Win32.Sality.3 (B) (Emsisoft), Win32.Sality.3 (AdAware), Trojan.Win32.Swrort.3.FD, Virus.Win32.Sality.FD, Virus.Win32.Sality.2.FD, VirusSality.YR, GenericAutorunWorm.YR, GenericInjector.YR (Lavasoft MAS)Behaviour: Trojan, Worm, Virus, WormAutorun
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 5747337e4492152af8060f416ce3549d
SHA1: fb865f7ba8cb0dd575653da2093579f6c945bda0
SHA256: f703250a3b0f4370bc15fecc5eadb73dfeb7ce280ff5b2a0a93ea403f0633e39
SSDeep: 12288:jTHiFlkI9s6dRi7X4 C9rr5TLeqvkQZoSNwpQO9ur8H:jTHEkBORij4 yrrlL OwAk
Size: 475984 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2013-11-12 11:47:15
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
Behaviour | Description |
---|---|
WormAutorun | A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Trojan's file once a user opens a drive's folder in Windows Explorer. |
Process activity
The Trojan creates the following process(es):No processes have been created.The Trojan injects its code into the following process(es):
%original file name%.exe:320
Explorer.EXE:1572
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process %original file name%.exe:320 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%WinDir%\system.ini (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTEVGXIR\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\cc92a7d66e[1].setToken (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1SZTR4PX\pubads_impl_49[1].js (2190 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTEVGXIR\nero-burning-rom-18[1].png (3783 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1SZTR4PX\campaign-100624,101362[1].htm (1320 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\sprite[1].png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\loading[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1SZTR4PX\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\CAOJQT25.gif (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\CAWNUT4V.gif (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\fad58-b3118[2].css (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1SZTR4PX\sd_101362_0d279[1].jpg (17910 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\fad58-b3118[1].css (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1SZTR4PX\f[1].txt (3496 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\f[1].txt (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1SZTR4PX\container[1].html (1287 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTEVGXIR\306e0-e2646[1].js (7347 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTEVGXIR\sd_100624_634cd[1].jpg (14585 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1SZTR4PX\nr-412.min[1].js (8741 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\sd_100624_634cd[1].jpg (21437 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\f[1].txt (109 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1SZTR4PX\campaign-100624,101362[1] (2390 bytes)
%Program Files%\Common Files\Java\Java Update\jusched.exe (368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\CA7W1H7O.gif (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\CAG7JRMK.gif (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\universaldownloader-prefetch[1].htm (657 bytes)
C:\hostd.exe (103 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\winthnidj.exe (741 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTEVGXIR\container[1].htm (2 bytes)
C:\autorun.inf (315 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sd.en.softonic[1].txt (11231 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTEVGXIR\f[1].txt (3462 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\CA8DYHBO.gif (35 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\Reader_sl.exe (1336 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\blank[1].gif (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1SZTR4PX\pubads_impl_49[2].js (3387 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (7384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\CAX8W7TD.gif (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\CAG9M3S1.gif (35 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sd.en.softonic[2].txt (10249 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTEVGXIR\gradientbg[1].png (2 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1SZTR4PX\pubads_impl_49[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sd.en.softonic[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\winthnidj.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\CAWNUT4V.gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\CAG9M3S1.gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\CAX8W7TD.gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\fad58-b3118[1].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1SZTR4PX\f[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\CA7W1H7O.gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\f[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\CAOJQT25.gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\CAG7JRMK.gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\CA8DYHBO.gif (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sd.en.softonic[2].txt (0 bytes)
Registry activity
The process %original file name%.exe:320 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Aas]
"a4_440" = "3154413240"
"a3_694" = "697136351"
"a2_348" = "2494851381"
"a2_349" = "2502017530"
"a2_346" = "2480517564"
"a2_347" = "2487687292"
"a2_344" = "2466183481"
"a2_345" = "2473351998"
"a2_342" = "2451836793"
"a2_343" = "2459002772"
"a2_340" = "2437499835"
"a2_341" = "2444660991"
"a2_180" = "1290439855"
"a2_181" = "1297606601"
"a2_182" = "1304772947"
"a2_183" = "1311955452"
"a2_184" = "1319108819"
"a2_185" = "1326292233"
"a2_186" = "1333458820"
"a2_187" = "1340624004"
"a2_188" = "1347786651"
"a2_189" = "1354957319"
"a4_444" = "3183089724"
"a3_789" = "1344615644"
"a3_788" = "1371246781"
[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = "1"
[HKCU\Software\Aas]
"a2_749" = "1074706400"
"a2_742" = "1024518804"
"a2_743" = "1031696715"
"a2_740" = "1010186109"
"a2_741" = "1017353566"
"a2_746" = "1053202479"
"a2_747" = "1060371987"
"a2_744" = "1038854117"
"a2_745" = "1046035913"
"a1_503" = "2210395814"
"a1_502" = "2320667373"
"a1_501" = "753601411"
"a1_500" = "3846193451"
"a1_507" = "3239386834"
"a1_506" = "3253439469"
"a1_505" = "1746489582"
"a1_504" = "3016075942"
"a1_509" = "2452019330"
"a1_508" = "2190227909"
"a3_659" = "412749722"
"a3_658" = "405760891"
"a4_844" = "1755770828"
"a1_946" = "3220827497"
"a3_78" = "542637991"
"a3_79" = "549622726"
"a3_72" = "533156193"
"a3_73" = "506656128"
"a3_70" = "485103791"
"a3_71" = "525712590"
"a3_76" = "561686245"
"a3_77" = "568613636"
"a3_74" = "513568291"
"a3_75" = "554631746"
"a3_259" = "1873798154"
"a3_258" = "1866220523"
"a1_435" = "2182072345"
"a1_434" = "2503230767"
"a1_433" = "2068514104"
"a1_432" = "2068620302"
"a1_431" = "89276689"
"a1_430" = "4186478837"
"a3_251" = "1782710578"
"a3_250" = "1809280147"
"a3_253" = "1830771188"
"a3_252" = "1789764949"
"a3_255" = "1844811446"
"a3_254" = "1837822487"
"a3_257" = "1825746760"
"a3_256" = "1818692393"
"a3_784" = "1308623673"
"a3_783" = "1335193222"
"a3_782" = "1328269927"
"a3_781" = "1287147972"
"a3_449" = "3202245640"
"a1_636" = "2291408260"
"a3_321" = "2284435336"
"a3_320" = "2310935401"
"a3_323" = "2332478538"
"a3_322" = "2291869739"
"a3_325" = "2346910988"
"a3_324" = "2339397869"
"a3_327" = "2327338446"
"a3_326" = "2320415151"
"a3_329" = "2375379584"
"a3_328" = "2368468577"
"a3_971" = "2682835394"
"a1_729" = "3561492871"
"a1_728" = "3589131433"
"a3_439" = "3130280062"
"a3_438" = "3123369951"
"a3_435" = "3101883130"
"a3_434" = "3094824539"
"a3_437" = "3149870012"
"a3_436" = "3142426397"
"a3_431" = "3106444646"
"a3_430" = "3065901255"
"a3_433" = "3087376952"
"a3_432" = "3113879961"
"a4_818" = "1569373682"
"a4_819" = "1576542803"
"a4_810" = "1512020714"
"a4_811" = "1519189835"
"a4_812" = "1526358956"
"a4_813" = "1533528077"
"a4_814" = "1540697198"
"a4_815" = "1547866319"
"a4_816" = "1555035440"
"a4_817" = "1562204561"
"a1_670" = "1573224667"
"a2_748" = "1067539459"
"a1_593" = "431139822"
"a3_94" = "690598327"
"a3_95" = "698045910"
"a3_96" = "671534665"
"a3_97" = "678453992"
"a3_90" = "662052915"
"a3_91" = "669107282"
"a3_92" = "643004661"
"a3_93" = "649993492"
"a3_98" = "685967115"
"a3_99" = "726580138"
"a4_605" = "42350909"
"a4_604" = "35181788"
"a4_607" = "56689151"
"a4_606" = "49520030"
"a4_601" = "13674425"
"a4_600" = "6505304"
"a4_603" = "28012667"
"a4_602" = "20843546"
"a4_979" = "2723602163"
"a4_978" = "2716433042"
"a4_609" = "71027393"
"a4_608" = "63858272"
"a1_984" = "1620476006"
"a1_983" = "2933608750"
"a1_982" = "1188874552"
"a1_981" = "843930903"
"a1_980" = "1106990929"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Aas]
"a1_855" = "1998076328"
"a3_655" = "383827462"
"a1_857" = "955073799"
"a1_856" = "3796833541"
"a1_851" = "851624685"
"a1_850" = "3209920332"
"a1_853" = "1179146748"
"a3_654" = "376767975"
"a1_859" = "1170012101"
"a3_657" = "431879896"
"a4_779" = "1289777963"
"a4_778" = "1282608842"
"a3_929" = "2381983272"
"a3_656" = "424825529"
[HKLM\SOFTWARE\Microsoft\Security Center]
"FirewallOverride" = "1"
[HKCU\Software\Aas]
"a4_771" = "1232424995"
"a3_651" = "388835458"
"a4_773" = "1246763237"
"a4_772" = "1239594116"
"a4_775" = "1261101479"
"a4_774" = "1253932358"
"a4_777" = "1275439721"
"a3_650" = "348370019"
"a3_653" = "369779012"
"a3_652" = "395889957"
"a4_151" = "1082537271"
"a4_150" = "1075368150"
"a4_153" = "1096875513"
"a4_152" = "1089706392"
"a4_155" = "1111213755"
"a4_154" = "1104044634"
"a4_157" = "1125551997"
"a4_156" = "1118382876"
"a4_159" = "1139890239"
"a4_158" = "1132721118"
"a1_185" = "2581249199"
"a1_184" = "2337334464"
"a1_183" = "2424927341"
"a1_182" = "2979684424"
"a1_181" = "2093867254"
"a1_180" = "2310423066"
"a1_963" = "4077970335"
"a4_559" = "4007538639"
"a4_558" = "4000369518"
"a4_555" = "3978862155"
"a4_554" = "3971693034"
"a4_557" = "3993200397"
"a4_556" = "3986031276"
"a4_551" = "3950185671"
"a4_550" = "3943016550"
"a4_553" = "3964523913"
"a4_552" = "3957354792"
"a1_753" = "2887739143"
"a1_801" = "2633103842"
"a4_824" = "1612388408"
"a4_393" = "2817464553"
"a4_392" = "2810295432"
"a4_391" = "2803126311"
"a4_390" = "2795957190"
"a4_397" = "2846141037"
"a4_396" = "2838971916"
"a4_395" = "2831802795"
"a4_394" = "2824633674"
"a4_399" = "2860479279"
"a4_398" = "2853310158"
"a4_865" = "1906322369"
"a4_864" = "1899153248"
"a4_867" = "1920660611"
"a1_932" = "3863638421"
"a4_866" = "1913491490"
"a1_933" = "3896286936"
"a4_861" = "1877645885"
"a3_758" = "1122262303"
"a4_860" = "1870476764"
"a1_931" = "3554013366"
"a4_863" = "1891984127"
"a1_936" = "2302291942"
"a4_862" = "1884815006"
"a1_937" = "522572762"
"a2_405" = "2903494818"
"a2_404" = "2896347601"
"a2_407" = "2917830100"
"a2_406" = "2910659772"
"a2_401" = "2874810895"
"a2_400" = "2867646385"
"a2_403" = "2889159330"
"a2_402" = "2881994303"
"a1_935" = "3122051319"
"a2_409" = "2932163040"
"a2_408" = "2924995149"
"a2_975" = "2694934206"
"a2_974" = "2687759497"
"a2_977" = "2709261358"
"a2_976" = "2702092879"
"a2_971" = "2666242244"
"a2_970" = "2659074577"
"a2_973" = "2680593019"
"a4_896" = "2128565120"
"a2_979" = "2723595324"
"a2_978" = "2716426449"
"a1_222" = "3792160069"
"a1_223" = "3498312482"
"a1_220" = "3933309957"
"a1_221" = "2591420645"
"a1_226" = "1490557945"
"a1_227" = "2291118015"
"a1_224" = "2501406355"
"a1_225" = "1465038648"
"a1_228" = "3034438239"
"a1_229" = "4289019264"
"a2_579" = "4150923580"
"a2_578" = "4143757663"
"a2_571" = "4093560714"
"a2_570" = "4086391162"
"a2_573" = "4107908294"
"a2_572" = "4100741109"
"a2_575" = "4122242216"
"a2_574" = "4115073823"
"a2_577" = "4136574635"
"a2_576" = "4129408930"
"a2_351" = "2516354362"
"a2_350" = "2509186689"
"a2_353" = "2530701597"
"a2_352" = "2523534125"
"a2_355" = "2545037140"
"a2_354" = "2537877131"
"a2_357" = "2559370976"
"a2_356" = "2552203303"
"a2_359" = "2573721309"
"a2_358" = "2566539165"
"a3_906" = "2183550307"
"a3_622" = "147491207"
"a2_193" = "1383643722"
"a2_192" = "1376477023"
"a2_191" = "1369308412"
"a2_190" = "1362127413"
"a2_197" = "1412309906"
"a2_196" = "1405142451"
"a2_195" = "1397976046"
"a2_194" = "1390807869"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Aas]
"a3_624" = "195544665"
"a2_199" = "1426662736"
"a2_198" = "1419492816"
"a3_625" = "168917752"
"a2_759" = "1146389817"
"a3_626" = "175906587"
"a2_755" = "1117724028"
"a2_754" = "1110554704"
"a2_757" = "1132056447"
"a3_627" = "183481274"
"a2_751" = "1089037216"
"a2_750" = "1081870974"
"a2_753" = "1103388417"
"a2_752" = "1096218938"
"a1_536" = "3981542875"
"a1_537" = "2668391207"
"a1_534" = "3908551979"
"a1_535" = "2556071434"
"a1_89" = "1173003620"
"a1_88" = "2879220014"
"a1_530" = "3318093932"
"a1_531" = "1749212485"
"a1_85" = "1275584315"
"a1_84" = "1831039882"
"a1_87" = "2299876026"
"a1_86" = "3669155528"
"a1_81" = "1441194160"
"a1_80" = "4149883652"
"a1_83" = "2841905592"
"a1_82" = "3509624992"
"a3_914" = "2274560123"
"a2_898" = "2142896427"
"a1_896" = "2897340756"
"a1_890" = "1243149887"
"a2_899" = "2150079379"
"a1_67" = "1220943704"
"a1_66" = "3380930430"
"a1_65" = "432398971"
"a3_133" = "970345548"
"a1_63" = "3218175111"
"a3_135" = "950830350"
"a3_136" = "991836577"
"a1_60" = "970416896"
"a3_138" = "1006335587"
"a3_139" = "979823234"
"a3_684" = "625694981"
"a1_438" = "1255945534"
"a3_682" = "577634371"
"a3_683" = "584688866"
"a1_69" = "3036958462"
"a1_68" = "398851696"
"a3_228" = "1617824845"
"a3_229" = "1624875244"
"a3_224" = "1588903625"
"a3_225" = "1629901672"
"a3_226" = "1636956043"
"a3_227" = "1610836010"
"a3_220" = "1593911669"
"a3_221" = "1600966036"
"a3_222" = "1608410679"
"a3_223" = "1581849174"
"a1_408" = "2866053412"
"a1_409" = "3558056775"
"a1_402" = "3124322016"
"a1_403" = "3930398581"
"a1_400" = "3862243278"
"a1_401" = "3345402300"
"a1_406" = "1994966410"
"a1_407" = "1451369330"
"a1_404" = "116181306"
"a1_405" = "1793452491"
"a2_823" = "1605216496"
"a2_822" = "1598050467"
"a2_821" = "1590872683"
"a3_354" = "2521277451"
"a3_355" = "2528204970"
"a3_356" = "2568813773"
"a3_357" = "2576322924"
"a3_350" = "2492225207"
"a3_351" = "2499791574"
"a3_352" = "2540269385"
"a3_353" = "2547254248"
"a2_827" = "1633898545"
"a1_628" = "2162629450"
"a3_358" = "2583246223"
"a3_359" = "2556735022"
"a1_854" = "2400100653"
"a2_826" = "1626732937"
"a2_825" = "1619553266"
"a1_718" = "1519762768"
"a1_719" = "1528720417"
"a1_716" = "915343875"
"a1_717" = "3530668060"
"a1_714" = "1118994388"
"a1_715" = "2427845817"
"a1_712" = "3714852567"
"a1_713" = "1178852982"
"a1_710" = "3952132191"
"a1_711" = "743304766"
"a4_809" = "1504851593"
"a4_808" = "1497682472"
"a4_803" = "1461836867"
"a1_629" = "379955180"
"a4_801" = "1447498625"
"a4_800" = "1440329504"
"a4_807" = "1490513351"
"a4_806" = "1483344230"
"a4_805" = "1476175109"
"a4_804" = "1469005988"
"a4_37" = "265257477"
"a4_36" = "258088356"
"a4_35" = "250919235"
"a4_34" = "243750114"
"a4_33" = "236580993"
"a4_32" = "229411872"
"a4_31" = "222242751"
"a4_30" = "215073630"
"a4_144" = "1032353424"
"a4_39" = "279595719"
"a4_38" = "272426598"
"a3_915" = "2281614490"
"a4_843" = "1748601707"
"a3_142" = "1034864615"
"a4_946" = "2487021170"
"a4_947" = "2494190291"
"a4_944" = "2472682928"
"a4_945" = "2479852049"
"a4_942" = "2458344686"
"a4_943" = "2465513807"
"a4_940" = "2444006444"
"a4_941" = "2451175565"
"a4_948" = "2501359412"
[HKCU\Software\Aas\695404737]
"28676484" = "35"
[HKCU\Software\Aas]
"a4_498" = "3570222258"
"a4_499" = "3577391379"
"a4_494" = "3541545774"
"a4_495" = "3548714895"
"a4_496" = "3555884016"
"a4_497" = "3563053137"
"a4_490" = "3512869290"
"a4_491" = "3520038411"
"a4_492" = "3527207532"
"a4_493" = "3534376653"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014091520140916]
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012014091520140916\"
[HKCU\Software\Aas]
"a3_448" = "3194799081"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Aas]
"a2_941" = "2451170395"
"a4_708" = "780770372"
"a4_709" = "787939493"
"a3_918" = "2303105535"
"a3_919" = "2310025758"
"a4_704" = "752093888"
"a4_705" = "759263009"
"a4_706" = "766432130"
"a4_707" = "773601251"
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"UacDisableNotify" = "1"
[HKCU\Software\Aas]
"a4_701" = "730586525"
"a4_702" = "737755646"
"a4_703" = "744924767"
"a1_888" = "3688254914"
"a1_889" = "912025742"
"a1_886" = "358863244"
"a1_887" = "3211444909"
"a1_884" = "2971868346"
"a1_885" = "2818187559"
"a1_882" = "1178817819"
"a1_883" = "1263857104"
"a1_880" = "2042065446"
"a1_881" = "3363774094"
"a4_124" = "888971004"
"a4_125" = "896140125"
"a4_126" = "903309246"
"a4_127" = "910478367"
"a4_120" = "860294520"
"a4_121" = "867463641"
"a4_122" = "874632762"
"a4_123" = "881801883"
"a4_128" = "917647488"
"a4_129" = "924816609"
"a2_593" = "4251292106"
"a3_444" = "3166269973"
"a3_445" = "3206813364"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKCU\Software\Aas]
"a1_831" = "361849185"
"a2_592" = "4244126991"
"a1_930" = "3857795109"
"a1_948" = "506022213"
"a4_238" = "1706250798"
"a4_239" = "1713419919"
"a4_230" = "1648897830"
"a4_231" = "1656066951"
"a4_232" = "1663236072"
"a4_233" = "1670405193"
"a4_234" = "1677574314"
"a4_235" = "1684743435"
"a4_236" = "1691912556"
"a4_237" = "1699081677"
"a1_480" = "333377457"
"a1_723" = "4032836429"
"a1_722" = "3788370949"
"a1_721" = "373629839"
"a1_720" = "3475263989"
"a1_768" = "757178709"
"a1_727" = "164304843"
"a1_726" = "881194584"
"a2_643" = "314771444"
"a2_790" = "1368644300"
"a1_725" = "222525965"
"a2_642" = "307604525"
"a1_724" = "3252967278"
"a2_641" = "300436050"
"a2_640" = "293268345"
"a2_647" = "343452605"
"a2_646" = "336285826"
"a1_158" = "3875725423"
"a1_159" = "1592817806"
"a2_645" = "329118214"
"a1_150" = "403895951"
"a1_151" = "776915845"
"a1_152" = "851394265"
"a1_153" = "3024617901"
"a1_154" = "3593379048"
"a1_155" = "131234754"
"a1_156" = "3663464005"
"a1_157" = "927374277"
"a1_235" = "3861944001"
"a1_234" = "3109231355"
"a1_237" = "1868760955"
"a1_236" = "4173549989"
"a1_231" = "3233904187"
"a1_230" = "2865690999"
"a1_233" = "2885175580"
"a1_232" = "3313021397"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Aas]
"a1_239" = "3023866356"
"a1_238" = "4144934032"
"a2_210" = "1505523175"
"a2_211" = "1512675780"
"a2_212" = "1519860401"
"a2_213" = "1527027772"
"a2_214" = "1534195705"
"a2_215" = "1541369344"
"a2_216" = "1548522229"
"a2_217" = "1555697190"
"a2_218" = "1562863463"
"a2_219" = "1570030499"
"a1_966" = "668069237"
"a2_508" = "3641911284"
"a2_384" = "2752941455"
"a2_504" = "3613230174"
"a2_505" = "3620412382"
"a2_506" = "3627578426"
"a2_507" = "3634745849"
"a2_500" = "3584563417"
"a2_501" = "3591726658"
"a2_502" = "3598895163"
"a2_503" = "3606064988"
"a2_791" = "1375812648"
"a2_698" = "709076629"
"a2_699" = "716246779"
"a2_694" = "680396652"
"a2_695" = "687577534"
"a2_696" = "694745690"
"a2_697" = "701913557"
"a2_690" = "651728466"
"a2_691" = "658892369"
"a2_692" = "666059015"
"a2_693" = "673229946"
"a2_324" = "2322800179"
"a2_325" = "2329956202"
"a2_326" = "2337129761"
"a2_327" = "2344300157"
"a2_320" = "2294115955"
"a2_321" = "2301281329"
"a2_322" = "2308463285"
"a2_323" = "2315632308"
"a1_521" = "4177849392"
"a1_520" = "2905483613"
"a1_523" = "3444765162"
"a1_522" = "1575910915"
"a2_328" = "2351465135"
"a2_329" = "2358648926"
"a1_527" = "1979539256"
"a1_526" = "1315067276"
"a2_799" = "1433168562"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKCU\Software\Aas]
"a2_798" = "1425997193"
"a4_962" = "2601727106"
"a1_98" = "180569467"
"a1_99" = "3789237466"
"a1_92" = "2726995222"
"a1_93" = "3478392928"
"a1_90" = "622596048"
"a1_91" = "3660745850"
"a1_96" = "436411701"
"a1_97" = "1309794487"
"a1_94" = "3471686432"
"a1_95" = "580582469"
"a1_74" = "4185868737"
"a1_75" = "1020818863"
"a1_76" = "695238556"
"a1_77" = "1417177585"
"a1_70" = "1217050680"
"a1_71" = "2924903581"
"a1_72" = "2231819788"
"a1_73" = "1668277733"
"a3_699" = "733118194"
"a3_698" = "725670483"
"a3_129" = "907869896"
"a3_128" = "934369961"
"a1_78" = "888237257"
"a1_79" = "1708909649"
"a3_239" = "1730403494"
"a3_238" = "1689270279"
"a3_237" = "1682343908"
"a3_236" = "1708909381"
"a3_235" = "1701334818"
"a3_234" = "1660856963"
"a3_233" = "1653814880"
"a3_232" = "1646370241"
"a3_231" = "1672935854"
"a3_230" = "1665877263"
"a1_419" = "126561434"
"a1_418" = "3064865817"
"a3_953" = "2520368944"
"a1_415" = "2565677338"
"a1_414" = "854933128"
"a1_417" = "3665385048"
"a1_416" = "3081725686"
"a1_411" = "2792418531"
"a1_410" = "3075540535"
"a1_413" = "3902070457"
"a1_412" = "3534330581"
"a3_939" = "2419869154"
"a3_347" = "2504287570"
"a3_346" = "2463809843"
"a3_345" = "2456759440"
"a3_344" = "2482866289"
"a3_343" = "2475825118"
"a3_342" = "2468836287"
"a3_341" = "2427838236"
"a3_340" = "2420783869"
"a3_349" = "2485301780"
"a3_348" = "2511804917"
"a1_701" = "4011995169"
"a1_700" = "144744320"
"a1_703" = "1730380049"
"a1_702" = "1094527912"
"a1_705" = "951988474"
"a1_704" = "3708803186"
"a1_707" = "691425964"
"a1_706" = "3460719416"
"a1_709" = "3360071278"
"a1_708" = "3718210168"
"a2_360" = "2580885522"
"a4_838" = "1712756102"
"a2_361" = "2588055262"
"a4_836" = "1698417860"
"a4_837" = "1705586981"
"a4_834" = "1684079618"
"a4_835" = "1691248739"
"a4_832" = "1669741376"
"a2_362" = "2595213762"
"a4_830" = "1655403134"
"a4_831" = "1662572255"
"a4_24" = "172058904"
"a4_25" = "179228025"
"a4_26" = "186397146"
"a4_27" = "193566267"
"a4_20" = "143382420"
"a4_21" = "150551541"
"a4_22" = "157720662"
"a4_23" = "164889783"
"a4_951" = "2522866775"
"a2_364" = "2609551691"
"a4_953" = "2537205017"
"a4_952" = "2530035896"
"a4_28" = "200735388"
"a4_29" = "207904509"
"a4_957" = "2565881501"
"a2_365" = "2616722785"
"a2_366" = "2623905540"
"a2_367" = "2631069916"
"a1_743" = "1360432974"
"a2_168" = "1204405323"
"a2_169" = "1211587242"
"a4_847" = "1777278191"
"a4_489" = "3505700169"
"a4_488" = "3498531048"
"a4_487" = "3491361927"
"a4_486" = "3484192806"
"a4_485" = "3477023685"
"a4_484" = "3469854564"
"a4_483" = "3462685443"
"a4_482" = "3455516322"
"a4_481" = "3448347201"
"a4_480" = "3441178080"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014091520140916]
"CacheOptions" = "11"
[HKCU\Software\Aas]
"a2_160" = "1147052807"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014091520140916]
"CacheLimit" = "8192"
[HKCU\Software\Aas]
"a4_973" = "2680587437"
"a2_161" = "1154234588"
"a4_977" = "2709263921"
"a4_972" = "2673418316"
"a4_971" = "2666249195"
"a3_901" = "2147558220"
"a3_900" = "2174193453"
"a3_903" = "2162063374"
"a3_902" = "2154612719"
"a3_905" = "2209657024"
"a3_904" = "2202606753"
"a4_719" = "859630703"
"a4_718" = "852461582"
"a4_717" = "845292461"
"a4_716" = "838123340"
"a4_715" = "830954219"
"a4_714" = "823785098"
"a4_713" = "816615977"
"a4_712" = "809446856"
"a4_711" = "802277735"
"a4_710" = "795108614"
"a1_891" = "3587402933"
"a3_776" = "1251683361"
"a1_893" = "1299530220"
"a1_892" = "786977278"
"a1_895" = "3833120326"
"a1_894" = "2423168992"
"a1_897" = "878571692"
"a3_777" = "1292288064"
"a1_899" = "2877879294"
"a1_898" = "345993610"
"a4_974" = "2687756558"
"a3_774" = "1270749039"
"a4_137" = "982169577"
"a4_136" = "975000456"
"a4_135" = "967831335"
"a4_134" = "960662214"
"a4_133" = "953493093"
"a4_132" = "946323972"
"a4_131" = "939154851"
"a4_130" = "931985730"
"a3_772" = "1222762157"
"a4_139" = "996507819"
"a4_138" = "989338698"
"a4_975" = "2694925679"
"a3_770" = "1208254955"
"a3_771" = "1215707658"
"a2_455" = "3261953204"
"a1_617" = "3568331164"
[HKCU\Software\Softonic\Universal Downloader]
"uuid" = "D6DD384A-6EFA-43B2-8367-CD9C5B30666A"
[HKCU\Software\Aas]
"a4_229" = "1641728709"
"a4_228" = "1634559588"
"a4_223" = "1598713983"
"a4_222" = "1591544862"
"a4_221" = "1584375741"
"a4_220" = "1577206620"
"a4_227" = "1627390467"
"a4_226" = "1620221346"
"a4_225" = "1613052225"
"a4_224" = "1605883104"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014091520140916]
"CachePrefix" = ":2014091520140916:"
[HKCU\Software\Aas]
"a1_615" = "3695250270"
"a2_459" = "3290618250"
"a3_678" = "548713167"
"a1_614" = "3395610879"
"a1_820" = "1964905738"
"a1_821" = "808967749"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Aas]
"a1_822" = "2188166873"
"a1_149" = "895771946"
"a1_148" = "3942057135"
"a1_143" = "2190012797"
"a1_142" = "4063618074"
"a1_141" = "2723579432"
"a1_140" = "1692845837"
"a1_147" = "317332838"
"a1_146" = "3459416332"
"a1_145" = "3543732649"
"a1_144" = "3577437385"
"a1_826" = "261275456"
"a1_827" = "2611808516"
"a2_203" = "1455326148"
"a2_202" = "1448153408"
"a2_201" = "1440993002"
"a2_200" = "1433828831"
"a2_207" = "1484012816"
"a2_206" = "1476841772"
"a2_205" = "1469676734"
"a2_204" = "1462492829"
"a2_209" = "1498343936"
"a2_208" = "1491178357"
"a2_519" = "3720779997"
"a2_518" = "3713613697"
"a2_517" = "3706429973"
"a2_516" = "3699264905"
"a2_515" = "3692098752"
"a2_514" = "3684929853"
"a2_513" = "3677765106"
"a2_512" = "3670597221"
"a2_511" = "3663414644"
"a2_510" = "3656246457"
"a2_689" = "644560705"
"a2_688" = "637391703"
"a2_687" = "630224400"
"a2_686" = "623046065"
"a2_685" = "615877085"
"a2_684" = "608707778"
"a2_683" = "601542811"
"a2_682" = "594364743"
"a2_681" = "587209454"
"a2_680" = "580039831"
"a2_337" = "2415998982"
"a2_336" = "2408819258"
"a2_335" = "2401663630"
"a2_334" = "2394484705"
"a2_333" = "2387316074"
"a2_332" = "2380151387"
"a2_331" = "2372981948"
"a2_330" = "2365814959"
"a1_554" = "1448864291"
"a1_555" = "3306840400"
"a1_556" = "251838438"
"a1_557" = "3211339990"
"a3_242" = "1718323611"
"a1_551" = "1809872530"
"a2_339" = "2430334677"
"a2_338" = "2423168561"
"a4_673" = "529851137"
"a1_918" = "56662144"
"a1_919" = "956950633"
"a3_243" = "1725243962"
"a1_852" = "504307635"
"a1_914" = "2621244165"
"a1_398" = "3213396380"
"a1_399" = "2400391163"
"a4_679" = "572865863"
"a1_392" = "3659455175"
"a1_393" = "4258995342"
"a1_390" = "792290316"
"a1_391" = "624110427"
"a1_396" = "1366682741"
"a1_397" = "3713672403"
"a1_394" = "1431378708"
"a1_395" = "3434540974"
"a1_858" = "1356424658"
"a3_116" = "814879197"
"a3_117" = "821922428"
"a3_114" = "834001179"
"a3_115" = "807894458"
"a3_112" = "785940569"
"a3_113" = "826942712"
