments.Process.StopThe Process.Stop didn't receive 2 arguments.Process.TerminateDB.ExecuteNonQueryThe DB.ExecuteNonQueryEx didn't receive the query/sql to execute.DB.ExecuteScalarThe DB.ExecuteScalarEx didn't receive the query/sql to execute.DB.ExecuteReaderThe DB.ExecuteReader didn't receive the query/sql to execute.NetworkHelper.GetAllMACAddressesService.StartService.StopRemove.IFEOPCSUSD.ScanPCSUSD.EnablePCSUSD.DisableProcess.CheckBrowsersPCSUUCC.ScanPCSUUCC.RefreshPCSUUCC.UpdatePCSUUCC.CleanPCSUUCC.FillPCSUUCC.InstallPCSpeedUp.sys"PCSUUCC.UninstallPCSUUCC.OnPCSUUCC.OffPCSUUCC.StatusPCSUUCC.Usagecmd /c PCSUUCC.exe /usage > CacheUsage.txtPCSUService.SpeedTestPCSUService.SpeedTestWifiHTTP.Sendserver_portPCSUService.confservice status: PID = %d, state = %s, CheckPoint = %d, WaitHint = %dEnumDependentServices failed (err=%d)Stop dependent service "%s"...OpenService failed (err=%d)ControlService failed (err=%d)QueryServiceStatusEx failed (err=%d)Timeout! (%d sec)StartService(%s)...ERROR! OpenSCManager failed! (err=%d)ERROR! OpenService(%s) failed! (err=%d)ERROR! StartService failed! (err=%d)ERROR! QueryServiceStatusEx failed (err=%d)Current State: %dExit Code: %dCheck Point: %dWait Hint: %dStopService(%s)...Service stop timed out. (%d sec)ERROR! StopDependentServices failed! (err = %d)ERROR! ControlService failed (err=%d)Wait timed out (%d sec)ExecuteNonQuery: sqlite3_exec:ExecuteScalar: sqlite3_exec:ExecuteReader: sqlite3_exec:LocalExecuteNonQuery: sqlite3_exec:LocalExecuteScalar: sqlite3_exec:LocalExecuteReader: sqlite3_exec:sqlite3_open16:sqlite3_close:PRAGMA foreign_keys = ON;SELECT DISTINCT s.ID, s.ValueName, s.ValueData, l.Path, s.ValueType FROM Startups s, ScanStartupApplications ssa, Locations l WHERE (s.Action = 2) AND (s.ID = ssa.IDStartup) AND (ssa.IDLocation = l.ID) ORDER BY s.ValueType DESC;hXXp://VVV.safedownloadapi.comERROR:CheckUpdateURL():ResponseContent:%Program Files% (x86)\PC Speed Up\PCSUService.exenssCF71.tmp_3176:.text`.rdata@.data.ndata.rsrcuDSSh.DEFAULT\Control Panel\InternationalSoftware\Microsoft\Windows\CurrentVersionGetWindowsDirectoryAKERNEL32.dllExitWindowsExUSER32.dllGDI32.dllSHFileOperationAShellExecuteASHELL32.dllRegEnumKeyARegCreateKeyExARegCloseKeyRegDeleteKeyARegOpenKeyExAADVAPI32.dllCOMCTL32.dllole32.dllVERSION.dllverifying installer: %d%%hXXp://nsis.sf.net/NSIS_Error... %d%%~nsu.tmp%u.%u%s%sRegDeleteKeyExA%s=%s*?|/":C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nse5ACF.tmpinetc.dllC:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi84CA.tmp\inetc.dllC:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi84CA.tmp@.relocu.Uj@MSVCRT.dllHttpSendRequestAHttpSendRequestExAHttpQueryInfoAFtpCreateDirectoryAFtpOpenFileAHttpOpenRequestAHttpAddRequestHeadersAHttpEndRequestAInternetCrackUrlAWININET.dllOpen URL ErrorURL Parts ErrorFtpCreateDir failed (550)Error FTP path (550)Downloading %s%dkB (%d%%) of %dkB @ %d.dkB/s(%d %s%s remaining)REST %dSIZE %sContent-Length: %dContent-Type: application/x-www-form-urlencodedAuthorization: basic %sProxy-authorization: basic %s%s:%sFtpCommandAwininet.dll%u