not-a-virus:AdWare.Win32.iBryte.hpkn (Kaspersky), Gen:Variant.Zusy.117723 (B) (Emsisoft), Gen:Variant.Zusy.117723 (AdAware), mzpefinder_pcap_file.YR (Lavasoft MAS)Behaviour: Adware
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 0a7684107809fe6eb41cf9c1fe9b60a6
SHA1: 558ffb2f0d6fe4248dbef16dbe1cd06e458cc4a0
SHA256: 06ca252dd87f1e4197bdaead5a206f87875d717025c45ea3c1705ab53d60f96e
SSDeep: 6144:zAmwX8q6kcq1hh5FKE1zlstCvs/YjZVrzhA/1OnqWW:smwX6i1eEbs0EQjbhA/1cPW
Size: 353792 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2014-12-17 12:00:43
Analyzed on: Windows7Ada SP1 64-bit
Summary: Adware. Delivers advertising content in a manner or context that may be unexpected and unwanted by users. Many adware applications also perform tracking functions. Users may want to remove adware if they object to such tracking, do not wish to see the advertising caused by the program or are frustrated by its effects on system performance.
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The PUP creates the following process(es):
TPAutoConnSvc.exe:1776
GoogleUpdate.exe:3408
GoogleUpdate.exe:504
GoogleUpdate.exe:3520
%original file name%.exe:2788
setup.exe:3884
taskeng.exe:3828
39.0.2171.95_chrome_installer.exe:1224
The PUP injects its code into the following process(es):No processes have been created.
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process GoogleUpdate.exe:504 makes changes in the file system.
The PUP creates and/or writes to the following file(s):
%Program Files% (x86)\Google\Update\Install\{54856654-45A7-4A13-A3EE-10C12C925DCD}\39.0.2171.95_chrome_installer.exe (327230 bytes)
%Program Files% (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\39.0.2171.95\39.0.2171.95_chrome_installer.exe (309253 bytes)
The process setup.exe:3884 makes changes in the file system.
The PUP creates and/or writes to the following file(s):
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\de.pak (481 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\hi.pak (1137 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\sl.pak (515 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\hr.pak (523 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\th.pak (1121 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\id.pak (505 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\am.pak (769 bytes)
%Program Files% (x86)\Google\Chrome\Application\35.0.1916.114\default_apps (4 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\chrome.exe (1716 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\lv.pak (562 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\bn.pak (1176 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\default_apps\docs.crx (12 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\it.pak (546 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\ca.pak (562 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\ar.pak (742 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Extensions\external_extensions.json (103 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\default_apps\gmail.crx (48 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\metro_driver.dll (1022 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\chrome_100_percent.pak (50 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\en-US.pak (466 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\tr.pak (554 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\xinput1_3.dll (162 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\en-GB.pak (466 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\te.pak (1242 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\fr.pak (596 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\fi.pak (528 bytes)
%Program Files% (x86)\Google\Chrome\Application\35.0.1916.114\Locales (8 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\libglesv2.dll (50 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\kn.pak (1273 bytes)
%Program Files% (x86)\Google\Chrome\Application\chrome.exe (20458 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\d3dcompiler_46.dll (52 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\ro.pak (570 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\chrome.7z (268785 bytes)
%Program Files% (x86)\Google\Chrome\Temp (4 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\ko.pak (568 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\chrome_elf.dll (268 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\VisualElementsManifest.xml (400 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\VisualElements\logo.png (7 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\wow_helper.exe (146 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\hu.pak (587 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\PepperFlash\pepflashplayer.dll (63 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\uk.pak (872 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin (4 bytes)
%Program Files% (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe (22234 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\vi.pak (637 bytes)
C:\Windows\Temp\chrome_installer.log (7903 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\sv.pak (514 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\zh-TW.pak (457 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\gu.pak (1104 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\ms.pak (421 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\nacl64.exe (50 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\widevinecdmadapter.dll (293 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\es.pak (571 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\default_apps\external_extensions.json (5 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\zh-CN.pak (456 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\ru.pak (873 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\VisualElements\splash-620x300.png (22 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\chrome_200_percent.pak (50 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\resources.pak (64 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\libexif.dll (621 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\default_apps\drive.crx (53 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\nb.pak (506 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\sk.pak (579 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\PepperFlash\manifest.json (6 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\sw.pak (471 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\nacl_irt_x86_32.nexe (51 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\default_apps\youtube.crx (47 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\nacl_irt_x86_64.nexe (52 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\es-419.pak (561 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\chrome_child.dll (32644 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\bg.pak (922 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\pt-PT.pak (553 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\39.0.2171.95.manifest (226 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\icudtl.dat (59 bytes)
%Program Files% (x86)\Google\Chrome\Application\39.0.2171.95\Installer\setup.exe (22234 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\fil.pak (570 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\da.pak (506 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\ja.pak (670 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\libpeerconnection.dll (51 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\lt.pak (552 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\chrome.dll (29434 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\default_apps\search.crx (54 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\et.pak (490 bytes)
C:\Users\Public\Desktop\Google Chrome.lnk (6 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\secondarytile.png (641 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk (6 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\he.pak (643 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\ml.pak (1457 bytes)
%Program Files% (x86)\Google\Chrome\Application\35.0.1916.114\VisualElements (4 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\VisualElements\smalllogo.png (21 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\cs.pak (560 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\mr.pak (1126 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\nl.pak (544 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\el.pak (1011 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\ta.pak (1333 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\libegl.dll (423 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\sr.pak (847 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\ffmpegsumo.dll (50 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\pdf.dll (58 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\pt-BR.pak (544 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\fa.pak (793 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\delegate_execute.exe (51 bytes)
%Program Files% (x86)\Google\Chrome\Application\35.0.1916.114 (8 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\pl.pak (553 bytes)
The process 39.0.2171.95_chrome_installer.exe:1224 makes changes in the file system.
The PUP creates and/or writes to the following file(s):
C:\Windows\Temp\CR_BD330.tmp\SETUP.EX_ (375 bytes)
C:\Windows\Temp\CR_BD330.tmp\setup.exe (17361 bytes)
C:\Windows\Temp\CR_BD330.tmp\CHROME.PACKED.7Z (43831 bytes)
Registry activity
The process TPAutoConnSvc.exe:1776 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\ThinPrint\TPPrnUI\NPI456AB0 (HP LaserJet Professional M1212nf MFP)#:1]
"TrayData" = "2,Tray 3, 3,Tray 2, 1,Tray 1, 4,Manual Feed, 7,Auto Select"
"FormData" = "1,2159,2794,Letter¶40,40,2086,2712, 5,2159,3556,Legal¶40,40,2086,3474, 9,2100,2970,A4¶39,39,2032,2890, 7,1842,2667,Executive¶40,40,1761,2585, 258,2159,3302,8.5 x 13 (custom)¶40,40,2086,3220, 11,1480,2100,A5¶39,39,1408,2020, 70,1050,1480,A6¶39,39,975,1399, 13,1820,2570,B5 (JIS)¶39,39,1747,2490, 264,1950,2700,16K 195x270¶39,39,1882,2620, 263,1840,2600,16K 184x260¶39,39,1761,2520, 257,1970,2730,16K 197x273¶39,39,1896,2650, 43,1000,1480,Japanese Postcard¶39,39,921,1399, 82,1480,2000,Double Japan Postcard Rotated¶39,39,1408,1919, 20,1046,2413,Envelope #10¶40,40,975,2331, 37,983,1905,Envelope Monarch¶40,40,907,1823, 34,1760,2500,Envelope B5¶39,39,1693,2420, 28,1620,2290,Envelope C5¶39,39,1544,2209, 27,1100,2200,Envelope DL¶39,39,1029,2120"
"DelAfterCreate" = "1"
[HKU\.DEFAULT\Printers\DevModes2]
"NPI456AB0 (HP LaserJet Professional M1212nf MFP)#:1" = "4E 00 50 00 49 00 34 00 35 00 36 00 41 00 42 00"
The PUP deletes the following registry key(s):
[HKLM\SOFTWARE\ThinPrint\TPPrnUI\NPI456AB0 (HP LaserJet Professional M1212nf MFP)#:1]
The process GoogleUpdate.exe:3408 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKCU\Software\Classes\Local Settings\MuiCache\2A\52C64B7E]
"LanguageList" = "en-US, en"
[HKCU\Software\Google\Update\proxy]
"source" = "IEWPAD"
The PUP deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"uid"
"old-uid"
The process GoogleUpdate.exe:504 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"ActivePingDayStartSec" = "1420444777"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\CurrentState]
"DownloadProgressPercent" = "0"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{FDA71E6F-AC4C-4A00-8B70-9958A68906BF}]
"DayOfLastRollCall" = "2926"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"LastCheckSuccess" = "1420475495"
"DayOfLastRollCall" = "2926"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState]
"StateValue" = "16"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{FDA71E6F-AC4C-4A00-8B70-9958A68906BF}]
"RollCallDayStartSec" = "1420444777"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"LastCheckSuccess" = "1420475546"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"RollCallDayStartSec" = "1420444777"
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"LastChecked" = "1420475495"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"pv" = "35.0.1916.153"
[HKCU\Software\Classes\Local Settings\MuiCache\2A\52C64B7E]
"LanguageList" = "en-US, en"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\CurrentState]
"InstallTimeRemainingMs" = "4294967295"
[HKCU\Software\Google\Update\proxy]
"source" = "IEWPAD"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{FDA71E6F-AC4C-4A00-8B70-9958A68906BF}]
"pv" = "35.0.1916.153"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\CurrentState]
"DownloadTimeRemainingMs" = "4294967295"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"DayOfLastActivity" = "2926"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"LastInstallerResult" = "0"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"RollCallDayStartSec" = "1420444777"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"UpdateTime" = "1420475546"
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"LastInstallerResult" = "0"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\CurrentState]
"InstallProgressPercent" = "4294967295"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"pv" = "1.3.25.11"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"RollCallDayStartSec" = "1420444777"
[HKCU\Software\Classes\Local Settings\MuiCache\2A\52C64B7E\@%SystemRoot%\system32]
"dnsapi.dll,-103" = "Domain Name System (DNS) Server Trust"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"ActivePingDayStartSec" = "1420444777"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"LastInstallerError" = "2"
[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "0"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"LastCheckSuccess" = "1420475495"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{FDA71E6F-AC4C-4A00-8B70-9958A68906BF}\CurrentState]
"StateValue" = "17"