"a3_110" = "771902343"
"a3_111" = "778955814"
"a1_49" = "1034440646"
"a1_48" = "3094354718"
"a3_554" = "3988280259"
"a3_118" = "862924447"
"a3_119" = "869974846"
"a3_202" = "1465015971"
"a3_203" = "1472066242"
"a3_200" = "1416954337"
"a3_201" = "1424013824"
"a3_206" = "1493543975"
"a3_207" = "1500987462"
"a3_204" = "1445500773"
"a3_205" = "1452936068"
"a1_197" = "1716976240"
"a3_759" = "1163391422"
"a3_208" = "1508041977"
"a3_209" = "1481480472"
"a3_592" = "4261104249"
"a3_593" = "4234604184"
"a3_590" = "4246617511"
"a3_591" = "4253667782"
"a3_596" = "4289649661"
"a3_597" = "4263017500"
"a3_594" = "4241589051"
"a3_595" = "4282591066"
"a3_598" = "4270526655"
"a3_599" = "4277581022"
"a4_848" = "1784447312"
"a3_578" = "4160735531"
"a3_579" = "4134104394"
"a4_770" = "1225255874"
"a3_570" = "4069660115"
"a3_571" = "4076703346"
"a3_572" = "4117701269"
"a3_573" = "4124755764"
"a3_574" = "4098128727"
"a3_575" = "4105641974"
"a3_576" = "4146245737"
"a3_577" = "4153169032"
"a1_774" = "1126929554"
"a1_775" = "754308258"
"a1_776" = "3989482859"
"a1_777" = "661108183"
"a1_191" = "3327358977"
"a1_771" = "3785988987"
"a1_772" = "895389369"
"a1_773" = "3649170610"
"a1_953" = "3022992168"
"a3_927" = "2367492374"
"a1_778" = "889707544"
"a1_779" = "2303709701"
"a3_926" = "2326953207"
"a2_17" = "121878207"
"a2_16" = "114712367"
"a2_15" = "107528316"
"a2_14" = "100361553"
"a2_13" = "93193530"
"a2_12" = "86021463"
"a2_11" = "78858900"
"a2_10" = "71695396"
"a4_829" = "1648234013"
"a4_828" = "1641064892"
"a4_776" = "1268270600"
"a1_592" = "791243791"
"a2_19" = "136209979"
"a2_18" = "129044671"
"a4_11" = "78860331"
"a4_10" = "71691210"
"a4_13" = "93198573"
"a4_12" = "86029452"
"a4_15" = "107536815"
"a4_14" = "100367694"
"a4_17" = "121875057"
"a4_16" = "114705936"
"a4_19" = "136213299"
"a4_18" = "129044178"
"a4_926" = "2343638750"
"a4_927" = "2350807871"
"a1_878" = "1720102266"
"a4_921" = "2307793145"
"a4_922" = "2314962266"
"a1_595" = "2006610958"
"a1_596" = "3270287098"
"a1_597" = "4150760550"
"a1_608" = "2131425361"
"a1_609" = "3380439172"
"a3_378" = "2693094675"
"a3_379" = "2700145074"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKCU\Software\Aas]
"a4_846" = "1770109070"
"a3_372" = "2683746013"
"a3_373" = "2657102716"
"a3_370" = "2669182491"
"a3_371" = "2676691642"
"a3_376" = "2712142929"
"a3_377" = "2686171376"
"a3_374" = "2664681375"
"a3_375" = "2705154110"
"a1_759" = "321583033"
"a3_488" = "3515101889"
"a3_489" = "3522680672"
"a4_841" = "1734263465"
"a4_840" = "1727094344"
"a1_950" = "2363097549"
"a3_484" = "3486690637"
"a1_952" = "999095403"
"a2_925" = "2336461340"
"a1_954" = "3667880492"
"a1_955" = "2054934633"
"a1_956" = "136671562"
"a3_485" = "3460055532"
"a1_958" = "2933524705"
"a2_922" = "2314968488"
"a1_750" = "1552779156"
"a1_751" = "145187286"
"a1_756" = "223520970"
"a1_757" = "1379441262"
"a4_722" = "881138066"
"a4_723" = "888307187"
"a4_720" = "866799824"
"a1_661" = "1577378922"
"a4_726" = "909814550"
"a4_727" = "916983671"
"a4_724" = "895476308"
"a4_725" = "902645429"
"a4_728" = "924152792"
"a4_729" = "931321913"
"a3_978" = "2699694267"
"a3_979" = "2740303066"
"a3_127" = "927442486"
"a1_189" = "1471680556"
"a4_903" = "2178748967"
"a1_188" = "516344566"
"a4_900" = "2157241604"
"a1_187" = "1228855685"
"a4_901" = "2164410725"
"a1_186" = "2149659975"
"a2_929" = "2365152667"
"a4_905" = "2193087209"
"a4_586" = "4201104906"
"a4_587" = "4208274027"
"a4_584" = "4186766664"
"a4_585" = "4193935785"
"a4_582" = "4172428422"
"a4_583" = "4179597543"
"a4_580" = "4158090180"
"a4_581" = "4165259301"
"a3_800" = "1423623433"
"a3_801" = "1464105384"
"a3_802" = "1471618507"
"a3_803" = "1445115498"
"a3_804" = "1452026509"
"a3_805" = "1459605292"
"a4_588" = "4215443148"
"a4_589" = "4222612269"
"a3_645" = "312377932"
"a4_909" = "2221763693"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden" = "2"
[HKCU\Software\Aas]
"a4_966" = "2630403590"
"a4_218" = "1562868378"
"a4_219" = "1570037499"
"a4_216" = "1548530136"
"a4_217" = "1555699257"
"a4_214" = "1534191894"
"a4_215" = "1541361015"
"a4_212" = "1519853652"
"a4_213" = "1527022773"
"a4_210" = "1505515410"
"a4_211" = "1512684531"
"a4_458" = "3283457418"
"a4_459" = "3290626539"
"a4_108" = "774265068"
"a4_109" = "781434189"
"a1_843" = "3266989062"
"a4_102" = "731250342"
"a4_103" = "738419463"
"a4_100" = "716912100"
"a4_101" = "724081221"
"a4_106" = "759926826"
"a4_107" = "767095947"
"a4_104" = "745588584"
"a4_105" = "752757705"
"a1_605" = "2072113025"
"a1_558" = "4071168423"
"a1_559" = "370604950"
"a1_606" = "3730379968"
"a3_925" = "2319505492"
"a1_178" = "3972753695"
"a1_179" = "3723872165"
"a1_176" = "3987340007"
"a1_177" = "1626315618"
"a1_174" = "3495292599"
"a1_175" = "282053880"
"a1_172" = "3667624306"
"a1_173" = "2018767060"
"a1_170" = "3932805943"
"a1_171" = "2402304646"
"a1_550" = "1440617176"
"a2_236" = "1691915304"
"a2_237" = "1699084554"
"a2_234" = "1677583712"
"a2_235" = "1684735604"
"a2_232" = "1663230839"
"a2_233" = "1670400581"
"a2_230" = "1648889512"
"a2_231" = "1656063725"
"a1_553" = "4090112821"
"a2_238" = "1706248946"
"a2_239" = "1713411490"
"a2_522" = "3742284481"
"a2_523" = "3749448081"
"a2_520" = "3727948881"
"a2_521" = "3735117334"
"a2_526" = "3770950892"
"a2_527" = "3778131556"
"a2_524" = "3756617432"
"a2_525" = "3763781912"
"a2_838" = "1712752641"
"a2_839" = "1719922542"
"a2_528" = "3785298231"
"a2_529" = "3792467798"
"a3_688" = "620670617"
"a1_626" = "30423423"
"a1_541" = "1599907726"
"a1_627" = "2629272488"
"a1_624" = "1265992489"
"a1_549" = "2748936539"
"a1_548" = "3112349434"
"a1_547" = "633930744"
"a1_546" = "564717662"
"a1_545" = "3931658949"
"a1_544" = "2321432445"
"a1_543" = "3496515810"
"a1_542" = "343018503"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
[HKCU\Software\Aas]
"a1_540" = "3146179110"
"a2_658" = "422322181"
"a2_659" = "429475486"
"a2_308" = "2208097923"
"a2_309" = "2215250004"
"a2_302" = "2165077457"
"a2_303" = "2172245780"
"a2_300" = "2150728331"
"a2_301" = "2157910109"
"a2_306" = "2193744155"
"a2_307" = "2200913013"
"a2_304" = "2179409111"
"a2_305" = "2186579446"
"a2_786" = "1339959969"
"a2_787" = "1347125539"
"a2_784" = "1325616607"
"a2_785" = "1332799675"
"a2_782" = "1311292136"
"a2_783" = "1318462552"
"a2_780" = "1296943580"
"a2_781" = "1304110294"
"a2_788" = "1354296797"
"a2_789" = "1361476900"
"a1_389" = "3648257493"
"a1_388" = "4209921407"
"a1_385" = "353004240"
"a1_384" = "171237325"
"a1_387" = "931091252"
"a1_386" = "2823104888"
"a1_381" = "421060104"
"a1_380" = "314346913"
"a1_383" = "2255136734"
"a1_382" = "2477968037"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKCU\Software\Aas]
"a1_58" = "2143408038"
"a1_59" = "3431200114"
"a1_56" = "3333444949"
"a1_57" = "3373560503"
"a1_54" = "3256475082"
"a1_55" = "550812814"
"a1_52" = "3875219138"
"a1_53" = "2010088276"
"a1_50" = "2745922867"
"a1_51" = "3555608124"
"a3_215" = "1524377438"
"a3_214" = "1517454143"
"a3_217" = "1572437008"
"a3_216" = "1565514737"
"a3_211" = "1529532890"
"a3_210" = "1488928187"
"a3_213" = "1510469276"
"a3_212" = "1536445053"
"a1_616" = "932838360"
"a3_748" = "1050812741"
"a3_219" = "1553446098"
"a3_218" = "1545867443"
"a3_585" = "4177070976"
"a3_584" = "4170159969"
"a3_587" = "4225122370"
"a3_586" = "4217678883"
"a3_581" = "4182227468"
"a3_580" = "4141089261"
"a3_583" = "4162646734"
"a3_582" = "4189150895"
"a3_589" = "4205615364"
"a3_588" = "4198622437"
"a2_916" = "2271949171"
"a3_893" = "2090093684"
"a3_569" = "4062671280"
"a3_568" = "4088782097"
"a3_563" = "4052790138"
"a3_562" = "4045747931"
"a3_561" = "4005270200"
"a3_560" = "3997761049"
"a3_567" = "4081727742"
"a3_566" = "4040721503"
"a3_565" = "4033732668"
"a3_564" = "4026683293"
"a3_109" = "798021476"
"a3_108" = "790966981"
"a1_765" = "1734099330"
"a1_764" = "1308484385"
"a1_762" = "3299752819"
"a1_761" = "374598289"
"a3_724" = "878479485"
"a3_101" = "707522668"
"a3_100" = "733503437"
"a3_103" = "754977070"
"a3_102" = "714511503"
"a3_105" = "769475040"
"a3_104" = "762555713"
"a3_107" = "750493346"
"a3_106" = "742980099"
"a4_854" = "1827462038"
"a4_855" = "1834631159"
"a4_856" = "1841800280"
"a3_726" = "926531903"
"a4_850" = "1798785554"
"a4_851" = "1805954675"
"a4_852" = "1813123796"
"a4_853" = "1820292917"
"a3_721" = "890560280"
"a2_914" = "2257614018"
"a4_858" = "1856138522"
"a1_586" = "3549116598"
"a1_789" = "1888324425"
"a3_720" = "849951481"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Aas]
"a3_898" = "2126083691"
"a3_723" = "904992730"
"a4_939" = "2436837323"
"a4_938" = "2429668202"
"a4_937" = "2422499081"
"a4_936" = "2415329960"
"a4_935" = "2408160839"
"a3_722" = "898003899"
"a4_933" = "2393822597"
"a4_932" = "2386653476"
"a4_931" = "2379484355"
"a4_930" = "2372315234"
"a3_955" = "2568364018"
"a1_788" = "1930200394"
"a1_619" = "238160991"
"a1_618" = "1268353303"
"a3_369" = "2628699640"
"a3_368" = "2621645145"
"a3_365" = "2600170596"
"a3_364" = "2592723909"
"a3_367" = "2647756070"
"a3_366" = "2640767111"
"a3_361" = "2604787424"
"a3_360" = "2564178497"
"a3_363" = "2585673634"
"a3_362" = "2611780355"
"a4_520" = "3727942920"
"a4_521" = "3735112041"
"a1_584" = "2665805071"
"a4_522" = "3742281162"
"a2_62" = "444487593"
"a4_523" = "3749450283"
"a2_63" = "451646188"
"a4_524" = "3756619404"
"a1_971" = "3711284951"
"a2_60" = "430153510"
"a4_525" = "3763788525"
"a1_943" = "1319320435"
"a1_942" = "1684899259"
"a1_941" = "613909208"
"a2_61" = "437318132"
"a1_947" = "2757141865"
"a4_526" = "3770957646"
"a1_945" = "3266137953"
"a1_944" = "2958187934"
"a2_66" = "473167953"
"a1_949" = "780850158"
"a4_527" = "3778126767"
"a2_67" = "480336500"
"a2_64" = "458832787"
"a2_65" = "465984992"
"a4_735" = "974336639"
"a4_734" = "967167518"
"a4_737" = "988674881"
"a4_736" = "981505760"
"a4_731" = "945660155"
"a4_730" = "938491034"
"a4_733" = "959998397"
"a4_732" = "952829276"
"a4_739" = "1003013123"
"a4_738" = "995844002"
"a3_969" = "2668861696"
"a3_968" = "2627790049"
"a4_599" = "4294303479"
"a4_598" = "4287134358"
"a1_782" = "2677199123"
"a4_591" = "4236950511"
"a4_590" = "4229781390"
"a4_593" = "4251288753"
"a4_592" = "4244119632"
"a4_595" = "4265626995"
"a4_594" = "4258457874"
"a4_597" = "4279965237"
"a4_596" = "4272796116"
"a1_786" = "3262391658"
"a1_41" = "2245864771"
"a1_40" = "3100941806"
"a1_43" = "4043037946"
"a3_819" = "1559971962"
"a1_42" = "3353613908"
"a3_813" = "1516544548"
"a1_45" = "2069466706"
"a3_811" = "1536136546"
"a3_810" = "1528623299"
"a3_817" = "1545483192"
"a3_816" = "1571594009"
"a3_815" = "1564605158"
"a1_44" = "481552086"
"a1_47" = "694101233"
"a1_46" = "383543006"
"a4_201" = "1440993321"
"a4_200" = "1433824200"
"a4_203" = "1455331563"
"a4_202" = "1448162442"
"a4_205" = "1469669805"
"a4_204" = "1462500684"
"a4_207" = "1484008047"
"a4_206" = "1476838926"
"a4_209" = "1498346289"
"a4_208" = "1491177168"
"a4_823" = "1605219287"
"a4_449" = "3218935329"
"a4_448" = "3211766208"
"a4_119" = "853125399"
"a4_118" = "845956278"
"a4_115" = "824448915"
"a4_114" = "817279794"
"a4_117" = "838787157"
"a4_116" = "831618036"
"a4_111" = "795772431"
"a4_110" = "788603310"
"a4_113" = "810110673"
"a4_112" = "802941552"
"a4_924" = "2329300508"
"a4_565" = "4050553365"
"a3_750" = "1098874375"
"a3_751" = "1105859238"
"a3_752" = "1079359193"
"a3_753" = "1086794616"
"a4_566" = "4057722486"
"a3_921" = "2290961104"
"a3_754" = "1127403419"
"a4_879" = "2006690063"
"a3_725" = "885927068"
"a3_755" = "1134321722"
"a3_756" = "1108280413"
"a1_783" = "833112081"
"a3_757" = "1115339004"
"a1_959" = "2854354444"
"a2_907" = "2207431140"
"a1_161" = "109543803"
"a1_160" = "3473740387"
"a1_163" = "2978119829"
"a1_162" = "2993931339"
"a1_165" = "3857610817"
"a1_164" = "1871448928"
"a1_167" = "135697"
"a1_166" = "2218662232"
"a1_169" = "2625900666"
"a1_168" = "3313774100"
"a3_727" = "933979486"
"a2_535" = "3835487642"
"a2_534" = "3828318201"
"a2_537" = "3849793390"
"a2_536" = "3842651271"
"a2_531" = "3806800532"
"a2_530" = "3799642291"
"a2_533" = "3821136538"
"a2_532" = "3813966915"
"a2_829" = "1648241968"
"a2_828" = "1641057398"
"a2_539" = "3864154088"
"a2_538" = "3856984111"
"a4_447" = "3204597087"
"a1_572" = "2869389325"
"a1_573" = "639865431"
"a1_570" = "1506928292"
"a1_571" = "2733460120"
"a1_576" = "205994993"
"a1_577" = "2124065016"
"a1_574" = "2282038304"
"a1_575" = "3941228250"
"a1_578" = "4251943180"
"a1_579" = "2881364794"
"a2_649" = "357786506"
"a2_648" = "350621668"
"a2_319" = "2286946742"
"a2_318" = "2279773113"
"a2_315" = "2258280442"
"a2_314" = "2251098951"
"a2_317" = "2272613064"
"a2_316" = "2265446715"
"a2_311" = "2229593277"
"a2_310" = "2222428210"
"a2_313" = "2243929522"
"a2_312" = "2236763605"
"a2_229" = "1641732046"
"a2_228" = "1634566033"
"a2_221" = "1584381345"
"a2_220" = "1577212907"
"a2_223" = "1598706867"
"a2_222" = "1591548276"
"a2_225" = "1613049612"
"a2_224" = "1605891303"
"a2_227" = "1627396328"
"a2_226" = "1620213768"
"a1_370" = "1710371687"
"a1_371" = "305627019"
"a1_372" = "771851598"
"a1_373" = "2467423463"
"a1_374" = "3777272040"
"a1_375" = "3661436489"
"a1_376" = "2462752515"
"a1_377" = "3895555603"
"a1_378" = "1440762109"
"a1_379" = "2755389894"
"a2_793" = "1390143729"
"a2_792" = "1382977568"
"a2_795" = "1404477538"
"a2_794" = "1397309906"
"a2_797" = "1418829741"
"a2_796" = "1411646609"
"a3_36" = "241268621"
"a3_37" = "248309804"
"a3_183" = "1328655230"
"a1_29" = "1433283745"
"a1_28" = "2851145514"
"a1_590" = "1292541173"
"a1_23" = "1074144709"
"a1_22" = "759069734"
"a1_21" = "756503177"
"a1_20" = "2705680933"
"a1_27" = "3929278474"
"a1_26" = "2388423008"
"a1_25" = "2962208839"
"a1_24" = "3031152232"
"a1_284" = "2292533030"
"a1_285" = "514117280"
"a1_286" = "1467209186"
"a1_287" = "3263443408"
"a1_280" = "839999559"
"a1_281" = "1288803849"
"a1_282" = "377348967"
"a1_283" = "2384602373"
"a3_31" = "205278614"
"a1_288" = "3637426497"
"a1_289" = "1298577975"
"a3_778" = "1299211491"
"a3_779" = "1306728706"
"a2_903" = "2178747199"
"a1_591" = "3198230933"
"a3_32" = "212854281"
"a2_972" = "2673425672"
"a3_558" = "4017332551"
"a3_559" = "4024255974"
"a3_556" = "3969214597"
"a3_557" = "4009757988"
"a1_552" = "3400688277"
"a3_555" = "3962303586"
"a3_552" = "3940752129"
"a3_553" = "3981361056"
"a3_550" = "3926311503"
"a3_551" = "3933234926"
"a1_598" = "518828840"
"a1_599" = "1541487273"
"a3_178" = "1292673371"
"a3_179" = "1300121082"
"a3_174" = "1264145351"
"a3_175" = "1271198822"
"a3_176" = "1245079705"
"a3_177" = "1252068664"
"a3_170" = "1235731011"
"a3_171" = "1209100002"
"a3_172" = "1216092933"
"a3_173" = "1223671716"
"a2_31" = "222248516"
"a2_30" = "215077929"
"a2_33" = "236580598"
"a2_32" = "229414455"
"a2_35" = "250911342"
"a2_34" = "243757352"
"a2_37" = "265265056"
"a2_36" = "258096888"
"a2_39" = "279600508"
"a2_38" = "272431381"
"a3_486" = "3467639311"
"a3_487" = "3508182702"
"a3_480" = "3424608201"
"a3_481" = "3431657576"
"a3_482" = "3438646411"
"a3_483" = "3479636266"
"a4_902" = "2171579846"
"a2_584" = "4186761663"
"a4_79" = "566360559"
"a4_78" = "559191438"
"a4_906" = "2200256330"
"a4_907" = "2207425451"
"a4_904" = "2185918088"
"a2_585" = "4193943081"
"a4_73" = "523345833"
"a4_72" = "516176712"
"a4_71" = "509007591"
"a4_70" = "501838470"
"a4_77" = "552022317"
"a4_76" = "544853196"
"a4_75" = "537684075"
"a4_74" = "530514954"
"a3_642" = "324456811"
"a3_390" = "2812641775"
"a3_391" = "2786540046"
"a3_392" = "2793594529"
"a3_393" = "2800513728"
"a3_394" = "2841581411"
"a3_395" = "2848623490"
"a3_396" = "2821991461"
"a3_397" = "2829566020"
"a3_398" = "2870043879"
"a3_399" = "2877036806"
"a1_529" = "2927704877"
"a1_625" = "636247708"
"a1_622" = "3579458944"
"a1_623" = "3022899802"
"a1_620" = "603136574"
"a1_621" = "469799642"
"a3_643" = "331380106"
[HKCU\Software\Aas\695404737]
"7169121" = "217"
[HKCU\Software\Aas]
"a3_958" = "2556348631"
"a3_959" = "2563272054"
"a1_528" = "3809664841"
"a2_588" = "4215443554"
"a3_950" = "2498827743"
"a3_951" = "2539425406"
"a3_956" = "2575413269"
"a3_957" = "2582860980"
"a3_954" = "2527820627"
"a2_589" = "4222611079"
"a1_976" = "33844850"
"a1_977" = "3028169557"
"a1_974" = "151916680"
"a1_975" = "1986966493"
"a1_972" = "1076194950"
"a1_973" = "412743697"
"a1_970" = "935653671"
"a3_827" = "1616916338"
"a1_770" = "1595785883"
"a1_978" = "21364683"
"a1_979" = "2715076930"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKCU\Software\Aas]
"a4_199" = "1426655079"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Aas]
"a3_504" = "3596547281"
"a2_363" = "2602399164"
"a3_507" = "3651577394"
"a3_506" = "3644525971"
"a3_501" = "3608550396"
"a3_500" = "3568002909"
"a3_503" = "3623047358"
"a3_502" = "3615603743"
"a4_821" = "1590881045"
"a4_698" = "709079162"
"a4_699" = "716248283"
"a4_820" = "1583711924"
"a4_692" = "666064436"
"a4_693" = "673233557"
"a4_690" = "651726194"
"a4_691" = "658895315"
"a4_696" = "694740920"
"a4_697" = "701910041"
"a4_694" = "680402678"
"a4_695" = "687571799"
"a4_822" = "1598050166"
"a3_828" = "1624490901"
"a3_829" = "1664967732"
"a3_826" = "1643547347"
"a4_825" = "1619557529"
"a3_824" = "1628992017"
"a3_825" = "1636505264"
"a3_822" = "1581458783"
"a3_823" = "1588517374"
"a3_820" = "1600580765"
"a3_821" = "1607565628"
"a2_900" = "2157245310"
"a1_746" = "42287853"
"a4_827" = "1633895771"
"a2_901" = "2164413259"
"a3_644" = "305393197"
"a4_826" = "1626726650"
"a2_902" = "2171580898"
"a4_274" = "1964339154"
"a4_275" = "1971508275"
"a4_276" = "1978677396"
"a4_277" = "1985846517"
"a4_270" = "1935662670"
"a4_271" = "1942831791"
"a4_272" = "1950000912"
"a4_273" = "1957170033"
"a2_904" = "2185914808"
"a4_278" = "1993015638"
"a4_279" = "2000184759"
"a2_905" = "2193081529"
"a2_906" = "2200249592"
"a4_478" = "3426839838"
"a4_479" = "3434008959"
"a4_476" = "3412501596"
"a4_477" = "3419670717"
"a4_474" = "3398163354"
"a4_475" = "3405332475"
"a4_472" = "3383825112"
"a4_473" = "3390994233"
"a4_470" = "3369486870"
"a4_471" = "3376655991"
"a4_308" = "2208089268"
"a4_309" = "2215258389"
"a4_300" = "2150736300"
"a4_301" = "2157905421"
"a4_302" = "2165074542"
"a4_303" = "2172243663"
"a4_304" = "2179412784"
"a4_305" = "2186581905"
"a4_306" = "2193751026"
"a4_307" = "2200920147"
"a1_114" = "2358681451"
"a1_115" = "1247075533"
"a1_116" = "2008992654"
"a1_117" = "771463680"
"a1_110" = "1461356155"
"a1_111" = "736623961"
"a1_112" = "1927367197"
"a1_113" = "3393950741"
"a1_824" = "2439985994"
"a1_118" = "715161128"
"a1_119" = "1645696939"
"a4_576" = "4129413696"
"a4_920" = "2300624024"
"a3_732" = "969437045"
"a2_498" = "3570225939"
"a2_499" = "3577393630"
"a2_492" = "3527199041"
"a2_493" = "3534377775"
"a2_490" = "3512875056"
"a2_491" = "3520043099"
"a2_496" = "3555878836"
"a2_497" = "3563044870"
"a2_494" = "3541544473"
"a2_495" = "3548709308"
"a2_816" = "1555027485"
"a2_817" = "1562199964"
"a2_814" = "1540699726"
"a2_815" = "1547863461"
"a2_812" = "1526363535"
"a3_740" = "1026900557"
"a2_810" = "1512017717"
"a2_811" = "1519181906"
"a3_733" = "943391636"
"a4_570" = "4086398970"
"a2_818" = "1569368314"
"a2_819" = "1576550125"
"a1_565" = "537538508"
"a1_564" = "1273152642"
"a1_567" = "49838734"
"a1_566" = "4255690531"
"a1_561" = "2367411288"
"a1_560" = "2015656222"
"a1_563" = "2286200320"
"a1_562" = "4171094823"
"a1_569" = "1896572200"
"a1_568" = "1542929761"
"a1_525" = "810852784"
"a2_678" = "565691338"
"a2_679" = "572859422"
"a2_676" = "551356755"
"a2_677" = "558525141"
"a2_674" = "537025476"
"a2_675" = "544181036"
"a2_672" = "522676366"
"a2_673" = "529858404"
"a2_670" = "508340823"
"a2_671" = "515506518"
"a3_982" = "2728158783"
"a2_258" = "1849635093"
"a2_259" = "1856803658"
"a2_254" = "1820950721"
"a2_255" = "1828120182"
"a2_256" = "1835302803"
"a2_257" = "1842467556"
"a2_250" = "1792283635"
"a2_251" = "1799442129"
"a2_252" = "1806626215"
"a2_253" = "1813784247"
"a1_363" = "117152077"
"a1_362" = "2225372787"
"a1_361" = "1827141020"
"a1_360" = "25643302"
"a1_367" = "4101077328"
"a1_366" = "4071263449"
"a1_365" = "2029057275"
"a1_364" = "2256718172"
"a1_369" = "3495942753"
"a1_368" = "3323347055"
"a3_977" = "2692709400"
"a3_924" = "2346001461"
"a1_38" = "2567780123"
"a1_39" = "658741742"
"a1_30" = "95646725"
"a1_31" = "1751547084"
"a1_32" = "3389671537"
"a1_33" = "1651171147"
"a1_34" = "522335573"
"a1_35" = "3841922303"
"a1_36" = "3252633834"
"a1_37" = "2717754716"
"a1_297" = "808258113"
"a1_296" = "322568467"
"a1_295" = "2009975689"
"a1_294" = "2616355135"
"a1_293" = "995208655"
"a1_292" = "3907880597"
"a1_291" = "2067877147"
"a1_290" = "2510891452"
"a1_299" = "1093024641"
"a1_298" = "4058632900"
"a3_769" = "1234824520"
"a1_600" = "3822446902"
"a2_668" = "494007856"
"a1_601" = "3250048239"
"a3_761" = "1143737968"
"a3_760" = "1170380241"
"a3_763" = "1191790386"
"a4_286" = "2050368606"
"a3_765" = "1206362100"
"a1_602" = "3942618951"
"a3_767" = "1186780342"
"a3_766" = "1179725847"
"a2_108" = "774260427"
"a2_109" = "781426638"
"a4_878" = "1999520942"
"a1_603" = "1419336896"
"a2_100" = "716910351"
"a2_101" = "724075541"
"a2_102" = "731243276"
"a2_103" = "738424051"
"a2_104" = "745593177"
"a2_105" = "752748830"
"a2_106" = "759925727"
"a2_107" = "767093272"
"a3_541" = "3861793492"
"a3_540" = "3887912629"
"a3_543" = "3909387158"
"a3_542" = "3868847991"
"a3_545" = "3923892392"
"a3_544" = "3916833801"
"a3_547" = "3904770410"
"a3_546" = "3897785547"
"a3_549" = "3952815660"
"a3_548" = "3945379213"
"a1_607" = "700798112"
"a1_589" = "2800060736"
"a1_588" = "3042719354"
"a3_169" = "1228156448"
"a3_168" = "1187689857"
"a3_167" = "1180635502"
"a3_166" = "1206680783"
"a3_165" = "1199757484"
"a3_164" = "1192698893"
"a3_163" = "1151697898"
"a3_162" = "1144713035"
"a3_161" = "1171213096"
"a3_160" = "1163777673"
"a1_749" = "2876808083"
"a1_748" = "730277852"
"a2_28" = "200729856"
"a2_29" = "207912466"
"a2_26" = "186388923"
"a2_27" = "193561396"
"a2_24" = "172050997"
"a2_25" = "179229793"
"a2_22" = "157728549"
"a2_23" = "164893462"
"a2_20" = "143379575"
"a2_21" = "150542552"
"a4_68" = "487500228"
"a4_69" = "494669349"
"a4_917" = "2279116661"
"a4_916" = "2271947540"
"a4_911" = "2236101935"
"a4_910" = "2228932814"
"a4_913" = "2250440177"
"a4_912" = "2243271056"
"a4_60" = "430147260"
"a4_61" = "437316381"
"a4_62" = "444485502"
"a4_63" = "451654623"
"a4_64" = "458823744"
"a4_65" = "465992865"
"a4_66" = "473161986"
"a4_67" = "480331107"
"a4_833" = "1676910497"
"a4_959" = "2580219743"
"a2_758" = "1139218321"
"a2_7" = "50176552"
"a2_6" = "43009046"
"a2_5" = "35836982"
"a2_4" = "28675515"
"a2_3" = "21508979"
"a2_2" = "14347027"
"a2_1" = "7161178"
"a2_0" = "6483"
"a1_639" = "1698922084"
"a1_638" = "115812297"
"a3_389" = "2805656908"
"a3_388" = "2765048109"
"a2_9" = "64527733"
"a2_8" = "57345730"
"a4_5" = "35845605"
"a4_4" = "28676484"
"a4_7" = "50183847"
"a4_6" = "43014726"
"a4_1" = "7169121"
"a4_0" = "0"
"a4_3" = "21507363"
"a4_2" = "14338242"
"a4_9" = "64522089"
"a4_8" = "57352968"
"a2_756" = "1124888619"
"a3_949" = "2491838908"
"a3_948" = "2484395293"
"a3_945" = "2462900280"
"a3_944" = "2455850905"
"a3_947" = "2510895354"
"a3_946" = "2503967835"
"a3_941" = "2467992228"
"a3_940" = "2427452933"
"a3_943" = "2482482022"
"a3_942" = "2474915527"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKCU\Software\Aas]
"a3_875" = "1961196962"
"a1_532" = "230892381"
"a1_533" = "4121473450"
"a4_845" = "1762939949"
"a2_853" = "1820284582"
"a3_708" = "797636205"
"a4_923" = "2322131387"
"a3_970" = "2675785123"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6A 79 DE 65 18 03 50 D4 EF BF 7C E4 5E 36 75 3B"
[HKCU\Software\Aas]
"a1_968" = "890033653"
"a4_689" = "644557073"
"a4_688" = "637387952"
"a1_951" = "2816173798"
"a4_685" = "615880589"
"a4_684" = "608711468"
"a4_687" = "630218831"
"a4_686" = "623049710"
"a4_681" = "587204105"
"a4_680" = "580034984"
"a4_683" = "601542347"
"a4_682" = "594373226"
"a3_831" = "1645985014"
"a3_830" = "1671960663"
"a3_833" = "1659958664"
"a3_832" = "1652904297"
"a3_835" = "1707934282"
"a1_538" = "690255121"
"a3_837" = "1688886028"
"a3_836" = "1681434349"
"a3_839" = "1736479694"
"a3_838" = "1729494959"
"a1_539" = "4164302709"
"a2_911" = "2236098198"
"a1_957" = "2191387732"
"a4_267" = "1914155307"
"a4_266" = "1906986186"
"a4_265" = "1899817065"
"a4_264" = "1892647944"
"a4_263" = "1885478823"
"a4_262" = "1878309702"
"a4_261" = "1871140581"
"a4_260" = "1863971460"
[HKCU\Software\Aas\695404737]
"43014726" = "0B00687474703A2F2F6572656E6B61726168616E2E636F6D2F696D616765732F6C6F676F2E67696600687474703A2F2F677574656B706C2E7A612E706C2F6C6F676F2E67696600687474703A2F2F7777772E6B61707564616E652E636F6D2F6C6F676F2E67696600687474703A2F2F69676F72666F6D696E2E72752F6C6F676F2E67696600687474703A2F2F6D32636F6D756E69636163696F6E2E636F6D2F696D616765732F6C6F676F2E67696600687474703A2F2F6C65656E61656E7465727072697365732E636F6D2F696D672F6C6F676F2E67696600687474703A2F2F7777772E67657269617472696173696E6F702E636F6D2E62722F696D672F627574746F6E2E67696600687474703A2F2F627269746973686D6F746F72732E69742F6C6F676F2E67696600687474703A2F2F617274726F6F6D2E636F6D2E74722F626C6F672F6C6F676F2E67696600687474703A2F2F67616D6D61636F6E7365696C2E66722F696D616765732F627574746F6E2E67696600687474703A2F2F786578796C69612E636F6D2F6C6F676F2E676966"
[HKCU\Software\Aas]
"a4_269" = "1928493549"
"a4_268" = "1921324428"
"a4_461" = "3304964781"
"a4_460" = "3297795660"
"a4_463" = "3319303023"
"a4_462" = "3312133902"
"a4_465" = "3333641265"
"a4_464" = "3326472144"
"a4_467" = "3347979507"
"a4_466" = "3340810386"
"a4_469" = "3362317749"
"a4_468" = "3355148628"
"a4_897" = "2135734241"
"a4_898" = "2142903362"
"a4_899" = "2150072483"
"a2_560" = "4014706090"
"a4_319" = "2286949599"
"a4_318" = "2279780478"
"a1_840" = "2783435907"
"a4_313" = "2243934873"
"a4_312" = "2236765752"
"a4_311" = "2229596631"
"a4_310" = "2222427510"
"a4_317" = "2272611357"
"a4_316" = "2265442236"
"a4_315" = "2258273115"
"a4_314" = "2251103994"
"a3_130" = "915379051"
"a1_923" = "844361436"
"a3_131" = "922302346"
"a3_132" = "962897965"
"a2_880" = "2013860968"
"a1_107" = "2142421463"
"a1_106" = "1676227260"
"a1_105" = "3312848923"
"a1_104" = "1890942678"
"a1_103" = "4030263324"
"a1_102" = "3348342752"
"a1_101" = "2194006544"
"a1_100" = "3572648363"
"a3_134" = "943841519"
"a1_109" = "1191691544"
"a1_62" = "381896016"
"a1_61" = "1232580902"
"a3_137" = "998890944"
"a2_883" = "2035361636"
"a3_686" = "606179783"
"a2_489" = "3505694698"
"a2_488" = "3498526392"
