mzpefinder_pcap_file.YR (Lavasoft MAS)Behaviour: Malware
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 6645561446eeeb98b7ed7df7aabf565c
SHA1: fcf3eb43fa12b23d1c737d72394a2e01b0774de6
SHA256: 1792bab633d27adf10437f285463e9e2e7747aa160864e7b8019a4c6a4ffabb1
SSDeep: 6144:/WmZJDSDDZnXI2i9RXXD3z5E9RBkiqpf8QBtxBS8oA:/duZ42ibz5EReNrdSa
Size: 213072 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: AOL LLC.
Created at: 2009-07-21 17:14:14
Analyzed on: Windows7Ada SP1 64-bit
Summary: Malware. Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Malware creates the following process(es):
roadie.exe:804
%original file name%.exe:2340
noneCodesignFilesBundle.exe:2800
flashax.exe:2252
sdclt.exe:2448
The Malware injects its code into the following process(es):
waol-0.4343.2046.1.exe:688
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process roadie.exe:804 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\browser\aolbwsrinst.exe (130170 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\msvcr9\msvc9rt.exe (130583 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\setup.exe (22520 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\gui.dll (61584 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\acslaeu.exe (126024 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F8AAE6A916F668584D043F6543292194_D96BA187CDB0BBE4151F3618123F74F2 (1680 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\ErrorPageTemplate[1] (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\dnserrordiagoff_webOC[1] (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\down[1] (748 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar7FDB.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 (656 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\tb\tbsetup.exe (53008 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT (672 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\background_gradient[1] (453 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\aolswfchk.dll (6797 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\AcsInstC.dll (5576 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5BF987767EE121EB773E3E93D13C2F30_8E045C5CB1F111608338D2D3A7DCEAD9 (1696 bytes)
C:\Windows\nsreg.dat (732 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\instSup.dll (10208 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\sysinfo\SinfInst.exe (91332 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5BF987767EE121EB773E3E93D13C2F30_8E045C5CB1F111608338D2D3A7DCEAD9 (1 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\ecuinst.exe (34008 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC (1212 bytes)
C:\Users\"%CurrentUserName%"\Desktop\Retry AOL Desktop 9.7 Download.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab7FDA.tmp (48 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\flashPlayer\aolswfchk.dll (6744 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\instph.dll (12080 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4DD39726D4B55AC3B4119B35A893323C_F9BDF410D651FF0504A529F7A107038D (1 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\browser\aolbwsrlp.exe (13488 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\instSup.dll (10208 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\acsshutd.exe (1928 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\ocpchk.dll (680 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\ocpgc.exe (7776 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\acslang.exe (185031 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\AcsInstA.dll (6592 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\noneCodesignFilesBundle.exe (5565160 bytes)
C:\IPH.PH (3670 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\tpspd\wbsetup.exe (71832 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F8AAE6A916F668584D043F6543292194_D96BA187CDB0BBE4151F3618123F74F2 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\httpErrorPagesScripts[1] (8 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\parcon\AOLParconLink.exe (7336 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\~r1F3.tmp (3176 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\ocpinst.exe (518187 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\toolbar\aol_trio.exe (1182424 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC (1 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\flashPlayer\install_flash_player_11_plugin.exe (2272819 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\info_48[1] (4 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\search\aolSearchInstaller.exe (1928 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\acsrollb.exe (18800 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\acscore.exe (159846 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\registry.dat (732 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 (1360 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\ecuchk.dll (392 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\waol-0.4343.2046.1.exe (173242 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4DD39726D4B55AC3B4119B35A893323C_F9BDF410D651FF0504A529F7A107038D (1536 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\bullet[1] (447 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\errorPageStrings[1] (2 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\postproc.exe (4712 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\AcsInstA.dll (6592 bytes)
The process %original file name%.exe:2340 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\html\message.js (277 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\roadie.exe (7392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\roadie.bin (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\html\Preparing.htm (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\html\Progress.htm (804 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\dlgui.dll (25824 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\html\NoFiles.htm (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscFC88.tmp\CertHelper.dll (1913 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscFC87.tmp (23759 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\html\NoQualify.htm (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\html\Error.htm (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\html\Cancelled.htm (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\dlgui.ini (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\html\FailedLaunch.htm (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\html\NoConn.htm (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\html\Grats.htm (792 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\html\DownloadError.htm (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\html\Cancelling.htm (987 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\html\CancelConfirm.htm (993 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscFC88.tmp\System.dll (21 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\roadie.ini (608 bytes)
The process waol-0.4343.2046.1.exe:688 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\flash\flashax.exe (146 bytes)
C:\Users\Public\Desktop\AOL Desktop 9.7 Install.lnk (1 bytes)
C:\IPH.PH (316 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx (4432 bytes)
The process noneCodesignFilesBundle.exe:2800 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\media\xml\progress.xml (2 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\gui.ini (8 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\media\txt\CLIENTDETAILS.txt (2 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\media\installer.swf (7168 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\rbm.bin (13 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\media\txt\PRIVACY.txt (12 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\media\xml\message.xml (2 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\vwpt\VMPCache.mtz (8 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\media\xml\error.xml (361 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\installOmniture.ini (56 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\tb\tbinst.dll (1568 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\media\txt\EULA.txt (26 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\setup.ini (2 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\muinst\muinst.exe (14600 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\media\xml\style.xml (953 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\vwpt\VPPrePop.exe (1568 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\backup.ini (2 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\tpspd\Dacldll.dll (1568 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\vwpt\AOLVPChk.dll (1568 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\tpspd\tsverchk.dll (1568 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\installOmniture.loc (1 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\media\media.ini (128 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\sysinfo\SiNdInst.dll (1568 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\flash\flashax.exe (39122 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\vwpt\Vwpt.exe (61190 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\media\xml\default.xml (1 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\media\xml\marketing.xml (5 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\media\xml\screens.xml (3 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\vwpt\AOLTheme.mtx (387 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comp01.000 (563011 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\media\txt\TOS.txt (27 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps.ini (7 bytes)
The process flashax.exe:2252 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\734B.tmp (626 bytes)
C:\Windows\SysWOW64\Macromed\Flash\Flash10h.ocx (732 bytes)
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.dll (311 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\734C.tmp (464 bytes)
C:\Windows\SysWOW64\Macromed\Flash\FlashInstall.log (1 bytes)
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe (464 bytes)
Registry activity
The process roadie.exe:804 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKLM\SOFTWARE\Wow6432Node\America Online\IPH\waol_0.4343.2046.1]
"DLComplete" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"
[HKCU\Software\America Online\VID]
"VID" = "4603272406744064-632422412535335"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
[HKLM\SOFTWARE\Wow6432Node\America Online\IPH\waol_0.4343.2046.1]
"SuperAttemptID" = "0EBFFB52-E225-4A71-BF94-6351C1FE6C21"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionTime" = "42 70 C0 A2 F4 78 D0 01"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "2D 85 33 3A 90 73 D0 01"
[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\c:\%original file name%.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\roadie.exe,"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""
[HKLM\SOFTWARE\Wow6432Node\{31ADB854-D2B8-4bcd-A48B-0284831E89C5}]
"0" = "C:\Users\"%CurrentUserName%"\AppData\Local\Temp\roadie.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"
[HKLM\SOFTWARE\Wow6432Node\America Online\IPH\waol_0.4343.2046.1]
"DLResSessions" = "0"
"DLSessions" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"
[HKCU\Software\Classes\Local Settings\MuiCache\2D\52C64B7E]
"LanguageList" = "en-US, en"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"
[HKLM\SOFTWARE\Wow6432Node\America Online\IPH\waol_0.4343.2046.1]
"CDSessions" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 48 00 00 00 09 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3921C115C15D0ECA5CCB5BC4F07D21D8050B566A]
"Blob" = "0F 00 00 00 01 00 00 00 14 00 00 00 B3 1D A1 8F"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431]
"Blob" = "0F 00 00 00 01 00 00 00 14 00 00 00 32 7F C4 47"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\A1446BCE0C874DF0F2C3F61DA5C9A2BCF9DAB204]
"Blob" = "14 00 00 00 01 00 00 00 14 00 00 00 61 A6 99 6D"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer]
"GlobalAssocChangedCounter" = "37"
[HKLM\SOFTWARE\Wow6432Node\America Online\IPH\waol_0.4343.2046.1]
"InstSessions" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Malware deletes the following registry key(s):
[HKLM\SOFTWARE\Wow6432Node\{31ADB854-D2B8-4bcd-A48B-0284831E89C5}]
The Malware deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates]
"3921C115C15D0ECA5CCB5BC4F07D21D8050B566A"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates]
"503006091D97D4F5AE39F7CBE7927D7D652D3431"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"
"AutoDetect"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates]
"A1446BCE0C874DF0F2C3F61DA5C9A2BCF9DAB204"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
The process %original file name%.exe:2340 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3921C115C15D0ECA5CCB5BC4F07D21D8050B566A]
"Blob" = "03 00 00 00 01 00 00 00 14 00 00 00 39 21 C1 15"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\A1446BCE0C874DF0F2C3F61DA5C9A2BCF9DAB204]
"Blob" = "03 00 00 00 01 00 00 00 14 00 00 00 A1 44 6B CE"
[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\c:\%original file name%.exe,"
The Malware deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates]
"3921C115C15D0ECA5CCB5BC4F07D21D8050B566A"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates]
"A1446BCE0C874DF0F2C3F61DA5C9A2BCF9DAB204"
The process waol-0.4343.2046.1.exe:688 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "42 70 C0 A2 F4 78 D0 01"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"
[HKCU\Software\America Online\VID]
"VID" = "5533042191867904-114271311508728"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 49 00 00 00 09 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"
"WpadDecisionTime" = "9A 2E E5 BD F4 78 D0 01"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Malware deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"
"AutoDetect"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
The Malware disables automatic startup of the application by deleting the following autorun value:
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AOLRebootNeeded"
The process flashax.exe:2252 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKCR\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
"(Default)" = "0"
[HKCR\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
"(Default)" = "C:\Windows\SysWOW64\Macromed\Flash\Flash10h.ocx"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}]
"Policy" = "3"
[HKCR\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
"(Default)" = "FlashBroker"
[HKCR\Wow6432Node\Interface\{86230738-D762-4C50-A2DE-A753E5B1686F}]
"(Default)" = "IFlashObject"
[HKCR\MIME\Database\Content Type\application/futuresplash]
"Extension" = ".spl"
[HKLM\SOFTWARE\Wow6432Node\Macromedia\FlashPlayer]
"currentVersion" = "10,1,53,64"
[HKCR\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
"LocalizedString" = "@C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe,-101"
[HKCR\MacromediaFlashPaper.MacromediaFlashPaper]
"(Default)" = "Macromedia Flash Paper"
[HKCR\Wow6432Node\Interface\{86230738-D762-4C50-A2DE-A753E5B1686F}\TypeLib]
"Version" = "1.0"
[HKCR\ShockwaveFlash.ShockwaveFlash]
"(Default)" = "Shockwave Flash Object"
[HKCR\Wow6432Node\Interface\{86230738-D762-4C50-A2DE-A753E5B1686F}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\Interface\{D27CDB6D-AE6D-11CF-96B8-444553540000}\TypeLib]
"Version" = "1.0"
[HKLM\SOFTWARE\Wow6432Node\Macromedia\FlashPlayer\SafeVersions]
"8.0" = "42"
[HKCR\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{D27CDB6C-AE6D-11CF-96B8-444553540000}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX]
"VersionMinor" = "1"
[HKCR\ShockwaveFlash.ShockwaveFlash\CurVer]
"(Default)" = "ShockwaveFlash.ShockwaveFlash.10"
[HKCR\Interface\{D27CDB6C-AE6D-11CF-96B8-444553540000}]
"(Default)" = "IShockwaveFlash"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX]
"URLInfoAbout" = "http://www.adobe.com"
[HKCR\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
"(Default)" = "Macromedia Flash Factory Object"
[HKCR\ShockwaveFlash.ShockwaveFlash.1]
"(Default)" = "Shockwave Flash Object"
[HKCR\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
"(Default)" = "C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX]
"URLUpdateInfo" = "http://www.adobe.com/go/getflashplayer/"
[HKCR\Wow6432Node\Interface\{D27CDB6D-AE6D-11CF-96B8-444553540000}\TypeLib]
"(Default)" = "{D27CDB6B-AE6D-11CF-96B8-444553540000}"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX]
"VersionMajor" = "10"
[HKCR\Interface\{86230738-D762-4C50-A2DE-A753E5B1686F}\TypeLib]
"Version" = "1.0"
[HKCR\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
"(Default)" = "1.0"
[HKCR\Interface\{D27CDB6D-AE6D-11CF-96B8-444553540000}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
"Version" = "1.0"
[HKCR\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\HELPDIR]
"(Default)" = "C:\Windows\SysWOW64\Macromed\Flash"
[HKCR\Interface\{D27CDB6D-AE6D-11CF-96B8-444553540000}]
"(Default)" = "_IShockwaveFlashEvents"
[HKCR\MacromediaFlashPaper.MacromediaFlashPaper\CLSID]
"(Default)" = "{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKCR\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
"(Default)" = "1.0"
[HKCR\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
"(Default)" = "{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKCR\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\FLAGS]
"(Default)" = "0"
[HKCR\Wow6432Node\Interface\{86230738-D762-4C50-A2DE-A753E5B1686F}\TypeLib]
"(Default)" = "{D27CDB6B-AE6D-11CF-96B8-444553540000}"
[HKCR\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
"(Default)" = "131473"
[HKCR\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
"(Default)" = "IFlashBroker4"
[HKCR\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
"(Default)" = "ShockwaveFlash.ShockwaveFlash"
[HKCR\Wow6432Node\Interface\{D27CDB6C-AE6D-11CF-96B8-444553540000}\TypeLib]
"(Default)" = "{D27CDB6B-AE6D-11CF-96B8-444553540000}"
[HKLM\SOFTWARE\Wow6432Node\Macromedia\FlashPlayer\SafeVersions]
"9.0" = "17235968"
[HKCR\MIME\Database\Content Type\application/x-shockwave-flash]
"CLSID" = "{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKCR\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
"(Default)" = ""
[HKCR\FlashFactory.FlashFactory.1]
"(Default)" = "Macromedia Flash Factory Object"
[HKCR\ShockwaveFlash.ShockwaveFlash.8]
"(Default)" = "Shockwave Flash Object"
[HKCR\Interface\{86230738-D762-4C50-A2DE-A753E5B1686F}]
"(Default)" = "IFlashObject"
[HKCR\Interface\{86230738-D762-4C50-A2DE-A753E5B1686F}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\FlashFactory.FlashFactory\CurVer]
"(Default)" = "FlashFactory.FlashFactory.1"
[HKCU\Software\Macromedia\FlashPlayer]
"FlashPlayerVersion" = "10.1.53.64~installVector=1"
[HKCR\ShockwaveFlash.ShockwaveFlash.10\CLSID]
"(Default)" = "{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKCR\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0\HELPDIR]
"(Default)" = "C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe"
[HKCR\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
"(Default)" = "C:\Windows\SysWOW64\Macromed\Flash\Flash10h.ocx"
[HKCR\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0\FLAGS]
"(Default)" = "0"
[HKLM\SOFTWARE\Wow6432Node\Macromedia\FlashPlayerActiveX]
"Version" = "10.1.53.64"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX]
"NoModify" = "1"
[HKCR\ShockwaveFlash.ShockwaveFlash.6]
"(Default)" = "Shockwave Flash Object"
[HKCR\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0\0\win32]
"(Default)" = "C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe"
[HKLM\SOFTWARE\Wow6432Node\Macromedia\FlashPlayer\SafeVersions]
"10.0" = "3473472"
[HKCR\.mfp]
"(Default)" = "MacromediaFlashPaper.MacromediaFlashPaper"
[HKLM\SOFTWARE\Wow6432Node\Macromedia\FlashPlayerActiveX]
"PlayerPath" = "C:\Windows\SysWOW64\Macromed\Flash\Flash10h.ocx"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX]
"DisplayVersion" = "10.1.53.64"
[HKCR\MacromediaFlashPaper.MacromediaFlashPaper\DefaultIcon]
"(Default)" = "%Program Files% (x86)\Mozilla Firefox\firefox.exe,1"
[HKCR\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\MacromediaFlashPaper.MacromediaFlashPaper\shell\open\command]
"(Default)" = "%Program Files% (x86)\Mozilla Firefox\firefox.exe -osint -url %1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX]
"NoRepair" = "1"
[HKCR\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
"(Default)" = "Shockwave Flash"
[HKCR\.spl]
"Content Type" = "application/futuresplash"
[HKCR\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
"(Default)" = "C:\Windows\SysWOW64\Macromed\Flash\Flash10h.ocx, 1"
[HKCR\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\0\win32]
"(Default)" = "C:\Windows\SysWOW64\Macromed\Flash\Flash10h.ocx"
[HKCR\Wow6432Node\Interface\{D27CDB6C-AE6D-11CF-96B8-444553540000}]
"(Default)" = "IShockwaveFlash"
[HKCR\.swf]
"Content Type" = "application/x-shockwave-flash"
[HKCR\FlashFactory.FlashFactory.1\CLSID]
"(Default)" = "{D27CDB70-AE6D-11cf-96B8-444553540000}"
[HKLM\SOFTWARE\Wow6432Node\Macromedia\FlashPlayer\SafeVersions]
"6.0" = "88"
[HKCR\ShockwaveFlash.ShockwaveFlash.8\CLSID]
"(Default)" = "{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKCR\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
"(Default)" = "FlashFactory.FlashFactory.1"
[HKCR\Interface\{D27CDB6C-AE6D-11CF-96B8-444553540000}\TypeLib]
"(Default)" = "{D27CDB6B-AE6D-11CF-96B8-444553540000}"
[HKCR\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
"(Default)" = "C:\Windows\SysWOW64\Macromed\Flash\Flash10h.ocx, 1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}]
"AppPath" = "C:\Windows\SysWOW64\Macromed\Flash"
[HKLM\SOFTWARE\Wow6432Node\Macromedia\FlashPlayerActiveX]
"UninstallerPath" = "C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe"
[HKCR\ShockwaveFlash.ShockwaveFlash.3]
"(Default)" = "Shockwave Flash Object"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX]
"HelpLink" = "http://www.adobe.com/go/flashplayer_support/"
[HKCR\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\ShockwaveFlash.ShockwaveFlash.7]
"(Default)" = "Shockwave Flash Object"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}]
"AppName" = "FlashUtil10h_ActiveX.exe"
[HKCR\Interface\{D27CDB6D-AE6D-11CF-96B8-444553540000}\TypeLib]
"Version" = "1.0"
[HKCR\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled" = "1"
[HKCR\Interface\{86230738-D762-4C50-A2DE-A753E5B1686F}\TypeLib]
"(Default)" = "{D27CDB6B-AE6D-11CF-96B8-444553540000}"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX]
"RequiresIESysFile" = "4.70.0.1155"
[HKCR\Wow6432Node\Interface\{D27CDB6D-AE6D-11CF-96B8-444553540000}]
"(Default)" = "_IShockwaveFlashEvents"
[HKCR\Interface\{D27CDB6C-AE6D-11CF-96B8-444553540000}\TypeLib]
"Version" = "1.0"
[HKCR\Wow6432Node\Interface\{D27CDB6D-AE6D-11CF-96B8-444553540000}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB70-AE6D-11cf-96B8-444553540000}]
"Compatibility Flags" = "65536"
[HKCR\FlashFactory.FlashFactory]
"(Default)" = "Macromedia Flash Factory Object"