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"LastInstallerError" = "2"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"UpdateAvailableCount" = "1"
"DayOfLastActivity" = "2926"
"DayOfLastRollCall" = "2926"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}\CurrentState]
"StateValue" = "3"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"DayOfLastRollCall" = "2926"
[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "0"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"pv" = "35.0.1916.153"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\CurrentState]
"StateValue" = "4"
[HKCU\Software\Classes\Local Settings\MuiCache\2A\52C64B7E\@%SystemRoot%\system32]
"p2pcollab.dll,-8042" = "Peer to Peer Trust"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"UpdateAvailableSince" = "Type: REG_QWORD, Length: 8"
The PUP deletes the following registry key(s):
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState]
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{FDA71E6F-AC4C-4A00-8B70-9958A68906BF}\CurrentState]
[HKCU\Software\Classes\Local Settings\MuiCache\29]
[HKCU\Software\Classes\Local Settings\MuiCache\29\52C64B7E]
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}\CurrentState]
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\CurrentState]
The PUP deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"UpdateAvailableSince"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"LastInstallerSuccessLaunchCmdLine"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"LastInstallerSuccessLaunchCmdLine"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"LastInstallerExtraCode1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"UpdateAvailableCount"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"LastInstallerExtraCode1"
"LastInstallerResult"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"UpdateAvailableSince"
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"old-uid"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"InstallerError"
"LastInstallerResult"
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"uid"
"LastInstallerResultUIString"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"iid"
"LastInstallerResultUIString"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"LastInstallerError"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"UpdateAvailableCount"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"UpdateAvailableSince"
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"LastInstallerError"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"UpdateAvailableCount"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"tttoken"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"dr"
"tttoken"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"tttoken"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"InstallerResult"
The process GoogleUpdate.exe:3520 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"IsMSIHelperRegistered" = "1"
"LastStartedAU" = "1420475460"
The PUP deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"uid"
"old-uid"
The process %original file name%.exe:2788 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 40 00 00 00 09 00 00 00 00 00 00 00"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The PUP deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
The process setup.exe:3884 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"ap" = "-stage:preconditions-multi-chrome-full"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"VersionMajor" = "2171"
"DisplayVersion" = "39.0.2171.95"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"InstallerExtraCode1" = "1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"NoModify" = "1"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{FDA71E6F-AC4C-4a00-8B70-9958A68906BF}]
"pv" = "39.0.2171.95"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"pv" = "39.0.2171.95"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"pv" = "39.0.2171.95"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"UninstallString" = "%Program Files% (x86)\Google\Chrome\Application\39.0.2171.95\Installer\setup.exe"
"InstallerResult" = "0"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\quick-enable-application-host]
"WebAccessible" = "1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"DisplayName" = "Google Chrome"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"UninstallArguments" = " --uninstall --multi-install --system-level"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"UninstallArguments" = " --uninstall --multi-install --chrome --system-level"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"UninstallString" = "%Program Files% (x86)\Google\Chrome\Application\39.0.2171.95\Installer\setup.exe"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\quick-enable-application-host]
"SendsPings" = "1"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{FDA71E6F-AC4C-4a00-8B70-9958A68906BF}]
"Name" = "Google Chrome App Launcher"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\query-eula-acceptance]
"RunAsUser" = "1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"UninstallString" = "%Program Files% (x86)\Google\Chrome\Application\39.0.2171.95\Installer\setup.exe --uninstall --multi-install --chrome --system-level"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"InstallerError" = "2"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"Version" = "24,0,0,0"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\query-eula-acceptance]
"WebAccessible" = "1"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"InstallerError" = "2"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"Version" = "39.0.2171.95"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"Name" = "Google Chrome"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"ap" = "-multi-chrome-full"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath" = "%Program Files% (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level --multi-install --chrome"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"InstallLocation" = "%Program Files% (x86)\Google\Chrome\Application"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"Localized Name" = "Google Chrome"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Commands\on-os-upgrade]
"CommandLine" = "%Program Files% (x86)\Google\Chrome\Application\39.0.2171.95\Installer\setup.exe --on-os-upgrade --multi-install --chrome --system-level --verbose-logging"
[HKCR\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32]
"(Default)" = "%Program Files% (x86)\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\quick-enable-application-host]
"RunAsUser" = "1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"VersionMinor" = "95"
"NoRepair" = "1"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\quick-enable-application-host]
"CommandLine" = "%Program Files% (x86)\Google\Chrome\Application\39.0.2171.95\Installer\setup.exe --multi-install --app-launcher --ensure-google-update-present"
[HKCR\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32]
"ServerExecutable" = "%Program Files% (x86)\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"DisplayIcon" = "%Program Files% (x86)\Google\Chrome\Application\chrome.exe,0"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"(Default)" = "Google Chrome"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Commands\on-os-upgrade]
"AutoRunOnOSUpgrade" = "1"
[HKCR\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}]
"(Default)" = "CommandExecuteImpl Class"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"Name" = "Google Chrome binaries"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\query-eula-acceptance]
"CommandLine" = "%Program Files% (x86)\Google\Chrome\Application\39.0.2171.95\Installer\setup.exe --query-eula-acceptance --system-level"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"Publisher" = "Google Inc."
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"IsInstalled" = "1"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"InstallerResult" = "0"
The PUP deletes the following registry key(s):
[HKCR\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}]
[HKCR\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32]
[HKCR\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\Programmable]
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Commands\install-extension]
The PUP deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"InstallerExtraCode1"
The process taskeng.exe:3828 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{6421AACD-F27A-48DF-A1A2-927075070884}]
"data" = "4D 45 4F 57 01 00 00 00 E4 B7 BD 92 8B F2 A0 46"
The process 39.0.2171.95_chrome_installer.exe:1224 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"ap" = "-multi-chrome-full"
Dropped PE files
MD5 | File path |
---|---|
ba34c1ce9974fa02c0b19682ab683002 | c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe |
ba34c1ce9974fa02c0b19682ab683002 | c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\setup.exe |
00ccf557175b834662b75c2fe6d8c7fa | c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll |
e00de70e27713260b12b67e9bffb78eb | c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome.dll |
ac9f025d821a40f31dbffde53cc06fed | c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome_child.dll |
649aa174d5798b17439eb877b12e6fa3 | c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome_elf.dll |
c81e0c917d5db4fecd2ec3c7e2712bbf | c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\d3dcompiler_46.dll |
2a0cabdd9b4584538a1dd022a4d8fd3f | c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe |
685642623e6aaeca417301ea4ac8124b | c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll |
8216e260b703e4c7529e09223c505876 | c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll |
4d6c24c57c424023c3e14106689d2ff4 | c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libexif.dll |
0c1e0e2c32fa30370a6f8c9fca122548 | c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll |
0f02448d17b890e79ddfe3ea51a05ecc | c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libpeerconnection.dll |
0f5e27ceab632512fb72261e1cbef38b | c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\metro_driver.dll |
adf6e384f3c299240586603de60e4ba9 | c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe |
9f5f88548aff90d80a656652172f7449 | c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll |
e369fc4fd959e3294517c0fb466a55fe | c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\widevinecdmadapter.dll |
77f595dee5ffacea72b135b1fce1312e | c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\xinput1_3.dll |
205e775b4b2c165922203a390b115523 | c:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\39.0.2171.95\39.0.2171.95_chrome_installer.exe |
205e775b4b2c165922203a390b115523 | c:\Program Files (x86)\Google\Update\Install\{54856654-45A7-4A13-A3EE-10C12C925DCD}\39.0.2171.95_chrome_installer.exe |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
TPAutoConnSvc.exe:1776
GoogleUpdate.exe:3408
GoogleUpdate.exe:504
GoogleUpdate.exe:3520
%original file name%.exe:2788
setup.exe:3884
taskeng.exe:3828
39.0.2171.95_chrome_installer.exe:1224 - Delete the original PUP file.
- Delete or disinfect the following files created/modified by the PUP:
%Program Files% (x86)\Google\Update\Install\{54856654-45A7-4A13-A3EE-10C12C925DCD}\39.0.2171.95_chrome_installer.exe (327230 bytes)
%Program Files% (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\39.0.2171.95\39.0.2171.95_chrome_installer.exe (309253 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\de.pak (481 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\hi.pak (1137 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\sl.pak (515 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\hr.pak (523 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\th.pak (1121 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\id.pak (505 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\am.pak (769 bytes)
%Program Files% (x86)\Google\Chrome\Application\35.0.1916.114\default_apps (4 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\chrome.exe (1716 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\lv.pak (562 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\bn.pak (1176 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\default_apps\docs.crx (12 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\it.pak (546 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\ca.pak (562 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\ar.pak (742 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Extensions\external_extensions.json (103 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\default_apps\gmail.crx (48 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\metro_driver.dll (1022 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\chrome_100_percent.pak (50 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\en-US.pak (466 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\tr.pak (554 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\xinput1_3.dll (162 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\en-GB.pak (466 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\te.pak (1242 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\fr.pak (596 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\fi.pak (528 bytes)
%Program Files% (x86)\Google\Chrome\Application\35.0.1916.114\Locales (8 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\libglesv2.dll (50 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\kn.pak (1273 bytes)
%Program Files% (x86)\Google\Chrome\Application\chrome.exe (20458 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\d3dcompiler_46.dll (52 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\ro.pak (570 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\chrome.7z (268785 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\ko.pak (568 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\chrome_elf.dll (268 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\VisualElementsManifest.xml (400 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\VisualElements\logo.png (7 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\wow_helper.exe (146 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\hu.pak (587 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\PepperFlash\pepflashplayer.dll (63 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\uk.pak (872 bytes)