"a3_687" = "613616230"
"a2_485" = "3477024826"
"a2_484" = "3469859585"
"a2_487" = "3491359056"
"a2_486" = "3484191155"
"a2_481" = "3448341345"
"a2_480" = "3441168426"
"a2_483" = "3462691926"
"a2_482" = "3455510869"
"a3_974" = "2704311079"
"a3_685" = "632749476"
"a3_975" = "2711758662"
"a2_882" = "2028205985"
"a3_976" = "2685262841"
"a2_809" = "1504848201"
"a2_808" = "1497680753"
"a4_721" = "873968945"
"a3_680" = "596757377"
"a2_801" = "1447497252"
"a2_800" = "1440329919"
"a2_803" = "1461831070"
"a3_681" = "570649632"
"a2_805" = "1476180947"
"a2_804" = "1469011811"
"a2_807" = "1490516695"
"a2_806" = "1483347099"
"a3_145" = "1022800088"
"a3_972" = "2656717413"
"a3_144" = "1015749817"
"a2_885" = "2049709138"
"a3_973" = "2663771780"
"a3_147" = "1070844314"
"a2_661" = "443813365"
"a2_660" = "436654748"
"a2_663" = "458157340"
"a3_146" = "1063277947"
"a2_665" = "472490702"
"a2_664" = "465325525"
"a2_667" = "486841964"
"a2_666" = "479672842"
"a2_669" = "501172325"
"a3_141" = "1027810116"
"a3_140" = "986812197"
"a2_881" = "2021027079"
"a3_143" = "1008236550"
"a2_249" = "1785117705"
"a2_248" = "1777937151"
"a2_247" = "1770781789"
"a2_246" = "1763598976"
"a2_245" = "1756433666"
"a2_244" = "1749257729"
"a2_243" = "1742106073"
"a2_242" = "1734933951"
"a2_241" = "1727750535"
"a2_240" = "1720584089"
"a1_356" = "250762175"
"a1_357" = "420636958"
"a1_354" = "908731148"
"a1_355" = "2575527481"
"a1_352" = "1366391087"
"a1_353" = "4248563485"
"a1_350" = "2049679008"
"a1_351" = "146252878"
"a2_855" = "1834622170"
"a3_639" = "269411382"
"a1_358" = "3539500011"
"a1_359" = "1975369147"
"a3_638" = "295912343"
"a2_887" = "2064044615"
"a2_886" = "2056879282"
"a3_795" = "1387647762"
"a3_718" = "869065255"
"a3_719" = "843023942"
"a3_714" = "807050403"
"a3_715" = "813969602"
"a3_716" = "821548389"
"a3_717" = "862013828"
"a3_710" = "778506031"
"a3_711" = "785556302"
"a3_712" = "826034145"
"a3_713" = "833615872"
"a2_820" = "1583716537"
"a2_119" = "853131184"
"a2_118" = "845961547"
"a4_869" = "1934998853"
"a4_868" = "1927829732"
"a2_113" = "810112969"
"a2_112" = "802947066"
"a2_111" = "795780612"
"a2_110" = "788609724"
"a2_117" = "838792494"
"a2_116" = "831612145"
"a2_115" = "824446260"
"a2_114" = "817276575"
"a3_534" = "3844868223"
"a3_535" = "3852446878"
"a3_536" = "3825811761"
"a3_537" = "3832866128"
"a3_530" = "3816471291"
"a3_531" = "3823394586"
"a3_532" = "3797414845"
"a3_533" = "3804403676"
"a3_538" = "3840383475"
"a3_539" = "3880858130"
"a2_813" = "1533533193"
"a3_152" = "1106310065"
"a3_153" = "1080268752"
"a3_150" = "1092336383"
"a3_151" = "1099259678"
"a3_156" = "1135231285"
"a3_157" = "1108731220"
"a3_154" = "1087178867"
"a3_155" = "1127787666"
"a3_628" = "223959005"
"a3_629" = "231000188"
"a3_158" = "1115724279"
"a3_159" = "1123168790"
"a2_59" = "422969620"
"a2_58" = "415804377"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014091520140916]
"CacheRepair" = "0"
[HKCU\Software\Aas]
"a2_53" = "379969478"
"a2_52" = "372785305"
"a2_51" = "365619690"
"a2_50" = "358450431"
"a2_57" = "408634703"
"a2_56" = "401463227"
"a2_55" = "394310650"
"a2_54" = "387135913"
"a4_842" = "1741432586"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKCU\Software\Aas]
"a4_55" = "394301655"
"a4_54" = "387132534"
"a4_57" = "408639897"
"a4_56" = "401470776"
"a4_51" = "365625171"
"a4_50" = "358456050"
"a4_53" = "379963413"
"a4_52" = "372794292"
"a3_440" = "3171413137"
"a3_441" = "3178398000"
"a3_442" = "3185321299"
"a3_443" = "3159349746"
"a4_59" = "422978139"
"a4_58" = "415809018"
"a3_446" = "3214379735"
"a3_447" = "3187748726"
"a1_644" = "659091539"
"a1_645" = "3152221406"
"a1_646" = "517090197"
"a1_647" = "3813387625"
"a1_640" = "2767748261"
"a1_641" = "3395487660"
"a1_642" = "2987239699"
"a1_643" = "2979058066"
"a1_648" = "1155269427"
"a1_649" = "2149975971"
[HKCU\Software\Aas\695404737]
"21507363" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Aas]
"a2_953" = "2537206894"
"a3_459" = "3307312066"
"a3_458" = "3266772899"
"a4_784" = "1325623568"
"a4_785" = "1332792689"
"a4_786" = "1339961810"
"a4_787" = "1347130931"
"a4_780" = "1296947084"
"a4_781" = "1304116205"
"a4_782" = "1311285326"
"a4_783" = "1318454447"
"a1_828" = "3111740734"
"a1_829" = "4282729632"
"a4_788" = "1354300052"
"a3_451" = "3249847498"
"a4_670" = "508343774"
"a4_671" = "515512895"
"a4_672" = "522682016"
"a3_450" = "3242793131"
"a4_674" = "537020258"
"a4_675" = "544189379"
"a4_676" = "551358500"
"a4_677" = "558527621"
"a4_678" = "565696742"
"a1_604" = "523967330"
"a1_916" = "1182329711"
"a1_917" = "35170092"
"a1_910" = "450633842"
"a1_911" = "3144343035"
"a1_912" = "2435808516"
"a1_913" = "4118981548"
"a3_844" = "1772455397"
"a3_845" = "1746353668"
"a3_846" = "1753404071"
"a3_847" = "1760327366"
"a3_840" = "1743926369"
"a3_841" = "1717414016"
"a3_842" = "1724861731"
"a3_843" = "1765466434"
"a3_848" = "1801448313"
"a3_849" = "1808437144"
"a3_702" = "721038295"
"a4_874" = "1970844458"
"a1_654" = "2323470994"
"a4_961" = "2594557985"
"a4_414" = "2968016094"
"a4_415" = "2975185215"
"a4_416" = "2982354336"
"a4_417" = "2989523457"
"a4_410" = "2939339610"
"a4_411" = "2946508731"
"a4_412" = "2953677852"
"a4_413" = "2960846973"
"a4_418" = "2996692578"
"a4_419" = "3003861699"
"a3_806" = "1500078927"
"a3_807" = "1507067886"
"a1_138" = "2296022548"
"a1_139" = "3918401422"
"a3_907" = "2190592386"
"a1_132" = "2121832638"
"a1_133" = "2018573656"
"a1_130" = "4287173621"
"a1_131" = "3646932073"
"a1_136" = "4157372838"
"a1_137" = "54167743"
"a1_134" = "2434442728"
"a1_135" = "1838029082"
"a3_768" = "1227770153"
"a4_328" = "2351471688"
"a4_329" = "2358640809"
"a4_326" = "2337133446"
"a4_327" = "2344302567"
"a4_324" = "2322795204"
"a4_325" = "2329964325"
"a4_322" = "2308456962"
"a4_323" = "2315626083"
"a4_320" = "2294118720"
"a4_321" = "2301287841"
"a4_528" = "3785295888"
"a4_529" = "3792465009"
"a4_258" = "1849633218"
"a4_259" = "1856802339"
"a4_252" = "1806618492"
"a4_253" = "1813787613"
"a4_250" = "1792280250"
"a4_251" = "1799449371"
"a4_256" = "1835294976"
"a4_257" = "1842464097"
"a4_254" = "1820956734"
"a4_255" = "1828125855"
"a3_909" = "2238580292"
"a2_470" = "3369488440"
"a2_471" = "3376657800"
"a2_472" = "3383821631"
"a2_473" = "3390989310"
"a2_474" = "3398157927"
"a2_475" = "3405326468"
"a2_476" = "3412507148"
"a2_477" = "3419676119"
"a2_478" = "3426843633"
"a2_479" = "3434007450"
"a4_880" = "2013859184"
"a3_908" = "2231591461"
"a1_797" = "464965187"
"a2_878" = "1999527310"
"a2_879" = "2006695656"
"a2_874" = "1970842162"
"a2_875" = "1978021209"
"a2_876" = "1985177195"
"a2_877" = "1992357943"
"a2_870" = "1942159991"
"a2_871" = "1949343480"
"a2_872" = "1956511651"
"a2_873" = "1963683720"
"a1_349" = "3758178931"
"a1_348" = "2554486405"
"a2_586" = "4201110533"
"a2_587" = "4208276084"
"a2_580" = "4158081939"
"a2_581" = "4165259106"
"a2_582" = "4172423660"
"a2_583" = "4179606326"
"a1_341" = "2086855494"
"a1_340" = "843872653"
"a1_343" = "2697111342"
"a1_342" = "2289860536"
"a1_345" = "3063315076"
"a1_344" = "1232238083"
"a1_347" = "2597578272"
"a1_346" = "1150814533"
"a2_614" = "106880545"
"a2_615" = "114048952"
"a2_616" = "121214427"
"a2_617" = "128381892"
"a2_610" = "78198395"
"a2_611" = "85362695"
"a2_612" = "92531843"
"a2_613" = "99696642"
"a2_618" = "135547349"
"a2_619" = "142712859"
"a2_272" = "1949992080"
"a2_273" = "1957171604"
"a2_270" = "1935657026"
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"UpdatesDisableNotify" = "1"
[HKCU\Software\Aas]
"a2_276" = "1978674527"
"a2_277" = "1985840918"
"a2_274" = "1964339769"
"a2_275" = "1971505280"
"a2_908" = "2214597802"
"a2_909" = "2221766158"
"a2_278" = "1993057239"
"a2_279" = "2000190400"
"a1_842" = "1634218767"
"a2_298" = "2136392335"
"a2_299" = "2143559075"
"a1_841" = "2547618788"
"a2_290" = "2079043203"
"a2_291" = "2086208356"
"a2_292" = "2093377769"
"a2_293" = "2100557218"
"a2_294" = "2107726134"
"a2_295" = "2114892733"
"a2_296" = "2122058227"
"a2_297" = "2129226468"
"a2_728" = "924144108"
"a2_729" = "931316383"
"a2_720" = "866797803"
"a2_721" = "873967310"
"a2_722" = "881132509"
"a2_723" = "888299537"
"a2_724" = "895468255"
"a2_725" = "902651269"
"a2_726" = "909819209"
"a2_727" = "916991716"
"a1_594" = "1784588204"
"a4_450" = "3226104450"
"a3_791" = "1392659870"
"a3_709" = "804547212"
"a4_451" = "3233273571"
"a3_707" = "790584778"
"a3_706" = "749582763"
"a3_705" = "742524168"
"a3_704" = "769089769"
"a3_703" = "761646198"
"a4_452" = "3240442692"
"a3_701" = "713602996"
"a3_700" = "706548501"
"a4_890" = "2085550394"
"a4_891" = "2092719515"
"a4_892" = "2099888636"
"a4_453" = "3247611813"
"a4_894" = "2114226878"
"a4_895" = "2121395999"
"a2_128" = "917645185"
"a2_129" = "924814695"
"a2_126" = "903314444"
"a2_127" = "910481325"
"a2_124" = "888963883"
"a2_125" = "896146701"
"a2_122" = "874629691"
"a2_123" = "881793740"
"a2_120" = "860297932"
"a2_121" = "867462259"
"a3_35" = "267899754"
"a3_526" = "3787937127"
"a3_525" = "3780489412"
"a3_524" = "3739884709"
"a3_523" = "3732895746"
"a4_456" = "3269119176"
"a3_521" = "3751945024"
"a3_520" = "3744501537"
"a2_824" = "1612383982"
"a4_457" = "3276288297"
"a3_529" = "3809412696"
"a3_528" = "3768345145"
"a1_12" = "2367829575"
"a1_13" = "1742888275"
"a1_10" = "1045746602"
"a1_11" = "2248124487"
"a1_16" = "1948295"
"a1_17" = "3230785291"
"a1_14" = "4228476659"
"a1_15" = "2344135185"
"a1_18" = "1035401"
"a1_19" = "2433039998"
"a3_149" = "1051199068"
"a3_148" = "1044210237"
"a2_896" = "2128563127"
"a2_48" = "344116656"
"a2_49" = "351283202"
"a1_846" = "3336911761"
"a2_40" = "286766553"
"a2_41" = "293931573"
"a2_42" = "301094795"
"a2_43" = "308281190"
"a2_44" = "315448654"
"a2_45" = "322616940"
"a2_46" = "329783265"
"a2_47" = "336949364"
"a2_897" = "2135725104"
"a4_42" = "301103082"
"a4_43" = "308272203"
"a4_40" = "286764840"
"a4_41" = "293933961"
"a4_46" = "329779566"
"a4_47" = "336948687"
"a4_44" = "315441324"
"a4_45" = "322610445"
"a3_453" = "3230791052"
"a3_452" = "3223736685"
"a4_48" = "344117808"
"a4_49" = "351286929"
"a3_457" = "3259718400"
"a3_456" = "3285821153"
"a3_455" = "3278766670"
"a3_454" = "3271781935"
"a1_657" = "691188927"
"a1_656" = "1887835737"
"a1_655" = "1224847007"
"a1_632" = "4254636369"
"a1_653" = "1800426496"
"a1_652" = "3653254483"
"a1_651" = "1746889087"
"a1_650" = "3897339266"
"a3_796" = "1428649909"
"a1_659" = "3994854456"
"a1_658" = "1861306084"
"a3_797" = "1435691988"
"a3_18" = "112354555"
"a3_19" = "152901914"
"a3_14" = "83367783"
"a3_15" = "124488582"
"a3_16" = "131411001"
"a3_17" = "104906840"
"a3_10" = "88506851"
"a3_11" = "95435266"
"a3_12" = "69459621"
"a3_13" = "76378820"
"a3_240" = "1737322713"
"a4_886" = "2056873910"
"a3_793" = "1406704208"
"a3_809" = "1488018592"
"a3_798" = "1442679927"
"a3_799" = "1416568982"
"a3_248" = "1761236945"
"a2_172" = "1233087144"
"a4_797" = "1418822141"
"a4_796" = "1411653020"
"a4_795" = "1404483899"
"a4_794" = "1397314778"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Aas]
"a4_792" = "1382976536"
"a4_791" = "1375807415"
"a4_790" = "1368638294"
"a1_839" = "3273766328"
"a1_838" = "2755555164"
"a4_799" = "1433160383"
"a4_798" = "1425991262"
"a4_663" = "458159927"
"a4_662" = "450990806"
"a4_661" = "443821685"
"a4_660" = "436652564"
"a4_667" = "486836411"
"a4_666" = "479667290"
"a4_665" = "472498169"
"a4_664" = "465329048"
"a1_907" = "1533949174"
"a1_906" = "4174202724"
"a4_669" = "501174653"
"a4_668" = "494005532"
"a1_903" = "1158686905"
"a1_902" = "83910980"
"a1_901" = "711104684"
"a1_900" = "250984115"
"a3_857" = "1865835152"
"a3_856" = "1824837233"
"a3_855" = "1817794014"
"a3_854" = "1844425151"
"a3_853" = "1836850460"
"a3_852" = "1829861629"
"a3_851" = "1789379674"
"a3_850" = "1781801019"
"a1_635" = "1193005573"
"a4_949" = "2508528533"
"a3_859" = "1846328146"
"a3_858" = "1872824115"
"a1_734" = "36853059"
"a2_644" = "321951808"
"a4_976" = "2702094800"
"a4_454" = "3254780934"
"a1_524" = "2869274437"
"a4_407" = "2917832247"
"a4_406" = "2910663126"
"a4_405" = "2903494005"
"a4_404" = "2896324884"
"a4_403" = "2889155763"
"a4_402" = "2881986642"
"a4_401" = "2874817521"
"a4_400" = "2867648400"
"a1_825" = "2743030208"
"a1_879" = "4132934545"
"a3_640" = "276404393"
"a4_409" = "2932170489"
"a4_408" = "2925001368"
"a3_641" = "283851976"
"a3_646" = "352855791"
"a3_647" = "360438542"
"a4_789" = "1361469173"
"a1_129" = "152038362"
"a1_128" = "2914587450"
"a1_125" = "153967328"
"a1_124" = "1156009269"
"a1_127" = "1048999283"
"a1_126" = "385503612"
"a1_121" = "1951210903"
"a1_120" = "2274506726"
"a1_123" = "997114921"
"a1_122" = "917876335"
"a4_331" = "2372979051"
"a4_330" = "2365809930"
"a4_333" = "2387317293"
"a4_332" = "2380148172"
"a4_335" = "2401655535"
"a4_334" = "2394486414"
"a4_337" = "2415993777"
"a4_336" = "2408824656"
"a4_339" = "2430332019"
"a4_338" = "2423162898"
"a1_833" = "383922147"
"a4_539" = "3864156219"
"a4_538" = "3856987098"
"a4_249" = "1785111129"
"a4_248" = "1777942008"
"a1_832" = "1689039641"
"a4_245" = "1756434645"
"a4_244" = "1749265524"
"a4_247" = "1770772887"
"a4_246" = "1763603766"
"a4_241" = "1727758161"
"a4_240" = "1720589040"
"a4_243" = "1742096403"
"a4_242" = "1734927282"
"a1_830" = "3398027568"
"a4_793" = "1390145657"
"a1_836" = "3376803229"
"a1_835" = "3466572344"
"a1_754" = "2305021708"
"a1_834" = "3115934796"
"a1_634" = "1425519971"
"a2_463" = "3319308020"
"a2_462" = "3312136345"
"a2_461" = "3304971126"
"a2_460" = "3297790379"
"a2_467" = "3347972645"
"a2_466" = "3340805045"
"a2_465" = "3333636934"
"a2_464" = "3326473407"
"a2_469" = "3362323120"
"a2_468" = "3355156423"
"a1_934" = "3333929896"
"a4_802" = "1454667746"
"a4_872" = "1956506216"
"a2_869" = "1934986544"
"a2_868" = "1927823812"
"a2_867" = "1920655985"
"a2_866" = "1913488949"
"a2_865" = "1906324973"
"a2_864" = "1899161326"
"a2_863" = "1891991172"
"a1_791" = "3151905761"
"a2_861" = "1877643095"
"a2_860" = "1870471707"
"a2_597" = "4279960511"
"a2_596" = "4272793846"
"a2_595" = "4265630512"
"a2_594" = "4258460401"
"a1_338" = "1316468300"
"a1_339" = "2132724266"
"a2_591" = "4236944054"
"a2_590" = "4229778952"
"a1_334" = "1854509779"
"a1_335" = "249077073"
"a1_336" = "2818671390"
"a1_337" = "2894278062"
"a1_330" = "588188775"
"a1_331" = "4167150909"
"a1_332" = "4025161733"
"a1_333" = "1135666947"
"a2_607" = "56695250"
"a2_606" = "49515057"
"a3_30" = "231909751"
"a2_604" = "35179575"
"a1_64" = "1122843265"
"a2_602" = "20847561"
"a2_601" = "13666178"
"a2_600" = "6514322"
"a4_875" = "1978013579"
"a2_609" = "71032050"
"a2_608" = "63860963"
"a2_265" = "1899820478"
"a2_264" = "1892654376"
"a2_267" = "1914152456"
"a2_266" = "1906987319"
"a2_261" = "1871148340"
"a2_260" = "1863970202"
"a2_263" = "1885472324"
"a2_262" = "1878302348"
"a2_919" = "2293450456"
"a1_908" = "895712081"
"a2_269" = "1928489830"
"a2_268" = "1921322071"
"a1_905" = "938682965"
"a2_884" = "2042528275"
"a1_482" = "1389686973"
"a1_483" = "1993382589"
"a2_289" = "2071884430"
"a2_288" = "2064709199"
"a1_486" = "2501591954"
"a1_487" = "3666787385"
"a1_484" = "1697003441"
"a1_485" = "747138846"
"a2_283" = "2028859133"
"a2_282" = "2021690380"
"a2_281" = "2014514622"
"a2_280" = "2007357323"
"a2_287" = "2057539716"
"a2_286" = "2050375676"
"a2_285" = "2043192934"
"a2_284" = "2036038365"
"a2_739" = "1003018299"
"a2_738" = "995836533"
"a3_522" = "3725445091"
"a2_733" = "960000094"
"a2_732" = "952832699"
"a2_731" = "945667475"
"a2_730" = "938483748"
"a2_737" = "988671590"
"a2_736" = "981502189"
"a2_735" = "974335090"
"a2_734" = "967168889"
"a4_446" = "3197427966"
"a1_637" = "1512569603"
"a3_912" = "2226582457"
"a1_240" = "1402431167"
"a1_241" = "3432842879"
"a1_242" = "1094223260"
"a1_243" = "3794322998"
"a1_244" = "4206425278"
"a1_245" = "3938543723"
"a1_246" = "549784845"
"a1_247" = "1730608452"
"a1_248" = "3663095493"
"a1_249" = "2230742747"
"a3_738" = "978859403"
"a3_739" = "986426922"
"a4_445" = "3190258845"
"a2_131" = "939149247"
"a2_130" = "931977481"
"a2_133" = "953499496"
"a2_132" = "946332230"
"a2_135" = "967831553"
"a2_134" = "960665677"
"a2_137" = "982166556"
"a2_136" = "974997993"
"a2_139" = "996513072"
"a2_138" = "989332039"
"a4_889" = "2078381273"
"a4_888" = "2071212152"
"a2_79" = "566357027"
"a2_78" = "559189905"
"a3_916" = "2254979389"
"a3_288" = "2048100105"
"a3_289" = "2055027624"
"a3_184" = "1336102801"
"a3_917" = "2262558044"
"a3_282" = "2038692083"
"a3_283" = "2045680914"
"a3_280" = "1990631473"
"a3_281" = "2031109200"
"a3_286" = "2067091063"
"a3_287" = "2074141334"
"a3_284" = "2019045813"
"a3_285" = "2026624468"
"a3_606" = "66123703"
"a3_607" = "40004566"
"a3_604" = "52150005"
"a3_605" = "59069204"
"a3_602" = "4023859"
"a3_603" = "11016786"
"a3_600" = "23079281"
"a3_601" = "30657936"
"a4_700" = "723417404"
"a3_608" = "46992457"
"a3_609" = "87597288"
"a1_796" = "1942973377"
"a1_583" = "3260371491"
"a1_794" = "1317185613"
"a1_795" = "2448133221"
"a1_792" = "3921862575"
"a1_793" = "442046893"
"a1_790" = "1172279049"
"a1_582" = "1970676540"
"a3_635" = "240424626"
"a3_911" = "2219532038"
"a1_581" = "3479254246"
"a1_798" = "263297553"
"a1_799" = "1282523878"
"a1_580" = "3340641947"
"a3_198" = "1436076335"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = "0"
[HKCU\Software\Aas]
"a3_196" = "1388556397"
"a3_197" = "1429034124"
"a3_194" = "1407548331"
"a3_195" = "1380982730"
"a3_192" = "1393042153"
"a3_193" = "1400620808"
"a3_190" = "1345525207"
"a3_191" = "1352568438"
"a2_981" = "2737944666"
"a1_585" = "2466652412"
"a3_468" = "3338201981"
"a3_469" = "3379269532"
"a3_466" = "3324236475"
"a3_467" = "3331159770"
"a3_464" = "3343287801"
"a3_465" = "3350216216"
"a3_462" = "3295169831"
"a3_463" = "3302744390"
"a3_460" = "3314758757"
"a3_461" = "3321800836"
"a1_468" = "3457802530"
"a1_469" = "3532404486"
"a3_518" = "3696916079"
"a3_519" = "3703958158"
"a1_460" = "3697605570"
"a1_461" = "3933378033"
"a1_462" = "3010174909"
"a1_463" = "307173796"
"a1_464" = "1227910302"
"a1_465" = "4123726314"
"a1_466" = "2447930796"
"a1_467" = "348729639"
"a3_29" = "224867540"
"a3_28" = "183865525"
"a1_668" = "933460586"
"a1_669" = "3772417729"
"a3_21" = "167399900"
"a3_20" = "159956413"
"a3_23" = "148336286"
"a3_22" = "140888703"
"a3_25" = "195929936"
"a3_24" = "188875569"
"a3_27" = "176880658"
"a3_26" = "169827315"
"a2_830" = "1655401518"
"a3_499" = "3560555322"
"a2_831" = "1662570244"
"a3_498" = "3587059355"
"a2_832" = "1669737552"
"a3_497" = "3579611768"
"a2_833" = "1676917780"
"a3_496" = "3539014105"
"a2_834" = "1684083048"
"a3_495" = "3532029350"
"a2_835" = "1691252072"
"a4_955" = "2551543259"
"a3_494" = "3524581639"
"a2_836" = "1698421574"
"a3_493" = "3551077604"
"a2_837" = "1705586284"
"a3_492" = "3544154181"
"a3_491" = "3503090722"
"a1_837" = "428026265"
"a3_527" = "3761424774"
"a3_490" = "3496037251"
"a3_775" = "1244236686"
"a4_915" = "2264778419"
"a3_868" = "1944793805"
"a3_869" = "1918293868"
"a4_914" = "2257609298"
"a3_862" = "1901368503"
"a3_863" = "1908803798"
"a3_860" = "1853775861"
"a3_861" = "1860825108"
"a3_866" = "1930361355"
"a3_867" = "1937350314"
"a3_864" = "1882303817"
"a3_865" = "1889747432"
"a1_806" = "1995492875"
"a1_807" = "3457109150"
"a1_804" = "1398149907"
"a1_805" = "723340659"
"a1_802" = "2180390580"
"a1_803" = "2301577498"
"a1_800" = "4125314709"
"a1_808" = "3685875569"
"a1_809" = "3212555248"
"a4_656" = "407976080"
"a4_657" = "415145201"
"a4_654" = "393637838"
"a4_655" = "400806959"
"a4_652" = "379299596"
"a4_653" = "386468717"
"a4_650" = "364961354"
"a4_651" = "372130475"
"a1_938" = "2188653124"
"a1_939" = "282501988"
"a4_658" = "422314322"
"a4_659" = "429483443"
"a3_773" = "1263760076"
"a4_849" = "1791616433"
"a4_919" = "2293454903"
"a4_918" = "2286285782"
"a2_656" = "407969831"
"a1_875" = "1470385475"
"a4_925" = "2336469629"
"a3_762" = "1151312531"
"a1_684" = "1631603569"
"a4_438" = "3140074998"
"a4_439" = "3147244119"
"a1_874" = "1102780839"
"a4_432" = "3097060272"
"a4_433" = "3104229393"
"a4_430" = "3082722030"
"a4_431" = "3089891151"
"a4_436" = "3125736756"
"a4_437" = "3132905877"
"a4_434" = "3111398514"
"a4_435" = "3118567635"
"a3_928" = "2374546825"
"a4_344" = "2466177624"
"a4_345" = "2473346745"
"a4_346" = "2480515866"
"a4_347" = "2487684987"
"a4_340" = "2437501140"
"a4_341" = "2444670261"
"a4_342" = "2451839382"
"a4_343" = "2459008503"
"a3_764" = "1198848853"
"a4_348" = "2494854108"
"a4_349" = "2502023229"
"a4_508" = "3641913468"
"a4_509" = "3649082589"
"a4_506" = "3627575226"
"a4_507" = "3634744347"
"a4_504" = "3613236984"
"a4_505" = "3620406105"
"a4_502" = "3598898742"
"a4_503" = "3606067863"
"a4_500" = "3584560500"
"a4_501" = "3591729621"
"a3_383" = "2729068342"
"a3_382" = "2721620631"
"a4_882" = "2028197426"
"a3_381" = "2748124788"
"a2_456" = "3269120179"
"a2_457" = "3276280324"
"a2_454" = "3254786147"
"a3_380" = "2741212629"
"a2_452" = "3240437065"
"a2_453" = "3247605383"
"a2_450" = "3226102597"
"a2_451" = "3233271180"
"a3_387" = "2757612682"
"a3_633" = "259938800"
"a2_458" = "3283464605"
"a3_386" = "2784112747"
"a3_385" = "2776670152"
"a4_881" = "2021028305"
"a3_384" = "2769681321"
"a1_735" = "525649699"
"a2_852" = "1813122265"
"a1_730" = "2982642212"
"a2_850" = "1798787277"
"a2_851" = "1805957094"
"a2_856" = "1841806694"
"a2_857" = "1848973030"
"a2_854" = "1827459016"
"a1_731" = "507374155"
"a3_632" = "252486993"
"a2_858" = "1856140487"
"a2_859" = "1863316489"
"a1_732" = "3716682257"
"a2_714" = "823781945"
"a1_733" = "552492515"
"a1_329" = "3597048311"
"a1_328" = "3566407507"
"a1_327" = "3287703473"
"a1_326" = "2907653428"
"a1_325" = "175319869"
"a1_324" = "525794026"
"a1_323" = "2735525937"
"a1_322" = "130746460"
"a1_321" = "956372511"
"a1_320" = "108244105"
"a2_650" = "364968582"
"a1_436" = "2889715043"
"a1_736" = "477916713"
"a3_631" = "211878206"
"a1_737" = "3617407209"
"a2_652" = "379257823"
"a3_923" = "2339079058"
"a2_926" = "2343633682"
"a2_927" = "2350799710"
"a2_924" = "2329308211"
"a2_653" = "386476586"
"a4_887" = "2064043031"
"a2_923" = "2322134033"
"a2_920" = "2300617601"
"a2_921" = "2307797524"
"a2_654" = "393638133"
"a2_928" = "2357985217"
"a2_655" = "400804928"
"a3_630" = "204893343"
"a2_657" = "415139667"
"a3_922" = "2298015603"
"a1_495" = "1105747519"
"a1_494" = "318960739"
"a1_497" = "3680467215"
"a1_496" = "2406892608"
"a1_491" = "3725974449"
"a1_490" = "696637795"
"a1_493" = "2966729331"
"a1_492" = "585886935"
"a1_499" = "3986502608"
"a1_498" = "438939916"
"a3_637" = "288468852"
"a2_708" = "780764847"
"a2_709" = "787945883"
"a2_706" = "766430674"
"a2_707" = "773592270"
"a2_704" = "752096945"
"a2_705" = "759264955"
"a2_702" = "737760913"
"a2_703" = "744931224"
"a2_700" = "723411657"
"a2_701" = "730582986"
"a4_885" = "2049704789"
"a2_638" = "278936953"
"a2_639" = "286109400"
"a3_808" = "1481095169"
"a2_632" = "235918944"
"a2_633" = "243078675"
"a2_630" = "221583547"
"a2_631" = "228752436"
"a2_636" = "264600717"
"a2_637" = "271767864"
"a2_634" = "250253227"
"a2_635" = "257418660"
"a1_253" = "3011258721"
"a1_252" = "171851724"
"a1_251" = "2215471946"
"a1_250" = "4059921647"
"a1_257" = "2033029075"
"a1_256" = "3246456242"
"a1_255" = "346835233"
"a1_254" = "3402770033"
"a3_920" = "2284050097"
"a1_259" = "1054237073"
"a1_258" = "567584487"
"a3_729" = "914469392"
"a3_728" = "907418097"
"a4_884" = "2042535668"
"a2_144" = "1032350423"
"a2_145" = "1039515971"
"a2_146" = "1046684945"
"a2_147" = "1053866415"
"a2_140" = "1003680491"
"a2_141" = "1010851434"
"a2_142" = "1018017204"
"a2_143" = "1025182293"
"a1_781" = "1232351683"
"a1_780" = "3041747000"
"a2_68" = "487502104"
"a2_69" = "494670791"
"a2_148" = "1061036019"
"a2_149" = "1068191298"
"a1_787" = "4272024598"
"a4_455" = "3261950055"
"a3_299" = "2126993250"
"a3_298" = "2119545539"
"a3_295" = "2131608046"
"a3_294" = "2091003215"
"a3_297" = "2146049696"
"a3_296" = "2139060737"
"a3_291" = "2103079018"
"a3_290" = "2062081995"
"a3_293" = "2083555628"
"a3_292" = "2110067853"
"a1_904" = "2114167873"
"a3_634" = "266990099"
"a3_619" = "159571106"
"a3_618" = "152516611"
"a3_611" = "68549034"
"a3_610" = "95044875"
"a3_613" = "82982508"
"a3_612" = "75537869"
"a3_615" = "131026734"
"a3_614" = "123579023"
"a3_617" = "111511520"
"a3_616" = "104522561"
"a3_181" = "1280611004"
"a3_180" = "1307180573"
"a3_34" = "260325067"
"a3_182" = "1288058591"
"a3_185" = "1309597744"
"a3_33" = "253401768"
"a3_187" = "1324038386"
"a3_186" = "1316586579"
"a3_189" = "1371566516"
"a3_188" = "1364647189"
"a3_38" = "289377359"
"a3_39" = "296296686"
"a3_471" = "3359687774"
"a3_470" = "3386187839"
"a3_473" = "3407682832"
"a3_472" = "3367139569"
"a3_475" = "3422180818"
"a3_474" = "3414733235"
"a3_477" = "3403113108"
"a4_282" = "2021692122"
"a3_479" = "3450714966"
"a3_478" = "3443656503"
"a1_479" = "2804595649"
"a1_478" = "1894959175"
"a3_509" = "3632529140"
"a3_508" = "3624950357"
"a1_473" = "2387773611"
"a1_472" = "1103246438"
"a1_471" = "2379117898"
"a1_470" = "3938420648"
"a1_477" = "816165282"
"a1_476" = "1528691430"
"a1_475" = "2321673444"
"a1_474" = "2836606918"
"a4_533" = "3821141493"
"a1_679" = "1377344607"
"a1_678" = "1703694772"
"a4_532" = "3813972372"
"a1_675" = "1308466583"
"a1_674" = "3623284541"
"a1_677" = "1819489224"
"a1_676" = "893662589"
"a1_671" = "3267842959"
"a4_531" = "3806803251"
"a1_673" = "797282648"
"a1_672" = "2744916182"
[HKLM\SOFTWARE\Microsoft\Security Center]
"UacDisableNotify" = "1"
[HKCU\Software\Aas]
"a4_530" = "3799634130"
"a4_537" = "3849817977"
"a4_536" = "3842648856"
"a1_868" = "2799929950"
"a4_535" = "3835479735"
"a3_981" = "2721238428"
"a3_980" = "2747738493"
"a3_983" = "2769230430"
"a4_534" = "3828310614"
"a3_984" = "2776284913"
"a2_151" = "1082534276"
"a2_150" = "1075367481"
"a1_869" = "3776186774"
"a2_271" = "1942838536"
"a3_879" = "1989722918"
"a3_878" = "1982672519"
"a1_823" = "2479838962"
"a3_874" = "1954273539"
"a3_877" = "2009303652"
"a3_876" = "2001736133"
"a3_871" = "1966337070"
"a3_870" = "1925204879"
"a3_873" = "1946690784"
"a3_872" = "1973321793"
"a2_159" = "1139884579"
"a4_758" = "1139226422"
"a2_158" = "1132719733"
"a1_925" = "2760549574"
"a1_924" = "1260824136"
"a1_927" = "577685344"
"a1_926" = "4105351152"
"a1_921" = "4116132828"
"a1_920" = "1037726498"
"a3_787" = "1363737626"
"a1_922" = "3068425997"
"a3_80" = "590099577"
"a1_929" = "1177926256"
"a1_928" = "3648754206"
"a4_649" = "357792233"
"a4_648" = "350623112"
"a4_641" = "300439265"
"a4_640" = "293270144"