[HKCR\ShockwaveFlash.ShockwaveFlash.5]
"(Default)" = "Shockwave Flash Object"
[HKCR\ShockwaveFlash.ShockwaveFlash.7\CLSID]
"(Default)" = "{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKCR\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
"(Default)" = "{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKCR\ShockwaveFlash.ShockwaveFlash.9]
"(Default)" = "Shockwave Flash Object"
[HKCR\ShockwaveFlash.ShockwaveFlash.4\CLSID]
"(Default)" = "{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX]
"UninstallString" = "C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex"
"DisplayName" = "Adobe Flash Player 10 ActiveX"
[HKCR\ShockwaveFlash.ShockwaveFlash\CLSID]
"(Default)" = "{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKCR\.sol]
"Content Type" = "text/plain"
[HKCR\Wow6432Node\Interface\{D27CDB6C-AE6D-11CF-96B8-444553540000}\TypeLib]
"Version" = "1.0"
[HKCR\MIME\Database\Content Type\application/x-shockwave-flash]
"Extension" = ".swf"
[HKCR\.sor]
"Content Type" = "text/plain"
[HKCR\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
"(Default)" = "FlashBroker"
[HKCR\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
"(Default)" = "{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKCR\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"(Default)" = "Shockwave Flash Object"
[HKLM\SOFTWARE\Wow6432Node\Macromedia\FlashPlayer\SafeVersions]
"7.0" = "73"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX]
"Publisher" = "Adobe Systems Incorporated"
[HKCR\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
"(Default)" = "ShockwaveFlash.ShockwaveFlash.10"
[HKCR\MIME\Database\Content Type\application/futuresplash]
"CLSID" = "{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKCR\.swf]
"(Default)" = "ShockwaveFlash.ShockwaveFlash"
[HKCR\.spl]
"(Default)" = "ShockwaveFlash.ShockwaveFlash"
[HKCR\Wow6432Node\Interface\{D27CDB6C-AE6D-11CF-96B8-444553540000}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\ShockwaveFlash.ShockwaveFlash.6\CLSID]
"(Default)" = "{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKCR\ShockwaveFlash.ShockwaveFlash.4]
"(Default)" = "Shockwave Flash Object"
[HKCR\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
"(Default)" = "FlashFactory.FlashFactory"
[HKCR\.mfp]
"Content Type" = "application/x-shockwave-flash"
[HKCR\ShockwaveFlash.ShockwaveFlash.5\CLSID]
"(Default)" = "{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKCR\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
"(Default)" = "{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX]
"EstimatedSize" = "6144"
[HKCR\ShockwaveFlash.ShockwaveFlash.1\CLSID]
"(Default)" = "{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKCR\Interface\{D27CDB6D-AE6D-11CF-96B8-444553540000}\TypeLib]
"(Default)" = "{D27CDB6B-AE6D-11CF-96B8-444553540000}"
[HKCR\ShockwaveFlash.ShockwaveFlash.10]
"(Default)" = "Shockwave Flash Object"
[HKCR\ShockwaveFlash.ShockwaveFlash.3\CLSID]
"(Default)" = "{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKCR\FlashFactory.FlashFactory\CLSID]
"(Default)" = "{D27CDB70-AE6D-11cf-96B8-444553540000}"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX]
"DisplayIcon" = "C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe"
[HKCR\ShockwaveFlash.ShockwaveFlash.9\CLSID]
"(Default)" = "{D27CDB6E-AE6D-11cf-96B8-444553540000}"
The Malware deletes the following registry key(s):
[HKCR\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable]
[HKCR\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Programmable]
The process sdclt.exe:2448 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKCU\Software\Sysinternals\SigCheck]
"EulaAccepted" = "1"
Dropped PE files
MD5 | File path |
---|---|
240c255fc3037379c365f0fd7e0fc1fb | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comp01.000 |
0f67250e5b0302c3657cd98a88e56992 | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\AcsInstA.dll |
0f67250e5b0302c3657cd98a88e56992 | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\AcsInstA.dll |
fb354d49630efb35591ab9dfc0e60ede | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\AcsInstC.dll |
6c21eedf06e9d4b4ea9c99bb8f7f6a4d | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\acscore.exe |
556e48a21a632fb1d99712f3f35f5760 | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\acslaeu.exe |
d3855b39f6ff71b1b86047e6dbd0de47 | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\acslang.exe |
309f11ee6e3cf578a22603e6308a5d6b | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\acsrollb.exe |
0f6f1c4ba5c132874d6b9eb206975dfd | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\acsshutd.exe |
fb4b5f9714438220c710360034ead63f | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\instSup.dll |
76fea2b136ba4ff3673c02112c084e19 | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\ocpchk.dll |
4c95c4e949e974cddc01e5d64890a18d | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\ocpgc.exe |
ea56b1a21fe2c8727fffa72eae0fb910 | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\ocpinst.exe |
02d0bc9f8614877ad05be0cd3c62f74b | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\ecuchk.dll |
0cc744e640b29003c8e79cad2afc91db | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\ecuinst.exe |
85e54f1bf7d72d020ca5ba36446e22f0 | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\gui.dll |
d6a8a70a95ad1e032899e5549e647f7b | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\instSup.dll |
c3c5cdb4aa878d460a9f5e2f6f434695 | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\instph.dll |
09eae542c81a46d6a1d7bb41be2bc493 | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\postproc.exe |
8553820decf7e829e4c0504d6160ef98 | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\setup.exe |
cda935cce35271bbccf4529252e9b0dd | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\browser\aolbwsrinst.exe |
48d96d1fc3beca963b227e6f336b2185 | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\browser\aolbwsrlp.exe |
cfeba46cf26400a4a0db35b262beda17 | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\flashPlayer\aolswfchk.dll |
f920b84836299299aacbde3e195b81c5 | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\flashPlayer\install_flash_player_11_plugin.exe |
9b9089fe6cb9690baa4b8297db004083 | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\flash\flashax.exe |
47ee0aafbf70215e50a439793519ced4 | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\msvcr9\msvc9rt.exe |
c76786b0ee799df4e93466b6fd26820b | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\muinst\muinst.exe |
99cd37721d91b978478ddb06b238ae94 | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\parcon\AOLParconLink.exe |
e1e04678b26c04f198a3a7124eb84ab2 | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\search\aolSearchInstaller.exe |
c35e103323c315fb86eea14819c70c96 | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\sysinfo\SiNdInst.dll |
cb704139af001b0a8bcb3e3079071b4f | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\sysinfo\SinfInst.exe |
b577f2f5d53bf29f7ab693d426f9102a | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\tb\tbinst.dll |
dc89bf1fee901711cef4d23a5885f5ba | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\tb\tbsetup.exe |
d6bd37e2ca9931f1ac9fcb554f5fd4d9 | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\toolbar\aol_trio.exe |
dc479e0275eb9fc55a3fa772bcec2e00 | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\tpspd\Dacldll.dll |
737715d6b1ed8ce64c9729234000c06a | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\tpspd\tsverchk.dll |
428fd63e4cc5c2cad44db5ad58471b3c | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\tpspd\wbsetup.exe |
1e8056cfb32e0827f4dea4ab80c293a9 | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\vwpt\AOLVPChk.dll |
6bc9a79f9257ea150fc64b70059b08e2 | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\vwpt\VPPrePop.exe |
fc393cff7bc091c6733a7df192a4d133 | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\vwpt\Vwpt.exe |
c47cc6eb9d2fde7ae535c1f16d88c148 | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\noneCodesignFilesBundle.exe |
615dc56051219e1e6f23ae6c07f406b3 | c:\ProgramData\AOL Downloads\waol\0.4343.2046.1\waol-0.4343.2046.1.exe |
240c255fc3037379c365f0fd7e0fc1fb | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comp01.000 |
0f67250e5b0302c3657cd98a88e56992 | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comps\acs\AcsInstA.dll |
0f67250e5b0302c3657cd98a88e56992 | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\AcsInstA.dll |
fb354d49630efb35591ab9dfc0e60ede | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\AcsInstC.dll |
6c21eedf06e9d4b4ea9c99bb8f7f6a4d | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\acscore.exe |
556e48a21a632fb1d99712f3f35f5760 | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\acslaeu.exe |
d3855b39f6ff71b1b86047e6dbd0de47 | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\acslang.exe |
309f11ee6e3cf578a22603e6308a5d6b | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\acsrollb.exe |
0f6f1c4ba5c132874d6b9eb206975dfd | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\acsshutd.exe |
fb4b5f9714438220c710360034ead63f | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\instSup.dll |
76fea2b136ba4ff3673c02112c084e19 | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\ocpchk.dll |
4c95c4e949e974cddc01e5d64890a18d | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\ocpgc.exe |
ea56b1a21fe2c8727fffa72eae0fb910 | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\ocpinst.exe |
02d0bc9f8614877ad05be0cd3c62f74b | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comps\acs\ecuchk.dll |
0cc744e640b29003c8e79cad2afc91db | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comps\acs\ecuinst.exe |
85e54f1bf7d72d020ca5ba36446e22f0 | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comps\acs\gui.dll |
d6a8a70a95ad1e032899e5549e647f7b | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comps\acs\instSup.dll |
c3c5cdb4aa878d460a9f5e2f6f434695 | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comps\acs\instph.dll |
09eae542c81a46d6a1d7bb41be2bc493 | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comps\acs\postproc.exe |
8553820decf7e829e4c0504d6160ef98 | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comps\acs\setup.exe |
cda935cce35271bbccf4529252e9b0dd | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comps\browser\aolbwsrinst.exe |
48d96d1fc3beca963b227e6f336b2185 | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comps\browser\aolbwsrlp.exe |
cfeba46cf26400a4a0db35b262beda17 | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comps\flashPlayer\aolswfchk.dll |
f920b84836299299aacbde3e195b81c5 | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comps\flashPlayer\install_flash_player_11_plugin.exe |
9b9089fe6cb9690baa4b8297db004083 | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comps\flash\flashax.exe |
47ee0aafbf70215e50a439793519ced4 | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comps\msvcr9\msvc9rt.exe |
c76786b0ee799df4e93466b6fd26820b | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comps\muinst\muinst.exe |
99cd37721d91b978478ddb06b238ae94 | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comps\parcon\AOLParconLink.exe |
e1e04678b26c04f198a3a7124eb84ab2 | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comps\search\aolSearchInstaller.exe |
c35e103323c315fb86eea14819c70c96 | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comps\sysinfo\SiNdInst.dll |
cb704139af001b0a8bcb3e3079071b4f | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comps\sysinfo\SinfInst.exe |
b577f2f5d53bf29f7ab693d426f9102a | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comps\tb\tbinst.dll |
dc89bf1fee901711cef4d23a5885f5ba | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comps\tb\tbsetup.exe |
d6bd37e2ca9931f1ac9fcb554f5fd4d9 | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comps\toolbar\aol_trio.exe |
dc479e0275eb9fc55a3fa772bcec2e00 | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comps\tpspd\Dacldll.dll |
737715d6b1ed8ce64c9729234000c06a | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comps\tpspd\tsverchk.dll |
428fd63e4cc5c2cad44db5ad58471b3c | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comps\tpspd\wbsetup.exe |
1e8056cfb32e0827f4dea4ab80c293a9 | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comps\vwpt\AOLVPChk.dll |
6bc9a79f9257ea150fc64b70059b08e2 | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comps\vwpt\VPPrePop.exe |
fc393cff7bc091c6733a7df192a4d133 | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\comps\vwpt\Vwpt.exe |
c47cc6eb9d2fde7ae535c1f16d88c148 | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\noneCodesignFilesBundle.exe |
615dc56051219e1e6f23ae6c07f406b3 | c:\Users\All Users\AOL Downloads\waol\0.4343.2046.1\waol-0.4343.2046.1.exe |
cfeba46cf26400a4a0db35b262beda17 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\aolswfchk.dll |
fbe5bf1a6e1a29d4f376edb921345f48 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\dlgui.dll |
8a75325dd2c5a2e888573455cb622e21 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\roadie.exe |
f366d1694e4d244a73f4e52817c38d5b | c:\Windows\SysWOW64\Macromed\Flash\Flash10h.ocx |
dc299b13e8f608358cf69fea25ad8b36 | c:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.dll |
5698b99b81d3692bf9fcdee5a07ea250 | c:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe |
f366d1694e4d244a73f4e52817c38d5b | c:\Windows\System32\Macromed\Flash\Flash10h.ocx |
dc299b13e8f608358cf69fea25ad8b36 | c:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.dll |
5698b99b81d3692bf9fcdee5a07ea250 | c:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
roadie.exe:804
%original file name%.exe:2340
noneCodesignFilesBundle.exe:2800
flashax.exe:2252
sdclt.exe:2448 - Delete the original Malware file.
- Delete or disinfect the following files created/modified by the Malware:
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\browser\aolbwsrinst.exe (130170 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\msvcr9\msvc9rt.exe (130583 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\setup.exe (22520 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\gui.dll (61584 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\acslaeu.exe (126024 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F8AAE6A916F668584D043F6543292194_D96BA187CDB0BBE4151F3618123F74F2 (1680 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\ErrorPageTemplate[1] (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\dnserrordiagoff_webOC[1] (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\down[1] (748 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar7FDB.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 (656 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\tb\tbsetup.exe (53008 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT (672 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\background_gradient[1] (453 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\aolswfchk.dll (6797 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\AcsInstC.dll (5576 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5BF987767EE121EB773E3E93D13C2F30_8E045C5CB1F111608338D2D3A7DCEAD9 (1696 bytes)
C:\Windows\nsreg.dat (732 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\instSup.dll (10208 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\sysinfo\SinfInst.exe (91332 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5BF987767EE121EB773E3E93D13C2F30_8E045C5CB1F111608338D2D3A7DCEAD9 (1 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\ecuinst.exe (34008 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC (1212 bytes)
C:\Users\"%CurrentUserName%"\Desktop\Retry AOL Desktop 9.7 Download.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab7FDA.tmp (48 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\flashPlayer\aolswfchk.dll (6744 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\instph.dll (12080 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4DD39726D4B55AC3B4119B35A893323C_F9BDF410D651FF0504A529F7A107038D (1 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\browser\aolbwsrlp.exe (13488 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\instSup.dll (10208 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\acsshutd.exe (1928 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\ocpchk.dll (680 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\ocpgc.exe (7776 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\acslang.exe (185031 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\AcsInstA.dll (6592 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\noneCodesignFilesBundle.exe (5565160 bytes)
C:\IPH.PH (3670 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\tpspd\wbsetup.exe (71832 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F8AAE6A916F668584D043F6543292194_D96BA187CDB0BBE4151F3618123F74F2 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\httpErrorPagesScripts[1] (8 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\parcon\AOLParconLink.exe (7336 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\~r1F3.tmp (3176 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\ocpinst.exe (518187 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\toolbar\aol_trio.exe (1182424 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC (1 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\flashPlayer\install_flash_player_11_plugin.exe (2272819 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\info_48[1] (4 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\search\aolSearchInstaller.exe (1928 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\acsrollb.exe (18800 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\comps\acscore.exe (159846 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\registry.dat (732 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 (1360 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\ecuchk.dll (392 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\waol-0.4343.2046.1.exe (173242 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4DD39726D4B55AC3B4119B35A893323C_F9BDF410D651FF0504A529F7A107038D (1536 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\bullet[1] (447 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\errorPageStrings[1] (2 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\postproc.exe (4712 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\AcsInstA.dll (6592 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\html\message.js (277 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\roadie.exe (7392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\roadie.bin (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\html\Preparing.htm (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\html\Progress.htm (804 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\dlgui.dll (25824 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\html\NoFiles.htm (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscFC88.tmp\CertHelper.dll (1913 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscFC87.tmp (23759 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\html\NoQualify.htm (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\html\Error.htm (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\html\Cancelled.htm (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\dlgui.ini (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\html\FailedLaunch.htm (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\html\NoConn.htm (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\html\Grats.htm (792 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\html\DownloadError.htm (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\html\Cancelling.htm (987 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\html\CancelConfirm.htm (993 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscFC88.tmp\System.dll (21 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\roadie.ini (608 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\flash\flashax.exe (146 bytes)
C:\Users\Public\Desktop\AOL Desktop 9.7 Install.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx (4432 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\media\xml\progress.xml (2 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\gui.ini (8 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\media\txt\CLIENTDETAILS.txt (2 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\media\installer.swf (7168 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\rbm.bin (13 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\media\txt\PRIVACY.txt (12 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\media\xml\message.xml (2 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\vwpt\VMPCache.mtz (8 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\media\xml\error.xml (361 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\installOmniture.ini (56 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\tb\tbinst.dll (1568 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\media\txt\EULA.txt (26 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\setup.ini (2 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\muinst\muinst.exe (14600 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\media\xml\style.xml (953 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\vwpt\VPPrePop.exe (1568 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\acs\backup.ini (2 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\tpspd\Dacldll.dll (1568 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\vwpt\AOLVPChk.dll (1568 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\tpspd\tsverchk.dll (1568 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\installOmniture.loc (1 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\media\media.ini (128 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\sysinfo\SiNdInst.dll (1568 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\vwpt\Vwpt.exe (61190 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\media\xml\default.xml (1 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\media\xml\marketing.xml (5 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\media\xml\screens.xml (3 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps\vwpt\AOLTheme.mtx (387 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comp01.000 (563011 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\media\txt\TOS.txt (27 bytes)
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comps.ini (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\734B.tmp (626 bytes)
C:\Windows\SysWOW64\Macromed\Flash\Flash10h.ocx (732 bytes)
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.dll (311 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\734C.tmp (464 bytes)
C:\Windows\SysWOW64\Macromed\Flash\FlashInstall.log (1 bytes)
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe (464 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name: AOL LLC.
Product Name: AOL Download Utility
Product Version: 0.4343.2046.1.1
Legal Copyright: Copyright (c) 2004-2008 - AOL LLC. All Rights Reserved.
Legal Trademarks: AOL is a trademark of AOL LLC.