%Program Files% (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe (22234 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\vi.pak (637 bytes)
C:\Windows\Temp\chrome_installer.log (7903 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\sv.pak (514 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\zh-TW.pak (457 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\gu.pak (1104 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\ms.pak (421 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\nacl64.exe (50 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\widevinecdmadapter.dll (293 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\es.pak (571 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\default_apps\external_extensions.json (5 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\zh-CN.pak (456 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\ru.pak (873 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\VisualElements\splash-620x300.png (22 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\chrome_200_percent.pak (50 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\resources.pak (64 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\libexif.dll (621 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\default_apps\drive.crx (53 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\nb.pak (506 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\sk.pak (579 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\PepperFlash\manifest.json (6 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\sw.pak (471 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\nacl_irt_x86_32.nexe (51 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\default_apps\youtube.crx (47 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\nacl_irt_x86_64.nexe (52 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\es-419.pak (561 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\chrome_child.dll (32644 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\bg.pak (922 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\pt-PT.pak (553 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\39.0.2171.95.manifest (226 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\icudtl.dat (59 bytes)
%Program Files% (x86)\Google\Chrome\Application\39.0.2171.95\Installer\setup.exe (22234 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\fil.pak (570 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\da.pak (506 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\ja.pak (670 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\libpeerconnection.dll (51 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\lt.pak (552 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\chrome.dll (29434 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\default_apps\search.crx (54 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\et.pak (490 bytes)
C:\Users\Public\Desktop\Google Chrome.lnk (6 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\secondarytile.png (641 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk (6 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\he.pak (643 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\ml.pak (1457 bytes)
%Program Files% (x86)\Google\Chrome\Application\35.0.1916.114\VisualElements (4 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\VisualElements\smalllogo.png (21 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\cs.pak (560 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\mr.pak (1126 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\nl.pak (544 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\el.pak (1011 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\ta.pak (1333 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\libegl.dll (423 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\sr.pak (847 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\ffmpegsumo.dll (50 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\pdf.dll (58 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\pt-BR.pak (544 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\fa.pak (793 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\delegate_execute.exe (51 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\pl.pak (553 bytes)
C:\Windows\Temp\CR_BD330.tmp\SETUP.EX_ (375 bytes)
C:\Windows\Temp\CR_BD330.tmp\setup.exe (17361 bytes)
C:\Windows\Temp\CR_BD330.tmp\CHROME.PACKED.7Z (43831 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Static Analysis
VersionInfo
Company Name: Fusion Install
Product Name: Fusion Install
Product Version: 2.4.8.1
Legal Copyright: Copyright (C) 2013 Fusion Install
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 2.4.8.1
File Description: Fusion Install
Comments:
Language: Spanish (Spain, International Sort)
Company Name: Fusion Install Product Name: Fusion Install Product Version: 2.4.8.1 Legal Copyright: Copyright (C) 2013 Fusion Install Legal Trademarks: Original Filename: Internal Name: File Version: 2.4.8.1 File Description: Fusion Install Comments: Language: Spanish (Spain, International Sort)
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 282953 | 283136 | 4.48374 | a01d824b48b2f959a181180066db3067 |
.rdata | 290816 | 41866 | 41984 | 3.04723 | a167d56e562744914df6e8ea392d570f |
.data | 335872 | 14836 | 7168 | 2.72808 | 7224405d9597de13f96d77312160f2d4 |
.rsrc | 352256 | 20096 | 20480 | 4.09281 | 75b2e17a35d9f9b2c9406444d494e731 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Total found: 26
c8460b1e67d878c59d840e75121f2b8f
b3e08cb7dd1dbc0a97762de747cb013f
e250df31db701ee335a8508ba40a4bd9
e081692082babbae2fd68a807679c4fe
cb4c3ef9b649f69117c33ad6ea423e67
4f332cba049c8ef630bd8a1e98f9bba2
46d51304c1468c8bfce2dd347099cfe3
8ae85b8710a2d7b0f6feda42a5a32f37
dcee0d92e7062252ec50840329919150
2f455ab424d5b6154ffbe7691aec833a
8ea22d0e79bbe4e3740ed93d40119eab
daa56ddb5dcf22ee5d3af562d30b8c16
c61cbd19ca6ef70c167e10d0bbd1c331
1cc3b6796c0622a4a4a77a1f9e760b5c
79117447557f9855f1a9ef65acd3cd08
42aa5e742fb3df71868b23ca09505d2d
5b8de6ae587636ce1449c01614e0aff7
6674f6c75e059eb6e6e49dc61617fe75
946b750095d92046e54de5f2428c3ce2
31833cb579206d360e6b64e565fa8298
d51f2a56c824d2400d825dd2fc1e3227
3cb1309f46e94872774e45e9d719a06c
d7c0fd35a3b73c88bc8c8548672e06e1
f324b83e8c51bbc955282661913118ee
07c74ec1113a14ac4f99cc8aad10bbdb
Network Activity
URLs
URL | IP |
---|---|
hxxp://imp.fusioninstall.com/impression.do/?event=loader_start&implementation_id=leg.0.0.3&user_id=72cf2c02-f663-421e-9fbd-d2b4328a5bf2&subid=adc_Browser | 54.204.36.250 |
hxxp://secure.pn-installer39.com/o/dynamic_ptn2/Setup.exe?mode=dlshift&subid=adc_Browser&callback&user_id=72cf2c02-f663-421e-9fbd-d2b4328a5bf2&browser=--&useragent=Wget/1.13.4 (freebsd9.0)&=72cf2c02-f663-421e-9fbd-d2b4328a5bf2 | 54.243.186.169 |
hxxp://imp.fusioninstall.com/impression.do/?event=leg_ldrf_5&implementation_id=leg.0.0.3&user_id=72cf2c02-f663-421e-9fbd-d2b4328a5bf2&subid=adc_Browser | 54.204.36.250 |
hxxp://imp.fusioninstall.com/impression.do/?event=leg_ldrf_exes&implementation_id=leg.0.0.3&user_id=72cf2c02-f663-421e-9fbd-d2b4328a5bf2&subid=adc_Browser | 54.204.36.250 |
hxxp://redirector.c.pack.google.com/edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe | |
hxxp://r9.sn-3c27ln7d.c.pack.google.com/edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1 | |
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?49f423490ae70653 | |
hxxp://a1363.g.akamai.net/pki/crl/products/WinPCA.crl | |
hxxp://a1363.g.akamai.net/pki/crl/products/MicrosoftTimeStampPCA.crl | |
hxxp://a1363.g.akamai.net/pki/crl/products/microsoftrootcert.crl | |
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/authrootstl.cab?52db14bce467d5d5 | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= | |
hxxp://e6845.ce.akamaiedge.net/pca3.crl | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk= | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY= | |
hxxp://a1363.g.akamai.net/pki/crl/products/MicCodSigPCA_08-31-2010.crl | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= | |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY= | 23.43.139.27 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= | 23.43.139.27 |
hxxp://r9---sn-3c27ln7d.c.pack.google.com/edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1 | 74.125.13.248 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= | 23.43.139.27 |
hxxp://crl.verisign.com/pca3.crl | 23.43.133.163 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk= | 23.43.139.27 |
hxxp://crl.microsoft.com/pki/crl/products/WinPCA.crl | 87.245.202.16 |
hxxp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl | 87.245.202.16 |
hxxp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl | 87.245.202.16 |
hxxp://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl | 87.245.202.16 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= | 23.43.139.27 |
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?52db14bce467d5d5 | 87.245.202.35 |
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?49f423490ae70653 | 87.245.202.35 |
hxxp://cache.pack.google.com/edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe | 173.194.44.5 |
tools.google.com | 173.194.44.46 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /pca3.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.verisign.com
HTTP/1.1 200 OK
Server: Apache
ETag: "66304c4a5660ab8615727e6bb27b3cdb:1418950819"
Last-Modified: Fri, 19 Dec 2014 01:00:19 GMT
Date: Mon, 05 Jan 2015 16:36:00 GMT
Content-Length: 933
Connection: keep-alive
Content-Type: application/pkix-crl
0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority..141210000000Z..150331235959Z0..x0!...v....a_>..2......020924164823Z0!.....A.....{2..Y.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y..q.......fh...020923171400Z0!...?A....a.nF`.P....020923171548Z0!............R.e.53..010207212458Z0!..!......Y...ISi....010706171411Z0!..$-..I{r....u<._...080403172226Z0!..&.."?..y..51}..1..010706172118Z0!..4....2....{W......080605175030Z0!..B....c............070411175910Z0!..H.Py...N....* ....010207212031Z0!..N....-.1Gq.@...C..040401175251Z0!..Y......w`G........070411175657Z0!..Z`..H.@B....Z.*q..080403172017Z0!..l....I...Y..] .c..010706171749Z0"......T=deQ...1u.]...010207212247Z0".....p..1..7<.....e..010207211822Z0...*.H............5..v...V.._)....A... ....>.5]....6.(.0uFW.*:T...6$.....R...Y.N.k........%Jn..I.j*.6.3~...r../=l..?...9..V0..@Tk......fn?....0.A.HTTP/1.1 200 OK..Server: Apache..ETag: "66304c4a5660ab8615727e6bb27b3cdb:1418950819"..Last-Modified: Fri, 19 Dec 2014 01:00:19 GMT..Date: Mon, 05 Jan 2015 16:36:00 GMT..Content-Length: 933..Connection: keep-alive..Content-Type: application/pkix-crl..0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority..141210000000Z..150331235959Z0..x0!...v....a_>..2......020924164823Z0!.....A.....{2..Y.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y..q.......fh...020923171400Z0!...?A....a.nF`.P....020923171548Z0!.
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=535100, public, no-transform, must-revalidate
Last-Modified: Sun, 4 Jan 2015 21:14:33 GMT
Expires: Sun, 11 Jan 2015 21:14:33 GMT
Date: Mon, 05 Jan 2015 16:36:13 GMT
Connection: keep-alive
0..........0..... .....0......0...0........6?s....V....OlL".O..20150104211433Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5.......l$.%t...............20150104211433Z....20150111211433Z0...*.H.............P.<...'A.!..?... .T T..0... .K... #.Z..X.@0u@....Q...)`...z.fq........L:T.........7.I....3.}.5&.b.c..DP....O...~....K....N....ny.....`..Z....{...........f..n....j.h..A*...7T._.. .....q....6.5$|..=.....t.)....,..B...8...*.O....SM6....VqP.....e...i7Y....Q-.....#0...0...0..........<o&S.-S..}...e.30...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA0...141205000000Z..150305235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.........{(..t....2.Vf.....&;6).i*FK....W@....F....jnb.w._p.E.6.|.mk....(..........p...........X.DF....^0N....b9.:..J. ZK.".^..\..p.'.$..JA..~QG.d.}...r...gv... f...z.#..}..J...r9h.........LI-..^.......PUD.h<.l....(n..i.....E.....2....^./Y......Y.m...'...hz..y..E..........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-24710...*.H...
<<< skipped >>>
GET /impression.do/?event=leg_ldrf_exes&implementation_id=leg.0.0.3&user_id=72cf2c02-f663-421e-9fbd-d2b4328a5bf2&subid=adc_Browser HTTP/1.1
User-Agent: download manager
Host: imp.fusioninstall.com
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: image/png
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Mon, 05 Jan 2015 16:30:27 GMT
Connection: close
Content-Length: 109
.PNG........IHDR..............wS.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b...?@....... .t.....IEND.B`...
GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Thu, 13 Nov 2014 06:02:42 GMT
Accept-Ranges: bytes
ETag: "88cab6f7ffcf1:0"
Server: Microsoft-IIS/8.5
VTag: 791936916300000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 554
Cache-Control: max-age=900
Date: Mon, 05 Jan 2015 16:36:22 GMT
Connection: keep-alive
0..&0......0...*.H........0y1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1#0!..U....Microsoft Code Signing PCA..141112173206Z..150211055206Z.a0_0...U.#..0..........X..7.3...L...0... .....7.........0...U......W0... .....7......150210174206Z0...*.H................].`...D..9.>LO.ey...Qx%.^.P.& ...D.......b}.K..[.....5.m....).....H..6R....G/ju.........:..A.#.9!......D5...|".w.x..=.u..X6.7{..).XN....g......B.8.!&...........<7fS$..........t<X)%.b(0.L@..i..Kn.......fX... ,...K\....U1cp).........y.T..?rm.t..Y.}.E..-@...