"a4_643" = "314777507"
"a4_642" = "307608386"
"a4_645" = "329115749"
"a4_644" = "321946628"
"a4_647" = "343453991"
"a4_646" = "336284870"
"a3_786" = "1323129851"
"a1_819" = "2396693021"
"a1_818" = "1868640983"
"a3_785" = "1316202328"
"a3_746" = "1069934723"
"a1_811" = "890799902"
"a1_810" = "3259060122"
"a1_813" = "435705023"
"a1_812" = "1550071929"
"a1_815" = "2058075798"
"a1_814" = "708636880"
"a1_817" = "3912762155"
"a1_816" = "1081022788"
"a4_963" = "2608896227"
"a4_429" = "3075552909"
"a4_428" = "3068383788"
"a4_425" = "3046876425"
"a4_424" = "3039707304"
"a4_427" = "3061214667"
"a4_426" = "3054045546"
"a4_421" = "3018199941"
"a4_420" = "3011030820"
"a4_423" = "3032538183"
"a4_422" = "3025369062"
"a3_743" = "1014841262"
"a3_745" = "1062892640"
"a3_742" = "1007917839"
"a4_967" = "2637572711"
"a3_741" = "1033955052"
"a2_802" = "1454658088"
"a4_357" = "2559376197"
"a4_356" = "2552207076"
"a4_355" = "2545037955"
"a4_354" = "2537868834"
"a4_353" = "2530699713"
"a4_352" = "2523530592"
"a4_351" = "2516361471"
"a4_350" = "2509192350"
"a3_747" = "1043369250"
"a4_359" = "2573714439"
"a4_358" = "2566545318"
"a4_511" = "3663420831"
"a4_510" = "3656251710"
"a4_513" = "3677759073"
"a4_512" = "3670589952"
"a4_515" = "3692097315"
"a4_514" = "3684928194"
"a4_517" = "3706435557"
"a4_516" = "3699266436"
"a4_519" = "3720773799"
"a4_518" = "3713604678"
"a3_744" = "1021891521"
"a3_749" = "1091421668"
[HKCU\Software\Aas\695404737]
"50183847" = "1F9250EF2381E2D9AE4EF061ECA0F3D0A24F2023E89C2CC85BD49E90D6877045BE906EB0B25DD268CB741DC41D5C0FD47CEE5BA9EC3B7870BCA79176776C9A465761F37DEECEAF24ABF58324DE41122D8DABCB3B58798401D9A821FDDE7FC8A4F09BD1E0428648329420F6E9AF57D2FFB6D3C8D7335A31244418C372DFCCE75F"
[HKCU\Software\Aas]
"a2_845" = "1762938206"
"a2_844" = "1755771419"
"a2_847" = "1777272008"
"a2_846" = "1770103265"
"a2_841" = "1734269382"
"a2_840" = "1727101803"
"a2_843" = "1748603482"
"a2_842" = "1741437539"
"a3_780" = "1280228773"
"a4_928" = "2357976992"
"a2_849" = "1791606907"
"a2_848" = "1784456039"
"a1_312" = "2180151375"
"a1_313" = "927618031"
"a1_310" = "481933288"
"a1_311" = "647870567"
"a1_316" = "1450237418"
"a1_317" = "1250744883"
"a1_314" = "4156468900"
"a1_315" = "2833822325"
"a3_620" = "166490309"
"a1_318" = "1301091499"
"a1_319" = "1125458049"
"a4_929" = "2365146113"
"a4_982" = "2745109526"
"a2_449" = "3218937631"
"a2_448" = "3211771464"
"a3_621" = "140449124"
"a2_441" = "3161573976"
"a2_440" = "3154415999"
"a2_443" = "3175918007"
"a2_442" = "3168752975"
"a2_445" = "3190254510"
"a2_444" = "3183084219"
"a2_447" = "3204602348"
"a2_446" = "3197434928"
"a2_939" = "2436828390"
"a2_938" = "2429672745"
"a4_893" = "2107057757"
"a2_931" = "2379493138"
"a2_930" = "2372317688"
"a2_933" = "2393819278"
"a2_932" = "2386645513"
"a2_935" = "2408155104"
"a2_934" = "2400986499"
"a2_937" = "2422491447"
"a2_936" = "2415335690"
"a3_818" = "1552537563"
"a2_711" = "802287172"
"a2_710" = "795114717"
"a2_713" = "816623867"
"a2_712" = "809449634"
"a2_715" = "830950631"
"a1_510" = "180343373"
"a2_717" = "845299442"
"a2_716" = "838118283"
"a2_719" = "859632728"
"a2_718" = "852467469"
"a1_587" = "2080654806"
"a3_623" = "187965990"
"a2_629" = "214416870"
"a2_628" = "207236011"
"a2_625" = "185731262"
"a2_624" = "178567839"
"a2_627" = "200068328"
"a2_626" = "192900533"
"a2_621" = "157048599"
"a2_620" = "149881642"
"a2_623" = "171398536"
"a2_622" = "164230852"
"a1_266" = "4041142932"
"a1_267" = "2588369122"
"a1_264" = "3930482866"
"a1_265" = "1337802452"
"a1_262" = "2537537684"
"a1_263" = "2486002664"
"a1_260" = "2886838330"
"a1_261" = "160393310"
"a1_268" = "1137044479"
"a1_269" = "2772261924"
"a2_157" = "1125552222"
"a2_156" = "1118386041"
"a2_155" = "1111221798"
"a2_154" = "1104052019"
"a2_153" = "1096866298"
"a2_152" = "1089701742"
"a2_99" = "709741665"
"a2_98" = "702575887"
"a2_97" = "695408226"
"a2_96" = "688242170"
"a2_95" = "681059214"
"a2_94" = "673904719"
"a2_93" = "666724584"
"a2_92" = "659557168"
"a2_91" = "652391986"
"a2_90" = "645229003"
"a3_260" = "1847236781"
"a3_261" = "1854160076"
"a3_262" = "1861734767"
"a3_263" = "1902212494"
"a3_264" = "1909255713"
"a3_265" = "1883210304"
"a3_266" = "1890133731"
"a3_267" = "1930746626"
"a3_268" = "1938194341"
"a3_269" = "1945179076"
"a1_915" = "148957612"
"a1_847" = "957760081"
"a3_404" = "2913010493"
"a1_844" = "4017060726"
"a3_405" = "2886510428"
"a1_845" = "3627122681"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Aas]
"a2_862" = "1884809027"
"a4_983" = "2752278647"
"a1_961" = "2628986911"
"a3_668" = "477267765"
"a3_669" = "484195156"
"a1_960" = "4004826889"
"a3_664" = "448737713"
"a3_665" = "489346512"
"a3_666" = "496258675"
"a3_667" = "470278802"
"a3_660" = "453353533"
"a3_661" = "460801116"
"a3_662" = "467859711"
"a3_663" = "441294110"
"a3_43" = "324843106"
"a3_42" = "284237251"
"a3_41" = "277248416"
"a3_40" = "269796609"
"a3_47" = "353765350"
"a3_46" = "313221959"
"a3_45" = "305778468"
"a3_44" = "332278405"
"a1_965" = "1877855257"
"a3_49" = "368270520"
"a3_48" = "360822809"
"a1_964" = "457062762"
"a4_99" = "709742979"
"a4_98" = "702573858"
"a3_406" = "2893962239"
"a3_407" = "2901015582"
"a3_400" = "2884615609"
"a3_401" = "2857980376"
"a3_402" = "2865023611"
"a3_403" = "2906025626"
"a4_91" = "652390011"
"a4_90" = "645220890"
"a4_93" = "666728253"
"a4_92" = "659559132"
"a4_95" = "681066495"
"a4_94" = "673897374"
"a4_97" = "695404737"
"a4_96" = "688235616"
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"FirewallOverride" = "1"
[HKCU\Software\Aas]
"a1_448" = "2099106733"
"a1_449" = "809291551"
"a1_446" = "1504255146"
"a3_408" = "2941554865"
"a1_444" = "848369847"
"a1_445" = "2307304388"
"a1_442" = "2510016308"
"a1_443" = "1534441225"
"a1_440" = "2402163357"
"a3_409" = "2949002448"
"a1_680" = "2845409521"
"a1_681" = "2362195095"
"a1_682" = "1549548244"
"a1_683" = "1104426242"
"a2_561" = "4021871606"
"a1_685" = "787158579"
"a1_686" = "3984036280"
"a1_687" = "734153494"
"a1_688" = "1920116894"
"a1_689" = "1957376943"
"a3_834" = "1700949547"
"a1_767" = "4239806450"
"a1_766" = "1167506985"
"a3_318" = "2262948439"
"a3_319" = "2303950582"
"a2_599" = "4294297419"
"a3_310" = "2239031135"
"a3_311" = "2246548478"
"a3_312" = "2219916305"
"a3_313" = "2226966704"
"a3_314" = "2267968723"
"a3_315" = "2275010930"
"a3_316" = "2248445333"
"a3_317" = "2255889972"
"a3_933" = "2410528684"
"a3_934" = "2384417743"
"a1_760" = "956564676"
"a2_605" = "42345526"
"a3_935" = "2391471214"
"a3_476" = "3395669621"
"a1_447" = "1805521938"
"a2_603" = "28011520"
"a3_880" = "2030724953"
"a3_881" = "2037718008"
"a3_882" = "2044771355"
"a3_883" = "2018660538"
"a3_884" = "2025714909"
"a3_885" = "2066704764"
"a3_886" = "2073693599"
"a1_745" = "3690776848"
"a3_888" = "2054642257"
"a3_889" = "2061696752"
"a1_769" = "717548085"
"a1_441" = "3343155879"
"a4_964" = "2616065348"
"a1_744" = "3616854825"
"a4_857" = "1848969401"
"a4_638" = "278931902"
"a4_639" = "286101023"
"a4_634" = "250255418"
"a4_635" = "257424539"
"a4_636" = "264593660"
"a4_637" = "271762781"
"a4_630" = "221578934"
"a4_631" = "228748055"
"a4_632" = "235917176"
"a4_633" = "243086297"
"a2_913" = "2250430962"
"a1_747" = "2192198327"
"a2_912" = "2243265748"
"a2_651" = "372135184"
"a2_910" = "2228932120"
"a3_794" = "1380597491"
[HKCU\Software\Aas\695404737]
"35845605" = "402"
[HKCU\Software\Aas]
"a2_917" = "2279117906"
"a4_883" = "2035366547"
"a2_509" = "3649091568"
"a4_740" = "1010182244"
"a4_741" = "1017351365"
"a4_742" = "1024520486"
"a4_743" = "1031689607"
"a4_744" = "1038858728"
"a4_745" = "1046027849"
"a4_746" = "1053196970"
"a4_747" = "1060366091"
"a4_748" = "1067535212"
"a4_749" = "1074704333"
"a1_866" = "4199476712"
"a1_867" = "895750463"
"a1_860" = "603737227"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Aas]
"a1_862" = "3871489828"
"a4_859" = "1863307643"
"a4_182" = "1304780022"
[HKLM\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = "1"
[HKCU\Software\Aas]
"a4_180" = "1290441780"
"a4_181" = "1297610901"
"a4_186" = "1333456506"
"a4_187" = "1340625627"
"a4_184" = "1319118264"
"a4_185" = "1326287385"
"a4_188" = "1347794748"
"a4_189" = "1354963869"
"a1_741" = "989367800"
"a2_918" = "2286284485"
"a4_168" = "1204412328"
"a1_194" = "1064144958"
"a1_195" = "3215787710"
"a4_160" = "1147059360"
"a4_161" = "1154228481"
"a4_162" = "1161397602"
"a4_163" = "1168566723"
"a4_164" = "1175735844"
"a4_165" = "1182904965"
"a4_166" = "1190074086"
"a4_167" = "1197243207"
"a4_296" = "2122059816"
"a4_297" = "2129228937"
"a4_294" = "2107721574"
"a4_295" = "2114890695"
"a4_292" = "2093383332"
"a4_293" = "2100552453"
"a4_290" = "2079045090"
"a4_291" = "2086214211"
"a4_142" = "1018015182"
"a3_952" = "2546868881"
"a4_568" = "4072060728"
"a4_569" = "4079229849"
"a4_298" = "2136398058"
"a4_299" = "2143567179"
"a2_598" = "4287131629"
"a1_192" = "2238422939"
"a1_193" = "732562558"
"a1_969" = "4222060629"
"a4_934" = "2400991718"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Aas]
"a3_790" = "1351657855"
"a4_958" = "2573050622"
"a1_742" = "3981471096"
"a4_368" = "2638236528"
"a4_369" = "2645405649"
"a4_362" = "2595221802"
"a4_363" = "2602390923"
"a4_360" = "2580883560"
"a4_361" = "2588052681"
"a4_366" = "2623898286"
"a4_367" = "2631067407"
"a4_364" = "2609560044"
"a4_365" = "2616729165"
"a3_505" = "3603458416"
"a1_305" = "3421434401"
"a1_304" = "707440494"
"a1_307" = "39290917"
"a1_306" = "2089016908"
"a1_301" = "1243772087"
"a1_300" = "377215937"
"a1_303" = "2037911556"
"a1_302" = "1730954614"
"a3_792" = "1399711281"
"a1_309" = "957340069"
"a1_308" = "4185842874"
"a2_540" = "3871320754"
"a2_541" = "3878501085"
"a2_542" = "3885669945"
"a1_481" = "1386132830"
"a2_544" = "3900004455"
"a2_545" = "3907170172"
"a2_546" = "3914338298"
"a2_547" = "3921502820"
"a2_548" = "3928672707"
"a2_549" = "3935852586"
"a2_894" = "2114231423"
"a2_895" = "2121397153"
"a2_892" = "2099897648"
"a2_893" = "2107063378"
"a2_890" = "2085544849"
"a2_891" = "2092727882"
"a2_438" = "3140068003"
"a2_439" = "3147249951"
"a2_434" = "3111400013"
"a2_435" = "3118565315"
"a2_436" = "3125733903"
"a2_437" = "3132900972"
"a2_430" = "3082717283"
"a2_431" = "3089850200"
"a2_432" = "3097067252"
"a2_433" = "3104235088"
"a2_948" = "2501357173"
"a2_949" = "2508522819"
"a4_908" = "2214594572"
"a2_944" = "2472685679"
"a2_945" = "2479860070"
"a2_946" = "2487021931"
"a2_947" = "2494187969"
"a2_940" = "2444001515"
"a1_488" = "2757558950"
"a2_942" = "2458338245"
"a2_943" = "2465521989"
"a1_279" = "1968173548"
"a1_278" = "664349528"
"a1_489" = "347198258"
"a1_271" = "165089041"
"a1_270" = "269890400"
"a1_273" = "2895454373"
"a1_272" = "795251928"
"a1_275" = "2122568718"
"a1_274" = "1841120907"
"a1_277" = "91937324"
"a1_276" = "2018825433"
"a2_764" = "1182240241"
"a2_765" = "1189407361"
"a2_766" = "1196573059"
"a2_767" = "1203741765"
"a2_760" = "1153558746"
"a2_761" = "1160740228"
"a2_762" = "1167911220"
"a2_763" = "1175075372"
"a2_768" = "1210924990"
"a2_769" = "1218092611"
"a2_382" = "2738607666"
"a2_383" = "2745776956"
"a2_380" = "2724258886"
"a2_381" = "2731441970"
"a2_386" = "2767276008"
"a2_387" = "2774443692"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKCU\Software\Aas]
"a2_385" = "2760109069"
"a2_388" = "2781625171"
"a2_389" = "2788790321"
"a1_613" = "3670373404"
"a1_612" = "2190925770"
"a1_611" = "378930651"
"a2_368" = "2638241306"
"a2_369" = "2645409084"
"a1_610" = "1301501812"
"a2_88" = "630887799"
"a2_89" = "638057350"
"a2_84" = "602207799"
"a2_85" = "609384216"
"a2_86" = "616539609"
"a2_87" = "623707973"
"a2_80" = "573513063"
"a2_81" = "580703495"
"a2_82" = "587872491"
"a2_83" = "595044464"
"a3_273" = "1974165848"
"a3_272" = "1966722361"
"a3_271" = "1926113414"
"a3_270" = "1918678119"
"a3_277" = "2002712284"
"a3_276" = "1962103485"
"a3_275" = "1954659866"
"a3_274" = "1947600379"
"a2_162" = "1161400897"
"a2_163" = "1168569831"
"a3_279" = "1983582110"
"a3_278" = "2009623423"
"a2_166" = "1190082311"
"a2_167" = "1197239408"
"a2_164" = "1175739327"
"a2_165" = "1182902856"
"a3_690" = "668723035"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Aas]
"a3_679" = "589715310"
"a1_666" = "1394841824"
"a3_677" = "541662892"
"a3_676" = "568228365"
"a3_675" = "560775658"
"a3_674" = "553725259"
"a3_673" = "513247528"
"a3_672" = "505681033"
"a3_671" = "532246550"
"a3_670" = "525328375"
"a3_50" = "341766363"
"a3_51" = "348755322"
"a3_52" = "389745053"
"a3_53" = "396796476"
"a3_54" = "370165343"
"a3_55" = "377748222"
"a3_56" = "384737041"
"a3_57" = "425210800"
"a3_58" = "432789459"
"a3_59" = "406145138"
"a3_417" = "3006523432"
"a3_416" = "2965403529"
"a3_415" = "2958480150"
"a3_414" = "2984984311"
"a3_413" = "2977536596"
"a3_412" = "2970543669"
"a3_411" = "2929937810"
"a3_410" = "2922490227"
"a3_419" = "2986877162"
"a3_418" = "3013512267"
"a1_451" = "1528033624"
"a1_450" = "3206314397"
"a1_453" = "1934355960"
"a1_452" = "3131106548"
"a1_455" = "2847247596"
"a1_454" = "2347916861"
"a1_457" = "3904302061"
"a1_456" = "3528703637"
"a1_459" = "1447116587"
"a1_458" = "1187677879"
"a1_693" = "324597547"
"a1_692" = "3778512520"
"a1_691" = "3221761635"
"a1_690" = "1645017903"
"a1_697" = "1037239108"
"a1_696" = "2398500209"
"a1_695" = "866700007"
"a1_694" = "2131044778"
"a1_699" = "2013645675"
"a1_698" = "1818806831"
"a3_896" = "2145139113"
"a3_695" = "704178558"
"a1_962" = "3130393407"
"a3_309" = "2231976764"
"a3_308" = "2191503005"
"a3_303" = "2155521254"
"a3_302" = "2148466759"
"a3_301" = "2174512164"
"a3_300" = "2167589765"
"a3_307" = "2183924346"
"a3_306" = "2210566619"
"a3_305" = "2203581880"
"a3_304" = "2162448665"
"a4_86" = "616544406"
"a4_87" = "623713527"
"a4_84" = "602206164"
"a4_85" = "609375285"
"a4_82" = "587867922"
"a4_83" = "595037043"
"a4_80" = "573529680"
"a4_81" = "580698801"
"a3_887" = "2047190590"
"a3_730" = "921917107"
"a4_88" = "630882648"
"a4_89" = "638051769"
"a3_731" = "962513618"
"a4_954" = "2544374138"
[HKCU\Software\Aas\695404737]
"14338242" = "0"
[HKCU\Software\Aas]
"a3_913" = "2267125720"
"a3_736" = "998505673"
"a1_740" = "2476125870"
"a3_737" = "1005490536"
"a3_697" = "685057584"
"a3_892" = "2083171285"
"a3_891" = "2109683634"
"a3_890" = "2102235923"
"a3_897" = "2119163336"
"a3_734" = "950445111"
"a3_895" = "2138211638"
"a3_894" = "2131222679"
"a3_899" = "2166680202"
"a3_735" = "990926934"
"a3_696" = "678137233"
"a1_967" = "4077207857"
"a4_387" = "2774449827"
"a1_940" = "322489111"
"a1_752" = "3738640450"
"a4_629" = "214409813"
"a4_628" = "207240692"
"a4_627" = "200071571"
"a4_626" = "192902450"
"a4_625" = "185733329"
"a4_624" = "178564208"
"a4_623" = "171395087"
"a4_622" = "164225966"
"a4_621" = "157056845"
"a4_620" = "149887724"
"a2_75" = "537687532"
"a2_74" = "530523857"
"a1_763" = "2087675051"
"a2_77" = "552015079"
"a2_76" = "544855370"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"GlobalUserOffline" = "0"
[HKCU\Software\Aas]
"a2_71" = "509015974"
"a2_70" = "501836608"
"a4_753" = "1103380817"
"a4_752" = "1096211696"
"a4_751" = "1089042575"
"a4_750" = "1081873454"
"a4_757" = "1132057301"
"a2_73" = "523339161"
"a4_755" = "1117719059"
"a4_754" = "1110549938"
"a1_877" = "579325204"
"a1_876" = "810251044"
"a4_759" = "1146395543"
"a2_72" = "516173523"
"a1_873" = "1720760690"
"a1_872" = "4171408854"
"a1_871" = "4018489424"
"a1_870" = "4069098623"
"a4_195" = "1397978595"
"a4_194" = "1390809474"
"a4_197" = "1412316837"
"a4_196" = "1405147716"
"a4_191" = "1369302111"
"a4_190" = "1362132990"
"a4_193" = "1383640353"
"a4_192" = "1376471232"
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"FirewallDisableNotify" = "1"
[HKCU\Software\Aas]
"a4_198" = "1419485958"
"a1_909" = "3625865012"
"a4_179" = "1283272659"
"a4_178" = "1276103538"
"a4_173" = "1240257933"
"a4_172" = "1233088812"
"a4_171" = "1225919691"
"a4_170" = "1218750570"
"a4_177" = "1268934417"
"a4_176" = "1261765296"
"a4_175" = "1254596175"
"a4_174" = "1247427054"
"a4_577" = "4136582817"
"a3_123" = "898388146"
"a4_575" = "4122244575"
"a4_574" = "4115075454"
"a4_573" = "4107906333"
"a4_572" = "4100737212"
"a4_571" = "4093568091"
"a3_122" = "891468819"
"a4_970" = "2659080074"
"a3_121" = "850861040"
"a4_579" = "4150921059"
"a4_578" = "4143751938"
"a4_289" = "2071875969"
"a4_288" = "2064706848"
"a3_636" = "247859925"
"a3_120" = "843343697"
"a4_281" = "2014523001"
"a4_280" = "2007353880"
"a4_283" = "2028861243"
"a1_108" = "748701790"
"a4_285" = "2043199485"
"a4_284" = "2036030364"
"a4_287" = "2057537727"
"a3_126" = "886312343"
"a3_125" = "879323508"
"a3_124" = "905966805"
"a4_965" = "2623234469"
"a3_691" = "642161658"
"a3_967" = "2620735566"
"a4_379" = "2717096859"
"a4_378" = "2709927738"
"a3_966" = "2647370799"
"a4_375" = "2688420375"
"a4_374" = "2681251254"
"a4_377" = "2702758617"
"a4_376" = "2695589496"
"a4_371" = "2659743891"
"a4_370" = "2652574770"
"a4_373" = "2674082133"
"a4_372" = "2666913012"
"a3_964" = "2599327597"
"a3_963" = "2592338634"
"a3_962" = "2584764075"
"a4_756" = "1124888180"
"a3_961" = "2611395080"
"a1_755" = "3272971937"
"a1_437" = "776513319"
"a3_960" = "2604335593"
"a2_553" = "3964520775"
"a2_552" = "3957353333"
"a2_551" = "3950187944"
"a2_550" = "3943009099"
"a2_557" = "3993191990"
"a2_556" = "3986039335"
"a2_555" = "3978856519"
"a2_554" = "3971690277"
"a2_889" = "2078376302"
"a2_888" = "2071203954"
"a2_559" = "4007540152"
"a2_558" = "4000376899"
"a4_980" = "2730771284"
"a4_981" = "2737940405"
"a2_429" = "3075549582"
"a2_428" = "3068382134"
"a2_427" = "3061215286"
"a2_426" = "3054048546"
"a2_425" = "3046879278"
"a2_424" = "3039712923"
"a2_423" = "3032533800"
"a2_422" = "3025359404"
"a2_421" = "3018198441"
"a2_420" = "3011031412"
"a1_758" = "1669352330"
"a2_565" = "4050556904"
"a4_984" = "2759447768"
"a2_959" = "2580227774"
"a2_958" = "2573055361"
"a2_957" = "2565876629"
"a2_956" = "2558720507"
"a2_955" = "2551535057"
"a2_954" = "2544370679"
"a1_785" = "577389109"
"a2_952" = "2530043526"
"a2_951" = "2522873585"
"a2_950" = "2515690489"
"a1_208" = "952880261"
"a1_209" = "3902711420"
"a1_204" = "1557726206"
"a1_205" = "1734842724"
"a1_206" = "1606698075"
"a1_207" = "863885837"
"a1_200" = "1315231896"
"a1_201" = "1608844795"
"a1_202" = "1295828569"
"a1_203" = "3549696178"
"a2_777" = "1275441828"
"a2_776" = "1268276079"
"a2_775" = "1261099770"
"a2_774" = "1253926161"
"a2_773" = "1246758546"
"a2_772" = "1239591506"
"a2_771" = "1232434665"
"a2_770" = "1225257775"
"a2_779" = "1289776126"
"a2_778" = "1282609960"
"a2_395" = "2831808691"
"a2_394" = "2824626181"
"a2_397" = "2846143780"
"a2_396" = "2838974808"
"a2_391" = "2803122343"
"a2_390" = "2795959671"
"a2_393" = "2817462238"
"a2_392" = "2810286293"
"a2_399" = "2860477484"
"a2_398" = "2853310520"
"a2_568" = "4072056865"
"a2_569" = "4079226334"
"a2_379" = "2717090044"
"a2_378" = "2709923002"
"a2_373" = "2674086634"
"a2_372" = "2666907332"
"a2_371" = "2659738291"
"a2_370" = "2652573230"
"a2_377" = "2702756703"
"a2_376" = "2695590574"
"a2_375" = "2688428346"
"a2_374" = "2681255433"
"a3_246" = "1746738975"
"a3_247" = "1753789374"
"a3_244" = "1765852765"
"a3_245" = "1773304572"
"a2_179" = "1283274804"
"a2_178" = "1276108083"
[HKLM\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = "1"
[HKCU\Software\Aas]
"a3_241" = "1744311672"
"a2_175" = "1254590602"
"a2_174" = "1247419038"
"a2_177" = "1268938850"
"a2_176" = "1261772761"
"a2_171" = "1225922164"
"a2_170" = "1218753033"
"a2_173" = "1240256170"
"a3_249" = "1801832560"
"a4_960" = "2587388864"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKCU\Software\Aas]
"a1_511" = "931669705"
"a1_512" = "3638291038"
"a1_513" = "4013031903"
"a1_514" = "3958547948"
"a1_515" = "2686297747"
"a1_516" = "2068612522"
"a1_517" = "336099160"
"a1_518" = "3372373750"
"a1_519" = "2433334556"
"a3_648" = "367361953"
"a3_649" = "340792256"
"a3_69" = "478110732"
"a3_68" = "470664173"
"a3_65" = "449123976"
"a3_64" = "442135145"
"a3_67" = "497168202"
"a3_66" = "489720619"
"a3_61" = "454263092"
"a3_60" = "413199509"
"a3_63" = "468244982"
"a3_62" = "461186391"
"a1_784" = "2545032013"
"a3_514" = "3667976427"
"a2_543" = "3892835585"
"a1_424" = "3402944141"
"a1_425" = "3851920658"
"a1_426" = "2990021577"
"a1_427" = "3613716613"
"a1_420" = "856321375"
"a1_421" = "3826160185"
"a1_422" = "3785413771"
"a1_423" = "3336147957"
"a3_199" = "1409969486"
"a1_428" = "502994524"
"a1_429" = "2572995377"
"a3_515" = "3709043978"
"a3_693" = "690213052"
"a2_965" = "2623242229"
"a3_338" = "2439897659"
"a3_339" = "2446886490"
"a3_336" = "2391856505"
"a3_337" = "2432846232"
"a3_334" = "2411437223"
"a3_335" = "2384801990"
"a3_332" = "2363312101"
"a3_333" = "2403923972"
"a3_330" = "2348814115"
"a3_331" = "2356388674"
"a1_738" = "883572716"
"a1_739" = "3053894998"
"a3_428" = "3084957701"
"a3_429" = "3058850980"
"a3_422" = "3041926607"
"a3_423" = "3049502318"
"a3_420" = "2994455821"
"a3_421" = "3001383340"
"a3_426" = "3070911299"
"a3_427" = "3077900258"
"a3_424" = "3022858881"
"a3_425" = "3029913376"
"a1_864" = "523310761"
"a2_915" = "2264786274"
"a1_865" = "3126767389"
"a4_870" = "1942167974"
"a4_873" = "1963675337"
"a1_861" = "2570629476"
"a1_863" = "2447064901"
"a3_87" = "607024862"
"a3_86" = "633131711"
"a3_85" = "626081308"
"a3_84" = "585598461"
"a3_83" = "578085210"
"a3_82" = "571034939"
"a3_81" = "597665944"
"a4_183" = "1311949143"
"a3_89" = "654610320"
"a3_88" = "614067057"
"a4_612" = "92534756"
"a4_613" = "99703877"
"a4_610" = "78196514"
"a4_611" = "85365635"
"a4_616" = "121211240"
"a4_617" = "128380361"
"a4_614" = "106872998"
"a4_615" = "114042119"
"a4_968" = "2644741832"
"a4_969" = "2651910953"
"a4_618" = "135549482"
"a4_619" = "142718603"
"a4_871" = "1949337095"
"a3_689" = "661144376"
"a3_812" = "1543047557"
"a3_692" = "649083933"
"a4_876" = "1985182700"
"a4_766" = "1196579390"
"a4_767" = "1203748511"
"a4_764" = "1182241148"
"a4_765" = "1189410269"
"a4_762" = "1167902906"
"a4_763" = "1175072027"
"a4_760" = "1153564664"
"a4_761" = "1160733785"
"a1_848" = "3736778538"
"a1_849" = "2751562466"
"a1_439" = "3795105180"
"a4_768" = "1210917632"
"a4_769" = "1218086753"
"a3_938" = "2446500163"
"a3_512" = "3687557161"
"a2_662" = "450989747"
"a3_513" = "3660926024"
"a3_930" = "2355479115"
"a3_931" = "2362926826"
"a3_932" = "2403474189"
"a3_814" = "1523992135"
"a4_877" = "1992351821"
"a3_510" = "3639513879"
"a3_936" = "2398382209"
"a3_937" = "2439449888"
"a3_511" = "3679991734"
"a3_516" = "3715971501"
"a3_517" = "3723025868"
"a1_198" = "716825427"
"a1_199" = "2930490802"
"a4_148" = "1061029908"
"a4_149" = "1068199029"
"a4_146" = "1046691666"
"a4_147" = "1053860787"
"a1_196" = "2224894454"
"a4_145" = "1039522545"
"a1_190" = "3753178288"
"a4_143" = "1025184303"
"a4_140" = "1003676940"
"a4_141" = "1010846061"
"a2_983" = "2752276782"
"a3_910" = "2245638887"
"a4_548" = "3928678308"
"a4_549" = "3935847429"
"a4_542" = "3885663582"
"a4_543" = "3892832703"
"a4_540" = "3871325340"
"a4_541" = "3878494461"
"a4_546" = "3914340066"
"a4_547" = "3921509187"
"a4_544" = "3900001824"
"a4_545" = "3907170945"
"a4_839" = "1719925223"
"a1_662" = "694475266"
"a1_663" = "1318027886"
"a3_965" = "2639793036"
"a1_660" = "2430620838"
"a4_380" = "2724265980"
"a4_381" = "2731435101"
"a4_382" = "2738604222"
"a4_383" = "2745773343"
"a4_384" = "2752942464"
"a4_385" = "2760111585"
"a4_386" = "2767280706"
"a4_169" = "1211581449"
"a4_388" = "2781618948"
"a4_389" = "2788788069"
"a1_667" = "20902370"
"a1_664" = "1837927862"
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = "1"
[HKCU\Software\Aas]
"a1_665" = "211893541"
"a1_0" = "1653765306"
"a1_1" = "2441982131"
"a1_2" = "2510997625"
"a1_3" = "2714402161"
"a1_4" = "1265725528"
"a1_5" = "936486802"
"a1_6" = "3200061838"
"a1_7" = "1317326292"
"a1_8" = "2781411382"
"a1_9" = "166804951"
"a2_566" = "4057704599"
"a2_567" = "4064890624"
"a2_564" = "4043387656"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"EnableLUA" = "0"
[HKCU\Software\Aas]
"a2_562" = "4029039725"
"a2_563" = "4036221064"
"a3_8" = "40388897"
"a3_9" = "47967552"
"a3_6" = "59977839"
"a3_7" = "67032206"
"a3_4" = "11991981"
"a3_5" = "52535244"
"a3_2" = "31040235"
"a3_3" = "4933386"
"a3_0" = "17001001"
"a3_1" = "23989832"
"a2_412" = "2953686568"
"a2_413" = "2960845836"
"a2_410" = "2939345221"
"a2_411" = "2946514673"
"a2_416" = "2982348759"
"a2_417" = "2989529206"
"a2_414" = "2968014834"
"a2_415" = "2975179879"
"a2_418" = "2996697901"
"a2_419" = "3003869796"
"a2_962" = "2601725602"
"a2_963" = "2608893321"
"a2_960" = "2587391511"
"a2_961" = "2594556347"
"a2_966" = "2630406513"
"a2_967" = "2637575892"
"a2_964" = "2616059638"
"a4_950" = "2515697654"
"a1_631" = "339219008"
"a2_968" = "2644744329"
"a2_969" = "2651908657"
"a4_564" = "4043384244"
"a1_219" = "3792488515"
"a1_218" = "130732880"
"a1_217" = "2346596960"
"a1_216" = "2330595743"
"a1_215" = "1112003368"
"a1_214" = "2105713993"
"a1_213" = "3632581131"
"a1_212" = "3267163917"
"a1_211" = "982742950"
"a1_210" = "1144944535"
"a4_567" = "4064891607"
"a1_630" = "2037151968"
"a2_980" = "2730778602"
"a4_560" = "4014707760"
"a2_982" = "2745110696"
"a4_956" = "2558712380"
"a2_984" = "2759456003"
"a4_561" = "4021876881"
"a4_562" = "4029046002"
"a4_563" = "4036215123"
"a4_443" = "3175920603"
"a1_633" = "297848718"
"a4_442" = "3168751482"
"a4_441" = "3161582361"
A firewall is disabled:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = "0"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"
Antivirus notifications are disabled:
[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = "1"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
Adds a rule to the firewall Windows which allows any network activity:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\c:]
"%original file name%.exe" = "c:\%original file name%.exe:*:Enabled:ipsec"
Firewall notifications are disabled:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = "1"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
Antivirus notifications are disabled:
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = "1"
The Trojan deletes the following registry key(s):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014031720140318]
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
Dropped PE files
MD5 | File path |
---|---|
23203a6a5b07979cf92f0780415e59ee | c:\hostd.exe |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Trojan's file once a user opens a drive's folder in Windows Explorer.