Original Filename: AOL_Desktop_9.7.exe
Internal Name:
File Version: 0.4343.2046.1.1
File Description: AOL Download Utility 0.4343.2046.1.1
Comments:
Language: Language Neutral
Company Name: AOL LLC.Product Name: AOL Download UtilityProduct Version: 0.4343.2046.1.1Legal Copyright: Copyright (c) 2004-2008 - AOL LLC. All Rights Reserved.Legal Trademarks: AOL is a trademark of AOL LLC.Original Filename: AOL_Desktop_9.7.exeInternal Name: File Version: 0.4343.2046.1.1File Description: AOL Download Utility 0.4343.2046.1.1Comments: Language: Language Neutral
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 26202 | 26624 | 4.43171 | 46cdf25f533c03d5df7c193afea2f2bf |
.rdata | 32768 | 7626 | 7680 | 3.75093 | b295087da0bff5cad3fbd45f13cdeab0 |
.data | 40960 | 115860 | 512 | 0.88764 | 571756c7ae86f90b12c0c5db51bd04a6 |
.ndata | 159744 | 32768 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
.rsrc | 192512 | 4096 | 3072 | 3.14315 | 5551988ba25457f34f6b27a26ab56fd5 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
URL | IP |
---|---|
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c811f53d313ecf39 | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEA/folAAtu2XY7/sias/UTw= | |
hxxp://ftp-newaol.egslb.aol.com/clients/bush/waol/0.4343.2046.1/roadie1.8.4.1/roadie.loc | |
hxxp://ftp-newaol.egslb.aol.com/clients/bush/waol/0.4343.2046.1/comps/flashPlayer/aolswfchk.dll | |
hxxp://aol.122.2o7.net/b/ss//6 | |
hxxp://ftp-newaol.egslb.aol.com/clients/bush/waol/0.4343.2046.1/noneCodesignFilesBundle.exe | |
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/authrootstl.cab?9bae0654c986f0bb | |
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt?cea8345e4b49256e | |
hxxp://e6913.dscx.akamaiedge.net/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTXgePhfsJco9hFmE0qWx1GtVqUPQQUKnCVOp/2k8XzisWoY7s9lCzmygcCBEwOjDo= | |
hxxp://e6913.dscx.akamaiedge.net/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBS6T8q7hSNQhIXIQ0oIkBdHhARt9wQUp7GqxLYG7d3Kn4iUloLV50NB0SUCBEwXaMs= | |
hxxp://ftp-newaol.egslb.aol.com/clients/bush/waol/0.4343.2046.1/waol-0.4343.2046.1.exe | |
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c47dea64dd07db25 | |
hxxp://ftp-newaol.egslb.aol.com/clients/bush/waol/0.4343.2046.1/comps/acs/ecuinst.exe | |
hxxp://ftp-newaol.egslb.aol.com/clients/bush/waol/0.4343.2046.1/comps/acs/comps/acsshutd.exe | |
hxxp://ftp-newaol.egslb.aol.com/clients/bush/waol/0.4343.2046.1/comps/acs/AcsInstA.dll | |
hxxp://ftp-newaol.egslb.aol.com/clients/bush/waol/0.4343.2046.1/comps/acs/comps/acslang.exe | |
hxxp://ftp-newaol.egslb.aol.com/clients/bush/waol/0.4343.2046.1/comps/acs/comps/instSup.dll | |
hxxp://ftp-newaol.egslb.aol.com/clients/bush/waol/0.4343.2046.1/comps/search/aolSearchInstaller.exe | |
hxxp://ftp-newaol.egslb.aol.com/clients/bush/waol/0.4343.2046.1/comps/acs/comps/AcsInstA.dll | |
hxxp://ftp-newaol.egslb.aol.com/clients/bush/waol/0.4343.2046.1/comps/acs/setup.exe | |
hxxp://ftp-newaol.egslb.aol.com/clients/bush/waol/0.4343.2046.1/comps/acs/instph.dll | |
hxxp://ftp-newaol.egslb.aol.com/clients/bush/waol/0.4343.2046.1/comps/toolbar/aol_trio.exe | |
hxxp://ftp-newaol.egslb.aol.com/clients/bush/waol/0.4343.2046.1/comps/acs/comps/AcsInstC.dll | |
hxxp://ftp-newaol.egslb.aol.com/clients/bush/waol/0.4343.2046.1/comps/acs/postproc.exe | |
hxxp://ftp-newaol.egslb.aol.com/clients/bush/waol/0.4343.2046.1/comps/acs/comps/ocpchk.dll | |
hxxp://ftp-newaol.egslb.aol.com/clients/bush/waol/0.4343.2046.1/comps/acs/instSup.dll | |
hxxp://ftp-newaol.egslb.aol.com/clients/bush/waol/0.4343.2046.1/comps/tb/tbsetup.exe | |
hxxp://ftp-newaol.egslb.aol.com/clients/bush/waol/0.4343.2046.1/comps/acs/comps/ocpinst.exe | |
hxxp://ftp-newaol.egslb.aol.com/clients/bush/waol/0.4343.2046.1/comps/sysinfo/SinfInst.exe | |
hxxp://ftp-newaol.egslb.aol.com/clients/bush/waol/0.4343.2046.1/comps/msvcr9/msvc9rt.exe | |
hxxp://ftp-newaol.egslb.aol.com/clients/bush/waol/0.4343.2046.1/comps/acs/gui.dll | |
hxxp://ftp-newaol.egslb.aol.com/clients/bush/waol/0.4343.2046.1/comps/acs/comps/acslaeu.exe | |
hxxp://ftp-newaol.egslb.aol.com/clients/bush/waol/0.4343.2046.1/comps/browser/aolbwsrlp.exe | |
hxxp://ftp-newaol.egslb.aol.com/clients/bush/waol/0.4343.2046.1/comps/acs/comps/ocpgc.exe | |
hxxp://ftp-newaol.egslb.aol.com/clients/bush/waol/0.4343.2046.1/comps/browser/aolbwsrinst.exe | |
hxxp://ftp-newaol.egslb.aol.com/clients/bush/waol/0.4343.2046.1/comps/acs/ecuchk.dll | |
hxxp://ftp-newaol.egslb.aol.com/clients/bush/waol/0.4343.2046.1/comps/tpspd/wbsetup.exe | |
hxxp://a1363.dscg.akamai.net/pki/crl/products/microsoftrootcert.crl | |
hxxp://a1363.dscg.akamai.net/pki/crl/products/WinPCA.crl | |
hxxp://a1363.dscg.akamai.net/pki/crl/products/MicrosoftTimeStampPCA.crl | |
hxxp://ftp-newaol.egslb.aol.com/clients/bush/waol/0.4343.2046.1/comps/acs/comps/acsrollb.exe | |
hxxp://ftp-newaol.egslb.aol.com/clients/bush/waol/0.4343.2046.1/comps/parcon/AOLParconLink.exe | |
hxxp://ftp-newaol.egslb.aol.com/clients/bush/waol/0.4343.2046.1/comps/acs/comps/acscore.exe | |
hxxp://ftp-newaol.egslb.aol.com/clients/bush/waol/0.4343.2046.1/comps/flashPlayer/install_flash_player_11_plugin.exe | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECECVRccvD8Qb29B4D63fPT+k= | |
hxxp://a1363.dscg.akamai.net/pki/crl/products/MicCodSigPCA_08-31-2010.crl | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAKQll6RM0DNpmNM7zH3/Qc= | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTEemCaVgs8Tuh2B9fGVE0pKKNyzgQUTF+nNhcF4oZhIkk5jLmo40rgOBoCEC6utoKGY/7ZdVX4/iTzOxo= | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRODEXefhs/UZFum2o8YfzOFwceMwQUkz5j3yJ0BOBkhDHd2yOfDq+2TZMCEA89qsgV9niZmSI6gIO0S/U= | |
hxxp://download.newaol.com:80/clients/bush/waol/0.4343.2046.1/comps/acs/gui.dll | 149.174.149.63 |
hxxp://download.newaol.com:80/clients/bush/waol/0.4343.2046.1/comps/acs/comps/instSup.dll | 149.174.149.63 |
hxxp://download.newaol.com:80/clients/bush/waol/0.4343.2046.1/waol-0.4343.2046.1.exe | 149.174.149.63 |
hxxp://download.newaol.com:80/clients/bush/waol/0.4343.2046.1/comps/acs/ecuinst.exe | 149.174.149.63 |
hxxp://ocsp.entrust.net/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTXgePhfsJco9hFmE0qWx1GtVqUPQQUKnCVOp/2k8XzisWoY7s9lCzmygcCBEwOjDo= | 95.100.77.22 |
hxxp://download.newaol.com:80/clients/bush/waol/0.4343.2046.1/comps/acs/comps/ocpinst.exe | 149.174.149.63 |
hxxp://download.newaol.com:80/clients/bush/waol/0.4343.2046.1/comps/parcon/AOLParconLink.exe | 149.174.149.63 |
hxxp://download.newaol.com:80/clients/bush/waol/0.4343.2046.1/comps/browser/aolbwsrinst.exe | 149.174.149.63 |
hxxp://download.newaol.com:80/clients/bush/waol/0.4343.2046.1/comps/tpspd/wbsetup.exe | 149.174.149.63 |
hxxp://download.newaol.com:80/clients/bush/waol/0.4343.2046.1/comps/search/aolSearchInstaller.exe | 149.174.149.63 |
hxxp://download.newaol.com:80/clients/bush/waol/0.4343.2046.1/comps/acs/instph.dll | 149.174.149.63 |
hxxp://download.newaol.com:80/clients/bush/waol/0.4343.2046.1/comps/acs/postproc.exe | 149.174.149.63 |
hxxp://download.newaol.com:80/clients/bush/waol/0.4343.2046.1/comps/toolbar/aol_trio.exe | 149.174.149.63 |
hxxp://download.newaol.com:80/clients/bush/waol/0.4343.2046.1/comps/acs/comps/AcsInstA.dll | 149.174.149.63 |
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c811f53d313ecf39 | 87.245.216.19 |
hxxp://download.newaol.com:80/clients/bush/waol/0.4343.2046.1/comps/acs/comps/ocpchk.dll | 149.174.149.63 |
hxxp://download.newaol.com:80/clients/bush/waol/0.4343.2046.1/comps/acs/comps/acslang.exe | 149.174.149.63 |
hxxp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl | 87.245.216.33 |
hxxp://crl.microsoft.com/pki/crl/products/WinPCA.crl | 87.245.216.33 |
hxxp://download.newaol.com:80/clients/bush/waol/0.4343.2046.1/comps/browser/aolbwsrlp.exe | 149.174.149.63 |
hxxp://download.newaol.com:80/clients/bush/waol/0.4343.2046.1/comps/acs/comps/acsshutd.exe | 149.174.149.63 |
hxxp://instlxml1.sa.aol.com/b/ss//6 | 66.235.153.36 |
hxxp://download.newaol.com:80/clients/bush/waol/0.4343.2046.1/comps/acs/ecuchk.dll | 149.174.149.63 |
hxxp://download.newaol.com:80/clients/bush/waol/0.4343.2046.1/comps/acs/comps/ocpgc.exe | 149.174.149.63 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRODEXefhs/UZFum2o8YfzOFwceMwQUkz5j3yJ0BOBkhDHd2yOfDq+2TZMCEA89qsgV9niZmSI6gIO0S/U= | 23.51.123.27 |
hxxp://download.newaol.com:80/clients/bush/waol/0.4343.2046.1/comps/acs/comps/acslaeu.exe | 149.174.149.63 |
hxxp://download.newaol.com:80/clients/bush/waol/0.4343.2046.1/comps/msvcr9/msvc9rt.exe | 149.174.149.63 |
hxxp://download.newaol.com:80/clients/bush/waol/0.4343.2046.1/comps/tb/tbsetup.exe | 149.174.149.63 |
hxxp://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECECVRccvD8Qb29B4D63fPT+k= | 23.51.123.27 |
hxxp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl | 87.245.216.33 |
hxxp://download.newaol.com:80/clients/bush/waol/0.4343.2046.1/comps/acs/comps/AcsInstC.dll | 149.174.149.63 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= | 23.51.123.27 |
hxxp://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl | 87.245.216.33 |
hxxp://download.newaol.com:80/clients/bush/waol/0.4343.2046.1/comps/sysinfo/SinfInst.exe | 149.174.149.63 |
hxxp://download.newaol.com:80/clients/bush/waol/0.4343.2046.1/comps/acs/comps/acscore.exe | 149.174.149.63 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAKQll6RM0DNpmNM7zH3/Qc= | 23.51.123.27 |
hxxp://download.newaol.com:80/clients/bush/waol/0.4343.2046.1/comps/acs/instSup.dll | 149.174.149.63 |
hxxp://download.newaol.com:80/clients/bush/waol/0.4343.2046.1/comps/acs/AcsInstA.dll | 149.174.149.63 |
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c47dea64dd07db25 | 87.245.216.19 |
hxxp://download.newaol.com:80/clients/bush/waol/0.4343.2046.1/comps/acs/comps/acsrollb.exe | 149.174.149.63 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= | 23.51.123.27 |
hxxp://download.newaol.com:80/clients/bush/waol/0.4343.2046.1/noneCodesignFilesBundle.exe | 149.174.149.63 |
hxxp://download.newaol.com:80/clients/bush/waol/0.4343.2046.1/comps/flashPlayer/aolswfchk.dll | 149.174.149.63 |
hxxp://download.newaol.com:80/clients/bush/waol/0.4343.2046.1/comps/flashPlayer/install_flash_player_11_plugin.exe | 149.174.149.63 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEA/folAAtu2XY7/sias/UTw= | 23.51.123.27 |
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt?cea8345e4b49256e | 87.245.216.19 |
hxxp://ocsp.entrust.net/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBS6T8q7hSNQhIXIQ0oIkBdHhARt9wQUp7GqxLYG7d3Kn4iUloLV50NB0SUCBEwXaMs= | 95.100.77.22 |
hxxp://download.newaol.com:80/clients/bush/waol/0.4343.2046.1/roadie1.8.4.1/roadie.loc | 149.174.149.63 |
hxxp://download.newaol.com:80/clients/bush/waol/0.4343.2046.1/comps/acs/setup.exe | 149.174.149.63 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= | 23.51.123.27 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTEemCaVgs8Tuh2B9fGVE0pKKNyzgQUTF+nNhcF4oZhIkk5jLmo40rgOBoCEC6utoKGY/7ZdVX4/iTzOxo= | 23.51.123.27 |
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?9bae0654c986f0bb | 87.245.216.19 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
HEAD /clients/bush/waol/0.4343.2046.1/comps/search/aolSearchInstaller.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:23 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 24392
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:23 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
GET /clients/bush/waol/0.4343.2046.1/comps/flashPlayer/install_flash_player_11_plugin.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:56:01 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 17736296
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:06:01 GMT
Keep-Alive: timeout=2, max=98
Connection: Keep-Alive
Content-Type: application/x-msdownload
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W`.<...o...o...o.y.o...o4..o...o4..o...o...o...o.y.o*..o.y.o...o.y.o...o.S.o...o...o...o.y.o...oRich...o........PE..L......Q.................z..........L.............@.................................j.....@.........................P.......<........@..._..............h.......d...`...................................@............................................text....x.......z.................. ..`.rdata...f.......h...~..............@..@.data....>.......$..................@....rsrc...._...@...`..................@..@.reloc...".......$...j..............@..B..................................................................................................................................................................................................................................................................................................................................................j..V.t$..D6.......P.;k..Y.p..@...@.......^.... ..`......L$......I..H.....t..........t..@. A..3......t..I..DH..3..VW.|$...................;.~.2.. .B........LA..G....DB...NHHf..IIf;.u...u..._^...V.t$...W............w...;.~.2..0.j....J. ........LA..F..DB...O@@f..AAf;.u...u..._^......L$.V..........%...;.^u..t$..8.....t.3.@..3....SV....W..t..@...3. F.@..W..i.......F.Y...TB.......ABBOu._^.....[.....u...P..I.SVW3..tH.2.....vI...f..0s.f..9v.@@Ju...v1;.v.f.x.-u......f..0r.f..9w.k..@...@J.|..u...t....._^[.
<<< skipped >>>
GET /clients/bush/waol/0.4343.2046.1/comps/acs/comps/ocpgc.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:48 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 62248
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:48 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............c...c...c...o...c...o...c...o...c...o...c...k...c..(k...c...c..pc..%t...c...k...c..(k...c..%t...c..Gh...c..%t...c..Rich.c..................PE..L....}.H.................`...p.......g.......p....@.................................~...................................................................(............r..................................@............p...............................text...._.......`.................. ..`.rdata...G...p...P...p..............@..@.data...P...........................@....rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
<<< skipped >>>
HEAD /clients/bush/waol/0.4343.2046.1/comps/acs/ecuinst.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:13 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 260120
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:13 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
POST /b/ss//6 HTTP/1.1
Host: instlxml1.sa.aol.com
Connection: close
Content-Length: 454
<?xml version="1.0" encoding="UTF-8"?><request><events>event1</events><eVar1>Download | Roadie | waol_0.4343.2046.1 | Application Start</eVar1><prop1>cmp :</prop1><prop2>cmp :</prop2><prop49>xml api</prop49><prop16>Roadie | App Start | waol_0.4343.2046.1</prop16><reportsuiteid>aoljet</reportsuiteid><pagename>cmp : Roadie - App Start</pagename><visitorid>4603272406744064-632422412535335</visitorid><prop3>gmt_5</prop3><prop24>uaid_na</prop24></request>
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:54:39 GMT
Server: Omniture DC/2.0.0
Access-Control-Allow-Origin: *
X-C: ms-4.9.4
Expires: Thu, 16 Apr 2015 09:54:39 GMT
Last-Modified: Sat, 18 Apr 2015 09:54:39 GMT
Cache-Control: no-cache, no-store, max-age=0, no-transform, private
Pragma: no-cache
ETag: "5530D85F-CAEB-7ACCE06F"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www594
Content-Length: 64
Content-Type: text/xml
Connection: close
<?xml version="1.0" encoding="UTF-8"?>.<status>SUCCESS</status>...
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=338134, public, no-transform, must-revalidate
Last-Modified: Tue, 14 Apr 2015 07:54:56 GMT
Expires: Tue, 21 Apr 2015 07:54:56 GMT
Date: Fri, 17 Apr 2015 09:59:22 GMT
Connection: keep-alive
0..........0..... .....0......0...0......'.V.8.F.V....H....JW..20150414075456Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5.......A..2.....:...:......20150414075456Z....20150421075456Z0...*.H..............@..F.V...>5...B.hdp.~..$9...d...Tx\.....<9i..m?...W..!.#.....b...4.e...:..3...6p.L.U...s.y.8.....(e.. ........,....-.C.........).6..qb..E..B.. .aJ....So.^.U...{.z.GD5..}0...z.M..'...i5...m.)L.qT....op....P|'S..7.......U.P..6.{jk..z.J..-.9d.."[...u05.WE}_....#0...0...0..........r..?.*......y"..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA0...150226000000Z..150527235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.............m5*R........2....>...yU4..L.. ...........u..Hez..Pn.....d...nz(...V7.}^...d!RX...bl..[..a...L.. .~..Ij......%..%p.-...u..:..i..F*]...*....{NH..|0...gHX.Q.r....S..........._.9.(w...suC...N..s.....&."...:.C.Q.i~rl..<..krS..8.B..o].y..L.4...iB@..s.....mw.........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-32010...*.H
<<< skipped >>>
GET /clients/bush/waol/0.4343.2046.1/comps/browser/aolbwsrinst.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:53 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 1096736
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:53 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........L...L...L.......M.......M..._...N.......F.......I...L.......I...G.......M...I...M...RichL...........PE..L...<.6D.................|...........;............@.................................<................................................p..................h............................................................................................text...bz.......|.................. ..`.rdata...3.......4..................@..@.data...T...........................@....ndata...................................rsrc........p......................@..@........................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H......B..H.P.u..u..u...p.@..B...SV.5..B.W.E.P.u.....@..e...E..E.P.u...t.@..}..e....@.@........FR..VV..U... M.........3..M.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...D.@..E..P.E..E.P.u...x.@..u....E..9}...w....~X.te.v4..H.@....E.tU.}.j.W.E......E.......L.@..vXW..P.@..u..5X.@.W..h ....E..E.Pj.h..B.W..|.@..u.W...u....E.P.u.....@._^3.[.....L$....B...i......T.....tUVW.q.3.;5..B.sD..i......D..S.....t.G.....t...O..t .....u...3....3...F.....;5..B.r.[_^...U..QQ.U.SV.