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1453
content-transfer-encoding: binary
Cache-Control: max-age=493216, public, no-transform, must-revalidate
Last-Modified: Sun, 4 Jan 2015 09:34:14 GMT
Expires: Sun, 11 Jan 2015 09:34:14 GMT
Date: Mon, 05 Jan 2015 16:35:49 GMT
Connection: keep-alive
0..........0..... .....0......0...0......T3t.%..O.E..~..F.=....20150104093414Z0s0q0I0... ........H.dI.....3..^B...d6Q....ZL%."..1.m..._)..a..eR&.....Y.)..".\....20150104093414Z....20150111093414Z0...*.H.................P.OK.w3.B.R..9_*..-....][\....5'.A.jL..=.OZ...|.......?..R..#YB.6q|...'.P..G ..h...I.H9.`G.M.}..M...3.......p.."Ug....U...7.3.?.......$.._Q.\_./.....|.L..[......gzO'.C..6.....B.sK.D..H[......iPI.... ...Xp.T.]..LR....R:.m.J..T...lDP..p....J..d./D.F....2....0...0...0..3......./...b.v..-....l}0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority0...141202000000Z..151216235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G1 OCSP Responder Certificate 30.."0...*.H.............0..........'......Y..x.3B1.7..Q..`..d.. ....s..t.$a.....j2R.{ ,*..c{.3.....H..3-; ).....0._...*..9M..V...... ...{m...-.......)..tR..{D....~...M...T..pS.p..^|o....S..v.).).....r.v.qo$......C.V!....@.h#qh...u1T.].G0.]E...=._...... ........TE...Sa.s4........r...3.............0..0...U....0.0l..U. .e0c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U........0... .....0......0!..U....0...0.1.0...U....TGV-B-2730...*.H.............$..H......oU....Y!.z{*.V.M..u.._z..3>.. 0....3..m.....e.......a..D...........e..F6:.y.....di.......<y.Z.......x}..q.2....UZ1 :,....
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=541881, public, no-transform, must-revalidate
Last-Modified: Sun, 4 Jan 2015 23:04:05 GMT
Expires: Sun, 11 Jan 2015 23:04:05 GMT
Date: Mon, 05 Jan 2015 16:35:55 GMT
Connection: keep-alive
0..........0..... .....0......0...0........6?s....V....OlL".O..20150104230405Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5........M.s.Q~...@?j.......20150104230405Z....20150111230405Z0...*.H................G..z./....,FS?..1..H.b*.!\..U.X)._...\d.V.....a.....). ......;..9.pD.o4.....!...........5.O*....Gt...DM'...a.S../......<{;.Q#....*..~g...p.._WB.:1.....~T....=.1...w'.p#*q..]$.NO..!..e5.`Ic..@.kd. ..v....~......F.....l.........3U..T...^p3.....q..i,RMX%&....#0...0...0..........<o&S.-S..}...e.30...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA0...141205000000Z..150305235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.........{(..t....2.Vf.....&;6).i*FK....W@....F....jnb.w._p.E.6.|.mk....(..........p...........X.DF....^0N....b9.:..J. ZK.".^..\..p.'.$..JA..~QG.d.}...r...gv... f...z.#..}..J...r9h.........LI-..^.......PUD.h<.l....(n..i.....E.....2....^./Y......Y.m...'...hz..y..E..........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-24710...*.H...
<<< skipped >>>
HEAD /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: cache.pack.google.com
HTTP/1.1 302 Found
Date: Mon, 05 Jan 2015 16:32:01 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: hXXp://r9---sn-3c27ln7d.c.pack.google.com/edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1
Content-Type: text/html; charset=UTF-8
Server: ClientMapServer
Content-Length: 609
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 80:quic,p=0.02
HTTP/1.1 302 Found..Date: Mon, 05 Jan 2015 16:32:01 GMT..Pragma: no-cache..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, must-revalidate..Location: hXXp://r9---sn-3c27ln7d.c.pack.google.com/edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1..Content-Type: text/html; charset=UTF-8..Server: ClientMapServer..Content-Length: 609..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Alternate-Protocol: 80:quic,p=0.02..
GET /pki/crl/products/WinPCA.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Mon, 06 Oct 2014 05:06:02 GMT
If-None-Match: "3e1c83923e1cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Sun, 21 Dec 2014 06:03:02 GMT
Accept-Ranges: bytes
ETag: "d2e35dc7e31cd01:0"
Server: Microsoft-IIS/8.5
VTag: 791633315200000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 561
Cache-Control: max-age=900
Date: Mon, 05 Jan 2015 16:34:47 GMT
Connection: keep-alive
0..-0......0...*.H........0..1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1 0)..U..."Microsoft Windows Verification PCA..141220223154Z..150321105154Z._0]0...U.#..0.......p............<.J0... .....7.......0...U......30... .....7......150320224154Z0...*.H.............h.~oH#i.J.vh_.....A'B..g...........F....9c.{.m@Q.M.p...g.^ 4.r..Wv.Q.0.w..j....c9..w....I..%.~.l..F.......xo...._...o...7BR.;<..\R/ .....b.(....~..]|.v.u.i.X.B....I......./*...P..A..fi.}& .x.v{TFP[.G......A......L.o...)R.......V.u..V.../.Q..(L.].....uki~..HTTP/1.1 200 OK..Content-Type: application/pkix-crl..Last-Modified: Sun, 21 Dec 2014 06:03:02 GMT..Accept-Ranges: bytes..ETag: "d2e35dc7e31cd01:0"..Server: Microsoft-IIS/8.5..VTag: 791633315200000000..P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"..X-Powered-By: ASP.NET..Content-Length: 561..Cache-Control: max-age=900..Date: Mon, 05 Jan 2015 16:34:47 GMT..Connection: keep-alive..0..-0......0...*.H........0..1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1 0)..U..."Microsoft Windows Verification PCA..141220223154Z..150321105154Z._0]0...U.#..0.......p............<.J0... .....7.......0...U......30... .....7......150320224154Z0...*.H.............h.~oH#i.J.vh_.....A'B..g...........F....9c.{.m@Q.M.p...g.^ 4.r..Wv.Q.0.w..j....c9..w....I..%.~.l..F.......xo...._...o...7BR.;<..\R/ .....b.(....~..]|.v.u.i.X.B....I......./*...P..A..fi.}& .x.v{TFP[.G......A.
<<< skipped >>>
GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 04 Oct 2014 05:06:12 GMT
If-None-Match: "58cddbea90dfcf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Fri, 19 Dec 2014 06:02:00 GMT
Accept-Ranges: bytes
ETag: "9a9a44d511bd01:0"
Server: Microsoft-IIS/8.0
VTag: 279252244600000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 550
Cache-Control: max-age=900
Date: Mon, 05 Jan 2015 16:34:52 GMT
Connection: keep-alive
0.."0......0...*.H........0w1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1!0...U....Microsoft Time-Stamp PCA..141218221600Z..150319103600Z._0]0...U.#..0...#4..RFp..@.v.. ..5..0... .....7.......0...U......10... .....7......150318222600Z0...*.H............./..0Q~.r.}.E....&\....F.Z.C..#..F.s........<&\..9G..-....j..N... .C.Fk....;l.....2.K5D.........-.>...(...g.0.S.[?...T4q>.ln...z..L.......5.5s@d.q.('..e...Y..Bo..q..........I....'....i>..y:.eH@h`..\...UA.m#.~.. ;.3..d..;..<..........p..s..J..N `Az......@..l..
GET /impression.do/?event=loader_start&implementation_id=leg.0.0.3&user_id=72cf2c02-f663-421e-9fbd-d2b4328a5bf2&subid=adc_Browser HTTP/1.1
User-Agent: download manager
Host: imp.fusioninstall.com
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: image/png
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Mon, 05 Jan 2015 16:30:25 GMT
Connection: close
Content-Length: 109
.PNG........IHDR..............wS.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b...?@....... .t.....IEND.B`...
GET /impression.do/?event=leg_ldrf_5&implementation_id=leg.0.0.3&user_id=72cf2c02-f663-421e-9fbd-d2b4328a5bf2&subid=adc_Browser HTTP/1.1
User-Agent: download manager
Host: imp.fusioninstall.com
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: image/png
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Mon, 05 Jan 2015 16:30:26 GMT
Connection: close
Content-Length: 109
.PNG........IHDR..............wS.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b...?@....... .t.....IEND.B`...
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab?52db14bce467d5d5 HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 12 Mar 2014 20:20:10 GMT
If-None-Match: "0b96c77303ecf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com
HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: application/octet-stream
Last-Modified: Fri, 12 Sep 2014 18:47:05 GMT
Accept-Ranges: bytes
ETag: "805a83f2b9cecf1:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
Content-Length: 56928
Date: Mon, 05 Jan 2015 16:35:28 GMT
Connection: keep-alive
MSCF....`.......,...................I.................,E.Y .authroot.stl..Y-..8..CK...<T...g.v!M.d..f.%d..}K..5..F. ...T..%.,YJ.,!T......_..x.<=O.....yy....;3..>.|..~..\.....|......;..8..~.za...."A...q.......g..m......<X........j"I........!..-w.....w....P...H..(.?}..2.N. .u..a. ...=.C..D.F>rC.. ..|).=.. ..3b.8H.M...(...u8.%...W.g...\YB.m:.....dE.........V....$....Dn:....0...S."...o..q.....K...I..K...(x%....>A.R...`.0 .........<`L0mp...%....y.....g.n...R0Op..<..,....`0$z.@..&.x"....T..H...<........~..E..".....<<.\B(.....................@.....L.........KNAy8/"...f.......k..Jm7j....R.5q....Rz..!@...].......Y.[........4.. .D8..&...t.J^O..Q.._..1.J.m5<'k.,....%T....i.\.;.;q..S./ 8.?Bu.............}D.Q....L....*..[.."e......15m..._.0.M........#..v!..<...@..?sc.y....*.....tX[........{.W4.Q...^u@..*..QP.......~.L9N....2r...4.....B..-\(...b.d...K...O.8..Un.......V.<.......A...V.....(..s..f..q.{N0.hS.,..;M.|G|.@.M.._.....7._6...C.0...A;L....%...M=Y.....f.JV.(.5.....0..?*...KZ....jM...8.6U...#...ew.?..?...........WE.Or..O>..{.'W2.........3m.O.u..Z8....H4@.w}.o:?~....]<!...%....}@.d...L.p.a.g ..K."..N1!%..S.bT.H.-.....e..`.0$...0t..DX..{.....#./...8.5..M...T.......D......V\C.zy.....3E:..>.{..).QW......q....9..n..1....8%,.........r.p@.>. ...Q.?.p..7.?..7...&..!.........`. .=....Sf..q.l.A.....L...t.}g..;...f....=.e.~.z....C..*R....H-..=...f..(t'.."....F...g._....n.J..U.4vr`}.....1..o@.....@.#...R. L8....z..].|......3..y..-./....K..6{...s.<R`.}6....?.......-..@.g..S....