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):No processes have been created.
- Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%WinDir%\system.ini (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTEVGXIR\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\cc92a7d66e[1].setToken (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1SZTR4PX\pubads_impl_49[1].js (2190 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTEVGXIR\nero-burning-rom-18[1].png (3783 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1SZTR4PX\campaign-100624,101362[1].htm (1320 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\sprite[1].png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\loading[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1SZTR4PX\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\CAOJQT25.gif (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\CAWNUT4V.gif (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\fad58-b3118[2].css (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1SZTR4PX\sd_101362_0d279[1].jpg (17910 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\fad58-b3118[1].css (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1SZTR4PX\f[1].txt (3496 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\f[1].txt (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1SZTR4PX\container[1].html (1287 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTEVGXIR\306e0-e2646[1].js (7347 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTEVGXIR\sd_100624_634cd[1].jpg (14585 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1SZTR4PX\nr-412.min[1].js (8741 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\sd_100624_634cd[1].jpg (21437 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\f[1].txt (109 bytes)
%Program Files%\Common Files\Java\Java Update\jusched.exe (368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\CA7W1H7O.gif (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\CAG7JRMK.gif (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\universaldownloader-prefetch[1].htm (657 bytes)
C:\hostd.exe (103 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\winthnidj.exe (741 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTEVGXIR\container[1].htm (2 bytes)
C:\autorun.inf (315 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sd.en.softonic[1].txt (11231 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTEVGXIR\f[1].txt (3462 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\CA8DYHBO.gif (35 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\Reader_sl.exe (1336 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\blank[1].gif (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1SZTR4PX\pubads_impl_49[2].js (3387 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (7384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\CAX8W7TD.gif (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\CAG9M3S1.gif (35 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sd.en.softonic[2].txt (10249 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTEVGXIR\gradientbg[1].png (2 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Find and delete all copies of the worm's file together with "autorun.inf" scripts on removable drives.
- Reboot the computer.
Static Analysis
VersionInfo
Company Name: Softonic
Product Name: Softonic Downloader
Product Version: 1, 40, 1, 0
Legal Copyright: Copyright (C) 2013
Legal Trademarks:
Original Filename: SoftonicDownloader.exe
Internal Name: Softonic Downloader
File Version: 1, 40, 1, 0
File Description: Softonic Downloader
Comments:
Language: Language Neutral
Company Name: Softonic Product Name: Softonic Downloader Product Version: 1, 40, 1, 0Legal Copyright: Copyright (C) 2013Legal Trademarks: Original Filename: SoftonicDownloader.exe Internal Name: Softonic Downloader File Version: 1, 40, 1, 0File Description: Softonic Downloader Comments: Language: Language Neutral
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
sUfpPq55 | 4096 | 1081344 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
8hAP7m16 | 1085440 | 360448 | 357376 | 5.54407 | 7a78f3c46404bd9578587a65c955d1d6 |
.rsrc | 1445888 | 90112 | 90112 | 5.37642 | 7ddda77e94c24cbe0179cbee8172eb5a |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
URL | IP |
---|---|
hxxp://nero-burning-rom.sd.en.softonic.com/universaldownloader-prefetch | |
hxxp://nero-burning-rom.sd.en.softonic.com/95323/universaldownloader-prefetch | |
hxxp://nero-burning-rom.sd.en.softonic.com/js/generated/306e0-e2646.js | |
hxxp://www-google-analytics.l.google.com/__utm.gif?utmwv=5.4.6&utms=1&utmn=631952532&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=installation assistant&utmhid=251083253&utmr=-&utmp=/95323/universaldownloader-prefetch&utmht=1410756303649&utmac=UA-48247475-1&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qAAg~ | |
hxxp://softonic-analytics.net/blank.gif?product=st_activity&event=prefetch:campaigns:selected&id_session=D6DD384A-6EFA-43B2-8367-CD9C5B30666At1410756303f95323&id_campaign=100624&id_campaign=101362&ts=1410756304118 | |
hxxp://nero-burning-rom.sd.en.softonic.com/universaldownloader-track | |
hxxp://nero-burning-rom.sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303 | |
hxxp://nero-burning-rom.sd.en.softonic.com/css/generated/fad58-b3118.css | |
hxxp://screenshots.en.sftcdn.net/campaign/scrn/100000/100624/sd_100624_634cd.jpg | |
hxxp://screenshots.en.sftcdn.net/en/scrn/95000/95323/nero-burning-rom-18.png | |
hxxp://nero-burning-rom.sd.en.softonic.com/shared/img/sd_client/gradientbg.png | |
hxxp://nero-burning-rom.sd.en.softonic.com/shared/img/sd_client/sprite.png | |
hxxp://nero-burning-rom.sd.en.softonic.com/shared/img/sd_client/loading.gif | |
hxxp://screenshots.en.sftcdn.net/campaign/scrn/101000/101362/sd_101362_0d279.jpeg | |
hxxp://pagead46.l.doubleclick.net/tag/js/gpt.js | |
hxxp://www-google-analytics.l.google.com/__utm.gif?utmwv=5.4.6&utms=2&utmn=1681216182&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=-&utmp=/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303&utmht=1410756305665&utmac=UA-48247475-1&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qAAg~ | |
hxxp://www-google-analytics.l.google.com/__utm.gif?utmwv=5.4.6&utms=4&utmn=1350765831&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=http://unknown_browser_unknown_version&utmp=/start_api&utmht=1410756305727&utmac=UA-152357-4&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~ | |
hxxp://screenshots.en.sftcdn.net/campaign/scrn/100000/100624/sd_100624_634cd.jpg?v=0.26649063561436414 | |
hxxp://www-google-analytics.l.google.com/__utm.gif?utmwv=5.4.6&utms=3&utmn=1651002142&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=http://unknown_browser_unknown_version&utmp=/init_startup&utmht=1410756305712&utmac=UA-152357-4&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~ | |
hxxp://www-google-analytics.l.google.com/__utm.gif?utmwv=5.4.6&utms=5&utmn=1653110540&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=http://unknown_browser_unknown_version&utmp=/legal_start&utmht=1410756305759&utmac=UA-152357-4&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~ | |
hxxp://www-google-analytics.l.google.com/__utm.gif?utmwv=5.4.6&utms=6&utmn=461011899&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=http://unknown_browser_unknown_version&utmp=/legal_timestamp&utmht=1410756305774&utmac=UA-152357-4&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~ | |
hxxp://www-google-analytics.l.google.com/__utm.gif?utmwv=5.4.6&utms=7&utmn=502429803&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=http://unknown_browser_unknown_version&utmp=/C100624--load1&utmht=1410756305806&utmac=UA-152357-4&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~ | |
hxxp://www-google-analytics.l.google.com/__utm.gif?utmwv=5.4.6&utms=8&utmn=10372948&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=http://unknown_browser_unknown_version&utmp=/C101362--load2&utmht=1410756305821&utmac=UA-152357-4&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~ | |
hxxp://partnerad.l.doubleclick.net/gpt/pubads_impl_49.js | |
hxxp://c.global-ssl.fastly.net/nr-412.min.js | |
hxxp://pagead-googlehosted.l.google.com/safeframe/1-0-0/html/container.html | |
hxxp://pagead46.l.doubleclick.net/pagead/show_companion_ad.js | |
hxxp://beacon-6.newrelic.com/1/cc92a7d66e?a=2337116&ap=152&fe=1453&dc=719&v=412.920d26d&to=NQcAZUJXXUdWAEZdVwxNN0NZGVtAUwxRRxcLDAZUSBhDXEc=&f=["err"]&jsonp=NREUM.setToken | |
hxxp://www.google-analytics.com/__utm.gif?utmwv=5.4.6&utms=8&utmn=10372948&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=http://unknown_browser_unknown_version&utmp=/C101362--load2&utmht=1410756305821&utmac=UA-152357-4&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~ | |
hxxp://www.googletagservices.com/tag/js/gpt.js | |
hxxp://www.google-analytics.com/__utm.gif?utmwv=5.4.6&utms=5&utmn=1653110540&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=http://unknown_browser_unknown_version&utmp=/legal_start&utmht=1410756305759&utmac=UA-152357-4&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~ | |
hxxp://www.google-analytics.com/__utm.gif?utmwv=5.4.6&utms=1&utmn=631952532&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=installation assistant&utmhid=251083253&utmr=-&utmp=/95323/universaldownloader-prefetch&utmht=1410756303649&utmac=UA-48247475-1&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qAAg~ | |
hxxp://static.sd-client.en.softonic.com/js/generated/306e0-e2646.js | |
hxxp://static.sd-client.en.softonic.com/css/generated/fad58-b3118.css | |
hxxp://tpc.googlesyndication.com/safeframe/1-0-0/html/container.html | 173.194.43.76 |
hxxp://static.sd-client.en.softonic.com/shared/img/sd_client/gradientbg.png | |
hxxp://www.google-analytics.com/__utm.gif?utmwv=5.4.6&utms=6&utmn=461011899&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=http://unknown_browser_unknown_version&utmp=/legal_timestamp&utmht=1410756305774&utmac=UA-152357-4&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~ | |
hxxp://static.sd-client.en.softonic.com/shared/img/sd_client/loading.gif | |
hxxp://js-agent.newrelic.com/nr-412.min.js | |
hxxp://static.sd-client.en.softonic.com/shared/img/sd_client/sprite.png | |
hxxp://www.google-analytics.com/__utm.gif?utmwv=5.4.6&utms=2&utmn=1681216182&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=-&utmp=/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303&utmht=1410756305665&utmac=UA-48247475-1&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qAAg~ | |
hxxp://www.google-analytics.com/__utm.gif?utmwv=5.4.6&utms=7&utmn=502429803&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=http://unknown_browser_unknown_version&utmp=/C100624--load1&utmht=1410756305806&utmac=UA-152357-4&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~ | |
hxxp://www.google-analytics.com/__utm.gif?utmwv=5.4.6&utms=4&utmn=1350765831&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=http://unknown_browser_unknown_version&utmp=/start_api&utmht=1410756305727&utmac=UA-152357-4&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~ | |
hxxp://sd.en.softonic.com/95323/universaldownloader-prefetch | 46.28.209.70 |
hxxp://partner.googleadservices.com/gpt/pubads_impl_49.js | |
hxxp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303 | 46.28.209.70 |
hxxp://pagead2.googlesyndication.com/pagead/show_companion_ad.js | |
hxxp://sd.en.softonic.com/universaldownloader-track | 46.28.209.70 |
hxxp://www.google-analytics.com/__utm.gif?utmwv=5.4.6&utms=3&utmn=1651002142&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=http://unknown_browser_unknown_version&utmp=/init_startup&utmht=1410756305712&utmac=UA-152357-4&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~ |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /shared/img/sd_client/sprite.png HTTP/1.1
Accept: */*
Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.sd-client.en.softonic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 15 Sep 2014 04:45:32 GMT
Server: Apache
Last-Modified: Thu, 29 May 2014 10:06:17 GMT
Accept-Ranges: bytes
Content-Length: 7892
Cache-Control: max-age=172800
Expires: Wed, 17 Sep 2014 04:45:32 GMT
Keep-Alive: timeout=3, max=10
Connection: Keep-Alive
Content-Type: image/png
.PNG........IHDR.......\.....ld......sBIT.....O.....PLTE...................................................................................................................................h.......................f.....n........Dw.I..............U..}..,...v..\. g...........x.a...R..............>....:n........M..].T*..:.....m....tV.....]........7....Q..P..O)....P.i...O..N..N..M....sJ..M..K..L..L..J..J..JJz...I..I..H..I..H..Istv..H..G..H..G..G..G..F..F.x.go...F..F..E..E..D..D..D..B..C/v...B:~4kid..A..A..@..A..>/g..m..p..i...<..=.z:.g.;b..z:.7@.6?[ZW.5>.u8.4<.s7.b..3;.1:.09{O$./8.p5..7.-6.[..m4&Q..,5. 3.k3(X..*2.)1.R..(0.'/.%,.T..f1.e1.&..$,.$,.%-.# .# ."*.#,."*.!)." .!(.!*.!). (..'. (..&. '.I...'..&..%..&..%..%..$..$.."..#..#..".."..!..!....9.899...................*................>.j.....tRNS.....................................................................................................................................................................................................................................................~T.....pHYs...........~.....tEXtSoftware.Adobe Fireworks CS6.......gIDATx...._[.^..'.LhC...4.t.K....H.w0......^.)w.i..T...q..w..bq..*U.2j]..hU...^.}).\.......,.@......._..!0.u>y....@.......eh\..fUHC....c.X;4.c..I...m..c...d.B.2...}. ..- ...A....,.:p51.4.Ig..:.}......r......WXw..........z. 3v..^.....2......5.Bw.;...M.......ffx..Ac.......jf...F53.K...y...^.(h..M].>....................y.o.:...m.-.2C....................(.Jro.P............wqo....7....<...7*.z......
<<< skipped >>>
GET /95323/universaldownloader-prefetch HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: sd.en.softonic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 15 Sep 2014 04:45:26 GMT
Server: Apache
Set-Cookie: sd_client_en-admin=deleted; expires=Sun, 15-Sep-2013 04:45:25 GMT; path=/; domain=sd.en.softonic.com
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-control: max-age=0, must-revalidate
Pragma: no-cache
Vary: Accept-Language,Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 7105
Keep-Alive: timeout=3, max=10
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
...........=m[......B./.6/.....KI8..n.....>.7.IL.....S.......$.P.!6..S4...h4.........v.......0D......E.Z.....h4.....s..;...:L.(.. ....h.... .F[....i.T..I.q.........k.T.z/.U^.....c.F...4.u]...B/.oW..B.oM.^......zP>{..Y..FA.f^.zt(..i..Q....i...y(...v%...,..n.e~.mW.8.z..*...8....j\u.D.......J0..~...... .=..Wi7.F...F0V...._.....'5.$...p......~..h.h..8b.HQ.....D>.........P.....ig~....@Y0..I..l.K4.6k...N..O...).5>..mw>..}.ivv..[.....62.X....q.C....i.M`...L5.C..|.....:..):.G]..t.R6./=...$..q..!:. ..y.......w.'...Q..q.....~v.|..Y..7hq5....}...&.v..;........u..@4..;C.i.s.....E.T\`"..r.W.m^.$...d...g...........Q?...&M.%~6N">....xyE`............Q^.D.....R....W..e.i..rn..........1e.9.X^t&.O.....K.!J..l.n!.R.`..,.e..E..7....._S.G...Y$W...b8..\A...L....5......n..... ...MK.....5..^pE*...8.....:.5.............>4g........W...L.... i.D.}E..R....N....~...S&y....'.n3..OpQ...K...K....0.6..-q....{.....3..PK.......(..T.s.f..d....;...[1....Y. .m.7...(.m>.....mg^_....w....k..K;.c..zqw<.._.&......W02W.....{... ...a^...........@d~w..cVTE.I/.5..Xg...._E..........x8....pb......3.\...K....,.`L.........,.K..|.......z.. .m".\..F....w|..Q......Dp.H...<N..w...8.y../.^....k.f..].a|..3...[...~o.4..$4tM...*.3.'.n<................$...q.....A9El...Eu.]......*,C....fqUMk.%j;}.oA9...|..|.J...v}4N....F.l.N..g..6>...It...._...~o."9.).z....w...TZ1k].1...7.k6....k/|"Xz...8....f....G^......B....6:...I.U.. ]]..3H.....V...V.^..{!......(....Ve4QV.u?.z..%A...Ye._]t.{4...;D..}/..?C...o..............}.X...7.....8.#Q..R.G..Fo..
<<< skipped >>>
GET /en/scrn/95000/95323/nero-burning-rom-18.png HTTP/1.1
Accept: */*
Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: screenshots.en.sftcdn.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Fri, 30 Apr 2010 11:20:24 GMT
Cache-Control: max-age=172800
Content-Type: image/png
Content-Length: 13893
Accept-Ranges: bytes
Date: Mon, 15 Sep 2014 04:45:32 GMT
Connection: keep-alive
Age: 0
X-Served-By: screenshots
X-Cache: HIT
X-Cache-Hits: 210619
Expires: Wed, 17 Sep 2014 04:45:32 GMT
.PNG........IHDR...d...d.............pHYs.................vpAg...d...d..&^...5nIDATx...y...u.v.{..k...}...Y.Y..H..)...%"E.....T........&....).I$y.q.K.ydJ.%.$.R... @."........t..^{....n.xU_.,XIJq._..........{...w.}.D..y.....'.....`..!...XJ...ZK)..F......R#...Hk5<<........1....3.7p....f).:.N..n....;;;.0...F>_.<..-.u.Q .(..$I......|>.T*....|...B!.8.....v.7n....i.;.n..I.T.....Z.-.....c......Hk..""#.i*.8...Z.i-}.s]gttxbb.R..5.....F.q..s..U...bhhhh....,....t..Z...G.Zk....wj.t.$.v..hH..$.<...}......EDa..j..^xauu}bbjh.P.TJ.!!..F.K.r.A...?#.6..A;.7j...8i4Z.V.Z.&Ix..}....|......J.tyy... .z.\.OL.... .9gFh..J.4UJ)...Gk.........L........N.Z.omm1...s{.......t.-.r..../.............;w....r....R...>"...2O.7t......\.F.z..!"*....V.ol.{...0...dY......c..c_..W...I..?.........'N..r.z.8.g.....eY.1cb.R.....*.S0.Qvt...Ow...,3....o.\.....>..............x......?...u...E..G`I)766.y.8"_XX.....?S....,sJD.....r.2..."..6 .>.=..4..e.....^olll....;vx..=A..N......{........av..\.w...iz..../_ .*....TJ..kMJis@=.m..8..m...1d..$...R*..N...v..u].0..[....`..0p.@.E...dp.T.A.{.s........?Z.Tz.~.Y.F..R...k.....4M.....Vwnnn...B!gV.L".q....,.2*c..........F...v.D......,..,.....<.X,.........9......c...cw5%.<wvv:..n.X..7...}.c....h......|......{...moo?....;G......\.@..A.I#..8.%.R.n.Z.>..../.......'..8.L..Y.....$.H.R!.<..........qs....=...(.K...!n3q.d....!..F........x..............@8....s...w..Um...kss..........##e..H.....5!.m.Bp.....K...;w..........R.N.R...4@........m.c.u....;.$.&q..j......s...3.NV...........[.ED..5.......
<<< skipped >>>
GET /campaign/scrn/101000/101362/sd_101362_0d279.jpeg HTTP/1.1
Accept: */*
Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: screenshots.en.sftcdn.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Thu, 21 Aug 2014 13:51:12 GMT
Cache-Control: max-age=172800
Content-Type: image/jpeg
Content-Length: 54735
Accept-Ranges: bytes
Date: Mon, 15 Sep 2014 04:45:32 GMT
Connection: keep-alive
Age: 0
X-Served-By: screenshots
X-Cache: HIT
X-Cache-Hits: 791572
Expires: Wed, 17 Sep 2014 04:45:32 GMT
......JFIF.....H.H......Exif..II*................*hXXp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:6D8D89E2AAD311E3BE6B9AEEC3B9D744" xmpMM:DocumentID="xmp.did:6D8D89E3AAD311E3BE6B9AEEC3B9D744"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:6D8D89E0AAD311E3BE6B9AEEC3B9D744" stRef:documentID="xmp.did:6D8D89E1AAD311E3BE6B9AEEC3B9D744"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...C....................................................................C......................................................................................................................b............................!.."1.2ABQR.#aq.3br.......$C..%Ss.....4Dcv...&7t..'(89Udu......We....................................J........................"..2B..R.#b!13Ar.$Qq.........4a..ST....mEUd...............?.....{($>T...........PHh$#AND.!....bE.7......|^...pO..q.].)@?Uk....O..(.>...Kc\......&...z.3.6.n...K./O.]..BU^#.4B..n.b.r.DWk.....E*Y...U..[2...Z......bsB.=v....-..i.......}..%.........\...-.t2...r\D...Gf....)..
<<< skipped >>>
GET /__utm.gif?utmwv=5.4.6&utms=1&utmn=631952532&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=installation assistant&utmhid=251083253&utmr=-&utmp=/95323/universaldownloader-prefetch&utmht=1410756303649&utmac=UA-48247475-1&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qAAg~ HTTP/1.1
Accept: */*
Referer: hXXp://sd.en.softonic.com/95323/universaldownloader-prefetch
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 19 Apr 2000 11:43:00 GMT
Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Date: Thu, 04 Sep 2014 22:34:28 GMT
Server: Golfe2
Content-Length: 35
Age: 886263
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Alternate-Protocol: 80:quic,p=0.002
GIF89a.............,...........D..;HTTP/1.1 200 OK..Pragma: no-cache..Expires: Wed, 19 Apr 2000 11:43:00 GMT..Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT..X-Content-Type-Options: nosniff..Content-Type: image/gif..Date: Thu, 04 Sep 2014 22:34:28 GMT..Server: Golfe2..Content-Length: 35..Age: 886263..Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate..Alternate-Protocol: 80:quic,p=0.002..GIF89a.............,...........D..;....
GET /__utm.gif?utmwv=5.4.6&utms=2&utmn=1681216182&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=-&utmp=/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303&utmht=1410756305665&utmac=UA-48247475-1&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qAAg~ HTTP/1.1
Accept: */*
Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 19 Apr 2000 11:43:00 GMT
Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Date: Thu, 04 Sep 2014 22:34:28 GMT
Server: Golfe2
Content-Length: 35
Age: 886265
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Alternate-Protocol: 80:quic,p=0.002
GIF89a.............,...........D..;....
GET /__utm.gif?utmwv=5.4.6&utms=4&utmn=1350765831&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=http://unknown_browser_unknown_version&utmp=/start_api&utmht=1410756305727&utmac=UA-152357-4&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~ HTTP/1.1
Accept: */*
Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 19 Apr 2000 11:43:00 GMT
Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Date: Thu, 04 Sep 2014 22:34:28 GMT
Server: Golfe2
Content-Length: 35
Age: 886265
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Alternate-Protocol: 80:quic,p=0.002
GIF89a.............,...........D..;....
GET /__utm.gif?utmwv=5.4.6&utms=5&utmn=1653110540&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=http://unknown_browser_unknown_version&utmp=/legal_start&utmht=1410756305759&utmac=UA-152357-4&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~ HTTP/1.1
Accept: */*
Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 19 Apr 2000 11:43:00 GMT
Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Date: Thu, 04 Sep 2014 22:34:28 GMT
Server: Golfe2
Content-Length: 35
Age: 886265
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Alternate-Protocol: 80:quic,p=0.002
GIF89a.............,...........D..;....
GET /__utm.gif?utmwv=5.4.6&utms=7&utmn=502429803&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=http://unknown_browser_unknown_version&utmp=/C100624--load1&utmht=1410756305806&utmac=UA-152357-4&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~ HTTP/1.1
Accept: */*
Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 19 Apr 2000 11:43:00 GMT
Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Date: Thu, 04 Sep 2014 22:34:28 GMT
Server: Golfe2
Content-Length: 35
Age: 886265
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Alternate-Protocol: 80:quic,p=0.002
GIF89a.............,...........D..;HTTP/1.1 200 OK..Pragma: no-cache..Expires: Wed, 19 Apr 2000 11:43:00 GMT..Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT..X-Content-Type-Options: nosniff..Content-Type: image/gif..Date: Thu, 04 Sep 2014 22:34:28 GMT..Server: Golfe2..Content-Length: 35..Age: 886265..Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate..Alternate-Protocol: 80:quic,p=0.002..GIF89a.............,...........D..;..
GET /tag/js/gpt.js HTTP/1.1
Accept: */*
Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.googletagservices.com
Connection: Keep-Alive
HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: text/javascript; charset=UTF-8
ETag: 12398482878374649242
Date: Mon, 15 Sep 2014 04:00:47 GMT
Expires: Mon, 15 Sep 2014 05:00:47 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 14914
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=3600
Age: 2685
Alternate-Protocol: 80:quic,p=0.002
...........}kw.:..........1i.....d.(P..r..<]..$ns.vZ....gF..........4.4..F...H...)....v~^.d;r/.l.....)...D.".n_..p....l.2V.........`.y...f.E.3....>...n..4cS.`GI.n...b.aye.7.D.m....}...'.l.e6..Y...a........D..?..pv...pU..[...CP..5]L.(.....8.......... .F......q..u.P.y.d7'.1 .....v.>...2.............bg..*m.....k...ZE.4......x..u.@@..j..*..E.....P... B.. 7.#DJ.J.....(.F..y.N..N.....;...f.q....ou...W.7[.....O.U......5. j.%C..i.B?...0.;..F..z.8If.M.c.P.......[4..y."!.I.....g.K........P.i:...l.wC]..q....Zj......U.....1*....{....Q3..i.g......e.U..g!...g...zG.F8%..4.#..Sq..Z..y.~..=.< }.p..z..1M>.>.,x6K|.).....Pw............j..Y...I.Y.FO.3..Sr;N_..6w...!......:|...z.'S...[.$"...{..{_.o.._...".s.]9..N.u..~....s.r.b..........Q^i...V....^0?..V..o.-..T..E.c...K...M..Nk....Cf[..-H...;W ...}..~7...sZ*).b[.Q["...Y...q.....c.w.9....>...}.y.=.....kfQ.8..N...v........E....'f.-.xZ..Lt..O..P.?..j.`eRU#....-....5...........d..1..#.'..A.Q...:..I4.3..yI......... .U.NU...{..a..n......0..p{b. Mm3."1.X..zz*.z9............]Xd.Q.._e....l6.G........\A.. .....,D(.m.....o.=..9q...7..i.._..y..Y4..n5.........v:..e...dw...b.T..f}..z.{.....[s6.X./...L..3Z..lb9.........a3.-@L.. /..(#....F|......Q~.A.d..#J.......}..e.......2u/.............s.......m.......S.@....&.(.....\.(p..'........<...<............k.@#.S.0.P.0...`~..-...G.u...S.P.S.P?.......(....R.(..>...z..k.:..H.-...#Ge..}..#%.t.Hk.@.,.`:eh...."|...E...F..|.[..F...p.....Ujj.0S. .J(..J.A...m.9......7...qb.0-`..Q9S..\.n.W.)........P.ln.f@...;...].-.2.a..oy....B..X..