<<< skipped >>>
HEAD /clients/bush/waol/0.4343.2046.1/waol-0.4343.2046.1.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:11 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 1584744
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:11 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
GET /clients/bush/waol/0.4343.2046.1/comps/acs/ecuchk.dll HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:55 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 11080
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:55 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./V.hk7.;k7.;k7.;.(.;i7.;.(.;o7.;...;i7.;.?.;l7.;k7.;d7.;n;.;j7.;. .;j7.;. .;j7.;.<.;j7.;. .;j7.;Richk7.;........PE..L...Z..L...........!......................... ...............................`.......h..............................."..n.... ..x....@..p...............H....P..X...P ............................................... ..H............................text...(........................... ..`.rdata..f.... ......................@..@.data...,....0......................@....rsrc...p....@......................@..@.reloc.......P......................@..B.................................................................................................................................................................................................................................................................................................................................................L$....SW.D$.P3.Q...^........;.......UW... .......;........T$..D$.UWRP.......tk.L$.Q.T$.Rhl ..U.d.....tR.L$...A......F.....A.......^......^...A....~................~...A.............F...U..( .....]_..[...._..[.......................0..3.SV..$.....D$.Ph....j.h. ..h......2.... ....uW.L$.Q.L$..T$.R.D$.Pj.h. ..Q.D$$....... ....u.hp ...T$.R..0 ...D$.P...........L$.Q... ....$....^..[3..7........................0.....0..3...$....h.....D$.PQ.D$..... ..........V.T$.R.t$..)........t}.L$........tp.D$..L$.;..T$..t$.
<<< skipped >>>
HEAD /clients/bush/waol/0.4343.2046.1/comps/acs/comps/acslaeu.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:45 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 974344
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:45 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
GET /clients/bush/waol/0.4343.2046.1/comps/acs/comps/AcsInstA.dll HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:24 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 46184
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:24 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b..N...N...N...]...O...!...L.......M...!...J...K...O.......X...]...L.......I...N...........L.......O.......O.......O...RichN...........................PE..L....-.R...........!.....@...........C.......P.......................................................................f..j...l^..x.......................h............Q...............................................P..x............................text....9.......@.................. ..`.rdata..z....P... ...P..............@..@.data....H...p.......p..............@....rsrc...............................@..@.reloc..p...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
<<< skipped >>>
GET /clients/bush/waol/0.4343.2046.1/comps/acs/comps/acslaeu.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:45 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 974344
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:45 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........L...L...L.......M.......M..._...N.......F.......I...L.......I...G.......M...I...M...RichL...........PE..L...<.6D.................|...........;............@.....................................................................................................h............................................................................................text...bz.......|.................. ..`.rdata...3.......4..................@..@.data...T...........................@....ndata...................................rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H......B..H.P.u..u..u...p.@..B...SV.5..B.W.E.P.u.....@..e...E..E.P.u...t.@..}..e....@.@........FR..VV..U... M.........3..M.....FQ.....@..M..E..................B...B....B...q....$..1@.Vh..@...L...E.YY.`...3..k...Ph..@..jL..YYV.u...;.........t.B..}........j.....@........}....B. .......Q.NJ.......p.Vh..@...L..YYj.V............t)...t....@..@.@.......@.@....@...@.@......3......Ph..@...K..YYV.u..]:.......3........Vh..@...K.....YY..3.FV....@..e...h..@...K..Y.u...0.@..L...3.A.K....M.... .B.
<<< skipped >>>
HEAD /clients/bush/waol/0.4343.2046.1/comps/acs/postproc.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:33 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 35432
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:33 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
GET /clients/bush/waol/0.4343.2046.1/comps/acs/comps/AcsInstC.dll HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:33 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 37992
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:33 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\./d..A7..A7..A7..(7..A7w.E7..A7..O7..A7w.K7..A7..!7..A7..!7..A7...7..A7...7..A7..@7f.A7..%7..A7...7..A7...7..A7...7..A7Rich..A7................PE..L....,.R...........!.....0...........0.......@......................................\...............................0J..j....D..d.......................h.......d....A...............................................@...............................text....#.......0.................. ..`.rdata.......@.......@..............@..@.data....D...P.......P..............@....rsrc................`..............@..@.reloc..X............p..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
<<< skipped >>>
GET /clients/bush/waol/0.4343.2046.1/comps/acs/ecuinst.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:13 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 260120
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:13 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Jr..Jr..Jr...z..Kr...Q..Kr..Yz..Hr...z..@r...Q..Or..Jr...r..O~..Cr...y..Kr..O~..Kr..RichJr..........................PE..L....f.B.................f...........:............@..........................0.......,............................................... ..................H............................................................................................text....d.......f.................. ..`.rdata..r............j..............@..@.data...............................@....ndata.......p...........................rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H.....cB..H.P.u..u..u...`.@..B...SV.5.cB.W.E.P.u...d.@..e...E..E.P.u...h.@..}..e....@.@........FR..VV..U... M.........3..M.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...D.@..E..P.E..E.P.u...l.@..u....E..9}...w....~X.te.v4..H.@....E.tU.}.j.W.E......E.......L.@..vXW..P.@..u..5X.@.W..h ....E..E.Pj.h.[B.W..p.@..u.W...u....E.P.u...t.@._^3.[.....L$...dB...i......T.....tUVW.q.3.;5.dB.sD..i......D..S.....t.G.....t...O..t .....u...3....3...F.....;5.dB.r.[_^...U..QQ.U.SV..i....
<<< skipped >>>
HEAD /clients/bush/waol/0.4343.2046.1/comps/acs/comps/acsshutd.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:14 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 21608
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:14 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECECVRccvD8Qb29B4D63fPT+k= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.thawte.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1396
content-transfer-encoding: binary
Cache-Control: max-age=581692, public, no-transform, must-revalidate
Last-Modified: Fri, 17 Apr 2015 03:30:03 GMT
Expires: Fri, 24 Apr 2015 03:30:03 GMT
Date: Fri, 17 Apr 2015 09:59:19 GMT
Connection: keep-alive
0..p......i0..e.. .....0.....V0..R0......Qw.}`.Z8...JV...r@z...20150417033003Z0s0q0I0... ........l....r.vdv0..*.~Y..X....e?z.4..G.L.......q..%Qq.........w.O.....20150417033003Z....20150424033003Z0...*.H..............<.t.72.....&.Rtn....} ....-G....... ...9...E...M.I.E..:...M.=.8v..*.b.Êk...M=..Bu..S5c.s...i.Q...0......?....@c..T...p....[(j..K.t.d.....!.....j.....(f.C*. I.......N.....rU.x.U..9.9$..L..|(t.w-aR<.0,(..'L$ ...L..[.......v.......w{{.w)s...i.d~.....M...;~....0...0...0..y.......^..........N...)0...*.H........0J1.0...U....US1.0...U....Thawte, Inc.1$0"..U....Thawte Code Signing CA - G20...150303000000Z..150601235959Z0Y1.0...U....US1.0...U....Thawte, Inc.1301..U...*Thawte Code Signing CA - G2 OCSP Responder0.."0...*.H.............0............).Z.......O.~.l...,\.3.".'.'W .ih./..}OA...K...HJd....K^..<.....-.rWJ.j.U.._......W.../.6....J.y.u-.\...2..U.52B.>...=F...RbR.y.zm.......{b.bj....Y..J..m...*=.^......V.}p......rmA......9.L ...{?.g.-Y............8...k.$.:.5..6#4..F.#....t.B.8.O)'F.p).........d0b0...U....0.0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-32450...*.H..............C.....8.Aw.{....`...y1N...W4M..M.J.3~..7#}..X..:x..5....$...Z^%.?6..e...}I.)....... .A.w......_...B..j.T..Yu.o.....g....H....q.Ju.SA`K.....~..O_.....S....I>..O.X..E.......]...y..L..F....K......../...._XSk6.:a};.?`...:^.....p....4Z.3L;.......t....>.....j....
<<< skipped >>>
HEAD /clients/bush/waol/0.4343.2046.1/noneCodesignFilesBundle.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:54:40 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 42987344
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:04:40 GMT
Keep-Alive: timeout=2, max=98
Connection: Keep-Alive
Content-Type: application/x-msdownload
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTEemCaVgs8Tuh2B9fGVE0pKKNyzgQUTF+nNhcF4oZhIkk5jLmo40rgOBoCEC6utoKGY/7ZdVX4/iTzOxo= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1552
content-transfer-encoding: binary
Cache-Control: max-age=354558, public, no-transform, must-revalidate
Last-Modified: Tue, 14 Apr 2015 12:25:08 GMT
Expires: Tue, 21 Apr 2015 12:25:08 GMT
Date: Fri, 17 Apr 2015 09:59:31 GMT
Connection: keep-alive
0..........0..... .....0......0...0........C...4N...@..6...v...20150414122508Z0s0q0I0... .........z`.V.<N.v...TM)(.r...L_.6....a"I9....J.8........c..uU..$.;.....20150414122508Z....20150421122508Z0...*.H.............nr.3...bK.....r.......e....A...tF..uTPG..5.....R.4..........U....>{.p.....g......Qz....G...r.....e.....$..Om.3.r....m...........h..Ra>F..P..z.........j..........U.Y.Cppv..B...V...Z.ka0.w.T.....l..*.....9.=n......p... ..o..../j....9V....J.t*....J.W*..B'.......50..10..-0..........y.P}~.EY....T]. 0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1<0:..U...3Class 3 Public Primary Certification Authority - G21:08..U...1(c) 1998 VeriSign, Inc. - For authorized use only1.0...U....VeriSign Trust Network0...141202000000Z..151216235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G2 OCSP Responder Certificate 30.."0...*.H.............0..........6..]......w';.r........I..c..4.... .........TyW......hd_.....!C.k......SE<?o.H.. .me.c..9N.&....e.^-..a.....i\:..*."..u...|....".Nf3.~.L...QW...p.....-]UV8U...J&.<./.G.....I...4.T....#I*.i.E0\..~q$.I.......X?G....f.t......v.l.U.Ld.I...B.....=...Sf...H.s.........0..0...U....0.0l..U. .e0c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U........0... .....0......0!..U....0...0.1.0...U....TGV-B-2740...*.H............1.`...i.....H.C.i.9~.i..Z.r.*$..(./.ag9.....J.Q.~.`.$?b..C....<.h.........d&....3.kV.....f.
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRODEXefhs/UZFum2o8YfzOFwceMwQUkz5j3yJ0BOBkhDHd2yOfDq+2TZMCEA89qsgV9niZmSI6gIO0S/U= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1725
content-transfer-encoding: binary
Cache-Control: max-age=403200, public, no-transform, must-revalidate
Last-Modified: Wed, 15 Apr 2015 01:55:09 GMT
Expires: Wed, 22 Apr 2015 01:55:09 GMT
Date: Fri, 17 Apr 2015 09:59:31 GMT
Connection: keep-alive
0..........0..... .....0......0...0......%bn.$..5.......?'4....20150415015509Z0s0q0I0... ........N.E.~.?Q.n.j<a.....3...>c."t..d.1..#....M....=....x..":...K.....20150415015509Z....20150422015509Z0...*.H...............ny.*..<biwZX.....V....$`*...Y.Hs.....?./k.7.....i...R.rW.FxvW6D...0}.-.a.......>....~NG.M...T....y.....Q..A3..........)....D.........j..'ox...q@.}.....9;d....6n.."....`#Su1V(.H......).EU%.eO..........h..)G.). .\:......R...T..Ip.=f.h6..]......../.....A.......0...0...0..........7.R.~|..r."....#0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.ve..
GET /clients/bush/waol/0.4343.2046.1/comps/acs/comps/acsrollb.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:57 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 148480
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:57 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........L...L...L.......M.......M..._...N.......F.......I...L.......I...G.......M...I...M...RichL...........PE..L...<.6D.................|...........;............@................................................................................................../..h............................................................................................text...bz.......|.................. ..`.rdata...3.......4..................@..@.data...T...........................@....ndata...................................rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H......B..H.P.u..u..u...p.@..B...SV.5..B.W.E.P.u.....@..e...E..E.P.u...t.@..}..e....@.@........FR..VV..U... M.........3..M.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...D.@..E..P.E..E.P.u...x.@..u....E..9}...w....~X.te.v4..H.@....E.tU.}.j.W.E......E.......L.@..vXW..P.@..u..5X.@.W..h ....E..E.Pj.h..B.W..|.@..u.W...u....E.P.u.....@._^3.[.....L$....B...i......T.....tUVW.q.3.;5..B.sD..i......D..S.....t.G.....t...O..t .....u...3....3...F.....;5..B.r.[_^...U..QQ.U.SV..i.
<<< skipped >>>
HEAD /clients/bush/waol/0.4343.2046.1/comps/acs/comps/ocpinst.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:37 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 4020768
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:37 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
GET /clients/bush/waol/0.4343.2046.1/comps/acs/instph.dll HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:26 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 93800
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:26 GMT
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Content-Type: application/x-msdownload
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........oSp.<Sp.<Sp.<V|.<Hp.<V|.<2p.<@x.<Qp.<.x.<Up.<.S.<Pp.<Sp.<?p.<V|.<@p.<V|.<Rp.<.{.<Rp.<V|.<Rp.<RichSp.<........................PE..L...'..E...........!................ag...............................................q..............................P....@.. ...x....................Z..h.......l.......................................H............................................text............................... ..`.rdata..0e.......f..................@..@.data...H&...P.......4..............@....rsrc................B..............@..@.reloc..f............F..............@..B................................................................................................................................................................................................................................................................................................................................U........h..........P..l...h..........P.........p.........Ph.\....t.....V.t$......P..:....Yt.F....u.3.@^.3.^.U..QQ.E...M..e..SV3.W.|..C;..E.......s@V.......Yt...t..u.3..E..u...F.>.u.F;.r.f.}..v.h.\..j.j..u...h....u...:..Y_^[..U....$...SV3.W.u..u..E...........u..r;..P.s9..YY..\..S.E.h..........P.u...`.....f................u...d...............;..M.s.....E.V..;..P..9...e...}..Y..Y.}.~..E. ...:..u/.E..M.@9M.|..E..}..t..e...u..u.V..:..f;E
<<< skipped >>>
GET /clients/bush/waol/0.4343.2046.1/comps/acs/postproc.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:33 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 35432
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:33 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........`3M..]...]...].J.....].."A...].......].J.....].3"D...]...\...]...9...].%.....].......].Rich..].........................PE..L......E.................T...$......V........p....@..................................!......................................D...........p............v..h............................................................p...............................text...8S.......T.................. ..`.rdata.......p.......X..............@..@.data...............................@....rsrc...p............p..............@..@................................................................................................................................................................................................................................................................................................................................................................................j.h....j.j.j.h.....t$....p@....u.3..P...p@.3.@.U........SV.u.......P...p@..}..t.j\.......OO....Yt..........P...p@.j.[;..E.|=W.=.p@..........<\u.j.......P.......\....u.j.......P..C;].~._^[..U....,j..u..E.P...p@.h.q@....p@...tCh.q@.P...p@...t3.M.Q.M.Q.M.Q.M.Q....t..M.......v.......E............E.P.E.P.E.P.E.P.E.P...p@...t..E...E...E......3...Qj....p@...$...p@.j.P.....P...p@..U........SVW.....V......P...p@.V......P3.S..<p@.3...O..........N...5.q@.h.z@..u.................P......h.z@.P..hq@....9...@.t.....
<<< skipped >>>
HEAD /clients/bush/waol/0.4343.2046.1/comps/sysinfo/SinfInst.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:41 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 716072
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:41 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
GET /clients/bush/waol/0.4343.2046.1/noneCodesignFilesBundle.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:54:40 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 42987344
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:04:40 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........,K|..K|..K|...t..J|..._..J|..Xt..I|...t..A|..._..N|..K|...|..Np..A|...w..J|..Np..J|..RichK|..................PE..L...1.eJ.................j..........S9............@..................................k......................................T...........................h............................................................................................text....h.......j.................. ..`.rdata........... ...n..............@..@.data...tq..........................@....ndata....... ...........................rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H......C..H.P.u..u..u...`.@..B...SV.5..C.W.E.P.u...d.@..e...E..E.P.u...h.@..}..e....@.@........FR..VV..U... M.........3..M.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...D.@..E..P.E..E.P.u...l.@..u....E..9}...w....~X.te.v4..H.@....E.tU.}.j.W.E......E.......L.@..vXW..P.@..u..5X.@.W..h ....E..E.Pj.h..C.W..p.@..u.W...u....E.P.u...t.@._^3.[.....L$....C...i......T.....tUVW.q.3.;5..C.sD..i......D..S.....t.G.....t...O..t .....u...3....3...F.....;5..C.r.[_^...U..QQ.U.SV..i....
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=448244, public, no-transform, must-revalidate
Last-Modified: Wed, 15 Apr 2015 14:29:54 GMT
Expires: Wed, 22 Apr 2015 14:29:54 GMT
Date: Fri, 17 Apr 2015 09:59:17 GMT
Connection: keep-alive
0..........0..... .....0......0...0......'.V.8.F.V....H....JW..20150415142954Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5........M.s.Q~...@?j.......20150415142954Z....20150422142954Z0...*.H.............P[.58K.E...V F.?.22.u..p..A..1m...* ..{.k..(......!..k'..^....M...ms%_.o..9.Da....A.......).5..j4M..._3..4........l......p..4.y;....o.2.....:....V#...O.r.\}*M...p.C9....R..7V6....Y5N....X.XQ(@F....F...w.#..s....=..ow._.@.......j.&........^.......r......v.....#0...0...0..........r..?.*......y"..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at https://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA0...150226000000Z..150527235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.............m5*R........2....>...yU4..L.. ...........u..Hez..Pn.....d...nz(...V7.}^...d!RX...bl..[..a...L.. .~..Ij......%..%p.-...u..:..i..F*]...*....{NH..|0...gHX.Q.r....S..........._.9.(w...suC...N..s.....&."...:.C.Q.i~rl..<..krS..8.B..o].y..L.4...iB@..s.....mw.........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-32010...*.H......
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAKQll6RM0DNpmNM7zH3/Qc= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=597895, public, no-transform, must-revalidate
Last-Modified: Fri, 17 Apr 2015 08:00:00 GMT
Expires: Fri, 24 Apr 2015 08:00:00 GMT
Date: Fri, 17 Apr 2015 09:59:31 GMT
Connection: keep-alive
0..........0..... .....0......0...0......'.V.8.F.V....H....JW..20150417080000Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5..........^.3@..cL.1.......20150417080000Z....20150424080000Z0...*.H.............A..`.............Q.q..M....mq'.9.*..u..Y....TU..!T..J...i.Apu.q.e,.9.v...D......i...-.;.a.....e..z.)Et....x..4\j..<.....B[.........3......}..@<.6..:B"...^.....%.H.u4........{.B.M..].b....*..Q.8........_....C.fg.....Zs3.r....n|..t'..t..F...o....T.p...*3:..!...#0...0...0..........r..?.*......y"..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA0...150226000000Z..150527235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.............m5*R........2....>...yU4..L.. ...........u..Hez..Pn.....d...nz(...V7.}^...d!RX...bl..[..a...L.. .~..Ij......%..%p.-...u..:..i..F*]...*....{NH..|0...gHX.Q.r....S..........._.9.(w...suC...N..s.....&."...:.C.Q.i~rl..<..krS..8.B..o].y..L.4...iB@..s.....mw.........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-32010...*.H
<<< skipped >>>
GET /clients/bush/waol/0.4343.2046.1/comps/acs/comps/acsshutd.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:14 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 21608
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:14 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E... ... ... ...B... .../... .v.%... ...!... ...v... .v.v... ...*... ...K... .{.K... ...u... .{.q... .Rich.. .........................PE..L....,.R.................*...........6.......@....@..........................p.......[.......................................F..d....`..x............@..h............@...............................................@...............................text....).......*.................. ..`.rdata.......@......................@..@.data........P.......:..............@....rsrc...x....`.......<..............@..@.......................................................................................................................................................................................................................................................................................................................................................................0P@.3.Vh.A@.j.j.j...$......0@@.....tB..T@@.=....u...$......$....PQ.T$.h....R..h@@.....D$.P..X@@.V..`@@...$....^3...%.......................l....0P@.3.S..$t...U..$|...V..$t...W3.......|$ ...D$..D$.h.B@..L$h.D$.Q.D$(D....D$$.. @@..5.@@.S.T$hR..h.B@..D$hP..U.L$hQ...T$.R.D$$Pj.j.j.j.j.j...$....Qj....@@......T$dRtNh.B@........$.....D$....WP...@@.=....u.WSh.A@.......L$....j.Q...@@...USh.A@.....T@@.PhlA@..c........$x..._..^][3...$....l............W.D$.Ph....3.Wh`B@.h.......@@.........V.t$..L$.QV.T$.RP...