<<< skipped >>>
GET /o/dynamic_ptn2/Setup.exe?mode=dlshift&subid=adc_Browser&callback&user_id=72cf2c02-f663-421e-9fbd-d2b4328a5bf2&browser=--&useragent=Wget/1.13.4 (freebsd9.0)&=72cf2c02-f663-421e-9fbd-d2b4328a5bf2 HTTP/1.1
Accept-Encoding: gzip
User-Agent: leg_ldrf_exes
Host: secure.pn-installer39.com
Cache-Control: no-cache
HTTP/1.1 410 Gone
Cache-Control: private
Server: Microsoft-IIS/7.5
Date: Mon, 05 Jan 2015 16:30:26 GMT
Connection: close
Content-Length: 0
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1697
content-transfer-encoding: binary
Cache-Control: max-age=556980, public, no-transform, must-revalidate
Last-Modified: Mon, 5 Jan 2015 03:19:06 GMT
Expires: Mon, 12 Jan 2015 03:19:06 GMT
Date: Mon, 05 Jan 2015 16:36:06 GMT
Connection: keep-alive
0..........0..... .....0......0...0...A0?1=0;..U...4VeriSign Class 3 Code Signing 2004 CA OCSP Responder..20150105031906Z0s0q0I0... ........?.@..w.........Y.!......Q...==d6|h.[x....7..`..........cV.!.....20150105031906Z....20150112031906Z0...*.H..............S.X.....3d*L....._.u..M...U...#..kf.?yG$Z...g#..=.R.~..#...S=<.;..K..,.......G..%eUb..'...K.vBd..u8`..H..4..\..2.........1.....J........N.......'|....}.xq...9Y..l.f.[..q)DfS%;.}I......tm>O;.......b.0..(DZ.....x{]..\[...%.D.... ..NM........5..V.;t.l..2........0...0...0..{.........[..I|.....Zm..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)041.0,..U...%VeriSign Class 3 Code Signing 2004 CA0...140428000000Z..150729235959Z0?1=0;..U...4VeriSign Class 3 Code Signing 2004 CA OCSP Responder0.."0...*.H.............0.........Y....h..@..>.....%.-.....O...' y.........x..Gw.xF.....?..Z..u,.X.&..........3C..H.l.....f..;]s!.\"v...|....].@.....K7m2...N......-S.I......5n...G7. ..W....n..*..-f?EY.......UN...r...........-_.%..,P;b.....)(.P.4...,.%....<..6.....[r^X.EV..S...5#'Y.. .TD...........0...0...U.......0.0...U.%..0... .......0...U...........0... .....0......0f..U. ._0]0[..`.H...E....0L0#.. .........hXXps://d.symcb.com/cps0%.. .......0...hXXps://d.symcb.com/rpa0!..U....0...0.1.0...U....TGV-B-1080...U......"...?....`>q..i1o...0...U.#..0.....Q...==d6|h.[x....70...*.H.............B8@.$..wo......E.....P52"b*@'C\.y.(...n....h.f..7f.....v...pb<...]..|........
<<< skipped >>>
GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?49f423490ae70653 HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 03 Jul 2014 23:34:12 GMT
If-None-Match: "0b2464b1797cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com
HTTP/1.1 304 Not Modified
Content-Type: application/octet-stream
Last-Modified: Thu, 03 Jul 2014 23:34:12 GMT
ETag: "0b2464b1797cf1:0"
Cache-Control: max-age=86400
Date: Mon, 05 Jan 2015 16:34:41 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/octet-stream..Last-Modified: Thu, 03 Jul 2014 23:34:12 GMT..ETag: "0b2464b1797cf1:0"..Cache-Control: max-age=86400..Date: Mon, 05 Jan 2015 16:34:41 GMT..Connection: keep-alive..
GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1
Cache-Control: max-age = 812
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 23 Oct 2014 05:05:32 GMT
If-None-Match: "a2f3ff97eeecf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 304 Not Modified
Content-Type: application/pkix-crl
Last-Modified: Thu, 23 Oct 2014 05:05:32 GMT
ETag: "a2f3ff97eeecf1:0"
Cache-Control: max-age=900
Date: Mon, 05 Jan 2015 16:35:23 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/pkix-crl..Last-Modified: Thu, 23 Oct 2014 05:05:32 GMT..ETag: "a2f3ff97eeecf1:0"..Cache-Control: max-age=900..Date: Mon, 05 Jan 2015 16:35:23 GMT..Connection: keep-alive..
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cac
HEAD /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r9---sn-3c27ln7d.c.pack.google.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 40747600
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Tue, 23 Dec 2014 17:41:59 GMT
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
HTTP/1.1 200 OK..Accept-Ranges: bytes..Content-Length: 40747600..Content-Type: application/x-msdos-program..Etag: "4c442"..Server: downloads..Vary: *..X-Content-Type-Options: nosniff..X-Frame-Options: SAMEORIGIN..X-Xss-Protection: 1; mode=block..Date: Tue, 23 Dec 2014 17:41:59 GMT..Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT..Connection: keep-alive..Alternate-Protocol: 80:quic,p=0.01......
GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=0-7862
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r9---sn-3c27ln7d.c.pack.google.com
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 7863
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Tue, 23 Dec 2014 17:41:59 GMT
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 0-7862/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ K..A%..A%..A%..Nx..A%..A$..A%...K..A%...Y..A%..A%..A%...]..A%.Rich.A%.........PE..L....b.T.................(...Zm......-.......@....@...........................m.......n.....................................d1..P....P..pYm...........m.P<...........................................................................................text...&&.......(.................. ..`.data........@......................@....rsrc...pYm..P...Zm..,..............@..@.................................................................................................................................................................................................................................................................................................................................................................................................................................................................2...2...2...2.......2...2...2...3...3.."3...3..D3..Z3..f3..r3...3...3...3...3...3...3...3...4...4..64..B4..X4..n4...4...4...4...4...4...4...4...4...5...5..(5..>5..N5..b5..~5...5...5...5...5...5...5.......6.......................b.T........0...............{.8.A.6.9.D.3.4.5.-.D.5.6.4.-.4.6.3.c.-.A.F.F.1.-.A.6.9.D.9.E.5.3.0.F.9.6.}.....{.F.D.A.7.1.E.6.F.-.A.C.4.C.-.4.a.0.0.-.8.B.7.0.-.9.9.5.8.A.6.8.9.0.6.B.F.}.....{.8.B.A.9.8.6.D.A.-.5.1.0.0.-.4.0.5.E.-.A.A.3.5.-.8.6.F.3.4.A.0.2.A.C.B.F.}.....{.4.D.C.8.
<<< skipped >>>
GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=7863-20204
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r9---sn-3c27ln7d.c.pack.google.com
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 12342
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Tue, 23 Dec 2014 17:41:59 GMT
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 7863-20204/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
V......P.....V....@...t.;.s..u.......P./.....YYt....EV......P.u.....@.;.s...t*P......P.[.....YYt.f. ..u.......P.....YY..2.^..U....h...V.u.3.......f......f....................u....................h..@.......h....P.I..............ShL.........VP......._......VVj.......PV......P....@......t{f......f......W.......tIf9u..}.u.......W.......Yu/.u......../.....t.W.......7.....t.......P.....Y......PS....@...u.S....@._[^..U........f.e..f.......V......P.....V....@...t";.s.3.....@.......P...........YYr.^..U....D...SV.....je^.M..u.......M........u..u..M........^[..3.8].t.3.F...E.P.E.P.......YYu.......P.u.f......f.............YYt..E.P. .........P......P......P.u..E.Pf......f......f.].f................u..E.f....:j.j.....@.P....@..E.P......P......P.E.P..........u..E.g......................P......P......P.............j.....@.P.....YP....@..U...M..A.f=..w... .E..P.f...w... 3.f;......].U..V.u...69E.w.2..?.U.3.;.f...v0W.E...........f.<}..@....f.<.f..E..@.f.D..A;.r._..^].U...M...t..}..t.3...f.<A.t.@.M.u.].3.].U..V.u...Wt!.}...t..U......f..AABBf..t.Ou.f!>2._^].....U...U.V.u.RV......u. .R..FP........^].U...}..SVWtH.]...tA.u..=d.@...S.p...Hx) ..<0..{..|!...P.E....pP.......YYt.NKKOy.....2._^[].U..S.]...VWt8.u...t1...3.f..t#...3.....QP.q.....YYt.G..?...0f..u.....2._^[].U...U...SVWt^f.:.tX.E....f....tC ......f...u.t"...f..t0P...7P.......YYt.FFf.<7.u.f.>.t.CC...GGf..u.3........E._^[].U..V.u...d.@..u....u..s.....YYt"........f..-t.f..t..u.Q.Q.....YYu.2.^]..M...t.....32.dll.................................................
<<< skipped >>>
GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=20205-32382
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r9---sn-3c27ln7d.c.pack.google.com
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 12178
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Tue, 23 Dec 2014 17:41:59 GMT
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 20205-32382/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
.oD:...QZ...V.[...YN.T8H....n.Ad\.'.>.g...~'9..R.!...o.G=..........M.1..I.!....'.....Y.K..T...E.....8.w...x..E;.pc..nxa.."[......T...$..M...)...u|....y.......1...%..d5.j.x............A...n......k.W.......2>..=s...OOxWc[i...q..L.&M.r._..*LC.].........M........n....c.Y*..:54..%nu`s5 J.c.:.....W=O...C......$...S`;4J..Eg.n3...y...Z..7H..*...t...>..I...Wr.W...>......t..U.;..M..:......T.sZ......k)..(...S.,..E..3..,u<.B:...'....i...a....Mst..e..E{.....*d..#. ~.K.......;...s.p.=.....i....s.....H..jq.......$.`....Lt......'........;.?) .6.x|a....).%.1..........!d....^.2/.....w}x..jsqdt...b83...........?[..&...hl(..pB.0C......A.[m../....'V@...=y...6.-J....T.Ak.*....D..q..M..J.:.;...^.L.V...l. ......dp2..7c.p..... ..4\a%...V.]...A3.C|.-..e.x..[EP.HU...I.nL.....V....Zz.......}-.).k".&...n..Q%x.!,...a.D.w2.o...a.P0:......}d..D.;..]B..(....6..dv.......g...3I.Y...s.....-...........#.R.....2_.kho....6...'.......[...........*..ya.....N.K...:....g.*.q...@M.z.......(..4u.b...=7m..^]5.....A..7k..k...B|p.V5Z..........(...s...7.*......9H.e..q.."...j.....,&....a,:. 5X.....vL.d. .x_.$;/h]!.......]|..K.*.......G#..`.O.]........W.....%.8...;.U.3O.....te6q.:k..7.N.2.....0..R..U.....U....^...Y..q.....C.c...6...x.s.{...8.v|...... .G^...b..e.x.U....%..fx..|.....5).@H...:..:m.UzI5.!..._.......%"a.[.4.[.B..x....uEw`=.4....N.,......C.;.(|...M..O...uD...g..9..?.^...T9..... W*..v.....8..2.jZ.....7">.#d..F....g).$..........W..n.H}m.......\...7s.....A!...A........o?m......./.l.i..&..$..0.>..W.I......!< W:p.".4....8#..E...C..