<<< skipped >>>
GET /gpt/pubads_impl_49.js HTTP/1.1
Accept: */*
Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: partner.googleadservices.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Last-Modified: Mon, 08 Sep 2014 11:09:31 GMT
Date: Wed, 10 Sep 2014 18:57:15 GMT
Expires: Thu, 10 Sep 2015 18:57:15 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 34135
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 380899
Alternate-Protocol: 80:quic,p=0.002
......n.....y..H.8..^E..'#..c.c@../..a.&......u....K...{.....d....wg.[}..U.u..b...tj;...|{....`....S..m....t.*.F..... ..o.]...J`e.....4...0..4........O......,..........mY.?,...-U"3m.....".9..y.m6..}>.N.......u. z...p...=.I.Z.} e..P.....&A<..5..8........Fq2....S.f..0.7.BGg.<.=.N..x..1...O.-Q.......39......dT.......*z...Z..,.......(...3..(u./w..(j.W,.5.RN.T.!r....Hi^..LT. .K.Vy....3.cF......U.bq.H....Y|.T.....S..s..Y..%...q.-...b.]X.-.}...k...s..bb;..?n9.......c..5..k.............>..i.A...%a.w........|..m:......g1....g.....<...;P..].b.O.w.j..4...\.-d.n..8..j...Z6cBV.fmBn|u^..q&ww..;..5T..&|.7o.PMy>....4....pw...........m]r.)...4.^..........b.......-..........Vo8...........p>.....e[X.j`f.K`..w.......6i.l...."en.N'..=?p.............JW..v..SX....a.7?V..|8.....S....0O.>...J{=d...F....N.......n....4.h6..5]\.2)..8Mt........y8.0.a.l......PD.,!.<....y.N(...k{.U.$.2..}..9...jO8...ob...Ob.:^dy:.t..0....A........o.......,.]..G..\.U6.....?.N:5.....Y....x6..).o,u...>.,h.fm.w.p.E..C..x.yqLw-....E s..]>.yp.Vs....0.8...x-s...u...~.f^`./...._............M..V....(....As.....f.{..9.>....Z.{.....5.b.......w..[....Q..Y.......@.K...V. ...........P..y..E.....g..I...../M.P3...@O.1~.V4....D..........?...^...N..z.........r....}..a......P..@(...=...7v.Y..D..d.N...c.. .Y%...lM....._..am[,.8...Y~<..#.&..../$..[l.].&..OVp4....y.v..?^..x..[&.t.e..<....9......J.g..D.8.q.*._.=Vq.0*.V..D./...f1..bd.bX.E8.b}..&3rVzw.\<....=..wq....1..E.....[.......L(.`pJ.)....c0.`......._.Ct.=?.~..s....{...J..........
<<< skipped >>>
GET /campaign/scrn/100000/100624/sd_100624_634cd.jpg HTTP/1.1
Accept: */*
Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: screenshots.en.sftcdn.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 11 Feb 2014 10:50:08 GMT
Cache-Control: max-age=172800
Content-Type: image/jpeg
Content-Length: 55463
Accept-Ranges: bytes
Date: Mon, 15 Sep 2014 04:45:32 GMT
Connection: keep-alive
Age: 0
X-Served-By: screenshots
X-Cache: HIT
X-Cache-Hits: 8007
Expires: Wed, 17 Sep 2014 04:45:32 GMT
......JFIF.....%.%.....C....................................................................C.........................................................................|..............................................p...........................!..1A...Qaq.."T.....2RSV..........$&'38Urw...#46BXfv....%(CDFHWb.....)5gsu..7G........................................c........................!..1.AQ..."aq2R......#ST......3BU.....$%&4Cbdst..56Dceru.....EVv....FW...............?........T.I$.e.QC.....&9.s...)K..a....uy.#G.GH...I$..#...wwb..T.....$.U*... ;.*"".wv8UEPY...*....k...7..2....~z..b..-...2].R..%.N....(.n'HT..L.....w.......q.....p..qF..Xh.\>...{.....0..i,!...qum..n.#0W..k?#<x.i...7...>..H.......h......4g.....8..P..........x..........)Z...fr......V.*H*S.....C..._;."..t....[.......Oxv.F.....u[..)5.v.kM.[.....V.5).....%..v..nVT..o'1.v.5..x.m.A.Egx#.....Yf{<H.f...\F.r.p%..d..X.W..txG..Y..]#.R\.0.bW.>.....>.....;....;...I.DY...Lx..6.....,/...u8..CZjCO....}..`..Htt.Q....]Ar[..\.P..x......uk. ".R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R......0...[Fh.Xh...B.&F......;..."..v..u...T ...............?.V.......]s[..z.W..v............X.m..0.pJ.E=.i........'.Q<.ym......h.W.X..mB.^......8.C..7.O.*Ij...{ k...Z7.....t8......n....`.E....)i8....d..HD...4u..c..8<..x....)......M...3.........e.....=...M*..-D.........q.v1...8E.t..c.$P...._p....^J...P..2.5Mf...%./.,..F..hu[[H...[U.....-.... ....vx....T(..s.H....*........I.....=..&..4..,h..$T.p...q...s.)..._>.. )...=..i...w
<<< skipped >>>
GET /campaign/scrn/100000/100624/sd_100624_634cd.jpg?v=0.26649063561436414 HTTP/1.1
Accept: */*
Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: screenshots.en.sftcdn.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 11 Feb 2014 10:50:08 GMT
Cache-Control: max-age=172800
Content-Type: image/jpeg
Content-Length: 55463
Accept-Ranges: bytes
Date: Mon, 15 Sep 2014 04:45:33 GMT
Connection: keep-alive
Age: 0
X-Served-By: screenshots
X-Cache: MISS
X-Cache-Hits: 0
Expires: Wed, 17 Sep 2014 04:45:33 GMT
......JFIF.....%.%.....C....................................................................C.........................................................................|..............................................p...........................!..1A...Qaq.."T.....2RSV..........$&'38Urw...#46BXfv....%(CDFHWb.....)5gsu..7G........................................c........................!..1.AQ..."aq2R......#ST......3BU.....$%&4Cbdst..56Dceru.....EVv....FW...............?........T.I$.e.QC.....&9.s...)K..a....uy.#G.GH...I$..#...wwb..T.....$.U*... ;.*"".wv8UEPY...*....k...7..2....~z..b..-...2].R..%.N....(.n'HT..L.....w.......q.....p..qF..Xh.\>...{.....0..i,!...qum..n.#0W..k?#<x.i...7...>..H.......h......4g.....8..P..........x..........)Z...fr......V.*H*S.....C..._;."..t....[.......Oxv.F.....u[..)5.v.kM.[.....V.5).....%..v..nVT..o'1.v.5..x.m.A.Egx#.....Yf{<H.f...\F.r.p%..d..X.W..txG..Y..]#.R\.0.bW.>.....>.....;....;...I.DY...Lx..6.....,/...u8..CZjCO....}..`..Htt.Q....]Ar[..\.P..x......uk. ".R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R......0...[Fh.Xh...B.&F......;..."..v..u...T ...............?.V.......]s[..z.W..v............X.m..0.pJ.E=.i........'.Q<.ym......h.W.X..mB.^......8.C..7.O.*Ij...{ k...Z7.....t8......n....`.E....)i8....d..HD...4u..c..8<..x....)......M...3.........e.....=...M*..-D.........q.v1...8E.t..c.$P...._p....^J...P..2.5Mf...%./.,..F..hu[[H...[U.....-.... ....vx....T(..s.H....*........I.....=..&..4..,h..$T.p...q...s.)..._>.. )...=..i...w
<<< skipped >>>
GET /safeframe/1-0-0/html/container.html HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: tpc.googlesyndication.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/html
Last-Modified: Tue, 14 Jan 2014 13:13:27 GMT
Date: Wed, 10 Sep 2014 22:12:06 GMT
Expires: Thu, 10 Sep 2015 22:12:06 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 1287
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 369208
Alternate-Protocol: 80:quic,p=0.002
......n....VyS.8...Oa<.G".....4.#C.Q.B.= Iw.[q\.;......>.N..;;.3MyO...]Vs...}{w}d..8..j....9.<...*R.....8.|,.v.(.¶.R....As..O.e..h.J.0..p..*J.B...4|P.(.4..Z6`...BMeb.....m..y.m..BU.!....a.].....E!W.lm..4.. ..j$.8....0...n.2..!I`Lh.l.....:@b.<S.I .WCb^M..&.So......w.u....szd........DaR.... .718.P...t;.......?.&....4..*.0.a.$.X.!.......A.O...[..5X.]..h..(0.9.y[.Q...4.B....v..I...*....a......M=MD:4.ZO.6.<.g.@/...G.z.....^.FI..=.4...7 ..N.R.h.a....arQ..L.!.N.:.-.P....B.D...=...n.a....e".`J....'\f.8N."s]j.(.%!9..@..`.<..<..v.`... g...Y....6.......C....h.......b.s_..G.......-....2..v6.#EL...je;....p.......d."...]U.e..b.s.R.[O.j.E...../.X..p.".......b.^/..R..w.....|.........V....@.=...,........l"..n._..,.......8............"...u....U. .._y.[.i..../T...C..GQ,...yYx.7...h...mL.;.#.zla.-..lw:n;.O..I9......ZC..q5..j&uN.rY...fO......7..;Y..e.......I...{.U..Y..}L..G...1..^....~..P..Sp~.....H/...f..w...).T.8...~s.X..w.X....*..Q5...l.$I.Q......8z...p....b.$.....D.4...p...og.A.$..uj.t.t.....u..ej...e.]....Sa.G.....A.;_.s.)A.5..i&....*.].9....."..(..C...n\.....M..j..V..h....3..e..z...n...]_..d.\;.kW..&"..D...h...T7I..R].u.....).t....e.........C.;.......=...]A!{o...l"..........H..*.o{..E..w..PD.......po.L#L5v....i.gUM....8.....5f..3^...U.l....-............... ......S.S.......Si.......
<<< skipped >>>
GET /__utm.gif?utmwv=5.4.6&utms=3&utmn=1651002142&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=http://unknown_browser_unknown_version&utmp=/init_startup&utmht=1410756305712&utmac=UA-152357-4&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~ HTTP/1.1
Accept: */*
Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 19 Apr 2000 11:43:00 GMT
Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Date: Thu, 04 Sep 2014 22:34:28 GMT
Server: Golfe2
Content-Length: 35
Age: 886265
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Alternate-Protocol: 80:quic,p=0.002
GIF89a.............,...........D..;....
GET /__utm.gif?utmwv=5.4.6&utms=6&utmn=461011899&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=http://unknown_browser_unknown_version&utmp=/legal_timestamp&utmht=1410756305774&utmac=UA-152357-4&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~ HTTP/1.1
Accept: */*
Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 19 Apr 2000 11:43:00 GMT
Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Date: Thu, 04 Sep 2014 22:34:28 GMT
Server: Golfe2
Content-Length: 35
Age: 886265
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Alternate-Protocol: 80:quic,p=0.002
GIF89a.............,...........D..;....
GET /__utm.gif?utmwv=5.4.6&utms=8&utmn=10372948&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=http://unknown_browser_unknown_version&utmp=/C101362--load2&utmht=1410756305821&utmac=UA-152357-4&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~ HTTP/1.1
Accept: */*
Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 19 Apr 2000 11:43:00 GMT
Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Date: Thu, 04 Sep 2014 22:34:28 GMT
Server: Golfe2
Content-Length: 35
Age: 886265
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Alternate-Protocol: 80:quic,p=0.002
GIF89a.............,...........D..;HTTP/1.1 200 OK..Pragma: no-cache..Expires: Wed, 19 Apr 2000 11:43:00 GMT..Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT..X-Content-Type-Options: nosniff..Content-Type: image/gif..Date: Thu, 04 Sep 2014 22:34:28 GMT..Server: Golfe2..Content-Length: 35..Age: 886265..Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate..Alternate-Protocol: 80:quic,p=0.002..GIF89a.............,...........D..;..
GET /js/generated/306e0-e2646.js HTTP/1.1
Accept: */*
Referer: hXXp://sd.en.softonic.com/95323/universaldownloader-prefetch
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.sd-client.en.softonic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 15 Sep 2014 04:45:30 GMT
Server: Apache
Last-Modified: Tue, 09 Sep 2014 14:38:53 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Wed, 15 Oct 2014 04:45:30 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Keep-Alive: timeout=3, max=10
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/javascript
1faa...............z.H.8..?O!a.U..Q.lk!..'Kr.......b..AH.D...-.9.y..`.Inl....jf...V.E .{FFFD...l-....t......{^s....l=[...I:i... ...$...>..........Co.o&..u.nv.I..b3.....}:....d..?....f.'...T..?z..K.i2........ .}<..M.~6..`:..._.qr....G......h..8....W.a.....t.9..|s2MG......T..K......<....t.O...xx1..G..8M..A....N.......t.S....B.&.....9.d....,......8..........~...M....8=O.....8...t<.B..c..Fqv.....,....No...:y(.>..x.s..I6.l.g}.F.BL.L.Y.O..i|......>.&....MR.qor.MF......-.C=....7'.s.Q..*...Q.&A.....\...<M........{.C..Y}.#..S/o...6........}.8.....fy2q2d..e.\w...v..e8....a...p6=..F.ZN...&...)..h..GU.R.>.O.a>1..c...GJN{%u..6.Q.f.]\N..-lE...u.{..x..RX..!....M.u.O/...'........O.....~>......v...4n...M.R.......Sk.**.b......i.z..W._....#2.....=S.?...i2.F..wYw.C.m.Z.Wk..r:.5...n0o.0......<..z.d.4....V.&V...]M.........v..2......o...G.1...k1.m8.........l:.S...~. .[.......?.....4...]../..G..8 mP......./..Fm....S.......w.8x.....(.....=@0Q.y... roc..R.`.... G.X.......P...C...,......[Ot..qz9.......1...'..H-.....1....%...^.....8_....".O.Gh......:t.'...r.kqbcz.MB...e..........i...(.T....k...a..xJ.w.>.M....3.B....s...6...(N...).r~A)?a.e<.x.....D.>P..#..B.......,..`..{..~.a.<.4..vO..9t"...Ex.m..>......}{v.P.T........)...L6....hk.o....o.`.".?.....~....`...Mj<..p.N....#Ch#.BD.....y.{.N......~._L/..p:<.....0...U<.}\5..E:5yR.)]..Y....W..fm....r....u..[..!P...S).{........V.A.A.......~...a.H......zi.I[.i.\..........T.... ............wa...vw....)1.....j'....B...@Y....x|A.o.....2]UAz.. ..Z
<<< skipped >>>
GET /css/generated/fad58-b3118.css HTTP/1.1
Accept: */*
Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.sd-client.en.softonic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 15 Sep 2014 04:45:32 GMT
Server: Apache
Last-Modified: Tue, 09 Sep 2014 14:38:53 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Wed, 15 Oct 2014 04:45:32 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 5307
Keep-Alive: timeout=3, max=9
Connection: Keep-Alive
Content-Type: text/css
...........<i...q.. .y..= 5...6....b..:....ZdK..".$5o.........%....}.]...........H..v..s...o6...].....].'......hGZ..Iw...I..*2......_...~.E..U.K...........\.U..yxL..8<N..4<...<........sZd..0/.s.v.sG.J.:..U...s...;.]&F\N.9..:..$....>.yI.#...n.,......z.U..6J.. uK...F...$.......?.....t.P. ...m.........Q.V...}.$~".e_.].v/.].ly...'..8....r..E..CKzUp......"?.......?.'....8~.C..zG..i....;.\R6.......d.kB.6U.r..X..-.K..l._.QdM...D/...6....*=...T....x........-.oFo6.6.....x.g.wUw.|..|..y..>.YF....,/9N.......{......81..n.......GUY.l..p$....q.LxL.........H.]Ge....8k.C..,X..cX{. F'.T..B.I.M[5......0.Z.y.....D.}Q=;dl..Lz...]{nH.~....*h..........!H#.e..1...*......m......../..MN..%e......!..o.L.k.......y).A2.B.3.Y..... ...8N....qA2a?.@.I.......S..Z%.J.w._....W.4.."8.@..1..SRH-pb.W....S......2]*..r.=....R........;.................],.m.....~tj.....3.........g..lA.K..L........."7.pj}.{.;....0C...<..... .N[.9.'..E..G.LR..2.......5......Mu....)~..}.L&..3.....i..C..e.....<..}.-..h1../...5%].D.~.O7.=.-$..Pr..~...@.........nN.._%C..]..-..6..`.\..d...0.H.....wt. ...A...[.........d..3.......te..n!..%.de.f3.3Og...~i.Y.,...........z../......x....K}......|....>l....O....[f.......C.&7t...MPL1.c%4.....q.I..E...5Isp]lX......6..N......-Y........0.o.H....S.(@7..D..1f<S'-e..n...,*.m[J......#ce.6.....f...>........H.oQ^f.3.^J...ZW.`y..d..%...q.A.A......q..<....0!...F..1gD0..".5..p..RR.`....5_.Fr\.B0.. iJ.N...l....#...:G....,5cb....z..k.](..m\L. .`'.......kc.xlT,#...."g.ki..3F....9.5../}.4.H.j.$0W...#.g\.*.=.....
<<< skipped >>>
GET /shared/img/sd_client/gradientbg.png HTTP/1.1
Accept: */*
Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.sd-client.en.softonic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 15 Sep 2014 04:45:32 GMT
Server: Apache
Last-Modified: Thu, 27 Mar 2014 08:15:57 GMT
Accept-Ranges: bytes
Content-Length: 2958
Cache-Control: max-age=172800
Expires: Wed, 17 Sep 2014 04:45:32 GMT
Keep-Alive: timeout=3, max=8
Connection: Keep-Alive
Content-Type: image/png
.PNG........IHDR...)...........\.....tEXtSoftware.Adobe ImageReadyq.e<....PLTE............................................................................................................................................................O *E...4tRNS....................................................KW"e...HIDATx....v.9..Q{.%y......I.3.\...m..`..u.s1.s.D...Q,. ..`(..S....O.....SJ........8...=.LR.[.&......:.eJY..oI:./...$..BJ.#KS.sH2..%.{F..='..?HR./..6.X......)./R.. ..6.....F..g.[.I.<.l..2$...42.....S.....>..........h2..f..3.........<...X&r....T..gg.-...t.....em<b.V&.g.c....6E,.-..qF6. ...o.Q.$S...(./y...DD..w..:iQ .c....3.&.TcCT.t,UE.E..HP.R.s.......V.`...%...'6.`...g..UIf(..K....uF2..r......T.!..]fLWF..\lU$....=c:2#.`....<...E". .".. qU.7P.[..c.}.J.q.N.*..:g)%...!.. ..,.@x..0.m.8.........A..,9.:l....c....<...G.8...O......?.....5..'}.....TB..#.... Uxq..\..Y....1.P ..P.........Cda...g.....V'....G.:..uW..2.X......a2!.....L..2...mb...f:.i. z........S...u)d8dC.R..q.`..N.^.~.q.......].....U.....%..p1&..b5..K..q..h...D......0...b..?M`...ak..2}J.7....l..<........7\...g!.Jf.0k.......){.-[.f...M.. ..`.hY}..]....Z...z`.J.eb.........Vl..s...p.Zi.*..kd~..Q...l.@......(l.v.L%:..|.c....,..Tg.....I..7[.-#,.....j#...B.`..b.m`..[....g..<Gs......".5c.R.4QC.5.]...X......@.S..I...T.h.6.9MD....w.Xb..N....%0.m./....z{{~.y...........gz.zz.........??{..g~....D...............z._.......k.}...^?v..w.O..........t.x...~..x..}.......................................=..m...]Ew7...._....j_.j.....~.&....\7....~.....Pw..
<<< skipped >>>
GET /shared/img/sd_client/loading.gif HTTP/1.1
Accept: */*
Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.sd-client.en.softonic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 15 Sep 2014 04:45:32 GMT
Server: Apache
Last-Modified: Thu, 27 Mar 2014 08:15:57 GMT
Accept-Ranges: bytes
Content-Length: 1553
Cache-Control: max-age=172800
Expires: Wed, 17 Sep 2014 04:45:32 GMT
Keep-Alive: timeout=3, max=7
Connection: Keep-Alive
Content-Type: image/gif
GIF89a........................................................................................................................................................................................................................................................................................................................................~..}..|..z..y..x..t..v..s..r..q..p..m..o..l..k..j..............!..NETSCAPE2.0.....!.....|.,............|..;\r....bvwz.....-lqK'......|.[p9.....4lE.....Nj#.....^g.....[c.....G_......[8..!..IV*..'..|#OP1......).. @JGB=93)...$3<9 ......!.....|.,..........y.|.|4RhjW:...)Vilortvd1.&]eA..&Lwt.N`..|<.-[;...|AX....NU....JQ....8M.....%I.....|8C ......<=%.........173/*&!....% '.....!.....|.,..........w.|.|-EY[L3..!GX[_cgjZ..LS6.Cmj..?M)..6r`."I0..Iu:3E...&xZ<A...zr9=.. 8....5!....*0....... *..........!$!................!.....|.,..........w.|.|$9IM@,...8GJOSWZM&..;A..:_]).1<...0dU|.7$..Aj4&3..mR,0..pi(...qk.)..&uX.$..Mw;|....{g.|.......|2....................!.....|.,..........z.|.|.(591#...'258=AE<...)-....-KI ..)...&PE|."...5W,......ZD...._X....c[....fL....Dk4|....9o\......'Jsl......zxa.....[;....!.....|.,..........x.|.|..$'#......"&*.2-......... 77.......=5|.....(C#......G6....LG....QJ...|U?....:Z,|...1_M.N'|.Be]&.fyxtrokV)..;YljS....!.....|.,..........w.|.|...........................$%........*&|......0......3)..95..=9[z...B1<wL./G#.ct8.)M>./mrF.7TL...]nkfc_ZH!.5O_[G....!.....|.,..........v.|.|........|.........1.......gz.|...|;wM.|...Xv'..!.lt..&"jr.|*'So../#5lD.#3.|
<<< skipped >>>
GET /nr-412.min.js HTTP/1.1
Accept: */*
Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: js-agent.newrelic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
x-amz-id-2: mZ38p9x7 6lET9fvdRu0yyqIpAaPEpXVmuG8N1V8Kum5cfiLfrPa0FHBT0k8TO h
x-amz-request-id: 8BF027566AAC8475
Cache-Control: public, max-age=315360000
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Last-Modified: Fri, 09 May 2014 18:03:22 GMT
ETag: "e9277060b8e4dfb70120dcdefe5b54d7"
Content-Type: application/javascript
Server: AmazonS3
Content-Length: 14848
Accept-Ranges: bytes
Date: Mon, 15 Sep 2014 04:45:34 GMT
Via: 1.1 varnish
Age: 2329736
Connection: keep-alive
X-Served-By: cache-dfw1830-DFW
X-Cache: HIT
X-Cache-Hits: 112129
X-Timer: S1410756334.153525591,VS0,VE0
Vary: Accept-Encoding
!function(n,e,t){function r(t,i){if(!e[t]){if(!n[t]){var u="function"==typeof __nr_require&&__nr_require;if(!i&&u)return u(t,!0);if(o)return o(t,!0);throw new Error("Cannot find module '" t "'")}var a=e[t]={exports:{}};n[t][0].call(a.exports,function(e){var o=n[t][1][e];return r(o?o:e)},a,a.exports)}return e[t].exports}for(var o="function"==typeof __nr_require&&__nr_require,i=0;i<t.length;i )r(t[i]);return r}({1:[function(n,e){e.exports=function(n,e){return"addEventListener"in window?addEventListener(n,e,!1):"attachEvent"in window?attachEvent("on" n,e):void 0}},{}],2:[function(n,e){function t(n,e,t,o){l[n]||(l[n]={});var i=l[n][e];return i||(l[n][e]=i={params:t||{}}),i.metrics=r(o,i.metrics),i}function r(n,e){return e||(e={count:0}),e.count =1,f(n,function(n,t){e[n]=o(t,e[n])}),e}function o(n,e){return e?(e&&!e.c&&(e={t:e.t,min:e.t,max:e.t,sos:e.t*e.t,c:1}),e.c =1,e.t =n,e.sos =n*n,n>e.max&&(e.max=n),n<e.min&&(e.min=n),e):{t:n}}function i(n,e){return e?l[n]&&l[n][e]:l[n]}function u(n){for(var e,t={},r="",o=0;o<n.length;o )r=n[o],t[r]=a(l[r]),t[r].length&&(e=!0),delete l[r];return e?t:null}function a(n){return"object"!=typeof n?[]:f(n,function(n,e){return e})}function c(n,e){"undefined"==typeof e&&(e=(new Date).getTime()),d[n]=e}function s(n,e,r){var o=d[e],i=d[r];"undefined"!=typeof o&&"undefined"!=typeof i&&t("measures",n,{value:i-o})}var f=n(1),l={},d={};e.exports={store:t,take:u,get:i,mark:c,measure:s}},{1:20}],3:[function(n,e){function t(n){return c[n]}function r(n){return null===n||void 0===n
<<< skipped >>>
GET /blank.gif?product=st_activity&event=prefetch:campaigns:selected&id_session=D6DD384A-6EFA-43B2-8367-CD9C5B30666At1410756303f95323&id_campaign=100624&id_campaign=101362&ts=1410756304118 HTTP/1.1
Accept: */*
Referer: hXXp://sd.en.softonic.com/95323/universaldownloader-prefetch
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softonic-analytics.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 15 Sep 2014 04:45:31 GMT
Server: Apache
Set-Cookie: softonic_analytics-admin=deleted; expires=Sun, 15-Sep-2013 04:45:30 GMT; path=/; domain=softonic-analytics.net
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-control: max-age=0, must-revalidate
Pragma: no-cache
Content-Length: 35
Connection: close
Content-Type: image/gif
GIF89a.............,...........D..;..
POST /universaldownloader-track HTTP/1.1
md5_hash: 500738f5bf501b0815474b8e33b325c3
Accept-Language: en-us
Referer: hXXp://sd.en.softonic.com/95323/universaldownloader-prefetch
Accept: application/json, text/javascript, */*; q=0.01
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
x-requested-with: XMLHttpRequest
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: sd.en.softonic.com
Content-Length: 18483
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: __utma=30725629.770450565.1410756303.1410756303.1410756303.1; __utmb=30725629.1.10.1410756303; __utmc=30725629; __utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); UACR_95323=false; UACA_95323=false; _FCen=100516||.100623||.100509||.101361||.101362|1|1410756303.100624|1|1410756303; UD1_POSITION_95323=
id_session=D6DD384A-6EFA-43B2-8367-CD9C5B30666At1410756303f95323&id_machine=a8a67a25000000000000000c298a8b37&id_user=D6DD384A-6EFA-43B2-8367-CD9C5B30666A&id_file=95323&id_section=643&id_main_section=616&ab_test=&api_version=1.40.2×tamp=1410756303&download_browser=unknown_browser&download_browser_version=unknown_version&client_timezone=3&test_track=false&flavour=&av_installed=&step=prefetch_events&events=[["special_conditions_evaluation",[{"campaign_id":"100516","campaign_priority":1164,"campaign_reranked_priority":null,"special_condi
HTTP/1.1 200 OK
Date: Mon, 15 Sep 2014 04:45:31 GMT
Server: Apache
Set-Cookie: sd_client_en-admin=deleted; expires=Sun, 15-Sep-2013 04:45:30 GMT; path=/; domain=sd.en.softonic.com
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 35
Keep-Alive: timeout=3, max=10
Connection: Keep-Alive
Content-Type: application/json; charset=utf-8
...........V*.I,)-V.R..V.....l.........
GET /95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: sd.en.softonic.com
Connection: Keep-Alive
Cookie: __utma=30725629.770450565.1410756303.1410756303.1410756303.1; __utmb=30725629.1.10.1410756303; __utmc=30725629; __utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); UACR_95323=false; UACA_95323=false; _FCen=100516||.100623||.100509||.101361||.101362|1|1410756303.100624|1|1410756303; UD1_POSITION_95323=
HTTP/1.1 200 OK
Date: Mon, 15 Sep 2014 04:45:31 GMT
Server: Apache
Set-Cookie: sd_client_en-admin=deleted; expires=Sun, 15-Sep-2013 04:45:31 GMT; path=/; domain=sd.en.softonic.com
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-control: max-age=0, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 16495
Keep-Alive: timeout=3, max=9
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
...........}.r.......0..D^.;.Q.|...%Y.%...`.@....0.Q....7&b......O..LfV..n...}....},..% ....z.b......]...l..l.`.[Q...ym.T.9.Q>.==<P*..r..N`....v..{.*j?..F.4....Z..{....-.U...g!L.,...n<.E...l'hNi.....k...;......7.....^..nn.....B%.y....6,].7:..n...c..........9...........o....z..[.2.....}...............T..g...........Y..9..3.jLs.w.Y.s.dus/..s....}.m......\?..w...!..(_....snQ|..f..J. ...r.ga.c..k.......5... v%_....lRm6.qnWI.$/....w]?.{/.......^._w_.......|..}....Hc#...;. .A$.M.M.".........~.,kA.....8.!.G.....G..EtY.=.....IB....O `..u.M........(..n.....5..:...c ;..L..y.:._c. l8......VM.45L...YZ.....].:*4 .?.2.W....O...3...^?..5..b......F?g..P....-..w....=..Z...k/.q.3....0...k]. .[...t.......o..$h..... .X..=....TeI. t}eh.}.q..4.. ..D....F..7..vvr.d..m9.....%... .:.KN5.......6S...Gn9.T.sKy.&!..C..7....A....|..t@..83P.y-[..$./:nh.l..9.H....C....... ..k.r.ca!..*y-.U.........XA..},..[X.s......oA?.... \X.>.=..].../.....z..P..[0:P.N...C5.5... .^6 y.....#..|^.HHxp.a....lE..o.E...B.Q.....-.@...@.Hw.O..t......t...i].5jZ...-5*.r.R.8.4......X.874.7k?.[...].-..A.r.m.@Q......l.....KM-. D.|..V.Z=....r....&.......,.#=.D..E....b..)...4].D{..t[...|.:P.c~8.M.._.[M.L1.~..c#......,.[..?.Q..3...........2.......U=..........,8..[..|.{}..e....>hYf..Gk"....Xm.ec...n.9.......n....l4....pc....5r.r..;.1..W.35.u..N...UA....T. 0.....$.W.y.i"/.M..r~..}N.M..vb.....h..8..i.:.V8.. ......]@..pl.......5A...D.../.S..Q..(A.[N/E?@%.<.\{...h.n.....kI...(t&Q.p..F0.|.G.y...i0`..Z.1 ..........`.F.<s..;7...X.r.Y./].9.u|..G.i..`..K.v.....p.
<<< skipped >>>
GET /pagead/show_companion_ad.js HTTP/1.1
Accept: */*
Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive
HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: text/javascript; charset=UTF-8
ETag: 12091451992921066871
Date: Mon, 15 Sep 2014 04:03:23 GMT
Expires: Mon, 15 Sep 2014 05:03:23 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 46029
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=3600
Age: 2531
Alternate-Protocol: 80:quic,p=0.002
............i[...0.._..sIw,......_..@..0....G.....fH.....4.zpV.>...n..pK*.R.&..x6......~.z...;...v..x..5....p.v...k .....i..g...s.j2....Q5,'p.....]....e.^...}...I.<}|.C..u.....x411.:^u........b..~<5-..V.......Ex..6.....)..|.|....9..L..j7.....7.".R.......c..w..-{Pj.-......q4..=........S.u}........&.kN&....1<..N.....@.........'.....NG...?.V.o0...........ptw.-.dm.m.0j.B-.d.....M $.......(....XISq..hQ*.t.M...I...&.?.........VqpTk....nA{K..../5..J.$...G.$Z.....8..MU@..2.p.-.O...9..lC1...z.9gQ.B.4'...aJ.%.h.........Zc...M.....Y......j.....A..a..n......Y......U}X...ta......W.....Y..dt...L......Q.........m.%.N...Y......r..(....fC.|.k..U........Z.`...YR...]..K...ruu....HT.......O`...i.6Z.F!..F..{r...........s...../.v..x..].:.%.....(..>..w....Qu8.{|,.m...L..i.H....].........,.g.Z.....~.~..g.m>"..F.zL5...2...... ...H.w)`1.......F\.Wr......W..s:.&I.v0..).Z.'....X........A.N.9....*.`.%.z.P..z...........W.Q.-h.....c....Y....=w.o...n..rY...._.ln...Em..U.j<Yg.|]...No.z.M..9L....R.........F.Z.0X.b...PB!.......6..K?......g........V .&M....%.k0...=.H'...Z}......../.F.` u..-.. ...c......G. .;.u...&.n5.....`.^W....=.. #c..1...k...'....x.....a....e..........L#.&..FY.(...vi.$..<@V.._\&..^.......w..};/Yj..4....1c...;....1n0..N0...:....Q&./.... =...j.ET.-..'w.\...G...........Zy...t......p..<.S.i.X.y.....aL...../.k.B.t.,y\.ut..f.f..~w...~_..)......>..3..b..........xz..>.-...7.p...7.-.4>".h...............co.....a....0...9..7.j0..ll."..4...a...lCi.S.._<VlU..=.....\i]b....b5.y....Y.....U......d..qh.a.
<<< skipped >>>
GET /1/cc92a7d66e?a=2337116&ap=152&fe=1453&dc=719&v=412.920d26d&to=NQcAZUJXXUdWAEZdVwxNN0NZGVtAUwxRRxcLDAZUSBhDXEc=&f=["err"]&jsonp=NREUM.setToken HTTP/1.1
Accept: */*
Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: beacon-6.newrelic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=8696c82a9fa52f0;Path=/
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/javascript;charset=ISO-8859-1
Content-Length: 20
NREUM.setToken(null)HTTP/1.1 200 OK..Set-Cookie: JSESSIONID=8696c82a9fa52f0;Path=/..Expires: Thu, 01 Jan 1970 00:00:00 GMT..Content-Type: text/javascript;charset=ISO-8859-1..Content-Length: 20..NREUM.setToken(null)..