<<< skipped >>>
GET /clients/bush/waol/0.4343.2046.1/comps/acs/comps/ocpchk.dll HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:34 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 15144
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:34 GMT
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Content-Type: application/x-msdownload
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e...!.n.!.n.!.n...3.%.n.!.o.:.n.N.j.".n.N.d.%.n.2...$.n...1.'.n.....#.n...2. .n...0. .n...4. .n.Rich!.n.........................PE..L....}.H...........!......................... ...............................`.......>...............................%......X#..P....@..x............(..(....P..4...p ............................................... ..l............................text...$........................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...x....@......................@..@.reloc..$....P....... ..............@..B...................................................................................................................................................................................................................................................................................................................................................V.t$.W.=` ..V.D$......D$.............s._...^......V.....=....v._.....^.........0..j..D$.Pj.h?...j.j.j.Qh.......0....uf.L$..T$.RV.D$.Pj.VQ...0....t4V...T$....PVj.j.VR...0....t..D$.P... .._.....^.......L$.Q... .._3.^......_.....^..........QVWh............D$.P.D$.......X ..3..?.......f...L$.Qh.!..h....V..\ ....._.........^Y..............UWh....3..Y...........|$.u._]....S.\$.VSh.!..W..H ..h@....)........VW.t$..E....4 ......D$........~,.?.t7...t2h.........WS..h$!..V..H ..V.p...V....L ...t$,
<<< skipped >>>
HEAD /clients/bush/waol/0.4343.2046.1/comps/msvcr9/msvc9rt.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:42 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 1113240
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:42 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
GET /clients/bush/waol/0.4343.2046.1/comps/acs/gui.dll HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:44 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 472680
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:44 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............m...m...m..4e...m...e...m..4e...m...e...m...a...m...a../m...m...o..MN...m...a.. m...a...m..[f...m...a...m..Rich.m..........................PE..L......E...........!................................................................................................p...j...............(F..........."..h........_......................................H...................`...@....................text............................... ..`.rdata...$.......&..................@..@.data...@f... ...$..................@....rsrc...(F.......H...(..............@..@.reloc..&............p..............@..B..................................................................................................................................................................................................................................................................................................................p..........V.t$..&.W.....W...........P..........t.WP......_3.^...U.......3..V.E.3.......j..M.Qh....P........t..M....E.t.......@.tQ.....u...u..........M...^.......j.X.U..........3...E...h...P..h...............x....u...l.........s..C...Ph. ........... ...M.........D$...........|$.....u...v...t$...............~.%.........P......U...u..u.........u.].VP..........u.3..2.u..u........M......v.;.s.I....tV.u.;.s.f..f....#.^]..D$....@...j.P.t$.........u...t$.P.t$..y........A........J........Q...R..SV...F...t.P.R....
<<< skipped >>>
HEAD /clients/bush/waol/0.4343.2046.1/comps/acs/instph.dll HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:26 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 93800
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:26 GMT
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Content-Type: application/x-msdownload
GET /clients/bush/waol/0.4343.2046.1/comps/parcon/AOLParconLink.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:58 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 58696
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:58 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........|.../.../.../.../.../.../.../.../.../l../.../.../.../.../.../.../.../.../.../z../.../.../.../Rich.../........................PE..L...4.jL.....................`.......'............@.................................~n..................................................X...............H...........@...................................@...............8............................text...Jr.......................... ..`.rdata........... ..................@..@.data...\ ..........................@....rsrc...X...........................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
<<< skipped >>>
HEAD /clients/bush/waol/0.4343.2046.1/comps/acs/comps/acsrollb.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:57 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 148480
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:57 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
HEAD /clients/bush/waol/0.4343.2046.1/comps/flashPlayer/aolswfchk.dll HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:40 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 52328
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:40 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
POST /b/ss//6 HTTP/1.1
Host: instlxml1.sa.aol.com
Connection: close
Content-Length: 579
<?xml version="1.0" encoding="UTF-8"?><request><channel>us.roadie</channel><events>purchase,event10,event4</events><prop1>cmp : Downloads</prop1><prop2>cmp : Roadie</prop2><eVar4>Download | Roadie | waol_0.4343.2046.1 | Download Complete</eVar4><prop49>xml api</prop49><reportsuiteid>aoljet,aolcmp,aolsvc</reportsuiteid><pagename>cmp : Roadie Download</pagename><products>;waol_0.4343.2046.1;1;0</products><prop16>Roadie | Download Complete | waol_0.4343.2046.1</prop16><visitorid>5517592235047936-107563412127135</visitorid><prop3>gmt_5</prop3><prop24>uaid_na</prop24></request>
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:56:10 GMT
Server: Omniture DC/2.0.0
Access-Control-Allow-Origin: *
X-C: ms-4.9.4
Expires: Thu, 16 Apr 2015 09:56:10 GMT
Last-Modified: Sat, 18 Apr 2015 09:56:10 GMT
Cache-Control: no-cache, no-store, max-age=0, no-transform, private
Pragma: no-cache
ETag: "5530D8BA-32B0-142B2394"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www900
Content-Length: 64
Content-Type: text/xml
Connection: close
<?xml version="1.0" encoding="UTF-8"?>.<status>SUCCESS</status>...
GET /clients/bush/waol/0.4343.2046.1/comps/msvcr9/msvc9rt.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:42 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 1113240
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:42 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........L...L...L.......M.......M..._...N.......F.......I...L.......I...G.......M...I...M...RichL...........PE..L...<.6D.................|...........;............@..........................p.......................................................`..............H...P............................................................................................text...bz.......|.................. ..`.rdata...3.......4..................@..@.data...T...........................@....ndata...................................rsrc........`......................@..@........................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H......B..H.P.u..u..u...p.@..B...SV.5..B.W.E.P.u.....@..e...E..E.P.u...t.@..}..e....@.@........FR..VV..U... M.........3..M.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...D.@..E..P.E..E.P.u...x.@..u....E..9}...w....~X.te.v4..H.@....E.tU.}.j.W.E......E.......L.@..vXW..P.@..u..5X.@.W..h ....E..E.Pj.h..B.W..|.@..u.W...u....E.P.u.....@._^3.[.....L$....B...i......T.....tUVW.q.3.;5..B.sD..i......D..S.....t.G.....t...O..t .....u...3....3...F.....;5..B.r.[_^...U..QQ.U.SV..i.
<<< skipped >>>
HEAD /clients/bush/waol/0.4343.2046.1/comps/acs/setup.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:25 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 169064
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:25 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
GET /clients/bush/waol/0.4343.2046.1/comps/acs/AcsInstA.dll HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:15 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 46184
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:15 GMT
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Content-Type: application/x-msdownload
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b..N...N...N...]...O...!...L.......M...!...J...K...O.......X...]...L.......I...N...........L.......O.......O.......O...RichN...........................PE..L....-.R...........!.....@...........C.......P.......................................................................f..j...l^..x.......................h............Q...............................................P..x............................text....9.......@.................. ..`.rdata..z....P... ...P..............@..@.data....H...p.......p..............@....rsrc...............................@..@.reloc..p...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
<<< skipped >>>
HEAD /clients/bush/waol/0.4343.2046.1/comps/acs/comps/acslang.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:15 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 1655104
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:15 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
GET /clients/bush/waol/0.4343.2046.1/comps/toolbar/aol_trio.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:27 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 9359016
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:27 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................^...........0.......p....@..................................).......................................t..........(e..........@...h............................................................p...............................text...L\.......^.................. ..`.rdata.......p.......b..............@..@.data...X\...........v..............@....ndata...................................rsrc...(e.......f...z..............@..@........................................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H....h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G.....t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>
GET /clients/bush/waol/0.4343.2046.1/comps/acs/comps/ocpinst.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:37 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 4020768
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:37 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........L...L...L.......M.......M..._...N.......F.......I...L.......I...G.......M...I...M...RichL...........PE..L...<.6D.................|...........;............@..........................`......$o=..................................................p...........D=.H............................................................................................text...bz.......|.................. ..`.rdata...3.......4..................@..@.data...T...........................@....ndata...P...............................rsrc....p.......j..................@..@........................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H......B..H.P.u..u..u...p.@..B...SV.5..B.W.E.P.u.....@..e...E..E.P.u...t.@..}..e....@.@........FR..VV..U... M.........3..M.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...D.@..E..P.E..E.P.u...x.@..u....E..9}...w....~X.te.v4..H.@....E.tU.}.j.W.E......E.......L.@..vXW..P.@..u..5X.@.W..h ....E..E.Pj.h..B.W..|.@..u.W...u....E.P.u.....@._^3.[.....L$....B...i......T.....tUVW.q.3.;5..B.sD..i......D..S.....t.G.....t...O..t .....u...3....3...F.....;5..B.r.[_^...U..QQ.U.SV..i.
<<< skipped >>>
GET /clients/bush/waol/0.4343.2046.1/comps/sysinfo/SinfInst.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:41 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 716072
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:41 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........,K|..K|..K|...t..J|..._..J|..Xt..I|...t..A|..._..N|..K|...|..Np..A|...w..J|..Np..J|..RichK|..........PE..L...Ei.C.................h...........:............@..........................p.......A......................................l............p..............h............................................................................................text....f.......h.................. ..`.rdata...............l..............@..@.data...............................@....ndata.......p...........................rsrc....p.......j..................@..@........................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H.....cB..H.P.u..u..u...|.@..B...SV.5.cB.W.E.P.u...h.@..e...E..E.P.u...l.@..}..e....@.@........FR..VV..U... M.........3..M.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...D.@..E..P.E..E.P.u...p.@..u....E..9}...w....~X.te.v4..H.@....E.tU.}.j.W.E......E.......L.@..vXW..P.@..u..5X.@.W..h ....E..E.Pj.h.[B.W..t.@..u.W...u....E.P.u...x.@._^3.[.....L$...dB...i......T.....tUVW.q.3.;5.dB.sD..i......D..S.....t.G.....t...O..t .....u...3....3...F.....;5.dB.r.[_^...U..QQ.U.SV..i....
<<< skipped >>>
POST /b/ss//6 HTTP/1.1
Host: instlxml1.sa.aol.com
Connection: close
Content-Length: 634
<?xml version="1.0" encoding="UTF-8"?><request><reportSuiteID>aolinstaller</reportSuiteID><channel>us.clientinstall</channel><language>en-us</language><prop1>9.7</prop1><prop2>4343.2046</prop2><prop4>4343</prop4><prop5>2046</prop5><evar2>ie</evar2><evar3>9.10.9200.16521</evar3><evar7>Windows</evar7><evar8>Windows 7</evar8><evar10>Service Pack 1</evar10><evar11>2047</evar11><evar13>4343.2046</evar13><events>event1</events><evar14>Unknown</evar14><products>;aol_9.7_ins;;</products><pageName>Initialize installer</pageName><visitorid>5533042191867904-114271311508728</visitorid><prop3>gmt_5</prop3><prop24>uaid_na</prop24></request>
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:56:12 GMT
Server: Omniture DC/2.0.0
Access-Control-Allow-Origin: *
X-C: ms-4.9.4
Expires: Thu, 16 Apr 2015 09:56:12 GMT
Last-Modified: Sat, 18 Apr 2015 09:56:12 GMT
Cache-Control: no-cache, no-store, max-age=0, no-transform, private
Pragma: no-cache
ETag: "5530D8BC-28ED-64024922"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www418
Content-Length: 64
Content-Type: text/xml
Connection: close
<?xml version="1.0" encoding="UTF-8"?>.<status>SUCCESS</status>...
GET /clients/bush/waol/0.4343.2046.1/comps/acs/comps/acslang.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:16 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 1655104
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:16 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........L...L...L.......M.......M..._...N.......F.......I...L.......I...G.......M...I...M...RichL...........PE..L...<.6D.................|...........;............@.................................a................................................................,..h............................................................................................text...bz.......|.................. ..`.rdata...3.......4..................@..@.data...T...........................@....ndata...................................rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H......B..H.P.u..u..u...p.@..B...SV.5..B.W.E.P.u.....@..e...E..E.P.u...t.@..}..e....@.@........FR..VV..U... M.........3..M.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...D.@..E..P.E..E.P.u...x.@..u....E..9}...w....~X.te.v4..H.@....E.tU.}.j.W.E......E.......L.@..vXW..P.@..u..5X.@.W..h ....E..E.Pj.h..B.W..|.@..u.W...u....E.P.u.....@._^3.[.....L$....B...i......T.....tUVW.q.3.;5..B.sD..i......D..S.....t.G.....t...O..t .....u...3....3...F.....;5..B.r.[_^...U..QQ.U.SV..i.
<<< skipped >>>
GET /clients/bush/waol/0.4343.2046.1/comps/tb/tbsetup.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:36 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 417240
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:36 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........L...L...L.......M.......M..._...N.......F.......I...L.......I...G.......M...I...M...RichL...........PE..L...<.6D.................|...........;............@.................................#................................................p...............H..H............................................................................................text...bz.......|.................. ..`.rdata...3.......4..................@..@.data...T...........................@....ndata...................................rsrc........p......................@..@........................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H......B..H.P.u..u..u...p.@..B...SV.5..B.W.E.P.u.....@..e...E..E.P.u...t.@..}..e....@.@........FR..VV..U... M.........3..M.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...D.@..E..P.E..E.P.u...x.@..u....E..9}...w....~X.te.v4..H.@....E.tU.}.j.W.E......E.......L.@..vXW..P.@..u..5X.@.W..h ....E..E.Pj.h..B.W..|.@..u.W...u....E.P.u.....@._^3.[.....L$....B...i......T.....tUVW.q.3.;5..B.sD..i......D..S.....t.G.....t...O..t .....u...3....3...F.....;5..B.r.[_^...U..QQ.U.SV..i.
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1453
content-transfer-encoding: binary
Cache-Control: max-age=413995, public, no-transform, must-revalidate
Last-Modified: Wed, 15 Apr 2015 04:50:03 GMT
Expires: Wed, 22 Apr 2015 04:50:03 GMT
Date: Fri, 17 Apr 2015 09:54:37 GMT
Connection: keep-alive
0..........0..... .....0......0...0......T3t.%..O.E..~..F.=....20150415045003Z0s0q0I0... ........H.dI.....3..^B...d6Q....ZL%."..1.m..._)..a..eR&.....Y.)..".\....20150415045003Z....20150422045003Z0...*.H.............{....$....3p.>q......\:U....|q..!.....&.yM._W.[.YM~.v..o.L.K....3..d]..i..?...*...;..P.7J..fn.....uhps.U.3[.....G^V..z<.O..aT..o.r....{1.@.B..U.....y.....\.......(@..v...8.{..>....8..|....IL..$....R..&.;...Z.[.KQl.`zk..%.#.'.c..0......n.......N.AN..6M.. b.....0...0...0..3......./...b.v..-....l}0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority0...141202000000Z..151216235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G1 OCSP Responder Certificate 30.."0...*.H.............0..........'......Y..x.3B1.7..Q..`..d.. ....s..t.$a.....j2R.{ ,*..c{.3.....H..3-; ).....0._...*..9M..V...... ...{m...-.......)..tR..{D....~...M...T..pS.p..^|o....S..v.).).....r.v.qo$......C.V!....@.h#qh...u1T.].G0.]E...=._...... ........TE...Sa.s4........r...3.............0..0...U....0.0l..U. .e0c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U........0... .....0......0!..U....0...0.1.0...U....TGV-B-2730...*.H.............$..H......oU....Y!.z{*.V.M..u.._z..3>.. 0....3..m.....e.......a..D...........e..F6:.y.....di.......<y.Z.......x}..q.2....UZ1 :,....
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEA/folAAtu2XY7/sias/UTw= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=465178, public, no-transform, must-revalidate
Last-Modified: Wed, 15 Apr 2015 19:04:53 GMT
Expires: Wed, 22 Apr 2015 19:04:53 GMT
Date: Fri, 17 Apr 2015 09:54:37 GMT
Connection: keep-alive
0..........0..... .....0......0...0......'.V.8.F.V....H....JW..20150415190453Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5..........P....c....?Q<....20150415190453Z....20150422190453Z0...*.H.............L......Z..g.D(...:-.U;m......@G~...3........g'..'_...... '.?..a..w(m<....G.*...E..w9....qx.4......m...>f.*\...t....g.......4.....y.<.N.c..-$.....t...;.#}fy^...Z@.................F.^..2. ..:2.G.L.......^.5...9...i>J...E.....o...`...x..1(k..'...u....p.a..0.z...#0...0...0..........r..?.*......y"..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA0...150226000000Z..150527235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.............m5*R........2....>...yU4..L.. ...........u..Hez..Pn.....d...nz(...V7.}^...d!RX...bl..[..a...L.. .~..Ij......%..%p.-...u..:..i..F*]...*....{NH..|0...gHX.Q.r....S..........._.9.(w...suC...N..s.....&."...:.C.Q.i~rl..<..krS..8.B..o].y..L.4...iB@..s.....mw.........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........https://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-32
<<< skipped >>>
GET /clients/bush/waol/0.4343.2046.1/comps/search/aolSearchInstaller.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:24 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 24392
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:24 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."D..f%..f%..f%...j3.g%..o]0.d%..o]&.s%..o]!.b%..o]6.b%..A...g%..A...a%..f%..7%..o]/.d%..o]1.g%..o]4.g%..Richf%..........................PE..L......O................. ...&......D'.......0....@.................................q(....@.................................`8..x....`...............J..H....p..t...`1..............................82..@............0..<............................text...a........ .................. ..`.rdata.......0.......$..............@..@.data...$....P.......:..............@....rsrc........`.......<..............@..@.reloc.......p.......D..............@..B...........................................................................................................................................................................................................................................................................................................................2@..%.1@.....V.....2@....1@..D$..t.V..........^...............................y$.r..A...A....V...N....2@...\0@......1@..D$..t.V.?........^...V...N....2@...\0@...^.%.1@......j.h.-@.d.....PQVW..P@.3.P.D$.d........t$..|$ W...0@.....D$.....W.N....2@...`0@....L$.d......Y_^.................j.h3/@.d.....P.. .....P@.3...$....SUVW..P@.3.P..$4...d.......$D.....3...$.....D$..\$...$..../.....$ .....$$... .....$(.....X0@.V..$ ...Q....$D.....|0@...x0@...;:......GW..$ ...P......|0@...x0@....|$ ;9t..G.PV..$....R..