<<< skipped >>>
GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=32383-44578
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r9---sn-3c27ln7d.c.pack.google.com
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 12196
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Tue, 23 Dec 2014 17:41:59 GMT
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 32383-44578/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
i*....L...}\.Lgi..)^....>FN...I..2P!.65.d..s...../0.......3.....H.O...._.Y...{.*zs.3^..x._a.C.V.0R.p..RP._..|..#..=..r.....9...W..?LY|.8..........C...(.....#}....E.$..3.....<...I....].....).......=.E..=H%...z<;./w.$Pl.`I_1..RV-.&.'.../..v}X..N.cN..j#.N.......6..ibp...I. ....m.!......._.w@/..5.$..8......k....tY.....P..]?.P.Ph<..Z..@nD...E..U.Nc.y..}.*...7/.(.7!r.K^..wu._.. .W."...... ..@..9.6..d.L#...zN..n.V..@w.W.........N/...D...!Y.....N/.cY.H."..q...M.....Pw...s...........9/..-l...........y...#c.tF..u.?..:!...l.?N....>..B.'S.(|}k.4...dK.`,.An.f.K:.Q..o..........i9}....F..0..\........|.........`.*....9..Jk.hA..........-B...l.2..t.c..W6.z.V...<..B.=<.....y9..X...Wj;.|.P^.u\ N%:..H..}.._j..Tg............>..0..Rm>\^4.\R.....h.%.V....d. KTA.a..1....Aw..8./.<....5.4...?Y..m&..QLF-...P~.L. g.ffl...0`L.^......@....-3.q{.3.g.7r........Ct..o6....}F.I.h.Q..g.-<b.9.....t@..-........Q....U0....a.x.F\..y....S.O'.....sb....\t....y3..&......?.6..b...3M...]{SKh{..@y ....L.. ../....... .&.]w..h>...T.q[.....w......m.....'..;....4.Vi&....>...G..........Fm..S.}o..J..9......p..|M...].....SE.G@.........#q...6.O/...7......u.QYXaG./'S....I.....R....r)...y.3....B.6...4XL.}4/.=v.....h...|..A.i.d..M?....}.S..Q..2.k.}..#.rI........e..'..F.._&'.>.....B...P../.K=Q@..U.._Q.......P:.F..%h......`1P......aP...E"..."0...._\XiE. ............S~.D......%..].......XD....y.....R..I=)";$B...1.;s.......r..RU.T3l...)Z.0te..]....?...G.....B..==..Pk...s=..$.../..Z*W..ku'_..pP..........54.7..P....f.SO...b.2l......
<<< skipped >>>
GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=44579-63168
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r9---sn-3c27ln7d.c.pack.google.com
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 18590
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Tue, 23 Dec 2014 17:41:59 GMT
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 44579-63168/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
...F...<q..(..r...v..k..(x....)._.0..i1..".S...=........[....j.X.`...=.o.k.#s........t..6J8.s}......].X,OCx...ybY/-....z.[.Ve)..-.Y..=N.....A).&.PU....v.Y..^...B04.>.c.%...*~.`h8;lT0X..F.8..]..."...BH...f...3.dt....'`....]9f{.....F2T5.J...Mof].@...GIrt.".(...._.9@t.......\q.....w..2A..82........N.$Z.S...&T....m.|..P.!.s..-2K.y..tF...[m...s..........I..1.....1y...n..n....sJ.f;.G...p.m.K.(E@..............%,..............S.B0..i.....CI%I.....k...}].d....b....Tl...llm.]r>.m.{/.....Q......j..........M.TY.8n.... x.........]1<`YznP....R,.G..m...'W..../...O....k.s.m.....x.:..^a.#....n..Z.h}R.....]...K...oX....p...d.d.^...k'.........X..n.@v.y.......w.!\..X(i....t...*dGi....*...H.................l......b.....pM.z..9..<$........c..I.bzU..S1...r2...Y..0<Y.;c.R.....(....3.R.D ~^.E.>......[.R.Y.F9..4.."H.C..c..G.m.Gq..........M..X.D.-H..8...0.^.\B.......6.....F.........a..]i....#.NIc...Y"Y........!zj........K.zP.d.........A|i.^..0.#.O...........oX...,,j^.....]...q.%eY....f.'..l.#..X..A.:Xg..C....#.q"o]7......F}..u/........^..PJ... .c..B..\T....DyI..d...O..l..W4.t.e.V.T......}.G...~.Q...d0}.].......8..........;S..V.^...YLm .-{x<.....5.Leu.E;..l$.c.rd....3\5...u.pP...O,Ll.....93........0]6k....a....07<\.......,M....."..V.. .n.....K~..MdR.N.......UoR...`......j.. ...............s...16r...._%?..1`[7&..@(..[.M\E..&l..'q........~W..sG'^.6.6e7k.h.FQ.~..@./..x()..{...5.dS...a.vu.Eb...9.]D....tQ..l.L..}....N.~.8xQy.E..}.NY.k.....,8.....Fw..k....Z..M...X..F..........B....o"Ry,.....2..9.'......f.\Y. .........
<<< skipped >>>
GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=63169-79510
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r9---sn-3c27ln7d.c.pack.google.com
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 16342
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Tue, 23 Dec 2014 17:41:59 GMT
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 63169-79510/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
.f$.......l... ....aH......}/.!.c.........._e.{D.'.NZ-.Q...7zE/.].#..w...CA....z.f.......Bh..xhq....P...|S5-.3.hZ......q..sn.......4c.=.ms........._.....Or@|P.#5S=....t.O..e..t.{........0.a|`.....p..Cl.k..AU.....i16..;] c{Q..d....|..Lr..W.\...0.~;...>..\....nu....)-.'.-.e..~... .......y..r..t.....(..B._..%&"..y!......wK>o9....76...G........&.0n.n@I..$_.....^..L........{..N@....>f.O......v.m^.A.7E...sH.xF.......> ......l.w.6.M.#.G...v........q.......jY.. kT.N%..h....`:..Jub...g..n.7.B.h..$...,-.' .s.nG..\.U..@y<.l....0..a ...1>.;_.....S.. ...-f9..........:....$.t.....>?..V...{.....Y..D....~.Md.n...[..e..[k.f.W.....[..e.J../2...H..w(..F.:.8-#....RJqIy...~..?c...QyW..z..Tf.(N.K...".#....;M.mMK....#t...r.........o$...\N..JHk.......7T..|kI.....'t...2.z.Z.B....$}..........e}::...I.`w...........M>..my....I.^.C...L./....6...1.K.$`..VW.............!..z&...07......h.Ae84|.`....F..r..E..k$....w.......&.N.8.7.........jdg..Q.;...|I .KV.....n...0=......Y.....Argo...&.".ac....Eq{..e5~o3-.%.7..?T.@..U$2......T....>.%{..;.4..4...&.!.....w...x.n..7.Cl....@v........y.ht.../.#...yBI....Q..^....0o....K.x........*....S...%..\'....G..0f....0).]5....LK....*i......ZM,m4<.......f...z..<...y%%....szc;{.|.q........3.4..<.1k..8.R....a..o?..o..~....9......XB..T'}$......=...|...*......e..7i[...TR.2>"~.........0...G.[.........n.a..RC.1...y.....O......!..7...R...-./..f.C.Dk......P..g...p.!....u7....^5.....F..y....V..Q$.....L......[.:.n.._...g.........k2.........eE.9[...Zi...kY..o. .^.X..A......s...B..}.r#
<<< skipped >>>
GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=79511-118083
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r9---sn-3c27ln7d.c.pack.google.com
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 38573
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Tue, 23 Dec 2014 17:41:59 GMT
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 79511-118083/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
.....e.kl3K.U.V q.......z...g..F.J..G..;eZZ...O..[.Z....]s.....V.....z.../z.&.n...m..(.....r|i.%.....<.ztFcv......C.z.m....Eo.".,^.LN%%GXh.`!..a.z... .*..~Z...$.v.2..os9.._..n...*l.....{&...}....[..,...-.... ..f.v..k@E....$#....V[....^.0}.[3I.......4.......q.].K.Qc.QP.%..*....y.%....nW.D.w.J....Z.fy!.M..D.EU..w......N..%./"."..I.(.1~.................2..D..R=.d.,$....n.....\.V.,#.l.4-...W.^"..'.tK&..kg..-f.0L....K.....qx.`.@=.o....ij^...... . .G....3.s[...K@.y.<.f.z.k.h..S5...BK_8...P.../K..).I..B.......{..S.6S....&....!5.J...^L../Nr...n..o?.2v.L...F[q$v..4....W....?WO.P.\.w..<W1........B`.DTr.7.zm.@I.[... .........W..].]...o.K.Z&Deo...@...m.1...%.....Z.g.......`.....M...h........!m]..=".G&..Z...U..s.. .....l.%.[.S...B..oY....h.}Z.s~.tY.N=...e..9$...".h...&...i.P=la.,.'fh..;....<.A..~i.... ....p.q8..S{.Y^&........CD..3..j..t.(......U#...4?.F.D.dS...\.6/f....!W..m=-V.Q>.#.uK...e..`f.Hg...>X...Ue.."$...eE..^.J...f..k.1S........`..%H.H"IDA&&...ok..k.p.\..U......{.M.A..iT...0..b. ..i.d..~H^....=aU@S.#.YoQok.8\. {..G..i4.....)..9Ws..T.. .U1.......U.I.*>......q......2.......A....}:..u...W...>...5.m..{.......%.o..n.....*#[.).w#...M.0Y.B4..G.v|.j. %EN.......t..;9....-..._.B%g.C..tq.."....kT.~..Q..'..Q.<.b...";..k.pZDO..\......Q. ..F....T.iL0JOB..1..O[V.. ..wL.&}.y.%9...z......%....w.U.!.4|.[.....X..{.U^]..N...l..E..........A.d....\Ru.._...b.#..`yy_...}.J...S.3..:......P79.i....5..............P.R..WO.@\...../2..B$.#.O.1674...."..[.5e.A..Y.....^.,.H1. ....RE......Jj.2ku..C..Y..(.......*O.....4..