GET /universaldownloader-prefetch HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: nero-burning-rom.sd.en.softonic.com
Connection: Keep-Alive
HTTP/1.1 301 Moved Permanently
Date: Mon, 15 Sep 2014 04:45:26 GMT
Server: Apache
Set-Cookie: sd_client_en-admin=deleted; expires=Sun, 15-Sep-2013 04:45:25 GMT; path=/; domain=sd.en.softonic.com
Location: hXXp://sd.en.softonic.com/95323/universaldownloader-prefetch
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 20
Keep-Alive: timeout=3, max=10
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
....................HTTP/1.1 301 Moved Permanently..Date: Mon, 15 Sep 2014 04:45:26 GMT..Server: Apache..Set-Cookie: sd_client_en-admin=deleted; expires=Sun, 15-Sep-2013 04:45:25 GMT; path=/; domain=sd.en.softonic.com..Location: hXXp://sd.en.softonic.com/95323/universaldownloader-prefetch..Vary: Accept-Encoding,User-Agent..Content-Encoding: gzip..Content-Length: 20..Keep-Alive: timeout=3, max=10..Connection: Keep-Alive..Content-Type: text/html; charset=utf-8........................
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
%original file name%.exe_320:
`.rsrc
`.rsrc
j;j.htzR
j;j.htzR
j;j.hD}R
j;j.hD}R
G><.tn>
G><.tn>
II I!"II#$IIII%&'III(I)*I III,-.II/0123IIII4I5IIIIIII6IIIIII789:;II?@ABCDEFIIIIGIIIIH
II I!"II#$IIII%&'III(I)*I III,-.II/0123IIII4I5IIIIIII6IIIIII789:;II?@ABCDEFIIIIGIIIIH
88888888888888888
88888888888888888
%u$Vj%
%u$Vj%
t.Gj:W
t.Gj:W
.tMHtJH
.tMHtJH
xSSSh
xSSSh
FTPjKS
FTPjKS
FtPj;S
FtPj;S
C.PjRV
C.PjRV
j;j.hh
j;j.hh
hTCP
hTCP
%s:%d
%s:%d
WARNING: failed to save cookies in %s
WARNING: failed to save cookies in %s
About to connect() to %s%s port %d (#%d)
About to connect() to %s%s port %d (#%d)
Connected to %s (%s) port %d (#%d)
Connected to %s (%s) port %d (#%d)
malformed
malformed
:]://%[^
:]://%[^
[^:]:%[^
[^:]:%[^
Protocol %s not supported or disabled in libcurl
Protocol %s not supported or disabled in libcurl
http_proxy
http_proxy
%5[^:@]:%5[^@]
%5[^:@]:%5[^@]
%5[^:]:%5[^
%5[^:]:%5[^
:%5[^@]
:%5[^@]
Port number too large: %lu
Port number too large: %lu
%s://%s%s%s:%d%s%s
%s://%s%s%s:%d%s%s
ftps
ftps
[%*39[0123456789abcdefABCDEF:.%]%c
[%*39[0123456789abcdefABCDEF:.%]%c
Couldn't find host %s in the _netrc file; using defaults
Couldn't find host %s in the _netrc file; using defaults
PTF@example.com
PTF@example.com
Couldn't resolve host '%s'
Couldn't resolve host '%s'
Couldn't resolve proxy '%s'
Couldn't resolve proxy '%s'
User-Agent: %s
User-Agent: %s
Connection #%d seems to be dead!
Connection #%d seems to be dead!
Connection (#%d) was killed to make room (holds %d)
Connection (#%d) was killed to make room (holds %d)
Re-using existing connection! (#%ld) with host %s
Re-using existing connection! (#%ld) with host %s
%s://%s
%s://%s
Connection #%ld to host %s left intact
Connection #%ld to host %s left intact
operation aborted by callback
operation aborted by callback
HTTP/
HTTP/
ioctl callback returned error %d
ioctl callback returned error %d
the ioctl callback returned %d
the ioctl callback returned %d
seek callback returned error %d
seek callback returned error %d
The requested URL returned error: %d
The requested URL returned error: %d
HTTP/1.0 connection set to keep alive!
HTTP/1.0 connection set to keep alive!
HTTP/1.1 proxy connection set close!
HTTP/1.1 proxy connection set close!
HTTP/1.0 proxy connection set to keep alive!
HTTP/1.0 proxy connection set to keep alive!
HTTP 1.0, assume close after body
HTTP 1.0, assume close after body
HTTP =
HTTP =
HTTP/%d.%d =
HTTP/%d.%d =
No URL set!
No URL set!
[^?&/:]://%c
[^?&/:]://%c
Violate RFC 2616/10.3.2 and switch from POST to GET
Violate RFC 2616/10.3.2 and switch from POST to GET
Disables POST, goes with %s
Disables POST, goes with %s
Issue another request to this URL: '%s'
Issue another request to this URL: '%s'
Maximum (%d) redirects followed
Maximum (%d) redirects followed
Received problem %d in the chunky parser
Received problem %d in the chunky parser
HTTP server doesn't seem to support byte ranges. Cannot resume.
HTTP server doesn't seem to support byte ranges. Cannot resume.
Rewinding stream by : %d bytes on url %s (size = %lld, maxdownload = %lld, bytecount = %lld, nread = %d)
Rewinding stream by : %d bytes on url %s (size = %lld, maxdownload = %lld, bytecount = %lld, nread = %d)
Leftovers after chunking. Rewinding %d bytes
Leftovers after chunking. Rewinding %d bytes
Operation timed out after %ld milliseconds with %lld bytes received
Operation timed out after %ld milliseconds with %lld bytes received
Operation timed out after %ld milliseconds with %lld out of %lld bytes received
Operation timed out after %ld milliseconds with %lld out of %lld bytes received
unspecified error %d
unspecified error %d
%s cookie %s="%s" for domain %s, path %s, expire %d
%s cookie %s="%s" for domain %s, path %s, expire %d
#HttpOnly_
#HttpOnly_
httponly
httponly
I99[^;
I99[^;
skipped cookie with bad tailmatch domain: %s
skipped cookie with bad tailmatch domain: %s
skipped cookie with illegal dotcount domain: %s
skipped cookie with illegal dotcount domain: %s
23[^;=]=I99[^;
23[^;=]=I99[^;
%s%s%s
%s%s%s
# Fatal libcurl error
# Fatal libcurl error
# Netscape HTTP Cookie File
# Netscape HTTP Cookie File
# hXXp://curl.haxx.se/rfc/cookie_spec.html
# hXXp://curl.haxx.se/rfc/cookie_spec.html
# This file was generated by libcurl! Edit at your own risk.
# This file was generated by libcurl! Edit at your own risk.
[%s %s %s]
[%s %s %s]
Send failure: %s
Send failure: %s
Failed writing body (%d != %d)
Failed writing body (%d != %d)
bind failure: %s
bind failure: %s
Local port: %d
Local port: %d
Bind to local port %d failed, trying next
Bind to local port %d failed, trying next
couldn't find my own IP address (%s)
couldn't find my own IP address (%s)
Bind local address to %s
Bind local address to %s
Couldn't bind to '%s'
Couldn't bind to '%s'
TCP_NODELAY set
TCP_NODELAY set
Could not set TCP_NODELAY: %s
Could not set TCP_NODELAY: %s
Failed to connect to %s: %s
Failed to connect to %s: %s
Trying %s...
Trying %s...
Resolving host timed out: %s
Resolving host timed out: %s
Could not resolve host: %s; %s
Could not resolve host: %s; %s
Could not resolve proxy: %s; %s
Could not resolve proxy: %s; %s
Could not resolve host: %s
Could not resolve host: %s
gethostbyname(2) failed for %s:%d; %s
gethostbyname(2) failed for %s:%d; %s
init_resolve_thread() failed for %s; %s
init_resolve_thread() failed for %s; %s
TFTP
TFTP
set timeouts for state %d; Total %d, retry %d maxtry %d
set timeouts for state %d; Total %d, retry %d maxtry %d
tftp_rx: giving up waiting for block %d
tftp_rx: giving up waiting for block %d
Received unexpected DATA packet block %d
Received unexpected DATA packet block %d
Timeout waiting for block %d ACK. Retries = %d
Timeout waiting for block %d ACK. Retries = %d
tftp_rx: internal error
tftp_rx: internal error
tftp_tx: giving up waiting for block %d ack
tftp_tx: giving up waiting for block %d ack
Received ACK for block %d, expecting %d
Received ACK for block %d, expecting %d
tftp_tx: internal error
tftp_tx: internal error
bind() failed; %s
bind() failed; %s
tftp_send_first: internal error
tftp_send_first: internal error
%s%c%s%c
%s%c%s%c
TFTP finished
TFTP finished
Can't get the size of %s
Can't get the size of %s
Can't open %s for writing
Can't open %s for writing
Last-Modified: %s, d %s M d:d:d GMT
Last-Modified: %s, d %s M d:d:d GMT
Couldn't open file %s
Couldn't open file %s
There are more than %d entries
There are more than %d entries
LDAP remote: %s
LDAP remote: %s
LDAP local: ldap_simple_bind_s %s
LDAP local: ldap_simple_bind_s %s
LDAP local: Cannot connect to %s:%d
LDAP local: Cannot connect to %s:%d
LDAP local: trying to establish %s connection
LDAP local: trying to establish %s connection
LDAP local: %s
LDAP local: %s
LDAP local: LDAP Vendor = %s ; LDAP Version = %d
LDAP local: LDAP Vendor = %s ; LDAP Version = %d
CLIENT libcurl 7.19.0
CLIENT libcurl 7.19.0
MATCH %s %s %s
MATCH %s %s %s
DEFINE %s %s
DEFINE %s %s
insufficient winsock version to support telnet
insufficient winsock version to support telnet
WSAStartup failed (%d)
WSAStartup failed (%d)
%s %d %d
%s %d %d
%s %s %d
%s %s %d
%s %s %s
%s %s %s
%s IAC %d
%s IAC %d
%s IAC %s
%s IAC %s
Sending data failed (%d)
Sending data failed (%d)
%d (unknown)
%d (unknown)
%s (unsupported)
%s (unsupported)
%s IAC SB
%s IAC SB
Syntax error in telnet option: %s
Syntax error in telnet option: %s
Unknown telnet option %s
Unknown telnet option %s
7[^= ]%*[ =]%5s
7[^= ]%*[ =]%5s
USER,%s
USER,%s
%c%c%c%c%s%c%c
%c%c%c%c%s%c%c
%c%s%c%s
%c%s%c%s
7[^,],7s
7[^,],7s
%c%c%c%c
%c%c%c%c
FreeLibrary(wsock2) failed (%d)
FreeLibrary(wsock2) failed (%d)
WSACloseEvent failed (%d)
WSACloseEvent failed (%d)
WSACreateEvent failed (%d)
WSACreateEvent failed (%d)
failed to find WSAEnumNetworkEvents function (%d)
failed to find WSAEnumNetworkEvents function (%d)
failed to find WSAEventSelect function (%d)
failed to find WSAEventSelect function (%d)
failed to find WSACloseEvent function (%d)
failed to find WSACloseEvent function (%d)
failed to find WSACreateEvent function (%d)
failed to find WSACreateEvent function (%d)
failed to load WS2_32.DLL (%d)
failed to load WS2_32.DLL (%d)
WS2_32.DLL
WS2_32.DLL
Excessive FTP response line length received, %zd bytes. Stripping
Excessive FTP response line length received, %zd bytes. Stripping
FTP response reading failed
FTP response reading failed
FTP response aborted due to select/poll error: %d
FTP response aborted due to select/poll error: %d
FTP response timeout
FTP response timeout
Failed FTP upload:
Failed FTP upload:
RETR response: d
RETR response: d
Connecting to %s (%s) port %d
Connecting to %s (%s) port %d
Uploading to a URL without a file name!
Uploading to a URL without a file name!
FTPS not supported!
FTPS not supported!
USER %s
USER %s
socket(2) failed (%s)
socket(2) failed (%s)
PORT %d,%d,%d,%d,%d,%d
PORT %d,%d,%d,%d,%d,%d
Telling server to connect to %d.%d.%d.%d:%d
Telling server to connect to %d.%d.%d.%d:%d
Failed to resolve host name %s
Failed to resolve host name %s
getsockname() failed: %s
getsockname() failed: %s
Connect data stream passively
Connect data stream passively
REST %d
REST %d
SIZE %s
SIZE %s
STOR %s
STOR %s
APPE %s
APPE %s
Bad PASV/EPSV response: d
Bad PASV/EPSV response: d
Can't resolve new host %s:%d
Can't resolve new host %s:%d
%d.%d.%d.%d
%d.%d.%d.%d
Skips %d.%d.%d.%d for data connection, uses %s instead
Skips %d.%d.%d.%d for data connection, uses %s instead
%d,%d,%d,%d,%d,%d
%d,%d,%d,%d,%d,%d
%c%c%c%u%c
%c%c%c%u%c
Failed to do PORT
Failed to do PORT
Got a d response code instead of the assumed 200
Got a d response code instead of the assumed 200
RETR %s
RETR %s
ftp server doesn't support SIZE
ftp server doesn't support SIZE
PBSZ %d
PBSZ %d
Access denied: d
Access denied: d
ACCT %s
ACCT %s
PASS %s
PASS %s
ACCT rejected by server: d
ACCT rejected by server: d
QUOT string not accepted: %s
QUOT string not accepted: %s
TYPE %c
TYPE %c
MDTM %s
MDTM %s
ddd d:d:d GMT
ddd d:d:d GMT
dddddd
dddddd
unsupported MDTM reply format
unsupported MDTM reply format
server did not report OK, got %d
server did not report OK, got %d
Remembering we are in dir "%s"
Remembering we are in dir "%s"
CWD %s
CWD %s
Failed to MKD dir: d
Failed to MKD dir: d
MKD %s
MKD %s
QUOT command failed with d
QUOT command failed with d
Entry path is '%s'
Entry path is '%s'
PROT %c
PROT %c
unsupported parameter to CURLOPT_FTPSSLAUTH: %d
unsupported parameter to CURLOPT_FTPSSLAUTH: %d
AUTH %s
AUTH %s
Got a d ftp-server response when 220 was expected
Got a d ftp-server response when 220 was expected
%sAuthorization: Basic %s
%sAuthorization: Basic %s
%s:%s
%s:%s
Server auth using %s with user '%s'
Server auth using %s with user '%s'
Proxy auth using %s with user '%s'
Proxy auth using %s with user '%s'
Failed sending HTTP POST request
Failed sending HTTP POST request
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
Internal HTTP POST error!
Internal HTTP POST error!
Failed sending HTTP request
Failed sending HTTP request
If-Unmodified-Since: %s
If-Unmodified-Since: %s
Last-Modified: %s
Last-Modified: %s
If-Modified-Since: %s
If-Modified-Since: %s
%s, d %s M d:d:d GMT
%s, d %s M d:d:d GMT
%s%s=%s
%s%s=%s
%s %s%s HTTP/%s
%s %s%s HTTP/%s
%s%s%s%s%s%s%s%s%s%s%s
%s%s%s%s%s%s%s%s%s%s%s
Content-Range: bytes %s/%lld
Content-Range: bytes %s/%lld
Content-Range: bytes %s%lld/%lld
Content-Range: bytes %s%lld/%lld
Range: bytes=%s
Range: bytes=%s
;type=%c
;type=%c
ftps://
ftps://
PTF://
PTF://
Host: %s%s%s:%d
Host: %s%s%s:%d
Host: %s%s%s
Host: %s%s%s
Accept-Encoding: %s
Accept-Encoding: %s
Referer: %s
Referer: %s
Received HTTP code %d from proxy after CONNECT
Received HTTP code %d from proxy after CONNECT
%d bytes of chunk left
%d bytes of chunk left
HTTP/1.%d %d
HTTP/1.%d %d
Read %d bytes of chunk, continue
Read %d bytes of chunk, continue
CONNECT %s:%d HTTP/1.0
CONNECT %s:%d HTTP/1.0
%s%s%s%s
%s%s%s%s
Host: %s
Host: %s
Establish HTTP proxy tunnel to %s:%d
Establish HTTP proxy tunnel to %s:%d
Internal error removing splay node = %d
Internal error removing splay node = %d
Internal error clearing splay node = %d
Internal error clearing splay node = %d
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), Unknown.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), Unknown.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because the client program and identd report different user-ids.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because the client program and identd report different user-ids.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because SOCKS server cannot connect to identd on the client.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because SOCKS server cannot connect to identd on the client.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected or failed.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected or failed.
Failed to resolve "%s" for SOCKS4 connect.
Failed to resolve "%s" for SOCKS4 connect.
No authentication method was acceptable. (It is quite likely that the SOCKS5 server wanted a username/password, since none was supplied to the server on this connection.)
No authentication method was acceptable. (It is quite likely that the SOCKS5 server wanted a username/password, since none was supplied to the server on this connection.)
SOCKS5 GSSAPI per-message authentication is not supported.
SOCKS5 GSSAPI per-message authentication is not supported.
Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)
Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)
Failed to resolve "%s" for SOCKS5 connect.
Failed to resolve "%s" for SOCKS5 connect.
User was rejected by the SOCKS5 server (%d %d).
User was rejected by the SOCKS5 server (%d %d).
SOCKS5: server resolving disabled for hostnames of length > 255 [actual len=%d]
SOCKS5: server resolving disabled for hostnames of length > 255 [actual len=%d]
--:--:--
--:--:--
= %s = %s = %s %s %s %s %s %s %s
= %s = %s = %s %s %s %s %s %s %s
password
password
login
login
Operation too slow. Less than %d bytes/sec transfered the last %d seconds
Operation too slow. Less than %d bytes/sec transfered the last %d seconds
%s, algorithm="%s"
%s, algorithm="%s"
%s, opaque="%s"
%s, opaque="%s"
%sAuthorization: Digest username="%s", realm="%s", nonce="%s", uri="%s", response="%s"
%sAuthorization: Digest username="%s", realm="%s", nonce="%s", uri="%s", response="%s"
%sAuthorization: Digest username="%s", realm="%s", nonce="%s", uri="%s", cnonce="%s", nc=x, qop="%s", response="%s"
%sAuthorization: Digest username="%s", realm="%s", nonce="%s", uri="%s", cnonce="%s", nc=x, qop="%s", response="%s"
%s:%s:x:%s:%s:%s
%s:%s:x:%s:%s:%s
%s:%s:%s
%s:%s:%s
%5[^=]=23[^
%5[^=]=23[^
%5[^=]="23[^"]"
%5[^=]="23[^"]"
d:d:d
d:d:d
Error in the SSH layer
Error in the SSH layer
Caller must register CURLOPT_CONV_ callback options
Caller must register CURLOPT_CONV_ callback options
TFTP: No such user
TFTP: No such user
TFTP: Unknown transfer ID
TFTP: Unknown transfer ID
TFTP: Illegal operation
TFTP: Illegal operation
TFTP: Access Violation
TFTP: Access Violation
TFTP: File Not Found
TFTP: File Not Found
Login denied
Login denied
Issuer check against peer certificate failed
Issuer check against peer certificate failed
Invalid LDAP URL
Invalid LDAP URL
Unrecognized HTTP Content-Encoding
Unrecognized HTTP Content-Encoding
Problem with the SSL CA cert (path? access rights?)
Problem with the SSL CA cert (path? access rights?)
Peer certificate cannot be authenticated with known CA certificates
Peer certificate cannot be authenticated with known CA certificates
Problem with the local SSL certificate
Problem with the local SSL certificate
SSL peer certificate or SSH md5 fingerprint was not OK
SSL peer certificate or SSH md5 fingerprint was not OK
A libcurl function was given a bad argument
A libcurl function was given a bad argument
Operation was aborted by an application callback
Operation was aborted by an application callback
FTP: command REST failed
FTP: command REST failed
FTP: command PORT failed
FTP: command PORT failed
HTTP response code said error
HTTP response code said error
FTP: couldn't retrieve (RETR failed) the specified file
FTP: couldn't retrieve (RETR failed) the specified file
FTP: couldn't set file type
FTP: couldn't set file type
FTP: can't figure out the host in the PASV response
FTP: can't figure out the host in the PASV response
FTP: unknown 227 response format
FTP: unknown 227 response format
FTP: unknown PASV reply
FTP: unknown PASV reply
FTP: unknown PASS reply
FTP: unknown PASS reply
FTP: weird server reply
FTP: weird server reply
URL using bad/illegal format or missing URL
URL using bad/illegal format or missing URL
Unsupported protocol
Unsupported protocol
Winsock version not supported
Winsock version not supported
Protocol family not supported
Protocol family not supported
Address family not supported
Address family not supported
Operation not supported
Operation not supported
Socket is unsupported
Socket is unsupported
Protocol is unsupported
Protocol is unsupported
Protocol option is unsupported
Protocol option is unsupported
Unknown error %d (%#x)
Unknown error %d (%#x)
%c%c==
%c%c==
%c%c%c=
%c%c%c=
.html
.html
.jpeg
.jpeg
--%s--
--%s--
Content-Type: %s
Content-Type: %s
; filename="%s"
; filename="%s"
Content-Disposition: attachment; filename="%s"
Content-Disposition: attachment; filename="%s"
Content-Type: multipart/mixed, boundary=%s
Content-Type: multipart/mixed, boundary=%s
%s; boundary=%s
%s; boundary=%s
Kernel32.DLL
Kernel32.DLL
()$^.* ?[]|\-{},:=!
()$^.* ?[]|\-{},:=!
:/-_.!~*'()
:/-_.!~*'()
xxxxx
xxxxx
Writing %u bytes to 0xX...
Writing %u bytes to 0xX...
Error: can't add tag '%s', tag section is full.
Error: can't add tag '%s', tag section is full.
Target location is offset %u (X)
Target location is offset %u (X)
Visual C CRT: Not enough memory to complete call to strerror.
Visual C CRT: Not enough memory to complete call to strerror.
Broken pipe
Broken pipe
Inappropriate I/O control operation
Inappropriate I/O control operation
Operation not permitted
Operation not permitted
GetProcessWindowStation
GetProcessWindowStation
portuguese-brazilian
portuguese-brazilian
operator
operator
NOINT_MSG
NOINT_MSG
inflate 1.1.3 Copyright 1995-1998 Mark Adler
inflate 1.1.3 Copyright 1995-1998 Mark Adler
-1.1.3
-1.1.3
1.1.3
1.1.3
Downloading... [%lld/%lld] (%f%%) @%d KBps
Downloading... [%lld/%lld] (%f%%) @%d KBps
http/
http/
waOnMsgFromAnotherInstance
waOnMsgFromAnotherInstance
WAIT_WEB
WAIT_WEB
urls_to_restore_on_startup
urls_to_restore_on_startup
keyword
keyword
search_url
search_url
zcÃ
zcÃ
.?AV?$EventTSpecificFunctor@VWindowsAPI@@@@
.?AV?$EventTSpecificFunctor@VWindowsAPI@@@@
.?AVFirefoxBrowserHandler@Browser@Lib@Softonic@@
.?AVFirefoxBrowserHandler@Browser@Lib@Softonic@@
.?AVChromeBrowserHandler@Browser@Lib@Softonic@@
.?AVChromeBrowserHandler@Browser@Lib@Softonic@@
.?AV?$TSpecificFunctor@VWindowsAPI@@@@
.?AV?$TSpecificFunctor@VWindowsAPI@@@@
.?AVWindowsAPI@@
.?AVWindowsAPI@@
.?AUDWebBrowserEvents2@@
.?AUDWebBrowserEvents2@@
.?AUIHttpNegotiate@@
.?AUIHttpNegotiate@@
.?AVCustomIHttpNegotiate@@
.?AVCustomIHttpNegotiate@@
.?AV?$EventTSpecificFunctor@VCurlMultiDownloadJob@@@@
.?AV?$EventTSpecificFunctor@VCurlMultiDownloadJob@@@@
.?AVCurlMultiDownloadJob@@
.?AVCurlMultiDownloadJob@@
c:\%original file name%.exe
c:\%original file name%.exe
GetCPInfo
GetCPInfo
GetProcessHeap
GetProcessHeap
PeekNamedPipe
PeekNamedPipe
RegQueryInfoKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteKeyW
RegCloseKey
RegCloseKey
RegEnumKeyExW
RegEnumKeyExW
RegCreateKeyExW
RegCreateKeyExW
ShellExecuteW
ShellExecuteW
ShellExecuteExW
ShellExecuteExW
UrlMkSetSessionOption
UrlMkSetSessionOption
URLDownloadToFileW
URLDownloadToFileW
GetAsyncKeyState
GetAsyncKeyState
GetKeyState
GetKeyState
EnumDesktopWindows
EnumDesktopWindows
EnumChildWindows
EnumChildWindows
InternetOpenUrlA
InternetOpenUrlA
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
Universal Downloader Download Helper.
Universal Downloader Download Helper.
KERNEL32.DLL
KERNEL32.DLL
ADVAPI32.dll
ADVAPI32.dll
COMCTL32.dll
COMCTL32.dll
GDI32.dll
GDI32.dll
gdiplus.dll
gdiplus.dll
IPHLPAPI.DLL
IPHLPAPI.DLL
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
PSAPI.DLL
PSAPI.DLL
RPCRT4.dll
RPCRT4.dll
SHELL32.dll
SHELL32.dll
SHLWAPI.dll
SHLWAPI.dll
urlmon.dll
urlmon.dll
USER32.dll
USER32.dll
VERSION.dll
VERSION.dll
WININET.dll
WININET.dll
WLDAP32.dll
WLDAP32.dll
WSOCK32.dll
WSOCK32.dll
[BEGIN DATA SEGMENT][KEY]WIDTH[VALUE]650[ENDVALUE][KEY]HEIGHT[VALUE]450[ENDVALUE][KEY]URL[VALUE]hXXp://nero-burning-rom.sd.en.softonic.com/universaldownloader-prefetch[ENDVALUE][KEY]NOINT_TITLE[VALUE]No Internet connection detected[ENDVALUE][KEY]NOINT_MSG[VALUE]Softonic Downloader needs an internet connection to function. Please connect and try again.[ENDVALUE][KEY]PROGRESS_BAR_X[VALUE]20[ENDVALUE][KEY]PROGRESS_BAR_Y[VALUE]99[ENDVALUE][KEY]PROGRESS_BAR_HEIGHT[VALUE]30[ENDVALUE][KEY]START_HIDDEN[VALUE]true[E
[BEGIN DATA SEGMENT][KEY]WIDTH[VALUE]650[ENDVALUE][KEY]HEIGHT[VALUE]450[ENDVALUE][KEY]URL[VALUE]hXXp://nero-burning-rom.sd.en.softonic.com/universaldownloader-prefetch[ENDVALUE][KEY]NOINT_TITLE[VALUE]No Internet connection detected[ENDVALUE][KEY]NOINT_MSG[VALUE]Softonic Downloader needs an internet connection to function. Please connect and try again.[ENDVALUE][KEY]PROGRESS_BAR_X[VALUE]20[ENDVALUE][KEY]PROGRESS_BAR_Y[VALUE]99[ENDVALUE][KEY]PROGRESS_BAR_HEIGHT[VALUE]30[ENDVALUE][KEY]START_HIDDEN[VALUE]true[E
SHELL32.DLL
SHELL32.DLL
ShellExecuteA
ShellExecuteA
%original file name%.exe
%original file name%.exe
hXXp://erenkarahan.com/images/logo.gif
hXXp://erenkarahan.com/images/logo.gif
hXXp://gutekpl.za.pl/logo.gif
hXXp://gutekpl.za.pl/logo.gif
hXXp://VVV.kapudane.com/logo.gif
hXXp://VVV.kapudane.com/logo.gif
hXXp://igorfomin.ru/logo.gif
hXXp://igorfomin.ru/logo.gif
hXXp://m2comunicacion.com/images/logo.gif
hXXp://m2comunicacion.com/images/logo.gif
hXXp://leenaenterprises.com/img/logo.gif
hXXp://leenaenterprises.com/img/logo.gif
hXXp://VVV.geriatriasinop.com.br/img/button.gif
hXXp://VVV.geriatriasinop.com.br/img/button.gif
hXXp://britishmotors.it/logo.gif
hXXp://britishmotors.it/logo.gif
hXXp://artroom.com.tr/blog/logo.gif
hXXp://artroom.com.tr/blog/logo.gif
hXXp://gammaconseil.fr/images/button.gif
hXXp://gammaconseil.fr/images/button.gif
hXXp://xexylia.com/logo.gif
hXXp://xexylia.com/logo.gif
R008biz.com/images/logo.gif
R008biz.com/images/logo.gif
hXXp://lifecom24.co.cc/images/logo.gif
hXXp://lifecom24.co.cc/images/logo.gif
.info/J
.info/J
home.gifI888
home.gifI888
KERNEL32.dll
KERNEL32.dll
h.rata
h.rata
Bkrnl.exe?
Bkrnl.exe?
= =$=(=,=
= =$=(=,=
322%2`.50728)
322%2`.50728)
.klkjw:9fqwi
.klkjw:9fqwi
FamXf39.sys
FamXf39.sys
.pBTa8
.pBTa8
%s:*:
%s:*:
Bg.laXV
Bg.laXV
&?%x=
&?%x=
GUrlA'
GUrlA'
Web%w|nc
Web%w|nc
HTTP)
HTTP)
2GUARDCMD.
2GUARDCMD.
.ENHCDM
.ENHCDM
PL/KPCKwWEB
PL/KPCKwWEB
MM.PFW.
MM.PFW.
.bssf
.bssf
J:CRT
J:CRT
MSVCRT.dll
MSVCRT.dll
WS2_32.dll
WS2_32.dll
SHFileOperationA
SHFileOperationA
xxxxxxxxxxx
xxxxxxxxxxx
%s\*.*
%s\*.*
.temp
.temp
Pd-d-d
Pd-d-d
%cd:00
%cd:00
d-d-d d:d:d
d-d-d d:d:d
Pd:d:d
Pd:d:d
[%s] %s
[%s] %s
[%d][%s|%s][%s][%s]
[%d][%s|%s][%s][%s]
[%d][%s|%s][%s][%s][%s]
[%d][%s|%s][%s][%s][%s]
log.txt
log.txt
yKERNEL32.DLL
yKERNEL32.DLL
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
mscoree.dll
mscoree.dll
WUSER32.DLL
WUSER32.DLL
ParentKeyName
ParentKeyName
*.exe
*.exe
Software\Microsoft\Windows\CurrentVersion\Uninstall\
Software\Microsoft\Windows\CurrentVersion\Uninstall\
Microsoft Visual Studio Web Authoring
Microsoft Visual Studio Web Authoring
Microsoft SQL Server
Microsoft SQL Server
Microsoft Windows SDK for
Microsoft Windows SDK for
Microsoft .NET Framework
Microsoft .NET Framework
Microsoft .NET ([\s\S])* Framework
Microsoft .NET ([\s\S])* Framework
Received message %s
Received message %s
1.40.2
1.40.2
Correct password required
Correct password required
Hash check OK [%s]
Hash check OK [%s]
Downloading [%s]...
Downloading [%s]...
result: [%s]
result: [%s]
expected: [%s]
expected: [%s]
**Downloading to temporary file [%s]
**Downloading to temporary file [%s]
CurlDownloadJob::Start
CurlDownloadJob::Start
Encoding URL
Encoding URL
- URL:
- URL:
URL won't be encoded
URL won't be encoded
%d - [%d][%lld/%lld][%lld]
%d - [%d][%lld/%lld][%lld]
[%d] Starting thread...
[%d] Starting thread...
[%d] Thread Creation OK!
[%d] Thread Creation OK!
[%d] Error creating thread! trying again...
[%d] Error creating thread! trying again...
[%d] Thread started...
[%d] Thread started...
explorer.exe "
explorer.exe "
[%d %d]
[%d %d]
%s\%s
%s\%s
Proxy by URL are not supported.
Proxy by URL are not supported.
Automatic proxy discovery are not supported.
Automatic proxy discovery are not supported.
http=
http=
https=
https=
-1.40.2
-1.40.2
%d%d%d%d%d%d%d%d
%d%d%d%d%d%d%d%d
.swf?
.swf?
.jpg?
.jpg?
.gif?
.gif?
.png?
.png?