<<< skipped >>>
GET /MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTXgePhfsJco9hFmE0qWx1GtVqUPQQUKnCVOp/2k8XzisWoY7s9lCzmygcCBEwOjDo= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.entrust.net
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Transfer-Encoding: Binary
Content-Length: 1947
Last-Modified: Fri, 17 Apr 2015 06:37:09 GMT
ETag: "45F2CE048236D8101ECCB15D7FC186D4DD61BCCD"
Cache-Control: public, no-transform, must-revalidate, max-age=1348
Expires: Fri, 17 Apr 2015 10:17:38 GMT
Date: Fri, 17 Apr 2015 09:55:10 GMT
Connection: keep-alive
0..........0..... .....0.....}0..y0..[...0..1.0...U....Entrust.net1@0>..U...7VVV.entrust.net/CPS_2048 incorp. by ref. (limits liab.)1%0#..U....(c) 1999 Entrust.net Limited1301..U...*Entrust.net Certification Authority (2048)1%0#..U....Entrust Validation Authority..20150417063709Z0g0e0=0... ............~.\..E.M*[.F.Z.=..*p.:........c.=.,.....L..:....20150408161654Z....20150424063709Z0...*.H.............5..N.....!....j.D.V./e)..x.....X..p..f;..9.....#......E.@..I.k......PY.B..JFH.......Wy^...Q.\|...i._...Uq...`.HGa..........M.r\.$Y&..K.Ym ..:M..%.Mt...E..Sg.cN....Ps... ..i.QX.......Oi.......&..........'.S...o.,..-.JE..b..`...t.......^..d6"K..k..lyq...%..!....0...0...0..........L...0...*.H........0..1.0...U....Entrust.net1@0>..U...7VVV.entrust.net/CPS_2048 incorp. by ref. (limits liab.)1%0#..U....(c) 1999 Entrust.net Limited1301..U...*Entrust.net Certification Authority (2048)0...120710174511Z..150710205031Z0..1.0...U....Entrust.net1@0>..U...7VVV.entrust.net/CPS_2048 incorp. by ref. (limits liab.)1%0#..U....(c) 1999 Entrust.net Limited1301..U...*Entrust.net Certification Authority (2048)1%0#..U....Entrust Validation Authority0.."0...*.H.............0...........U....L.^A."@m.i.7.A..%{........?.>......L.../.v.Q.N......Z.g)..A@.u..zoi.8.....L>m.6.h.;[^.k.X\........Uy.q...e...fB_6.T.6......".Y.."..|....D.*..~..|.....Wa.d......o..)Na.S.c..Q.......&E.....y..H......f.......XH`..x.[21.1,.#.Q.g...g......u.....D...^..3........0..0...U........0...U.%..0... .......0... .....0......02..U... 0)0'.%.#.!hXXp://crl.
<<< skipped >>>
GET /MEUwQzBBMD8wPTAJBgUrDgMCGgUABBS6T8q7hSNQhIXIQ0oIkBdHhARt9wQUp7GqxLYG7d3Kn4iUloLV50NB0SUCBEwXaMs= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.entrust.net
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Transfer-Encoding: Binary
Content-Length: 1978
Last-Modified: Fri, 17 Apr 2015 08:53:54 GMT
ETag: "39535E5C45AF92F09F080A8DB315913F5E66EF87"
Cache-Control: public, no-transform, must-revalidate, max-age=401
Expires: Fri, 17 Apr 2015 10:01:51 GMT
Date: Fri, 17 Apr 2015 09:55:10 GMT
Connection: keep-alive
0..........0..... .....0......0...0..e...0..1.0...U....US1.0...U....Entrust, Inc.1907..U...0VVV.entrust.net/rpa is incorporated by reference1.0...U....(c) 2009 Entrust, Inc.1;09..U...2Entrust Code Signing Certification Authority - L1D1%0#..U....Entrust Validation Authority..20150417085354Z0g0e0=0... .........O...#P...CJ...G..m...................CA.%..L.h.....20150417033210Z....20150424085354Z0...*.H................z...'..'..J....KEh.ulCQ r........_. ....W..?kq].._..`6....-....!.>XD..6.3l.?\..}....B..-.......La5.j.v\....4._<LBd.......q.)..%L...Y..,bE......w..l......W. ...~.=.?s.R}...Z.....,..o.w...n......l..7...l.....C..\.<.9Z..g.??.y.v.JSb5..&|[....=.O.J.{..k.a......0...0...0..........L. m0...*.H........0..1.0...U....US1.0...U....Entrust, Inc.1907..U...0VVV.entrust.net/rpa is incorporated by reference1.0...U....(c) 2009 Entrust, Inc.1;09..U...2Entrust Code Signing Certification Authority - L1D0...120710154100Z..150711063201Z0..1.0...U....US1.0...U....Entrust, Inc.1907..U...0VVV.entrust.net/rpa is incorporated by reference1.0...U....(c) 2009 Entrust, Inc.1;09..U...2Entrust Code Signing Certification Authority - L1D1%0#..U....Entrust Validation Authority0.."0...*.H.............0...........U....L.^A."@m.i.7.A..%{........?.>......L.../.v.Q.N......Z.g)..A@.u..zoi.8.....L>m.6.h.;[^.k.X\........Uy.q...e...fB_6.T.6......".Y.."..|....D.*..~..|.....Wa.d......o..)Na.S.c..Q.......&E.....y..H......f.......XH`..x.[21.1,.#.Q.g...g......u.....D...^..3........0..0...U........0...U.%..0... .......0... .....0......
<<< skipped >>>
HEAD /clients/bush/waol/0.4343.2046.1/comps/acs/instSup.dll HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:35 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 74856
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:35 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
POST /b/ss//6 HTTP/1.1
Host: instlxml1.sa.aol.com
Connection: close
Content-Length: 458
<?xml version="1.0" encoding="UTF-8"?><request><reportsuiteid>aoljet</reportsuiteid><pagename>cmp : Roadie - Install Start</pagename><events>event5</events><prop1>cmp :</prop1><prop2>cmp :</prop2><eVar6>Download | Roadie | waol_0.4343.2046.1 | Install Start</eVar6><prop49>xml api</prop49><prop16>Roadie | Install Start | waol_0.4343.2046.1</prop16><visitorid>5521342234851328-107563412127135</visitorid><prop3>gmt_5</prop3><prop24>uaid_na</prop24></request>
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:56:11 GMT
Server: Omniture DC/2.0.0
Access-Control-Allow-Origin: *
X-C: ms-4.9.4
Expires: Thu, 16 Apr 2015 09:56:11 GMT
Last-Modified: Sat, 18 Apr 2015 09:56:11 GMT
Cache-Control: no-cache, no-store, max-age=0, no-transform, private
Pragma: no-cache
ETag: "5530D8BB-A13C-05581B1A"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www872
Content-Length: 64
Content-Type: text/xml
Connection: close
<?xml version="1.0" encoding="UTF-8"?>.<status>SUCCESS</status>...
GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c811f53d313ecf39 HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 24 Mar 2015 16:17:41 GMT
If-None-Match: "804047d4e66d01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com
HTTP/1.1 304 Not Modified
Content-Type: application/octet-stream
Last-Modified: Tue, 24 Mar 2015 16:17:41 GMT
ETag: "804047d4e66d01:0"
Cache-Control: max-age=86400
Date: Fri, 17 Apr 2015 09:54:37 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/octet-stream..Last-Modified: Tue, 24 Mar 2015 16:17:41 GMT..ETag: "804047d4e66d01:0"..Cache-Control: max-age=86400..Date: Fri, 17 Apr 2015 09:54:37 GMT..Connection: keep-alive......
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab?9bae0654c986f0bb HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 24 Feb 2015 00:37:01 GMT
If-None-Match: "80b4d90ca4fd01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com
HTTP/1.1 304 Not Modified
Content-Type: application/octet-stream
Last-Modified: Tue, 24 Feb 2015 00:37:01 GMT
ETag: "80b4d90ca4fd01:0"
Cache-Control: max-age=604800
Date: Fri, 17 Apr 2015 09:55:10 GMT
Connection: keep-alive
....
GET /msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt?cea8345e4b49256e HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com
HTTP/1.1 200 OK
Content-Type: application/x-x509-ca-cert
Last-Modified: Fri, 20 Feb 2015 20:14:50 GMT
Accept-Ranges: bytes
ETag: "05934e1494dd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 1070
Date: Fri, 17 Apr 2015 09:55:10 GMT
Connection: keep-alive
0..*0..........8c..0...*.H........0..1.0...U....Entrust.net1@0>..U...7VVV.entrust.net/CPS_2048 incorp. by ref. (limits liab.)1%0#..U....(c) 1999 Entrust.net Limited1301..U...*Entrust.net Certification Authority (2048)0...991224175051Z..290724141512Z0..1.0...U....Entrust.net1@0>..U...7VVV.entrust.net/CPS_2048 incorp. by ref. (limits liab.)1%0#..U....(c) 1999 Entrust.net Limited1301..U...*Entrust.net Certification Authority (2048)0.."0...*.H.............0.........MK...... ...d* K...JM...v.g.x@.sB.h..S .^.v.5....|.:..[....$......}..kK.......@$..t....).....w.U...~.jd.....[.2Po=..f.....I.v.I.......g/...q.`.-.,..vf{...x.eS]<....)../.P..H..2U...dL....u.....U`.0).{H.i..5?..]zz......"T...&...Ih...G...B..M.o&...!bfCp...........B0@0...U...........0...U.......0....0...U......U...........1..$...p0...*.H.............;..V.0.S.|zy.M.........3|Fc..f$.@.!'..rs.O.1....LhS.........]=..n.......?....../....W,.....D...O...}W./...Z..n..:....ly^y.....L.;e<..=..........^[..#.h....'\.-o0......Z....'..y..y.3W.....Bl..V..m....~....!...<y/^..L...."7..C.......g.oH..V... |^.v.Y..|.5.eQHTTP/1.1 200 OK..Content-Type: application/x-x509-ca-cert..Last-Modified: Fri, 20 Feb 2015 20:14:50 GMT..Accept-Ranges: bytes..ETag: "05934e1494dd01:0"..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Content-Length: 1070..Date: Fri, 17 Apr 2015 09:55:10 GMT..Connection: keep-alive..0..*0..........8c..0...*.H........0..1.0...U....Entrust.net1@0>..U...7VVV.entrust.net/CPS_2048 incorp. by ref. (limits liab.)1%0#..U....(c) 1999 Entrust.net Limit
<<< skipped >>>
GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c47dea64dd07db25 HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 24 Mar 2015 16:17:41 GMT
If-None-Match: "804047d4e66d01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com
HTTP/1.1 304 Not Modified
Content-Type: application/octet-stream
Last-Modified: Tue, 24 Mar 2015 16:17:41 GMT
ETag: "804047d4e66d01:0"
Cache-Control: max-age=86400
Date: Fri, 17 Apr 2015 09:55:12 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/octet-stream..Last-Modified: Tue, 24 Mar 2015 16:17:41 GMT..ETag: "804047d4e66d01:0"..Cache-Control: max-age=86400..Date: Fri, 17 Apr 2015 09:55:12 GMT..Connection: keep-alive..
GET /clients/bush/waol/0.4343.2046.1/comps/acs/setup.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:25 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 169064
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:25 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........m..................................[...L................/......5/......L...........s...5(..............................#...............Rich............................PE..L...B..E.............................-............@..................................{.............................. O..Z....>..........`0..............h............................................................................................text............................... ..`.rdata..zo.......p..................@..@.data....>...P.......<..............@....rsrc...`0.......2...N..............@..@................................................................................................................................................................................................................................................................................................................................V.w...(.B.......g....^.V........D$..t.V.....Y..^...U..QV...F.W..(.B..8;..}.t1.G...t.P.]...Y.....t....t.W.J...Y.U..3....}.;~.u..F...t.P.,....f..Y....*..._^..V.t$.WV...~.....Y.G.t.....u.3.@.D<-t.</t.3..8S...B........-t.HHu)..V...P.....V...P.FSV.........YYu.@[_^...3...V.t$...tD.>.u?W.|$.hx.B.W.......YYt. .PWV.....ht.B.V.]........WV.A...YY3.@_..3.^...U..QVW.....W.M.........u.Y..t.Wj.P...........8.t.3.......}.S.G.h..B.P.(....x.B.SW.E.............u.3.@.UGSW.....;.YYt.;}.t@.?"t..M...W.6.P..0Ghp.B
<<< skipped >>>
HEAD /clients/bush/waol/0.4343.2046.1/comps/flashPlayer/install_flash_player_11_plugin.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:56:01 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 17736296
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:06:01 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
HEAD /clients/bush/waol/0.4343.2046.1/comps/acs/comps/ocpchk.dll HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:34 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 15144
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:34 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
HEAD /clients/bush/waol/0.4343.2046.1/comps/acs/gui.dll HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:44 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 472680
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:44 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 24 Mar 2015 05:02:25 GMT
If-None-Match: "a1132b8ef65d01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 304 Not Modified
Content-Type: application/pkix-crl
Last-Modified: Tue, 24 Mar 2015 05:02:25 GMT
ETag: "a1132b8ef65d01:0"
Cache-Control: max-age=900
Date: Fri, 17 Apr 2015 09:55:56 GMT
Connection: keep-alive
....
GET /pki/crl/products/WinPCA.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 07 Mar 2015 06:01:44 GMT
If-None-Match: "dde36a309c58d01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 304 Not Modified
Content-Type: application/pkix-crl
Last-Modified: Sat, 07 Mar 2015 06:01:44 GMT
ETag: "dde36a309c58d01:0"
Cache-Control: max-age=900
Date: Fri, 17 Apr 2015 09:55:56 GMT
Connection: keep-alive
....
GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 05 Mar 2015 06:01:35 GMT
If-None-Match: "cf2633d6957d01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 304 Not Modified
Content-Type: application/pkix-crl
Last-Modified: Thu, 05 Mar 2015 06:01:35 GMT
ETag: "cf2633d6957d01:0"
Cache-Control: max-age=900
Date: Fri, 17 Apr 2015 09:55:56 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/pkix-crl..Last-Modified: Thu, 05 Mar 2015 06:01:35 GMT..ETag: "cf2633d6957d01:0"..Cache-Control: max-age=900..Date: Fri, 17 Apr 2015 09:55:56 GMT..Connection: keep-alive..
HEAD /clients/bush/waol/0.4343.2046.1/comps/acs/comps/AcsInstA.dll HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:24 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 46184
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:24 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
HEAD /clients/bush/waol/0.4343.2046.1/comps/browser/aolbwsrinst.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:53 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 1096736
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:53 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
HEAD /clients/bush/waol/0.4343.2046.1/comps/tpspd/wbsetup.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:55 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 556240
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:55 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
GET /clients/bush/waol/0.4343.2046.1/comps/tpspd/wbsetup.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:56 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 556240
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:56 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........L...L...L.......M.......M..._...N.......F.......I...L.......I...G.......M...I...M...RichL...........PE..L...2.6D.................~..........b9............@..........................@.......Y......................................p............@..........hh..h............................................................................................text....|.......~.................. ..`.rdata...4.......6..................@..@.data...4r..........................@....ndata.......P...........................rsrc....@.......@..................@..@........................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H.....AC..H.P.u..u..u...p.@..B...SV.5.AC.W.E.P.u.....@..e...E..E.P.u...t.@..}..e....@.@........FR..VV..U... M.........3..M.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...D.@..E..P.E..E.P.u...x.@..u....E..9}...w....~X.te.v4..H.@....E.tU.}.j.W.E......E.......L.@..vXW..P.@..u..5X.@.W..h ....E..E.Pj.h.9C.W..|.@..u.W...u....E.P.u.....@._^3.[.....L$...AC...i......T.....tUVW.q.3.;5.AC.sD..i......D..S.....t.G.....t...O..t .....u...3....3...F.....;5.AC.r.[_^...U..QQ.U.SV..i....
<<< skipped >>>
GET /clients/bush/waol/0.4343.2046.1/comps/browser/aolbwsrlp.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:47 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 106568
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:47 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........L...L...L.......M.......M..._...N.......F.......I...L.......I...G.......M...I...M...RichL...........PE..L...<.6D.................|...........;............@..........................p.......................................................`..................h............................................................................................text...bz.......|.................. ..`.rdata...3.......4..................@..@.data...T...........................@....ndata...................................rsrc........`......................@..@........................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H......B..H.P.u..u..u...p.@..B...SV.5..B.W.E.P.u.....@..e...E..E.P.u...t.@..}..e....@.@........FR..VV..U... M.........3..M.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...D.@..E..P.E..E.P.u...x.@..u....E..9}...w....~X.te.v4..H.@....E.tU.}.j.W.E......E.......L.@..vXW..P.@..u..5X.@.W..h ....E..E.Pj.h..B.W..|.@..u.W...u....E.P.u.....@._^3.[.....L$....B...i......T.....tUVW.q.3.;5..B.sD..i......D..S.....t.G.....t...O..t .....u...3....3...F.....;5..B.r.[_^...U..QQ.U.SV..i.
<<< skipped >>>
HEAD /clients/bush/waol/0.4343.2046.1/comps/parcon/AOLParconLink.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:58 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 58696
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:58 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
GET /clients/bush/waol/0.4343.2046.1/comps/acs/comps/instSup.dll HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:18 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 74536
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:18 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.........XD..6...6...6.l./...6...k...6...k...6...i...6...V...6..._...6...i...6...7.D.6...2...6...8...6...<...6...V...6...9...6...R...6...j...6.z.h...6...l...6.Rich..6.........................PE..L....}.H...........!.....p..........M@.............................................. ...................................}...@...........P...............(....... ....................................................................................text....d.......p.................. ..`.rdata...G.......P..................@..@.data...x...........................@....rsrc...P...........................@..@.reloc..(........ ..................@..B.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
<<< skipped >>>
HEAD /clients/bush/waol/0.4343.2046.1/comps/tb/tbsetup.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:35 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 417240
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:35 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
GET /clients/bush/waol/0.4343.2046.1/comps/flashPlayer/aolswfchk.dll HTTP/1.1
Host: download.newaol.com:80
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:54:38 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 52328
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:04:38 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u...u...u...|.g.j...|.v.d...|.`.#...Rf..|...u.......|.i.w...|.q.t...|.r.t...Richu...........PE..L......R...........!.....t...@...... ...............................................:N......................................<...d.......................h.......l...................................H...@............................................text...Or.......t.................. ..`.rdata.."!......."...x..............@..@.data...@...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................U..Q.E.VP.=....}..Y..t..u..:...Y...u.j.X..3.@;.t.3....t.......@@^.......3..U......e..W.}.j.X.E..........'.SV......,..................j........Y...t.hh...V.H...YY..uc.u..i.....tR...}........t4.e...e.....3.u..}......Y..t..u..E......Y.E..3.*......E......u..W...Y.E...j.X^[_..3.@...U.....S3..]..]..].;........E.P.E.P.E........YY..tu.E.Pj.S.u..u.........u^W.=.....E.PS.E.PS.u..]..u.....u4.}..u..u......Y.M.QPSS.u....u.....u..E.....6.....Y...u......._9].t..u......Y9].t..u......Y.E.[..U.....S.E.P.u.3..]......I....E
<<< skipped >>>
GET /clients/bush/waol/0.4343.2046.1/comps/acs/comps/acscore.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:59 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 1489776
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:59 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........L...L...L.......M.......M..._...N.......F.......I...L.......I...G.......M...I...M...RichL...........PE..L...<.6D.................|...........;............@..................................b...............................................p..................h............................................................................................text...bz.......|.................. ..`.rdata...3.......4..................@..@.data...T...........................@....ndata...................................rsrc........p......................@..@........................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H......B..H.P.u..u..u...p.@..B...SV.5..B.W.E.P.u.....@..e...E..E.P.u...t.@..}..e....@.@........FR..VV..U... M.........3..M.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...D.@..E..P.E..E.P.u...x.@..u....E..9}...w....~X.te.v4..H.@....E.tU.}.j.W.E......E.......L.@..vXW..P.@..u..5X.@.W..h ....E..E.Pj.h..B.W..|.@..u.W...u....E.P.u.....@._^3.[.....L$....B...i......T.....tUVW.q.3.;5..B.sD..i......D..S.....t.G.....t...O..t .....u...3....3...F.....;5..B.r.[_^...U..QQ.U.SV..i.