<<< skipped >>>
GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=118084-191261
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r9---sn-3c27ln7d.c.pack.google.com
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 73178
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Tue, 23 Dec 2014 17:41:59 GMT
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 118084-191261/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
...8#.-.....Z C.2V.L....N....$...<......u,sg..&\rW.OW...1.5..r.tQ...vT...I_.1.L.jh..~..2...I...D.......Lg... ....#.P{.2".lrH....c.B.M.Iw.]l9'.W..S.v.U..[I.tUUMvw..fI-:iR..pu.%....g742.{. .y..r........}..ah..\..O.3..7.>...4\."..r.>.5...^2tR .... ..".".M..e...E.rS}.$hO.@.X.....qsG:...^U'2;._....5.u.Z.7c..MP.....~o...y..XbN.%...S.~@.u^.J.5......}.?../...m.z..wM. _...BzD...k....g.N...!...&q......X.....qv`%.U=P....x.7.C..JY.N...dMi4..8.9.....R<B..GD...... ..A:.n#Q.D.4.AJ......A..(.........I#..P)X..{.....O-..g....6.A...].@../..u....*......-. )|..P.X......G.iS.d...T?.,Dt...._n.F............0...2.1:".)v..=.I.$..w?O.|.....\...2..........2..T7.Q..&F..j0..~.I..P....D.E.l.....l..m...Q....Fi.gD..Ch..JA.b......~...]...VI.x8QRG....l....C]....&..;.z......4..M.H..d..W[.M.}.....&%..S8.z.......6.!.&.]e4jw.Y....:..3..h&'c`.a..EZ.Z...;..4....X.s.P.[..k..m.......mjN)..'.p.sk.i.c._;`....*.:..N...;m*....q.j........C.E........A....=..g................#.....K.i0.t..A.....U.o.".E..}...5.Cv.%...¸..^........\.`&v.l.......Y|.m....=...... ...\...0}..........o...{....y![q)Z^c`Ny.........%..iq../.~{....vIR.=|....@.N..I*yi.......6<..L.G..^OV.g..i.pEa..X<..!....l./..I......$......6k ...t....9 ........\....Z....;!< .....)b.......F..D....5...k._W. ...~gY_.....gE##..C.B&......R....w.x.m...z........8.G.92.;.T.....C...c-.:.r....)......5wr...u0..j....<..L.ui...g...4.B.\....<F..6 .!..JC...L.H.,L......ci....Si..!....BCX(H........^...r....y@.....E..GCZ^...4.... .4.u.X.........I..m.rd...Jj.).X".mm0vs....$...FI.W.......Q..U..-.
<<< skipped >>>
GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=191262-444794
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r9---sn-3c27ln7d.c.pack.google.com
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 253533
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Tue, 23 Dec 2014 17:41:59 GMT
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 191262-444794/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
....0.......88HI.%.i(%.....\!pc~W.....:9....p...I..qX4Z....W.3y7...)..#...*d.......?=.m..L.z^#%_G.fL..9.....}:.u[..g&..^..g.z.....eM.H..H.[.kl.}.8..LuD's..*..t..A.E..J....y.0.B=.?7....IG.M..q.*61.].k.q..P..h..Q....uG.eh..u..*.y.T.T..! ..n=|..:$..yTD`.s..Z.....1.....\..[.q....^a..B.7.38...C.)...,.._..8.ZG....N....f.-07L.n...g(..S.......Y.W......E....'0X...C.)..P..g#. .a..@x.3(&W A....>...>.O.E....S..n.fL.bRb.}H.m........},....#..I..sS...6.c.Yc....Q....N........$...C2.....hL8.....^....1..0..C.T...A...A.K....JX.vP....Z... ...&..B.8Zd.}(A..{.......@.e...#.D.....S'.....Z..Vza..7..}~.......#g.SmjoY...p..F..#...X8.."..............._..d>Tk......j<........T*]JJ..T....3...'jR.....x........v.i...r8RE.X!.z.w:.f].:......u*~...S....g$.......-x[....6.WY.LE.v..-,..t..........Z.......G.%......h..*&.'....[..N.......?.'0.G.C..A....w..R....x.).e...f8.|p*...x.1$@..r.}...9....t.&..Qm..h..BwXz.^C..|.&...M.....3..b..!>KF%^....*om..b .>.Y...d...'8.R\..w.2../;..%.F=...)#........M;..8...e....../A...We..U2.>...V*_.E....Ts]....I.}%.......Jt..........6YO.....o...fj..;\b.<.Z..2....tS@........W..@..6....%)a z..1|..P...}...8.q...#c/V..qs4..q..bk..9..d]\..A...xBJ.P....a..?.6.1f&...L...P>...1.>.p........f.....9 g.....c.....9.V.".'.@.2E..z.....Nv$m.qgSlt...y.^....ezT..&NaE..._...n3,B...3....h...p...N....Q...O.. ..Q9.Da.....C......u...P.d./....m..zk....>....`..0..Ve.l.~.G....V...^.L..b........V..)9R_....)....D./.F."v...#;.R..9.Sj.,..,~......r...@..y^.0.c%M..~......>J^...x.b*.4.........J..K< ....x.F.;qf..c..:.
<<< skipped >>>
GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=444795-717433
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r9---sn-3c27ln7d.c.pack.google.com
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 272639
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Tue, 23 Dec 2014 17:41:59 GMT
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 444795-717433/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
. .......A.....?....n.=....)....2.....c.N.t}....2W;F[....M.2GM~.N.u....8.k!.s....3y.cc..t=....y..G..0Q..UG..x).....n. -..e.fS...&N...j...O..C..i.8_..<.".......T..[.a..&..$.geYU.....,.qG.w.^...q..o...s.....e.]QJ\..GA.Ny.CI.......eG....O..*..[.7<(B..).~'.........Lu.........;....x.......swe6..=...M.Q.9.....7M.....1........l.....X0./2.>c............~.7s........G.,.r.qopz.fs.=0/~...Q........-.O..VZ....>.....d-.Cgg.P...*?L1c.*........].z.....f..cNG.8.U.D...`...k...E..a)..5.9......*..w.......h`S...'....~w.....}......kA..>.!.HGN.........`.jUd.H[.....z......l.....\...(..@...R....pu6....{...\..)&pKy.tA]...UAD..`L^..3...[7..B..A.JY...........nn... ....l..B%......V..7%....xO.%...D|......;(]..;..?.k...b.....q......iYdXw.h... ._t.>F.8.L.....Nt..."V0..r........H^.{..(.q....`..L.Du..&..".....g.bw.A2.i.6...k.xB........K&|..n....^...tV7y.L..>.../#Y...._..........p.....0.....3..~(..1........;.]OzS..V.."/.......!......?j.-.n...P..S.E..9..nG...U..(.%.~...{ ..:......e..q.w"#.......07lO.......<....ei`w..H.\3....I...4..B?....n..........JG.T{h..t.Y`u..C....QnYJ.T....i.X....JC.2.[.?....r...&.2.}...........cI;.xgC.O(......... .C..=...c...I#.Tv.(Ws.e4ZO..5.q..:p......Z...Q..Y...^4..I.....XD..5x...CV~8.3p[......|x. 9..7......4e......4...q.`..b.K*UN..C.........*.$.@..(g.u..h..X.%J%s.5.y).de.n...I..\....B..#.^h......*a.Kd...K.o.'..<./...8%.PX..._|..}.v..... b.Z... ........]J.v...R....]>...".W..s......l..h...b c.iH6R.7,.'.P.....x:=C...n..i...Q.l. ..."...... p..tjXK@0..G.X..#.3...... 2.)!d{.H._&i.bk..[Bj|...Y.E.[Q
<<< skipped >>>
GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=717434-1335064
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r9---sn-3c27ln7d.c.pack.google.com
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 617631
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Tue, 23 Dec 2014 17:41:59 GMT
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 717434-1335064/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
M..6v..!.[.?n.I.HL.......4..a..Z........0_.{..g.l/..1%.r.m)..o....^.g.1l..x..yh..C..^fc...(...T;....A.pe......V.AQ........x..._...........rL.]\.q..mt..t5U.N...d.Q.........wM...]jQ.O.d........7D...p...R.....E..Gd.M.V......&IZ..~....6...S;...h`...~...../dVSL.......G..S.J...T.l.5...:...`.z...T$....~...om..C..9H..U...C.i...........%.....`L..E.. ....p....*..q#...h....g...m../.)'r......Q~I.u....aA..o...|.=.iNMR..h0<....76..gw....gN.c...~vN5$NZ..N.'.[.|..:.mOe..?O...90=...- .}f.3*.!......~.Y.t.*....2Qv.g...L.(Q@n5G4...\......}m...'..;...-X.F.q.............:..=.zX......lh. ..........,._.f{P .[..s...yLP...s.>...UO5As..."S .).IQ-N....vJ..X<...}...S7.:[..d...no...l...S.......Dlw.......sf...G.V...gkCj..8.i.bQ.z"...I..I.V@. I....AR...[...".|.V..5A..n.b,h.*v3.R... q{cc...:..A....b......s.e5....p.D;.......L.9..>c.1.@..... ...........ad3(.Q.q....BH.V:6...6..b....2....... .J...4.;v.Y.Av.......;....6w....P7[.........$].O*d.L...S[..2..?.?!t{........O1.39.:.\...T..g..w......j......<M3?......... .);y{.....cE~.v0.E.T.*.Bt......."...y.=... .j.J0X.`..uf..R.o..t....M.zA..b..B.?.....84..,@.> l .....Z.'R.....{..m.e........?.Q.G.K.......dj.}@|..q`Q.[z.....;*......j..A`...C^...c..t...@'...0.7..}....9.!$.t%......6^...,.j,c.PP.J{V....4A4..:/.[..q!o.Q.C|5.)..)....R8L....B.1jzT.. ?.......a....F.`Y.W3.)....YK.1l.!...V2=.4w.x....x...6w.Q....=...l!...B..i.)....BB.;...1..%.:...5.#.G..Q...p. i..<......nm.,..,F..I.Z5j<.)I....OQ..[.B;r...s.....=.$._|..a..7..L[.h.o....q.a5AN0.{.!.C/ l..,..=4;Eu..'. ..."..1.U1T.k......#0.......8
<<< skipped >>>
GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=1335065-3512052
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r9---sn-3c27ln7d.c.pack.google.com
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 2176988
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Tue, 23 Dec 2014 17:41:59 GMT
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 1335065-3512052/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
.jh..)V...A.8/].Z.../.GO......_.i.4.......8s6Fd..M.&......?.{Z.|....S.Z.ap|sQ../.........T.$6.......j.ym..... ...ny..S..8'....FX..p.W"..Qh..D......b......6..}F.C3c{^..e.zeG..U.i>..........y8B.=.q'.&]l.....M.G. ~.... ........C.c.j.`.....%B.J.vB.y..8A.3....[.,e....*..=xCl*..EG;.l<o...... ...t.Il,a..7Y.m.>..g......S.C.b^......T@..^......."....|m.ZW.h!.1C.....g.=..C....m..c1. ...1/e...............K......jH...y.0"u..w.x..5^.........]...'-In'Ogs.......||..pE.....soD..yf......:.........u.H9.h...iwRXt.....D.......B..FY..K........G""J.c......0W.qFFQ.....1....\.1B...)..zcqj...o..... ;......ax.....Ro.-..,.(/..;.:.|.|#.u.....gBv...=J..V.WWA.......u.c........9. .r..`..^tB.j.,&..~I..|..H".1<,F..p...yFu.jj-/.h..S..i..7..zLp.)..j9..Z.Z.y?J....l.......D.[...J...s.[V......z.F...OA..0.:.Y.:.Y.H...0,.D....L....@O4..`...3u.!.............}.....*....s.-#..U....LH..o............0..T4"......N.....w.......$.[".}v.F$..0......9d.;a..p.....x...\t..a8.-.:EkF.._..........85...;.. ..R.......oa.m.f.c...u....F..; ..#.b{f.O...u_...m~...D..............o.....W&..7....1rt..)....|. ...)t.6P.K..A......... .......{.qjq.Y.2....8......8YH..7).......R..M..Fd..d;..{...._..<.I).dq.....(."AML.s.Q.....f.S..WZVR@....-..mg..Y..Bw..KtY..Q.d.G.O....3Q.d...[37.=..ev{.f.C.eo.wI/...w. Wb........u..8.Bi.....#M.Y|..W....2....\...TJ.&.......`.......c6L#/b..".DS./...a(...<.Z.f..W(.....<..}..4..E.B....Rq..va`..r.*..q......*CG.I...x......cp0..G.1.C.....Nk..&..y.2......F.%.[@.........$[`f%.i.B........E.....:......F.!..?.N..#..M..s..........;.q.t ....B
<<< skipped >>>
GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=3512053-8336686
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r9---sn-3c27ln7d.c.pack.google.com
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 4824634
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Tue, 23 Dec 2014 17:41:59 GMT
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 3512053-8336686/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
Rm..2.Y....f.S..>M^..N|j$b.?.8p..R...9.u..i...T......J....w9w...H6*.~...%.|.?9...%^.9.*.1tO....H;....I.....7.]..gs6.............../SC.f.8...RA....E.......Es!....y.v.&.N....KH..Aq.d,.oJ.......2...."<......R...I.bK.eT.x.,.i.....Hf##..y$.*...h...d:.C...#.....w..Pe.f.........,....g..P....7.. ..P.jD....._hD>..}.|.....,5V..o".!.B..-^.L<$A>..g....x>..Xk....=............s~L.b...v[...GtQ.$#.D..c?K.....t'$a.T.t?....5.,./.P.._.m.O<....vZR.%.s.r..2.R.6..I&..*....?.5..3.U.E......F...W.......o..&*./. .dX.=.Q...J"~....ph..R.@)..?L....}~;Z..o..2..*"S../..6......... .z.....S.....F..nk.Ac]..~...A^G.%..)]..TE..\..T...*.Q......*...M....0.._|.....2.P....T..q...J*HU.=2q.ok#bp.i..s.>[.B..=?<.k.;.w.40.......|..4^2.......I.Y.]-a.'CO(f.K}.}t0Ik.........T........ u.E..=.kG.......rL).~.............G.......:|......m.. $.*.P..\..O.&.E.s..&9..`Mf.O..X7....-e....b..[p.&a.%.l...$ep?.[...y...".k...I..e. W.P.q.4.y.gz.\a...m?.d..|*|..0....k. O..>.E......9O...>o. ......R.<.M...._.g...........MZ V.wr.8.....w...<~r..\}H.o....g.NW..7_VN93..|..0...X.`e....v..:.|.n.r....YCjr2...9.%q?r..L....]...15.%.tWV....@..u{...M...by..5.......P.!c..)...........n........K./.ub...................~zb..jFR..Y..1^..3m.n..:.6...~..V.k.N..rv..h')7..=.Geh?.u..Q.Aq...7K...v..q.a....9.$,q.........I.. (..sE.*.........!....:"..y..|'.|..T.Y..v.....z...11.4J.x..&..A.(.C.............p.H...1...*? .f...,\l....L|;......0z).Q..n|;'...._......-.m....Mn...=...6!-].M.h]i.)..#.. .2...N.|..H..OlEd.8;;..x.Te.!1.-/.....U..(.....PD...I.....t.....:.e8...