MB%u kB%u bytes%d:d:d%s - %s(Err=%d)NSIS_Inetc (Mozilla)Filename: %s/passwordUploading %s8!8-8B8I8}8^2S%Snse5ACF.tmps\"%CurrentUserName%"\AppData\Local\Temp\nse5ACF.tmp:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi84CA.tmpUsers\"%CurrentUserName%"\AppData\Local\Temp\nse5ACF.tmpC:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssCF71.tmpC:\Users\"%CurrentUserName%"\AppData\Local\TempnssCF71.tmpers\"%CurrentUserName%"\AppData\Local\Temp\nsi84C8.tmpC:\Users\"%CurrentUserName%"\AppData\Local\Temp\Nullsoft Install System v2.46SpeedCheckerService.exe_2188_rwx_00D00000_0000F000:.EelPx.elP?.elPnssCF72.tmp_3656:.text`.rdata@.data.rsrc@.relocxSSShFTPjKSFtPj;SC.PjRVportuguese-brazilianoperatorGetProcessWindowStationC:\dev\src\dl_generic_library\helpers\voping\voping_cpp\Release\voping_cpp.pdbKERNEL32.dllHttpSendRequestWHttpOpenRequestWWININET.dllWinHttpCrackUrlWINHTTP.dllGetCPInfoC:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssCF72.tmp3(3/394@48#:0:9:|:mscoree.dll- Attempt to initialize the CRT more than once.- CRT not initialized- floating point support not loadedKERNEL32.DLLWUSER32.DLL,hXXp://sstatic1.histats.com/0.gif?%u&101DTLite4461-0327.exe_3840:.text`.rdata@.data.ndata.rsrcRegDeleteKeyExWKernel32.DLLPSAPI.DLL%s=%sGetWindowsDirectoryWKERNEL32.dllExitWindowsExUSER32.dllGDI32.dllSHFileOperationWShellExecuteWSHELL32.dllRegDeleteKeyWRegCloseKeyRegEnumKeyWRegOpenKeyExWRegCreateKeyExWADVAPI32.dllCOMCTL32.dllole32.dllVERSION.dllÒHh.oulj_yTCPS%CXm-0VA}.text0`.reloc@.rsrc@.relocGetProcessHeapCOMDLG32.dllnsDialogs.dllInstallOptions.dllNullsoft Install System v2.46-Unicodeverifying installer: %d%%unpacking data: %d%%... %d%%hXXp://nsis.sf.net/NSIS_Error~nsu.tmp%u.%u%s%s.DEFAULT\Control Panel\InternationalSoftware\Microsoft\Windows\CurrentVersion*?|/":s\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\setuphlp.dlls.dllC:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmp\setuphlp.dllC:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso530.tmpRegPagePaidInfo.inidisc-soft.com account:o530.tmp\setuphlp.dllAll Files|*.*nso530.tmpfo.iniUsers\"%CurrentUserName%"\AppData\Local\Temp\DLG\exe\261dd182d36861fec9a217cc812a9f9a\DTLite4461-0327.exe"secure.disc-soft.com/payment/dtLite,1ted in your e-mail receipt from disc-soft.com or in your disc-soft.com account:"C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\exe\261dd182d36861fec9a217cc812a9f9a\DTLite4461-0327.exe"%Program Files% (x86)\DAEMON Tools LiteC:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\exe\261dd182d36861fec9a217cc812a9f9aDTLite4461-0327.exeers\"%CurrentUserName%"\AppData\Local\Temp\nso4E0.tmpC:\Users\"%CurrentUserName%"\AppData\Local\Temp\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\exe\261dd182d36861fec9a217cc812a9f9a\DTLite4461-0327.exe4704178351508098-16938423984129502Windows GadgetIntegrate with Windows ExplorerSCSI Pass Through Direct (SPTD) layer is needed for Advanced Emulation features.Windows Gadget for quick access to main DAEMON Tools functionalities from Desktop.426057443261104.46.1.0327.0DAEMON Tools Lite4.46.1.0327.exe3a3>