<<< skipped >>>
HEAD /clients/bush/waol/0.4343.2046.1/comps/acs/AcsInstA.dll HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:15 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 46184
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:15 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
GET /clients/bush/waol/0.4343.2046.1/comps/flashPlayer/aolswfchk.dll HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:40 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 52328
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:40 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u...u...u...|.g.j...|.v.d...|.`.#...Rf..|...u.......|.i.w...|.q.t...|.r.t...Richu...........PE..L......R...........!.....t...@...... ...............................................:N......................................<...d.......................h.......l...................................H...@............................................text...Or.......t.................. ..`.rdata.."!......."...x..............@..@.data...@...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................U..Q.E.VP.=....}..Y..t..u..:...Y...u.j.X..3.@;.t.3....t.......@@^.......3..U......e..W.}.j.X.E..........'.SV......,..................j........Y...t.hh...V.H...YY..uc.u..i.....tR...}........t4.e...e.....3.u..}......Y..t..u..E......Y.E..3.*......E......u..W...Y.E...j.X^[_..3.@...U.....S3..]..]..].;........E.P.E.P.E........YY..tu.E.Pj.S.u..u.........u^W.=.....E.PS.E.PS.u..]..u.....u4.}..u..u......Y.M.QPSS.u....u.....u..E.....6.....Y...u......._9].t..u......Y9].t..u......Y.E.[..U.....S.E.P.u.3..]......I....E
<<< skipped >>>
HEAD /clients/bush/waol/0.4343.2046.1/comps/acs/comps/acscore.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:59 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 1489776
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:59 GMT
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Content-Type: application/x-msdownload
POST /b/ss//6 HTTP/1.1
Host: instlxml1.sa.aol.com
Connection: close
Content-Length: 504
<?xml version="1.0" encoding="UTF-8"?><request><events>prodview</events><prop1>cmp :</prop1><prop2>cmp :</prop2><prop49>xml api</prop49><eVar5>Download | Roadie | waol_0.4343.2046.1 | Download Start</eVar5><prop16>Roadie | Download Start | waol_0.4343.2046.1</prop16><reportsuiteid>aoljet</reportsuiteid><pagename>cmp : Roadie - Download Start</pagename><products>;waol_0.4343.2046.1</products><visitorid>4611232406744064-672205304002741</visitorid><prop3>gmt_5</prop3><prop24>uaid_na</prop24></request>
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:54:40 GMT
Server: Omniture DC/2.0.0
Access-Control-Allow-Origin: *
X-C: ms-4.9.4
Expires: Thu, 16 Apr 2015 09:54:40 GMT
Last-Modified: Sat, 18 Apr 2015 09:54:40 GMT
Cache-Control: no-cache, no-store, max-age=0, no-transform, private
Pragma: no-cache
ETag: "5530D860-6B45-0431F54D"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www357
Content-Length: 64
Content-Type: text/xml
Connection: close
<?xml version="1.0" encoding="UTF-8"?>.<status>SUCCESS</status>...
HEAD /clients/bush/waol/0.4343.2046.1/comps/toolbar/aol_trio.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:27 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 9359016
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:27 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
HEAD /clients/bush/waol/0.4343.2046.1/comps/acs/comps/instSup.dll HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:18 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 74536
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:18 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
HEAD /clients/bush/waol/0.4343.2046.1/comps/acs/comps/ocpgc.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:47 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 62248
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:47 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
GET /clients/bush/waol/0.4343.2046.1/roadie1.8.4.1/roadie.loc HTTP/1.1
Host: download.newaol.com:80
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:54:38 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 31187
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:04:38 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/plain
//////////////////////////..// Picker Support Files //..//////////////////////////..[CHECK]..F1=download.newaol.com/clients/bush/waol/0.4343.2046.1/comps/flashPlayer/aolswfchk.dll;52328..[OS]..VISTA=VISTA..XP=XP..XP64=XP64..VISTA64=VISTA64..WIN7_32=WIN7_32..WIN7_64=WIN7_64..[OMS_APPSTART]..reportsuiteid=aoljet..pagename=cmp : Roadie - App Start..events=event1..eVar1=Download | Roadie | %PACKAGEID% | Application Start..prop1=cmp :..prop2=cmp :..prop49=xml api..prop16=Roadie | App Start | %PACKAGEID%..[OMS_NONQUAL]..reportsuiteid=aoljet..pagename=cmp : Roadie - Non Qualification..events=event2..eVar2=Download | Roadie |%PACKAGEID% | Non Qual..prop1=cmp :..prop2=cmp :..prop49=xml api..prop16=Roadie | Non Qualification | %PACKAGEID%..[OMS_DLSTART]..reportsuiteid=aoljet..pagename=cmp : Roadie - Download Start..events=prodview..prop1=cmp :..prop2=cmp :..prop49=xml api..products=;%PACKAGEID%..eVar5=Download | Roadie | %PACKAGEID% | Download Start..prop16=Roadie | Download Start | %PACKAGEID%..[OMS_USERCANCEL]..reportsuiteid=aoljet..pagename=cmp : Roadie - User Cancel..events=event3..eVar3=Download | Roadie | %PACKAGEID% | User Cancel..prop1=cmp :..prop2=cmp :..prop49=xml api..prop16=Roadie | User Cancel | %PACKAGEID%..[OMS_INSTALLSTART]..reportsuiteid=aoljet..pagename=cmp : Roadie - Install Start..events=event5..prop1=cmp :..prop2=cmp :..eVar6=Download | Roadie | %PACKAGEID% | Install Start..prop49=xml api..prop16=Roadie | Install Start | %PACKAGEID%..[OMS_DLCOMPLETE]..reportsuiteid=aoljet,aolcmp,aolsvc..pagename=cmp
<<< skipped >>>
GET /clients/bush/waol/0.4343.2046.1/waol-0.4343.2046.1.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:11 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 1584744
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:11 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................I. ...............#.......5.D...............g.............2.......$.......".......'.....Rich............PE..L....H.R.............................3............@................................. ...........................................@.......x...............h...............................................................H...4...@....................text............................... ..`.rdata...?.......@..................@..@.data............0..................@....rsrc...x...........................@..@.................................................................................................................................................................................................................................................................................................................................................................................|$.....u.......t$........A........J........Q...R...t$..U...Y....D$.V....t..@.P....E.P...H$..^...U...E...t..@..u$.u .u.P.u..u..u..u..q.....E.]. ..t$..q ....E.....D$...|...;B....B..........hW....:....h...../....U..QQSV.1.^.....M.....W.]..P...j..u.........u.......E.;.}...@P.N.QP._.S......E.......G.......E._^..[.....T$.V.......9P...}...~.W.9j.RP.W._..u..b........^...V...L$...u.h.@...}......P........^......P....V.t$.;.~....x..~.V. ....".@.;.}......;.~.......;.}...P.d...^...V....1..P.........^.V....3....A H..@.
<<< skipped >>>
HEAD /clients/bush/waol/0.4343.2046.1/comps/acs/comps/AcsInstC.dll HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:32 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 37992
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:32 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
HEAD /clients/bush/waol/0.4343.2046.1/comps/acs/ecuchk.dll HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:55 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 11080
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:55 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Tue, 14 Apr 2015 05:02:07 GMT
Accept-Ranges: bytes
ETag: "2711f7277076d01:0"
Server: Microsoft-IIS/8.5
VTag: 791500626200000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 554
Cache-Control: max-age=900
Date: Fri, 17 Apr 2015 09:59:22 GMT
Connection: keep-alive
0..&0......0...*.H........0y1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1#0!..U....Microsoft Code Signing PCA..150413163223Z..150713045223Z.a0_0...U.#..0..........X..7.3...L...0... .....7.........0...U......Z0... .....7......150712164223Z0...*.H.............WK....e.\.-.n......./......."]..E!.. //=...[....w... ..........#...[.l.J..f|..... .s......w...J._.......3.[..#.z....ko.I..Q{....e.nV......F..d}..rF\H.jlH]dQ.E....x......W............j....&L. 2.$.?...X?.#.(.....pK.v.......y..r....t......=.AW......K.G.gJD.b...
GET /clients/bush/waol/0.4343.2046.1/comps/acs/instSup.dll HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:35 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 74856
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:35 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.........XD..6...6...6.l./...6...k...6...k...6...i...6...V...6..._...6...i...6...7.D.6...2...6...8...6...<...6...V...6...9...6...R...6...j...6.z.h...6...l...6.Rich..6.........................PE..L....}.H...........!.....p..........M@..................................................................................}...@...........P...............h....... ....................................................................................text....d.......p.................. ..`.rdata...G.......P..................@..@.data...x...........................@....rsrc...P...........................@..@.reloc..(........ ..................@..B.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
<<< skipped >>>
HEAD /clients/bush/waol/0.4343.2046.1/comps/browser/aolbwsrlp.exe HTTP/1.1
Host: download.newaol.com:80
User-Agent: Roadie
Connection: close
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2015 09:55:47 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 106568
Cache-Control: max-age=600
Expires: Fri, 17 Apr 2015 10:05:47 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
Map
The Malware connects to the servers at the folowing location(s):
Strings from Dumps
waol-0.4343.2046.1.exe_688:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
t9It.It#It
t9It.It#It
PSSSSSSh
PSSSSSSh
SSSh@
SSSh@
~,.tM
~,.tM
tGHt.Ht&
tGHt.Ht&
AUu.AUuI
AUu.AUuI
%s (%s:%d)
%s (%s:%d)
C:\PROGRA~1\MICROS~1.0\VC\ATLMFC\INCLUDE\afxwin1.inl
C:\PROGRA~1\MICROS~1.0\VC\ATLMFC\INCLUDE\afxwin1.inl
-v %s
-v %s
sShortDate
sShortDate
%s\%s
%s\%s
%s\*.*
%s\*.*
%d.%d%c
%d.%d%c
Disk.cpp
Disk.cpp
KERNEL32.dll
KERNEL32.dll
install.ini
install.ini
comps.ini
comps.ini
media.ini
media.ini
Update movie file %s
Update movie file %s
Flash initialized, Version %d.%d
Flash initialized, Version %d.%d
CLSID\%s\InProcServer32
CLSID\%s\InProcServer32
USER32.DLL
USER32.DLL
iexplore.exe
iexplore.exe
C:\PROGRA~1\MICROS~1.0\VC\ATLMFC\INCLUDE\afxwin2.inl
C:\PROGRA~1\MICROS~1.0\VC\ATLMFC\INCLUDE\afxwin2.inl
--:--:--
--:--:--
%ld.%ld,%s
%ld.%ld,%s
4343.2046
4343.2046
Unknown ErrorCode:%d ExitCode:%d
Unknown ErrorCode:%d ExitCode:%d
Directory path contains waol.exe client
Directory path contains waol.exe client
Windows must reboot to complete install
Windows must reboot to complete install
{D27CDB6E-AE6D-11cf-96B8-444553540000}
{D27CDB6E-AE6D-11cf-96B8-444553540000}
[ERRORUnsupportedToken]
[ERRORUnsupportedToken]
kernel32.dll
kernel32.dll
Windows 2000
Windows 2000
Windows Server 2003
Windows Server 2003
Windows XP
Windows XP
Windows Home Server
Windows Home Server
Windows Server 2008
Windows Server 2008
Windows Vista
Windows Vista
Windows Server 2008 R2
Windows Server 2008 R2
Windows 7
Windows 7
Windows 8
Windows 8
Older than Windows 2000
Older than Windows 2000
installOmniture.loc
installOmniture.loc
installOmniture.ini
installOmniture.ini
%s\idb\SNmaster.idx
%s\idb\SNmaster.idx
%s|%s*%s
%s|%s*%s
%s*%s
%s*%s
Found build = %d.%d%c
Found build = %d.%d%c
Client is %s version -- %s
Client is %s version -- %s
%s,%d,%d
%s,%d,%d
DBGetClientInfo Path = %s ,szScreenName=%s , Version = %s
DBGetClientInfo Path = %s ,szScreenName=%s , Version = %s
successfully wrote %d bytes...
successfully wrote %d bytes...
writing %d bytes...
writing %d bytes...
Writing component to %s...
Writing component to %s...
CComponent::Write() - Resource size = %d
CComponent::Write() - Resource size = %d
CComponent::Write() - Finding resource %d ...
CComponent::Write() - Finding resource %d ...
%s%s%s
%s%s%s
CScript::Execute() -- CreateProcess() failed for file %s
CScript::Execute() -- CreateProcess() failed for file %s
"%s" %s
"%s" %s
CScript:Execute() - CreateProcess() creating script process
CScript:Execute() - CreateProcess() creating script process
install.log
install.log
webregError
webregError
webregSN
webregSN
AOL Software.Exe Running Path - %s
AOL Software.Exe Running Path - %s
"%s\aolsoftware.exe"
"%s\aolsoftware.exe"
progress.dll
progress.dll
%s\%s.lnk
%s\%s.lnk
%s.lnk
%s.lnk
Install : CreateProcess = Inside %s%
Install : CreateProcess = Inside %s%
Install : CreateProcess = %s%
Install : CreateProcess = %s%
GL*.TMP
GL*.TMP
launcher.dll
launcher.dll
instph.dll
instph.dll
install.dll
install.dll
deleting ProgUpd.dll
deleting ProgUpd.dll
Location of client to upgrade '%s'
Location of client to upgrade '%s'
Upgrading from Client Version '%s' (Codebase '%s')
Upgrading from Client Version '%s' (Codebase '%s')
%s\win.ini
%s\win.ini
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
%c:\%s
%c:\%s
SystemChecks() : Insufficient HD space. Size of component resources = %d ( 1MB), Available space (%s) = %d
SystemChecks() : Insufficient HD space. Size of component resources = %d ( 1MB), Available space (%s) = %d
triggering windows restart...
triggering windows restart...
d-d-d d.d.d
d-d-d d.d.d
Running client -> %s
Running client -> %s
100%s
100%s
Launching client ... %s
Launching client ... %s
waolinstallgui.cpp
waolinstallgui.cpp
%s\AOLFirewallMgr.ini
%s\AOLFirewallMgr.ini
%s\AOLFirewallMgr.dll
%s\AOLFirewallMgr.dll
%s\AOLInstallerFW.dll
%s\AOLInstallerFW.dll
gScript.Execute returned RESULT_ERROR
gScript.Execute returned RESULT_ERROR
gScript.Execute returned RESULT_NOT_NT_ADMIN.
gScript.Execute returned RESULT_NOT_NT_ADMIN.
gScript.Execute returned RESULT_FILES_IN_USE
gScript.Execute returned RESULT_FILES_IN_USE
gScript.Execute returned RESULT_MISSINGCOMPS
gScript.Execute returned RESULT_MISSINGCOMPS
gScript.Execute returned RESULT_NOMINBROWSER
gScript.Execute returned RESULT_NOMINBROWSER
gScript.Execute returned RESULT_DISKSPACEERROR
gScript.Execute returned RESULT_DISKSPACEERROR
gScript.Execute returned RESULT_CANCEL_NOGUI
gScript.Execute returned RESULT_CANCEL_NOGUI
gScript.Execute returned RESULT_CANCEL
gScript.Execute returned RESULT_CANCEL
gScript.Execute returned RESULT_INCORRECTOS
gScript.Execute returned RESULT_INCORRECTOS
gScript.Execute returned RESULT_SUCCESS
gScript.Execute returned RESULT_SUCCESS
ERROR: gScript.Execute returned an unexpected code. Verify processing.
ERROR: gScript.Execute returned an unexpected code. Verify processing.
ERROR: gScript.Execute returned RESULT_NOT_NT_ADMIN.
ERROR: gScript.Execute returned RESULT_NOT_NT_ADMIN.
ERROR: gScript.Execute returned RESULT_FILES_IN_USE.
ERROR: gScript.Execute returned RESULT_FILES_IN_USE.
gScript.Execute returned RESULT_NOMINBROWSER.
gScript.Execute returned RESULT_NOMINBROWSER.