<<< skipped >>>
GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=8336687-18727031
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r9---sn-3c27ln7d.c.pack.google.com
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 10390345
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Tue, 23 Dec 2014 17:41:59 GMT
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 8336687-18727031/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
u`...!.......$.t..q.).....#..'...c.h*...L.w...);..u.6.N.L.._u......h....Y..8..ai..j'g....|. .@o...:D).Y....O..R....P5p......4bIj..u.-`E{..By.$a.....:...B..Z..k..2..|.W6.....FL.......yF:..}...l=.Q.V..t..4......{.v..g.L.../Q[...jr>..>...r&...4|/'.......D.......$Z...<.a..i....'....I.f....,G.`.iv7..\.Z..w...k....>....{...U.1':.K.}'N1..|0;yM]...}..j.yjj..4L.[U..vG2..h..x.....<.........({D...S...c,)8.G.'...0.` c$a...^].g#}>d.i .OTF.:....9V..>..O.R3K4....k... ....prNv......U.4Q..[e.5..%.....O!.;>......EB%'=..8..2`...}i....%5..6..!..L.j.....=].d.=....O"L...JWv.j.{.S...N$hps#....8.,.P ....C......d..S-.....<Y..m^[...Y..xZ~....JE........j....r.......c..40%.Lx...........u...5..4.F.A.'D....&.....o...R..0:.n...=z...Us...1V.....\|..>.....^........F(....4....|.s.M..e&b.....ot..@W.s{..7 . 3l..X._.w.G&.].jZ.d...jzi...Q:..)7!'.. pw...1E.......^..^.....p..Y.l.oc.r....4.../.......N..KU2.....fY'#W)1?......ake'I3...9l3..u..`Rf.i.m...R7D..8a..~[2.^v..NP..G.8.. -(.<..X.>.<.7... .s...K.>.r....^\4../.....=f:g.y.J*.t..P..J...R.M.........x.".....>..&.........&....U_...~t....c.L..A.B.uf...D$K..L.l.h.x.x..3[.n.#m&....MLq...9iB.2*B......X.=s;=.....&@H..8H1.........g..i.&$H.9..H..Y.H..).....!=...-@.....M.t.N//..".....=...3..>b...4.;....e.....H..X.?.^....z;. .b[.i..Z..90...#.-.G6h../G....i..wI:L...Ss..D.L... Q...w~1G...}.*.T.BV...<..v.39....\.(.....>.......-.........j.|a..m........!.@...w.y....Zh.....K-_....)......s..Q..!~.f..*..a.p.{..........O.c..<.#.U..Z.....<..S/..YL.YO!....... ~F.
<<< skipped >>>
GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=18727032-36558834
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r9---sn-3c27ln7d.c.pack.google.com
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 17831803
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Tue, 23 Dec 2014 17:41:59 GMT
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 18727032-36558834/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
...9......0d....{..7....L.....X.:_CZ....!.`..8.Ma.....,...Cg...]....CavaNX@.\.(...hZ.....@u..]n.S.....$...z.H{3.y...l..&.Ug.fJB.oX.U..,F-,.T.......5...po...s.$.bL6n.......$).jA...|..X......|....tJ..G,=....^..y......H.0.`c...g.j)H,B....%.c.!s... ....6e...:l..fs.5.H....w|..{.:.4.....A..;.k-.n.F_.i.....d.0E..........L..y...1....p.ii...E...kE..."..Ju|.P!......R.1.\[..q&.......6'*`..kJ.....J.q...Y.^......#.. .<K.2X............._...WL....4r.n!$L.....-,.H .w..7......N....5.l.]7/.9.>..5y..CR.t.`.........u.vR.S$Ja...[.....Pu.... ..Z....$TH.2.f.M...Z..M3...:0.A.(O#....{...|%:....K.Et..........$z@.41.z...CX.....5%y.q.%.L."$........,.'>U...J.<'X..8.oO$g....<ju..t.,.fF.c.......].p.\".....jD..V...nF.G...6....$.%V.%w~B.g..`..3..a.....v.-y.O>.?..4..ra_.J.y.v*.<.....O.o|.dr.....L;.V".t.../..-..........`a.....jW..eZ..$.hZ...*..f.(@..._.J....:.jiD..&Uv..J.s.......=.0kz.y...?.0....'...S..U G........a...,C..X....N]&g_...oz.)z.Vl7........2.e..u...>..N.....I..(....O.RJ...s...o.k..Wv..J3.....sH.;.xg.~..k.O.iQ........X.).m.1...&.j(.....h{.).....-I.nn.......,.x.=....xl..!'.........Z(@...B..p......U...... .....}T].....h.....e".2.`..g].....kC...q.....5"9..Q.u.Q`.G.7E...Q\..J.D..3x7.................R..y.....p../.m......;Rt.......\'C......v....1=........?...-....P.x*.|...i.'.r...hok3..6.(..&.^.^..z.p...P.LN..#I.3Y..u1...M...H..b..}...I........H..\TbK.A.......-$.{.!....^..t..6...4 .].zeD...N...o.l.M.e.....[PN.%R.......6..4..9].][..yB.5.(c$.[.z[..x=ez..Tj%....._.k.|n.%...#.UF....`Q.....B....x...-.,b... ..sCr...eTl...n.
<<< skipped >>>
GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=36558835-40747599
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r9---sn-3c27ln7d.c.pack.google.com
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 4188765
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Tue, 23 Dec 2014 17:41:59 GMT
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 36558835-40747599/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
.r..og|..0...~..o.k*...6~..(_.~.A]..o..A./.=..l...*.......J........\."........^.Q......F.??.K.L.."%..n>..'...7..6J......}...Y....@"P..gK...g...n..o...o.1....{.{9.G.w..ScaR.o.....7t;........a),..iI.>^.;.....;..j.E....h..`.e.[go.J........hUm.2....1..%c..9...".8\....F.k...}<...3.m?.......Q.... ..VkDm......J.....CZ...b...d b.........TS..:I........l .h.r..p....~.Xd.[....j.b.../."=..U.|..3np/?Rk?.N-A.t.6.&./....i.$/.\....Z...L$......d#.i...K.sg......c..^j..{x.$,%..;.D.]....H...H.O.Y..X.8F1.t...8...:....h/G.&,.7.d............@oiig.....Fa..{.....RGZ....n..y8...r... .V...X...RO.j...X..n..-'..A~)_..).r|R. S>m$..w...B@....7a.!';.Cj.gR....qUK.z...h...=..<)..S..7..]".l...C<.;..u .H5..[oHg...{3V.9....g....X......9..NH:).Ld3....I}...q.....2..1...*.3"._~. .....5zl...zpg......&.....#.....A-....q2...M.Y...).i .aM...35....r...x7..M7../..( S......9..G...Q....bI".$.....R..8:..r<.cd:..F.U.DF.G..f...m.K\...9J.....I......R...M...#%.$-,...A.....s.....@..d....N..7...}....E.PO.I.HT../...K..sg..p....6..V....Nv.=...y .~x....Qy...-.y. mH....E...0W.A!....=5...."..H.]...s\l...!.... }..@7.....P..s.sk......$.....k.5.`)".wx<,.b...W.....f u...'..1.6.Z;)..'..Fc...X...6.y&.,.,l.|BF...#[E.....r![.i.w&/.......@..R..&...S|[....w...=...~...gA.fZ..W-..LT.u.C_..T5M./...d.z].2.6d&.*...K,..N....I..VC..:@w3...^i.a. .....(C$..geQ....yC..I......6^:@ol. |.I....95".r[.-.sSa..B..k..z..y.{..I...X.4r5...=.BN..i.@.....d5.F...m....M.N..&...%.w......HPU.....Q>.1~&........7_4......Q..>g..|.x|...V._...%.ydj.2..........[%.........w.V.......
<<< skipped >>>
Map
The PUP connects to the servers at the folowing location(s):