progupd.dll
progupd.dll
\\.\Pipe\AOLINST
\\.\Pipe\AOLINST
%s
%s
Last Error: %ld-%s
Last Error: %ld-%s
ASSERT FAILED in %s line %d -->> '%s'
ASSERT FAILED in %s line %d -->> '%s'
SUDSUpdate.ini
SUDSUpdate.ini
Software\MyWebSearch\OEHosts
Software\MyWebSearch\OEHosts
\StringFileInfo\%s\%s
\StringFileInfo\%s\%s
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
shell32.dll
shell32.dll
shfolder.dll
shfolder.dll
%s\appdata.ini
%s\appdata.ini
AOLSearchAsDefaultForFireFox
AOLSearchAsDefaultForFireFox
Kernel32.DLL
Kernel32.DLL
AOL.EXE
AOL.EXE
KERNEL32.DLL
KERNEL32.DLL
StatusKey
StatusKey
Loading advapi32.dll - Service Beginning
Loading advapi32.dll - Service Beginning
advapi32.dll
advapi32.dll
Advapi32.dll
Advapi32.dll
DeCon.exe
DeCon.exe
Software\Microsoft\Windows\CurrentVersion\RunOnce
Software\Microsoft\Windows\CurrentVersion\RunOnce
%s\aolreboot
%s\aolreboot
SENSAPI.DLL
SENSAPI.DLL
\AOL.cfg
\AOL.cfg
UpdateTrustedAdobeClients STarted... %s
UpdateTrustedAdobeClients STarted... %s
\waol.exe
\waol.exe
sIni.lpszDestDir = %s
sIni.lpszDestDir = %s
CASADIL.phx
CASADIL.phx
\*.lnk
\*.lnk
csafe.vxd
csafe.vxd
Exit Flash Installation %d
Exit Flash Installation %d
"%s\%s" %s
"%s\%s" %s
"%s\%s" %s %s
"%s\%s" %s %s
10.1.53.64
10.1.53.64
waol.exe
waol.exe
FunWebProuct
FunWebProuct
-r"%s:%s"
-r"%s:%s"
%s\$Recycle.bin
%s\$Recycle.bin
%s\Recycler
%s\Recycler
%s\Recycled
%s\Recycled
CLSID\{645FF040-5081-101B-9F08-00AA002F954E}
CLSID\{645FF040-5081-101B-9F08-00AA002F954E}
INSTEXE
INSTEXE
DOSETCERT2KEYS
DOSETCERT2KEYS
CERTPSWD
CERTPSWD
CERTNUMBER
CERTNUMBER
Comparing...installer primary language=0x%x, installer sub-language=0x%x
Comparing...installer primary language=0x%x, installer sub-language=0x%x
Checking languages : OS primary language=0x%x, sub-language=0x%x
Checking languages : OS primary language=0x%x, sub-language=0x%x
MozillaUIWindowClass
MozillaUIWindowClass
MozillaWindowClass
MozillaWindowClass
%s\%s\%s\
%s\%s\%s\
netapi32.dll
netapi32.dll
wtsapi32.dll
wtsapi32.dll
\\.\Pipe\AOL
\\.\Pipe\AOL
%s - %d%%
%s - %d%%
%d%s
%d%s
[Installer] - setWelcomeFocus - %s
[Installer] - setWelcomeFocus - %s
GUI: Main - WM_INITPROGRESS, %d
GUI: Main - WM_INITPROGRESS, %d
GUI: Main - WM_SHOWPROGRESS, %d
GUI: Main - WM_SHOWPROGRESS, %d
GUI: Stop Timer = %d
GUI: Stop Timer = %d
GUI: Main - WM_UPDATEPROGRESS, %d
GUI: Main - WM_UPDATEPROGRESS, %d
GUI: Secondary - WM_UPDATEPROGRESS, %d
GUI: Secondary - WM_UPDATEPROGRESS, %d
%d
%d
Available Space on Install Drive (%c:): %dK
Available Space on Install Drive (%c:): %dK
Required Space on Install Drive (%c:): %dK
Required Space on Install Drive (%c:): %dK
Available Space on System Drive (%c:): %dK
Available Space on System Drive (%c:): %dK
Required Space on System Drive (%c:): %dK
Required Space on System Drive (%c:): %dK
1%s
1%s
%s,%ld.%ld MB,%ld.%ld MB
%s,%ld.%ld MB,%ld.%ld MB
%s,%ld.%ld GB,%ld.%ld MB
%s,%ld.%ld GB,%ld.%ld MB
[Installer] - getClientList - ReturnValue - %s
[Installer] - getClientList - ReturnValue - %s
%s
%s
\gecko\usr\registry.dat
\gecko\usr\registry.dat
Mozilla\registry.dat
Mozilla\registry.dat
Users/%s
Users/%s
\nsreg.dat
\nsreg.dat
Common/Profiles/%s
Common/Profiles/%s
\cookies.txt
\cookies.txt
%s%s>
%s%s>
POST %s HTTP/1.1
POST %s HTTP/1.1
Host: %s
Host: %s
Content-Length: %d
Content-Length: %d
hXXp://aol.com
hXXp://aol.com
uaid_%s
uaid_%s
IPH.PH
IPH.PH
%sd
%sd
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings
CNotSupportedException
CNotSupportedException
comctl32.dll
comctl32.dll
comdlg32.dll
comdlg32.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
hhctrl.ocx
hhctrl.ocx
commctrl_DragListMsg
commctrl_DragListMsg
CCmdTarget
CCmdTarget
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
ntdll.dll
ntdll.dll
%s%s.dll
%s%s.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp
RICHED20.DLL
RICHED20.DLL
mfcm90.dll
mfcm90.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
user32.dll
user32.dll
ole32.dll
ole32.dll
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
operator
operator
GetProcessWindowStation
GetProcessWindowStation
OLEACC.dll
OLEACC.dll
WININET.dll
WININET.dll
GetProcessHeap
GetProcessHeap
WinExec
WinExec
GetWindowsDirectoryA
GetWindowsDirectoryA
CreateNamedPipeA
CreateNamedPipeA
DisconnectNamedPipe
DisconnectNamedPipe
ConnectNamedPipe
ConnectNamedPipe
WaitNamedPipeA
WaitNamedPipeA
GetCPInfo
GetCPInfo
PeekNamedPipe
PeekNamedPipe
GetConsoleOutputCP
GetConsoleOutputCP
ExitWindowsEx
ExitWindowsEx
UnhookWindowsHookEx
UnhookWindowsHookEx
GetKeyState
GetKeyState
SetWindowsHookExA
SetWindowsHookExA
CreateDialogIndirectParamA
CreateDialogIndirectParamA
USER32.dll
USER32.dll
GetViewportExtEx
GetViewportExtEx
SetViewportOrgEx
SetViewportOrgEx
OffsetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetViewportExtEx
ScaleViewportExtEx
ScaleViewportExtEx
GDI32.dll
GDI32.dll
MSIMG32.dll
MSIMG32.dll
COMDLG32.dll
COMDLG32.dll
WINSPOOL.DRV
WINSPOOL.DRV
RegCloseKey
RegCloseKey
RegOpenKeyExA
RegOpenKeyExA
RegOpenKeyA
RegOpenKeyA
RegCreateKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteKeyA
RegEnumKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegQueryInfoKeyA
RegEnumKeyA
RegEnumKeyA
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteA
ShellExecuteA
SHFileOperationA
SHFileOperationA
SHELL32.dll
SHELL32.dll
SHLWAPI.dll
SHLWAPI.dll
oledlg.dll
oledlg.dll
OLEAUT32.dll
OLEAUT32.dll
VERSION.dll
VERSION.dll
WS2_32.dll
WS2_32.dll
setup.exe
setup.exe
_NR_RegAddKey@16
_NR_RegAddKey@16
_NR_RegAddKeyRaw@16
_NR_RegAddKeyRaw@16
_NR_RegDeleteKey@12
_NR_RegDeleteKey@12
_NR_RegDeleteKeyRaw@12
_NR_RegDeleteKeyRaw@12
_NR_RegEnumSubkeys@24
_NR_RegEnumSubkeys@24
_NR_RegGetKey@16
_NR_RegGetKey@16
_NR_RegGetKeyRaw@16
_NR_RegGetKeyRaw@16
_VR_UninstallDeleteSharedFilesKey@4
_VR_UninstallDeleteSharedFilesKey@4
.PAVCException@@
.PAVCException@@
.?AVCCmdTarget@@
.?AVCCmdTarget@@
.?AVCCmdLineInfo@@
.?AVCCmdLineInfo@@
.?AVCAOLInstCmdLine@@
.?AVCAOLInstCmdLine@@
.?AVCMozillaCookie@@
.?AVCMozillaCookie@@
\mozregistry.dat
\mozregistry.dat
%s #%d
%s #%d
.PAVCOleException@@
.PAVCOleException@@
.PAVCObject@@
.PAVCObject@@
.PAVCMemoryException@@
.PAVCMemoryException@@
.PAVCSimpleException@@
.PAVCSimpleException@@
.PAVCNotSupportedException@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.PAVCInvalidArgException@@
.?AVCNotSupportedException@@
.?AVCNotSupportedException@@
.PAVCResourceException@@
.PAVCResourceException@@
.PAVCUserException@@
.PAVCUserException@@
.?AVCTestCmdUI@@
.?AVCTestCmdUI@@
.?AVCCmdUI@@
.?AVCCmdUI@@
.PAVCFileException@@
.PAVCFileException@@
.PAVCArchiveException@@
.PAVCArchiveException@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@
.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@
.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@
.PAVCOleDispatchException@@
.PAVCOleDispatchException@@
zcÃ
zcÃ
hXXp://free.aol.com/tryaolfree/
hXXp://free.aol.com/tryaolfree/
instlxml1.sa.aol.com
instlxml1.sa.aol.com
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\installOmniture.ini
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\installOmniture.ini
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\installOmniture.loc
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\installOmniture.loc
%Program Files% (x86)\AOL Desktop 9.7
%Program Files% (x86)\AOL Desktop 9.7
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\waol-0.4343.2046.1.exe
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\waol-0.4343.2046.1.exe
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comp01.000
C:\ProgramData\AOL Downloads\waol\0.4343.2046.1\comp01.000
C:\IPH.PH
C:\IPH.PH
7'&&&$($($$
7'&&&$($($$
)NaQ.SaI
)NaQ.SaI
@.reloc
@.reloc
YYSShh
YYSShh
PSVSSShli
PSVSSShli
ProgUpd Error: Failed to notify Launcher that progress received for '%s'
ProgUpd Error: Failed to notify Launcher that progress received for '%s'
UpdateProgress(): Progress value of %d%% received for '%s' is out of valid range of 0% to 100%.
UpdateProgress(): Progress value of %d%% received for '%s' is out of valid range of 0% to 100%.
ProgUpd Error: Progress value of %d%% received for '%s' is out of valid range of 0% to 100%.
ProgUpd Error: Progress value of %d%% received for '%s' is out of valid range of 0% to 100%.
ProgUpd Error: Invalid progress value received for '%s'.
ProgUpd Error: Invalid progress value received for '%s'.
UpdateProgress(): Invalid progress value of '%d' received for '%s'.
UpdateProgress(): Invalid progress value of '%d' received for '%s'.
ProgUpd: Repeat of previous progress value received for '%s'.
ProgUpd: Repeat of previous progress value received for '%s'.
ProgUpd: First valid progress update received from '%s'
ProgUpd: First valid progress update received from '%s'
.\AppInfo.cpp
.\AppInfo.cpp
_AOL_INSTEVENT_%s
_AOL_INSTEVENT_%s
ProgUpd: Looking for synchronization event named '%s'...
ProgUpd: Looking for synchronization event named '%s'...
ProgUpd Error: No synchronization event for '%s'.
ProgUpd Error: No synchronization event for '%s'.
.\Event.cpp
.\Event.cpp
ProgUpd Error: Could not set event named '%s'.
ProgUpd Error: Could not set event named '%s'.
ProgUpd: Logfile section set to '%s' - Ret Code = %d
ProgUpd: Logfile section set to '%s' - Ret Code = %d
ProgUpd Error: Logging Error in '%s' at line %d
ProgUpd Error: Logging Error in '%s' at line %d
%s:d
%s:d
.\IPH.cpp
.\IPH.cpp
%s:%ld
%s:%ld
UpdateProgress(): AppID not given with '%d%%' progress update
UpdateProgress(): AppID not given with '%d%%' progress update
ProgUpd: AppID truncated to '%s'.
ProgUpd: AppID truncated to '%s'.
UpdateProgress(): AppID '%s' is too long -- Must be no more than 6 characters.
UpdateProgress(): AppID '%s' is too long -- Must be no more than 6 characters.
UpdateProgress(): AppID contains illegal characters. AppID = '%s'.
UpdateProgress(): AppID contains illegal characters. AppID = '%s'.
ProgUpd Error: AppID contains illegal characters. AppID = '%s'.
ProgUpd Error: AppID contains illegal characters. AppID = '%s'.
`~!@#$%^&*()= {}[]\|:;"',./?
`~!@#$%^&*()= {}[]\|:;"',./?
.\ProgUpd.cpp
.\ProgUpd.cpp
ProgUpd: AppID passed in with '%d%%' progress update is NULL.
ProgUpd: AppID passed in with '%d%%' progress update is NULL.
ProgUpd: Sending reboot request message for '%s'...
ProgUpd: Sending reboot request message for '%s'...
ProgUpd: AppID passed in = '%s'.
ProgUpd: AppID passed in = '%s'.
SetReboot(): AppID '%s' is too long -- Must be no more than 6 characters.
SetReboot(): AppID '%s' is too long -- Must be no more than 6 characters.
ProgUpd - SetReboot called with AppID '%s'.
ProgUpd - SetReboot called with AppID '%s'.
SOFTWARE\America Online\Products\%s\%s
SOFTWARE\America Online\Products\%s\%s
SOFTWARE\America Online\Products\%s\%s\Shortcuts
SOFTWARE\America Online\Products\%s\%s\Shortcuts
SOFTWARE\America Online\Products\%s\%s\EmptyFolders
SOFTWARE\America Online\Products\%s\%s\EmptyFolders
SOFTWARE\America Online\Products\%s\%s\UninstPlugins
SOFTWARE\America Online\Products\%s\%s\UninstPlugins
Software\America Online\Installs\%s
Software\America Online\Installs\%s
%s_%s
%s_%s
%s\References
%s\References
%s_%i
%s_%i
%s_backup
%s_backup
Software\America Online\Products\%s\%s
Software\America Online\Products\%s\%s
%s\Components
%s\Components
Software\America Online\Products\%s
Software\America Online\Products\%s
%s,%s
%s,%s
SOFTWARE\America Online\Installs\%s
SOFTWARE\America Online\Installs\%s
SHDeleteKeyA
SHDeleteKeyA
RegCreateKeyA
RegCreateKeyA
ProgUpd.dll
ProgUpd.dll
;-;6;?;`;
;-;6;?;`;
3 3@3\3`3|3
3 3@3\3`3|3
0VVV.entrust.net/rpa is incorporated by reference1
0VVV.entrust.net/rpa is incorporated by reference1
2Entrust Code Signing Certification Authority - L1D0
2Entrust Code Signing Certification Authority - L1D0
T;B%Sk
T;B%Sk
"hXXp://crl.entrust.net/level1d.crl03
"hXXp://crl.entrust.net/level1d.crl03
hXXp://ocsp.entrust.net0A
hXXp://ocsp.entrust.net0A
hXXp://VVV.entrust.net/rpa0
hXXp://VVV.entrust.net/rpa0
hXXp://ocsp.entrust.net0/
hXXp://ocsp.entrust.net0/
#hXXp://aia.entrust.net/l1d-2048.cer03
#hXXp://aia.entrust.net/l1d-2048.cer03
"hXXp://crl.entrust.net/level1d.crl0A
"hXXp://crl.entrust.net/level1d.crl0A
Entrust.net1@0>
Entrust.net1@0>
7VVV.entrust.net/CPS_2048 incorp. by ref. (limits liab.)1%0#
7VVV.entrust.net/CPS_2048 incorp. by ref. (limits liab.)1%0#
(c) 1999 Entrust.net Limited1301
(c) 1999 Entrust.net Limited1301
*Entrust.net Certification Authority (2048)0
*Entrust.net Certification Authority (2048)0
hXXp://ocsp.entrust.net02
hXXp://ocsp.entrust.net02
!hXXp://crl.entrust.net/2048ca.crl0;
!hXXp://crl.entrust.net/2048ca.crl0;
2Entrust Code Signing Certification Authority - L1D
2Entrust Code Signing Certification Authority - L1D
VVV.aol.com 0
VVV.aol.com 0
accKeyboardShortcut
accKeyboardShortcut
mscoree.dll
mscoree.dll
ekernel32.dll
ekernel32.dll
!"#$%&'()*
!"#$%&'()*
9.07.000
9.07.000
1, 0, 1, 0
1, 0, 1, 0
,****** AOL Desktop 9.7 Starts at : %s ****** ****** AOL Desktop 9.7 Ends: at : %s ******
,****** AOL Desktop 9.7 Starts at : %s ****** ****** AOL Desktop 9.7 Ends: at : %s ******
RBM.exe
RBM.exe
When you're ready to continue, click OK.RClick the 'Empty Recycle Bin' button to delete these files and free up this space.dYour computer is low on resources.
When you're ready to continue, click OK.RClick the 'Empty Recycle Bin' button to delete these files and free up this space.dYour computer is low on resources.
Please close any running programs and click 'Retry' to continue.JAn error occurred while attempting to install the America Online Software.
Please close any running programs and click 'Retry' to continue.JAn error occurred while attempting to install the America Online Software.
7Windows must be restarted to complete the installation.
7Windows must be restarted to complete the installation.
AOL Desktop 9.7 Install@Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
AOL Desktop 9.7 Install@Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Drive %c:
Drive %c:
We recommend that you shut down any open applications before installing AOL.When you're ready to continue, click OK.hAdobe
We recommend that you shut down any open applications before installing AOL.When you're ready to continue, click OK.hAdobe
We cannot install AOL Desktop 9.7 because we did not find a version of AOL installed in the %s directory. Please select another directory.
We cannot install AOL Desktop 9.7 because we did not find a version of AOL installed in the %s directory. Please select another directory.
In order to continue the installation Windows will need to be restarted.
In order to continue the installation Windows will need to be restarted.
Would you like to restart Windows now?
Would you like to restart Windows now?
Please download and reinstall the AOL Desktop software. To Download, visit this link: hXXp://daol.aol.com/software and then click the Download Now button. If this still does not fix the problem please call 1-800-827-6364 for assistance.
Please download and reinstall the AOL Desktop software. To Download, visit this link: hXXp://daol.aol.com/software and then click the Download Now button. If this still does not fix the problem please call 1-800-827-6364 for assistance.
explorer.exe
explorer.exe
main.idx
main.idx
SNMaster.idx
SNMaster.idx
%s, last used %s , %s
%s, last used %s , %s
%s, never used , %s
%s, never used , %s
aol.exe
aol.exe
aoltray.exe
aoltray.exe
%s, most recently used %s, %s
%s, most recently used %s, %s
%s, most recently used , %s
%s, most recently used , %s
Please download a compatible version of the AOL Desktop software. To Download, visit this link: hXXp://daol.aol.com/software/90vr and then click the Download Now button. If this still does not fix the problem please call 1-800-827-6364 for assistance.
Please download a compatible version of the AOL Desktop software. To Download, visit this link: hXXp://daol.aol.com/software/90vr and then click the Download Now button. If this still does not fix the problem please call 1-800-827-6364 for assistance.
It looks like the AOL Desktop software is already running on user account "%s".
It looks like the AOL Desktop software is already running on user account "%s".
xThe directory path you provided already contains AOL Desktop software. Please select another directory path to continue.XThis copy of AOL cannot be installed because an installation file is missing or damaged.
xThe directory path you provided already contains AOL Desktop software. Please select another directory path to continue.XThis copy of AOL cannot be installed because an installation file is missing or damaged.
Page %d
Page %d
We're sorry, this version of AOL is not compatible with the version of Windows you are running.
We're sorry, this version of AOL is not compatible with the version of Windows you are running.
Your computer does not have the minimum required operating system. You must be using Windows XP, Windows Vista, or Windows 7 to install this version of AOL
Your computer does not have the minimum required operating system. You must be using Windows XP, Windows Vista, or Windows 7 to install this version of AOL
To get the best possible performance with this version of AOL, we recommend using a computer with a %s or better processor.
To get the best possible performance with this version of AOL, we recommend using a computer with a %s or better processor.
We were not able to detect a %s or better processor on your computer.
We were not able to detect a %s or better processor on your computer.
8You currently do not have enough disk space on drive %c.?You currently do not have enough disk space on drive %c and %c.@You now have enough disk space to install AOL. Click 'Continue'.tYour hard drive now has enough free disk space to install the AOL software. Click 'Next' to resume the installation.
8You currently do not have enough disk space on drive %c.?You currently do not have enough disk space on drive %c and %c.@You now have enough disk space to install AOL. Click 'Continue'.tYour hard drive now has enough free disk space to install the AOL software. Click 'Next' to resume the installation.
AOL Quick Reference Guide.txt.Text Files (*.txt)|*.txt|All Files (*.*)|*.*||
AOL Quick Reference Guide.txt.Text Files (*.txt)|*.txt|All Files (*.*)|*.*||
Click OK to finish this installation. You will be able to connect using TCP/IP only.
Click OK to finish this installation. You will be able to connect using TCP/IP only.
Location: hXXp://VVV.microsoft.com/windows/ie/downloads/default.mspx.
Location: hXXp://VVV.microsoft.com/windows/ie/downloads/default.mspx.
Your computer does not have the minimum required Service Pack. You must be using Windows 2000 with Service Pack 3 (SP3) or later to install this version of AOL
Your computer does not have the minimum required Service Pack. You must be using Windows 2000 with Service Pack 3 (SP3) or later to install this version of AOL
The current drive selected for installation does not have enough space for the required components. If there is another drive attached to your system that has enough space, please select it from the 'Drive' list below.mPlease wait while we initialize the installation. This may take a few minutes. Thank you for your patience.
The current drive selected for installation does not have enough space for the required components. If there is another drive attached to your system that has enough space, please select it from the 'Drive' list below.mPlease wait while we initialize the installation. This may take a few minutes. Thank you for your patience.
Installation for AOL Desktop 9.7 cannot proceed because the executable file (waol.exe) is missing. Please select another directory path to continue.
Installation for AOL Desktop 9.7 cannot proceed because the executable file (waol.exe) is missing. Please select another directory path to continue.
`You currently have less than 1 MB of temporary files that have not been used in at least 1 week.4You currently have no old temporary files to delete.YYou currently have %.2f MB of temporary files that have not been used in at least 1 week.jClick the 'Delete Temp Files' button to delete these files and free up this space (some files may remain).
`You currently have less than 1 MB of temporary files that have not been used in at least 1 week.4You currently have no old temporary files to delete.YYou currently have %.2f MB of temporary files that have not been used in at least 1 week.jClick the 'Delete Temp Files' button to delete these files and free up this space (some files may remain).
00|01|06
00|01|06
Replace%Select the entire document
Replace%Select the entire document
waol-0.4343.2046.1.exe_688_rwx_03F02000_00010000:
Sj.Whx
Sj.Whx