Value: %d
Value: %d
%s(%s)
%s(%s)
%s --> (%s)
%s --> (%s)
errorUrl
errorUrl
Web View
Web View
Web Host
Web Host
%d|%d|%d
%d|%d|%d
firefox
firefox
chrome
chrome
.desklink\PersistentHandler
.desklink\PersistentHandler
.DEFAULT\EUDC\949
.DEFAULT\EUDC\949
.DEFAULT\Policies\Microsoft\Office\12.0
.DEFAULT\Policies\Microsoft\Office\12.0
.DVR-MS\ShellEx\{BB2E617C-0920-11D1-9A0B-00C04FC2D6C1}
.DVR-MS\ShellEx\{BB2E617C-0920-11D1-9A0B-00C04FC2D6C1}
BCD00000000\Objects\{1afa9c49-16ab-4a5c-901b-212802da9460}\Description
BCD00000000\Objects\{1afa9c49-16ab-4a5c-901b-212802da9460}\Description
CAPICOM.Settings.1\CLSID
CAPICOM.Settings.1\CLSID
Keyboard Layout\Substitutes
Keyboard Layout\Substitutes
COMPONENTS\DerivedData\Components\amd64_.netframework_31bf3856ad364e35_6.1.7600.16385_none_34b78d5c105d8b49
COMPONENTS\DerivedData\Components\amd64_.netframework_31bf3856ad364e35_6.1.7600.16385_none_34b78d5c105d8b49
.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
DSRefObject8.Simple\CLSID
DSRefObject8.Simple\CLSID
00000000
00000000
COMPONENTS\Installers\RegKeySDTable
COMPONENTS\Installers\RegKeySDTable
.DEFAULT\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
.DEFAULT\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
System\CurrentControlSet\Control\VIDEO\{2D5BA881-99A8-4757-A06E-CB5493B97A39}\0000\Mon12345678
System\CurrentControlSet\Control\VIDEO\{2D5BA881-99A8-4757-A06E-CB5493B97A39}\0000\Mon12345678
FBiblio.Factoid
FBiblio.Factoid
Printers\Connections\,,172.20.60.249,P12_NRG_B&W_4ALL
Printers\Connections\,,172.20.60.249,P12_NRG_B&W_4ALL
.DEFAULT\Software\Microsoft\ADs\Providers\LDAP\CN=Aggregate,CN=Schema,CN=Configuration,DC=domino,DC=softonic,DC=com
.DEFAULT\Software\Microsoft\ADs\Providers\LDAP\CN=Aggregate,CN=Schema,CN=Configuration,DC=domino,DC=softonic,DC=com
DefaultSettings.FixedOutput
DefaultSettings.FixedOutput
System\CurrentControlSet\Control\VIDEO\{4245DE9B-6B89-4598-9438-882C0E0E93FB}\0000\Mon12345678
System\CurrentControlSet\Control\VIDEO\{4245DE9B-6B89-4598-9438-882C0E0E93FB}\0000\Mon12345678
ftp\shell\open\ddeexec
ftp\shell\open\ddeexec
font.size
font.size
.DEFAULT\Software\Microsoft\MediaPlayer\Setup\CreatedLinks
.DEFAULT\Software\Microsoft\MediaPlayer\Setup\CreatedLinks
DefaultSettings.YPanning
DefaultSettings.YPanning
URL Protocol
URL Protocol
System\CurrentControlSet\Control\VIDEO\{795890FD-41FC-48B6-B402-BA484E0B82EC}\0000
System\CurrentControlSet\Control\VIDEO\{795890FD-41FC-48B6-B402-BA484E0B82EC}\0000
asl.log
asl.log
Attach.ToDesktop
Attach.ToDesktop
.DEFAULT\Software\Microsoft\Office\11.0\Common\PersonaMenu
.DEFAULT\Software\Microsoft\Office\11.0\Common\PersonaMenu
System\CurrentControlSet\Control\VIDEO\{B55EA300-EECB-4201-9CC2-E88DC80A835F}\0000
System\CurrentControlSet\Control\VIDEO\{B55EA300-EECB-4201-9CC2-E88DC80A835F}\0000
QuickTime.kar
QuickTime.kar
.KAR\OpenWithProgIds
.KAR\OpenWithProgIds
SOFTWARE\Google\Chrome\Extensions\bboaafafoijjpegaghkniifdlapncebg
SOFTWARE\Google\Chrome\Extensions\bboaafafoijjpegaghkniifdlapncebg
.DEFAULT\Software\Microsoft\SBE\SAL
.DEFAULT\Software\Microsoft\SBE\SAL
DefaultSettings.BitsPerPel
DefaultSettings.BitsPerPel
System\CurrentControlSet\Control\VIDEO\{CF088C39-60FF-4B54-9C0F-80345F8AE401}\0000\Mon12345678
System\CurrentControlSet\Control\VIDEO\{CF088C39-60FF-4B54-9C0F-80345F8AE401}\0000\Mon12345678
DefaultSettings.XResolution
DefaultSettings.XResolution
\172.20.60.249\P13_Tech_B&W
\172.20.60.249\P13_Tech_B&W
System\CurrentControlSet\Control\VIDEO\{F92BFB9B-59E9-4B65-8AA3-D004C26BA193}\0000\Mon12345678
System\CurrentControlSet\Control\VIDEO\{F92BFB9B-59E9-4B65-8AA3-D004C26BA193}\0000\Mon12345678
{B8BF51A6-0AB3-48F2-A38E-4E36CADC41AD}
{B8BF51A6-0AB3-48F2-A38E-4E36CADC41AD}
SYSTEM\CurrentControlSet\Control\DeviceClasses\{0a4252a0-7e70-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}\Control
SYSTEM\CurrentControlSet\Control\DeviceClasses\{0a4252a0-7e70-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}\Control
rsa2@22:base.mmartos.coretonic
rsa2@22:base.mmartos.coretonic
Software\SimonTatham\PuTTY\SshHostKeys
Software\SimonTatham\PuTTY\SshHostKeys
LGot Elevation URL. [%s]
LGot Elevation URL. [%s]
New URL was not valid.
New URL was not valid.
D0.0.0.0
D0.0.0.0
C[%d] [%lld|%lld]
C[%d] [%lld|%lld]
Software\Classes\http\shell\open\command\
Software\Classes\http\shell\open\command\
http\shell\open\command\
http\shell\open\command\
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice\
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice\
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice\
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice\
chrome.exe
chrome.exe
iexplore.exe
iexplore.exe
firefox.exe
firefox.exe
opera.exe
opera.exe
opera
opera
safari.ex
safari.ex
browser.startup.homepage
browser.startup.homepage
prefs.js
prefs.js
user.js
user.js
user_pref("browser.startup.homepage", "
user_pref("browser.startup.homepage", "
"browser.startup.homepage", "
"browser.startup.homepage", "
\"browser.startup.homepage\". \"(.)*\"
\"browser.startup.homepage\". \"(.)*\"
browser.search.order.1
browser.search.order.1
browser.search.order.2
browser.search.order.2
browser.search.order.3
browser.search.order.3
\"(.)*.;
\"(.)*.;
browser.search.selectedEngine
browser.search.selectedEngine
browser.search.defaultenginename
browser.search.defaultenginename
browser.search.useDBForOrder
browser.search.useDBForOrder
user_pref("browser.search.useDBForOrder", "false");
user_pref("browser.search.useDBForOrder", "false");
browser.search.useDBForOrder", "false");
browser.search.useDBForOrder", "false");
browser.search.useDBForOrder.*
browser.search.useDBForOrder.*
%s*.*
%s*.*
Software\Mozilla\Mozilla Firefox\
Software\Mozilla\Mozilla Firefox\
\Google\Chrome
\Google\Chrome
SOFTWARE\Mozilla\Mozilla Firefox
SOFTWARE\Mozilla\Mozilla Firefox
SOFTWARE\Mozilla\Mozilla Firefox\
SOFTWARE\Mozilla\Mozilla Firefox\
PathToExe
PathToExe
\Mozilla\Firefox\profiles.ini
\Mozilla\Firefox\profiles.ini
\Mozilla\Firefox\
\Mozilla\Firefox\
\search-metadata.json
\search-metadata.json
json_value.cpp
json_value.cpp
ljson_reader.cpp
ljson_reader.cpp
Applications\iexplore.exe\shell\open\command
Applications\iexplore.exe\shell\open\command
Software\Microsoft\Windows\CurrentVersion\Uninstall
Software\Microsoft\Windows\CurrentVersion\Uninstall
Assertion failed: %s, file %s, line %d
Assertion failed: %s, file %s, line %d
1, 40, 1, 0
1, 40, 1, 0
SoftonicDownloader.exe
SoftonicDownloader.exe
%original file name%.exe_320_rwx_00401000_0015F000:
j;j.htzR
j;j.htzR
j;j.hD}R
j;j.hD}R
G><.tn>
G><.tn>
II I!"II#$IIII%&'III(I)*I III,-.II/0123IIII4I5IIIIIII6IIIIII789:;II?@ABCDEFIIIIGIIIIH
II I!"II#$IIII%&'III(I)*I III,-.II/0123IIII4I5IIIIIII6IIIIII789:;II?@ABCDEFIIIIGIIIIH
88888888888888888
88888888888888888
%u$Vj%
%u$Vj%
t.Gj:W
t.Gj:W
.tMHtJH
.tMHtJH
xSSSh
xSSSh
FTPjKS
FTPjKS
FtPj;S
FtPj;S
C.PjRV
C.PjRV
j;j.hh
j;j.hh
hTCP
hTCP
%s:%d
%s:%d
WARNING: failed to save cookies in %s
WARNING: failed to save cookies in %s
About to connect() to %s%s port %d (#%d)
About to connect() to %s%s port %d (#%d)
Connected to %s (%s) port %d (#%d)
Connected to %s (%s) port %d (#%d)
malformed
malformed
:]://%[^
:]://%[^
[^:]:%[^
[^:]:%[^
Protocol %s not supported or disabled in libcurl
Protocol %s not supported or disabled in libcurl
http_proxy
http_proxy
%5[^:@]:%5[^@]
%5[^:@]:%5[^@]
%5[^:]:%5[^
%5[^:]:%5[^
:%5[^@]
:%5[^@]
Port number too large: %lu
Port number too large: %lu
%s://%s%s%s:%d%s%s
%s://%s%s%s:%d%s%s
ftps
ftps
[%*39[0123456789abcdefABCDEF:.%]%c
[%*39[0123456789abcdefABCDEF:.%]%c
Couldn't find host %s in the _netrc file; using defaults
Couldn't find host %s in the _netrc file; using defaults
PTF@example.com
PTF@example.com
Couldn't resolve host '%s'
Couldn't resolve host '%s'
Couldn't resolve proxy '%s'
Couldn't resolve proxy '%s'
User-Agent: %s
User-Agent: %s
Connection #%d seems to be dead!
Connection #%d seems to be dead!
Connection (#%d) was killed to make room (holds %d)
Connection (#%d) was killed to make room (holds %d)
Re-using existing connection! (#%ld) with host %s
Re-using existing connection! (#%ld) with host %s
%s://%s
%s://%s
Connection #%ld to host %s left intact
Connection #%ld to host %s left intact
operation aborted by callback
operation aborted by callback
HTTP/
HTTP/
ioctl callback returned error %d
ioctl callback returned error %d
the ioctl callback returned %d
the ioctl callback returned %d
seek callback returned error %d
seek callback returned error %d
The requested URL returned error: %d
The requested URL returned error: %d
HTTP/1.0 connection set to keep alive!
HTTP/1.0 connection set to keep alive!
HTTP/1.1 proxy connection set close!
HTTP/1.1 proxy connection set close!
HTTP/1.0 proxy connection set to keep alive!
HTTP/1.0 proxy connection set to keep alive!
HTTP 1.0, assume close after body
HTTP 1.0, assume close after body
HTTP =
HTTP =
HTTP/%d.%d =
HTTP/%d.%d =
No URL set!
No URL set!
[^?&/:]://%c
[^?&/:]://%c
Violate RFC 2616/10.3.2 and switch from POST to GET
Violate RFC 2616/10.3.2 and switch from POST to GET
Disables POST, goes with %s
Disables POST, goes with %s
Issue another request to this URL: '%s'
Issue another request to this URL: '%s'
Maximum (%d) redirects followed
Maximum (%d) redirects followed
Received problem %d in the chunky parser
Received problem %d in the chunky parser
HTTP server doesn't seem to support byte ranges. Cannot resume.
HTTP server doesn't seem to support byte ranges. Cannot resume.
Rewinding stream by : %d bytes on url %s (size = %lld, maxdownload = %lld, bytecount = %lld, nread = %d)
Rewinding stream by : %d bytes on url %s (size = %lld, maxdownload = %lld, bytecount = %lld, nread = %d)
Leftovers after chunking. Rewinding %d bytes
Leftovers after chunking. Rewinding %d bytes
Operation timed out after %ld milliseconds with %lld bytes received
Operation timed out after %ld milliseconds with %lld bytes received
Operation timed out after %ld milliseconds with %lld out of %lld bytes received
Operation timed out after %ld milliseconds with %lld out of %lld bytes received
unspecified error %d
unspecified error %d
%s cookie %s="%s" for domain %s, path %s, expire %d
%s cookie %s="%s" for domain %s, path %s, expire %d
#HttpOnly_
#HttpOnly_
httponly
httponly
I99[^;
I99[^;
skipped cookie with bad tailmatch domain: %s
skipped cookie with bad tailmatch domain: %s
skipped cookie with illegal dotcount domain: %s
skipped cookie with illegal dotcount domain: %s
23[^;=]=I99[^;
23[^;=]=I99[^;
%s%s%s
%s%s%s
# Fatal libcurl error
# Fatal libcurl error
# Netscape HTTP Cookie File
# Netscape HTTP Cookie File
# hXXp://curl.haxx.se/rfc/cookie_spec.html
# hXXp://curl.haxx.se/rfc/cookie_spec.html
# This file was generated by libcurl! Edit at your own risk.
# This file was generated by libcurl! Edit at your own risk.
[%s %s %s]
[%s %s %s]
Send failure: %s
Send failure: %s
Failed writing body (%d != %d)
Failed writing body (%d != %d)
bind failure: %s
bind failure: %s
Local port: %d
Local port: %d
Bind to local port %d failed, trying next
Bind to local port %d failed, trying next
couldn't find my own IP address (%s)
couldn't find my own IP address (%s)
Bind local address to %s
Bind local address to %s
Couldn't bind to '%s'
Couldn't bind to '%s'
TCP_NODELAY set
TCP_NODELAY set
Could not set TCP_NODELAY: %s
Could not set TCP_NODELAY: %s
Failed to connect to %s: %s
Failed to connect to %s: %s
Trying %s...
Trying %s...
Resolving host timed out: %s
Resolving host timed out: %s
Could not resolve host: %s; %s
Could not resolve host: %s; %s
Could not resolve proxy: %s; %s
Could not resolve proxy: %s; %s
Could not resolve host: %s
Could not resolve host: %s
gethostbyname(2) failed for %s:%d; %s
gethostbyname(2) failed for %s:%d; %s
init_resolve_thread() failed for %s; %s
init_resolve_thread() failed for %s; %s
TFTP
TFTP
set timeouts for state %d; Total %d, retry %d maxtry %d
set timeouts for state %d; Total %d, retry %d maxtry %d
tftp_rx: giving up waiting for block %d
tftp_rx: giving up waiting for block %d
Received unexpected DATA packet block %d
Received unexpected DATA packet block %d
Timeout waiting for block %d ACK. Retries = %d
Timeout waiting for block %d ACK. Retries = %d
tftp_rx: internal error
tftp_rx: internal error
tftp_tx: giving up waiting for block %d ack
tftp_tx: giving up waiting for block %d ack
Received ACK for block %d, expecting %d
Received ACK for block %d, expecting %d
tftp_tx: internal error
tftp_tx: internal error
bind() failed; %s
bind() failed; %s
tftp_send_first: internal error
tftp_send_first: internal error
%s%c%s%c
%s%c%s%c
TFTP finished
TFTP finished
Can't get the size of %s
Can't get the size of %s
Can't open %s for writing
Can't open %s for writing
Last-Modified: %s, d %s M d:d:d GMT
Last-Modified: %s, d %s M d:d:d GMT
Couldn't open file %s
Couldn't open file %s
There are more than %d entries
There are more than %d entries
LDAP remote: %s
LDAP remote: %s
LDAP local: ldap_simple_bind_s %s
LDAP local: ldap_simple_bind_s %s
LDAP local: Cannot connect to %s:%d
LDAP local: Cannot connect to %s:%d
LDAP local: trying to establish %s connection
LDAP local: trying to establish %s connection
LDAP local: %s
LDAP local: %s
LDAP local: LDAP Vendor = %s ; LDAP Version = %d
LDAP local: LDAP Vendor = %s ; LDAP Version = %d
CLIENT libcurl 7.19.0
CLIENT libcurl 7.19.0
MATCH %s %s %s
MATCH %s %s %s
DEFINE %s %s
DEFINE %s %s
insufficient winsock version to support telnet
insufficient winsock version to support telnet
WSAStartup failed (%d)
WSAStartup failed (%d)
%s %d %d
%s %d %d
%s %s %d
%s %s %d
%s %s %s
%s %s %s
%s IAC %d
%s IAC %d
%s IAC %s
%s IAC %s
Sending data failed (%d)
Sending data failed (%d)
%d (unknown)
%d (unknown)
%s (unsupported)
%s (unsupported)
%s IAC SB
%s IAC SB
Syntax error in telnet option: %s
Syntax error in telnet option: %s
Unknown telnet option %s
Unknown telnet option %s
7[^= ]%*[ =]%5s
7[^= ]%*[ =]%5s
USER,%s
USER,%s
%c%c%c%c%s%c%c
%c%c%c%c%s%c%c
%c%s%c%s
%c%s%c%s
7[^,],7s
7[^,],7s
%c%c%c%c
%c%c%c%c
FreeLibrary(wsock2) failed (%d)
FreeLibrary(wsock2) failed (%d)
WSACloseEvent failed (%d)
WSACloseEvent failed (%d)
WSACreateEvent failed (%d)
WSACreateEvent failed (%d)
failed to find WSAEnumNetworkEvents function (%d)
failed to find WSAEnumNetworkEvents function (%d)
failed to find WSAEventSelect function (%d)
failed to find WSAEventSelect function (%d)
failed to find WSACloseEvent function (%d)
failed to find WSACloseEvent function (%d)
failed to find WSACreateEvent function (%d)
failed to find WSACreateEvent function (%d)
failed to load WS2_32.DLL (%d)
failed to load WS2_32.DLL (%d)
WS2_32.DLL
WS2_32.DLL
Excessive FTP response line length received, %zd bytes. Stripping
Excessive FTP response line length received, %zd bytes. Stripping
FTP response reading failed
FTP response reading failed
FTP response aborted due to select/poll error: %d
FTP response aborted due to select/poll error: %d
FTP response timeout
FTP response timeout
Failed FTP upload:
Failed FTP upload:
RETR response: d
RETR response: d
Connecting to %s (%s) port %d
Connecting to %s (%s) port %d
Uploading to a URL without a file name!
Uploading to a URL without a file name!
FTPS not supported!
FTPS not supported!
USER %s
USER %s
socket(2) failed (%s)
socket(2) failed (%s)
PORT %d,%d,%d,%d,%d,%d
PORT %d,%d,%d,%d,%d,%d
Telling server to connect to %d.%d.%d.%d:%d
Telling server to connect to %d.%d.%d.%d:%d
Failed to resolve host name %s
Failed to resolve host name %s
getsockname() failed: %s
getsockname() failed: %s
Connect data stream passively
Connect data stream passively
REST %d
REST %d
SIZE %s
SIZE %s
STOR %s
STOR %s
APPE %s
APPE %s
Bad PASV/EPSV response: d
Bad PASV/EPSV response: d
Can't resolve new host %s:%d
Can't resolve new host %s:%d
%d.%d.%d.%d
%d.%d.%d.%d
Skips %d.%d.%d.%d for data connection, uses %s instead
Skips %d.%d.%d.%d for data connection, uses %s instead
%d,%d,%d,%d,%d,%d
%d,%d,%d,%d,%d,%d
%c%c%c%u%c
%c%c%c%u%c
Failed to do PORT
Failed to do PORT
Got a d response code instead of the assumed 200
Got a d response code instead of the assumed 200
RETR %s
RETR %s
ftp server doesn't support SIZE
ftp server doesn't support SIZE
PBSZ %d
PBSZ %d
Access denied: d
Access denied: d
ACCT %s
ACCT %s
PASS %s
PASS %s
ACCT rejected by server: d
ACCT rejected by server: d
QUOT string not accepted: %s
QUOT string not accepted: %s
TYPE %c
TYPE %c
MDTM %s
MDTM %s
ddd d:d:d GMT
ddd d:d:d GMT
dddddd
dddddd
unsupported MDTM reply format
unsupported MDTM reply format
server did not report OK, got %d
server did not report OK, got %d
Remembering we are in dir "%s"
Remembering we are in dir "%s"
CWD %s
CWD %s
Failed to MKD dir: d
Failed to MKD dir: d
MKD %s
MKD %s
QUOT command failed with d
QUOT command failed with d
Entry path is '%s'
Entry path is '%s'
PROT %c
PROT %c
unsupported parameter to CURLOPT_FTPSSLAUTH: %d
unsupported parameter to CURLOPT_FTPSSLAUTH: %d
AUTH %s
AUTH %s
Got a d ftp-server response when 220 was expected
Got a d ftp-server response when 220 was expected
%sAuthorization: Basic %s
%sAuthorization: Basic %s
%s:%s
%s:%s
Server auth using %s with user '%s'
Server auth using %s with user '%s'
Proxy auth using %s with user '%s'
Proxy auth using %s with user '%s'
Failed sending HTTP POST request
Failed sending HTTP POST request
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
Internal HTTP POST error!
Internal HTTP POST error!
Failed sending HTTP request
Failed sending HTTP request
If-Unmodified-Since: %s
If-Unmodified-Since: %s
Last-Modified: %s
Last-Modified: %s
If-Modified-Since: %s
If-Modified-Since: %s
%s, d %s M d:d:d GMT
%s, d %s M d:d:d GMT
%s%s=%s
%s%s=%s
%s %s%s HTTP/%s
%s %s%s HTTP/%s
%s%s%s%s%s%s%s%s%s%s%s
%s%s%s%s%s%s%s%s%s%s%s
Content-Range: bytes %s/%lld
Content-Range: bytes %s/%lld
Content-Range: bytes %s%lld/%lld
Content-Range: bytes %s%lld/%lld
Range: bytes=%s
Range: bytes=%s
;type=%c
;type=%c
ftps://
ftps://
PTF://
PTF://
Host: %s%s%s:%d
Host: %s%s%s:%d
Host: %s%s%s
Host: %s%s%s
Accept-Encoding: %s
Accept-Encoding: %s
Referer: %s
Referer: %s
Received HTTP code %d from proxy after CONNECT
Received HTTP code %d from proxy after CONNECT
%d bytes of chunk left
%d bytes of chunk left
HTTP/1.%d %d
HTTP/1.%d %d
Read %d bytes of chunk, continue
Read %d bytes of chunk, continue
CONNECT %s:%d HTTP/1.0
CONNECT %s:%d HTTP/1.0
%s%s%s%s
%s%s%s%s
Host: %s
Host: %s
Establish HTTP proxy tunnel to %s:%d
Establish HTTP proxy tunnel to %s:%d
Internal error removing splay node = %d
Internal error removing splay node = %d
Internal error clearing splay node = %d
Internal error clearing splay node = %d
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), Unknown.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), Unknown.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because the client program and identd report different user-ids.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because the client program and identd report different user-ids.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because SOCKS server cannot connect to identd on the client.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because SOCKS server cannot connect to identd on the client.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected or failed.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected or failed.
Failed to resolve "%s" for SOCKS4 connect.
Failed to resolve "%s" for SOCKS4 connect.
No authentication method was acceptable. (It is quite likely that the SOCKS5 server wanted a username/password, since none was supplied to the server on this connection.)
No authentication method was acceptable. (It is quite likely that the SOCKS5 server wanted a username/password, since none was supplied to the server on this connection.)
SOCKS5 GSSAPI per-message authentication is not supported.
SOCKS5 GSSAPI per-message authentication is not supported.
Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)
Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)
Failed to resolve "%s" for SOCKS5 connect.
Failed to resolve "%s" for SOCKS5 connect.
User was rejected by the SOCKS5 server (%d %d).
User was rejected by the SOCKS5 server (%d %d).
SOCKS5: server resolving disabled for hostnames of length > 255 [actual len=%d]
SOCKS5: server resolving disabled for hostnames of length > 255 [actual len=%d]
--:--:--
--:--:--
= %s = %s = %s %s %s %s %s %s %s
= %s = %s = %s %s %s %s %s %s %s
password
password
login
login
Operation too slow. Less than %d bytes/sec transfered the last %d seconds
Operation too slow. Less than %d bytes/sec transfered the last %d seconds
%s, algorithm="%s"
%s, algorithm="%s"
%s, opaque="%s"
%s, opaque="%s"
%sAuthorization: Digest username="%s", realm="%s", nonce="%s", uri="%s", response="%s"
%sAuthorization: Digest username="%s", realm="%s", nonce="%s", uri="%s", response="%s"
%sAuthorization: Digest username="%s", realm="%s", nonce="%s", uri="%s", cnonce="%s", nc=x, qop="%s", response="%s"
%sAuthorization: Digest username="%s", realm="%s", nonce="%s", uri="%s", cnonce="%s", nc=x, qop="%s", response="%s"
%s:%s:x:%s:%s:%s
%s:%s:x:%s:%s:%s
%s:%s:%s
%s:%s:%s
%5[^=]=23[^
%5[^=]=23[^
%5[^=]="23[^"]"
%5[^=]="23[^"]"
d:d:d
d:d:d
Error in the SSH layer
Error in the SSH layer
Caller must register CURLOPT_CONV_ callback options
Caller must register CURLOPT_CONV_ callback options
TFTP: No such user
TFTP: No such user
TFTP: Unknown transfer ID
TFTP: Unknown transfer ID
TFTP: Illegal operation
TFTP: Illegal operation
TFTP: Access Violation
TFTP: Access Violation
TFTP: File Not Found
TFTP: File Not Found
Login denied
Login denied
Issuer check against peer certificate failed
Issuer check against peer certificate failed
Invalid LDAP URL
Invalid LDAP URL
Unrecognized HTTP Content-Encoding
Unrecognized HTTP Content-Encoding
Problem with the SSL CA cert (path? access rights?)
Problem with the SSL CA cert (path? access rights?)
Peer certificate cannot be authenticated with known CA certificates
Peer certificate cannot be authenticated with known CA certificates
Problem with the local SSL certificate
Problem with the local SSL certificate
SSL peer certificate or SSH md5 fingerprint was not OK
SSL peer certificate or SSH md5 fingerprint was not OK
A libcurl function was given a bad argument
A libcurl function was given a bad argument
Operation was aborted by an application callback
Operation was aborted by an application callback
FTP: command REST failed
FTP: command REST failed
FTP: command PORT failed
FTP: command PORT failed
HTTP response code said error
HTTP response code said error
FTP: couldn't retrieve (RETR failed) the specified file
FTP: couldn't retrieve (RETR failed) the specified file
FTP: couldn't set file type
FTP: couldn't set file type
FTP: can't figure out the host in the PASV response
FTP: can't figure out the host in the PASV response
FTP: unknown 227 response format
FTP: unknown 227 response format
FTP: unknown PASV reply
FTP: unknown PASV reply
FTP: unknown PASS reply
FTP: unknown PASS reply
FTP: weird server reply
FTP: weird server reply
URL using bad/illegal format or missing URL
URL using bad/illegal format or missing URL
Unsupported protocol
Unsupported protocol
Winsock version not supported
Winsock version not supported
Protocol family not supported
Protocol family not supported
Address family not supported
Address family not supported
Operation not supported
Operation not supported
Socket is unsupported
Socket is unsupported
Protocol is unsupported
Protocol is unsupported
Protocol option is unsupported
Protocol option is unsupported
Unknown error %d (%#x)
Unknown error %d (%#x)
%c%c==
%c%c==
%c%c%c=
%c%c%c=
.html
.html
.jpeg
.jpeg
--%s--
--%s--
Content-Type: %s
Content-Type: %s
; filename="%s"
; filename="%s"
Content-Disposition: attachment; filename="%s"
Content-Disposition: attachment; filename="%s"
Content-Type: multipart/mixed, boundary=%s
Content-Type: multipart/mixed, boundary=%s
%s; boundary=%s
%s; boundary=%s
Kernel32.DLL
Kernel32.DLL
()$^.* ?[]|\-{},:=!
()$^.* ?[]|\-{},:=!
:/-_.!~*'()
:/-_.!~*'()
xxxxx
xxxxx
Writing %u bytes to 0xX...
Writing %u bytes to 0xX...
Error: can't add tag '%s', tag section is full.
Error: can't add tag '%s', tag section is full.
Target location is offset %u (X)
Target location is offset %u (X)
Visual C CRT: Not enough memory to complete call to strerror.
Visual C CRT: Not enough memory to complete call to strerror.
Broken pipe
Broken pipe
Inappropriate I/O control operation
Inappropriate I/O control operation
Operation not permitted
Operation not permitted
GetProcessWindowStation
GetProcessWindowStation
portuguese-brazilian
portuguese-brazilian
operator
operator
NOINT_MSG
NOINT_MSG
inflate 1.1.3 Copyright 1995-1998 Mark Adler
inflate 1.1.3 Copyright 1995-1998 Mark Adler
-1.1.3
-1.1.3
1.1.3
1.1.3
Downloading... [%lld/%lld] (%f%%) @%d KBps
Downloading... [%lld/%lld] (%f%%) @%d KBps
http/
http/
waOnMsgFromAnotherInstance
waOnMsgFromAnotherInstance
WAIT_WEB
WAIT_WEB
urls_to_restore_on_startup
urls_to_restore_on_startup
keyword
keyword
search_url
search_url
zcÃ
zcÃ
.?AV?$EventTSpecificFunctor@VWindowsAPI@@@@
.?AV?$EventTSpecificFunctor@VWindowsAPI@@@@
.?AVFirefoxBrowserHandler@Browser@Lib@Softonic@@
.?AVFirefoxBrowserHandler@Browser@Lib@Softonic@@
.?AVChromeBrowserHandler@Browser@Lib@Softonic@@
.?AVChromeBrowserHandler@Browser@Lib@Softonic@@
.?AV?$TSpecificFunctor@VWindowsAPI@@@@
.?AV?$TSpecificFunctor@VWindowsAPI@@@@
.?AVWindowsAPI@@
.?AVWindowsAPI@@
.?AUDWebBrowserEvents2@@
.?AUDWebBrowserEvents2@@
.?AUIHttpNegotiate@@
.?AUIHttpNegotiate@@
.?AVCustomIHttpNegotiate@@
.?AVCustomIHttpNegotiate@@
.?AV?$EventTSpecificFunctor@VCurlMultiDownloadJob@@@@
.?AV?$EventTSpecificFunctor@VCurlMultiDownloadJob@@@@
.?AVCurlMultiDownloadJob@@
.?AVCurlMultiDownloadJob@@
c:\%original file name%.exe
c:\%original file name%.exe
GetCPInfo
GetCPInfo
GetProcessHeap
GetProcessHeap
PeekNamedPipe
PeekNamedPipe
RegQueryInfoKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteKeyW
RegCloseKey
RegCloseKey
RegEnumKeyExW
RegEnumKeyExW
RegCreateKeyExW
RegCreateKeyExW
ShellExecuteW
ShellExecuteW
ShellExecuteExW
ShellExecuteExW
UrlMkSetSessionOption
UrlMkSetSessionOption
URLDownloadToFileW
URLDownloadToFileW
GetAsyncKeyState
GetAsyncKeyState
GetKeyState
GetKeyState
EnumDesktopWindows
EnumDesktopWindows
EnumChildWindows
EnumChildWindows
InternetOpenUrlA
InternetOpenUrlA
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
xxxxxxxxxxx
xxxxxxxxxxx
%s\*.*
%s\*.*
.temp
.temp
Pd-d-d
Pd-d-d
%cd:00
%cd:00
d-d-d d:d:d
d-d-d d:d:d
Pd:d:d
Pd:d:d
[%s] %s
[%s] %s
[%d][%s|%s][%s][%s]
[%d][%s|%s][%s][%s]
[%d][%s|%s][%s][%s][%s]
[%d][%s|%s][%s][%s][%s]
log.txt
log.txt
yKERNEL32.DLL
yKERNEL32.DLL
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
mscoree.dll
mscoree.dll
WUSER32.DLL
WUSER32.DLL
ParentKeyName
ParentKeyName
*.exe
*.exe
Software\Microsoft\Windows\CurrentVersion\Uninstall\
Software\Microsoft\Windows\CurrentVersion\Uninstall\
Microsoft Visual Studio Web Authoring
Microsoft Visual Studio Web Authoring
Microsoft SQL Server
Microsoft SQL Server
Microsoft Windows SDK for
Microsoft Windows SDK for
Microsoft .NET Framework
Microsoft .NET Framework
Microsoft .NET ([\s\S])* Framework
Microsoft .NET ([\s\S])* Framework
Received message %s
Received message %s
1.40.2
1.40.2
Correct password required
Correct password required
Hash check OK [%s]
Hash check OK [%s]
Downloading [%s]...
Downloading [%s]...
result: [%s]
result: [%s]
expected: [%s]
expected: [%s]
**Downloading to temporary file [%s]
**Downloading to temporary file [%s]
CurlDownloadJob::Start
CurlDownloadJob::Start
Encoding URL
Encoding URL
- URL:
- URL:
URL won't be encoded
URL won't be encoded
%d - [%d][%lld/%lld][%lld]
%d - [%d][%lld/%lld][%lld]
[%d] Starting thread...
[%d] Starting thread...
[%d] Thread Creation OK!
[%d] Thread Creation OK!
[%d] Error creating thread! trying again...
[%d] Error creating thread! trying again...
[%d] Thread started...
[%d] Thread started...
explorer.exe "
explorer.exe "
[%d %d]
[%d %d]
%s\%s
%s\%s
Proxy by URL are not supported.
Proxy by URL are not supported.
Automatic proxy discovery are not supported.
Automatic proxy discovery are not supported.
http=
http=
https=
https=
-1.40.2
-1.40.2
%d%d%d%d%d%d%d%d
%d%d%d%d%d%d%d%d
.swf?
.swf?
.jpg?
.jpg?
.gif?
.gif?
.png?
.png?
Value: %d
Value: %d
%s(%s)
%s(%s)
%s --> (%s)
%s --> (%s)
errorUrl
errorUrl
Web View
Web View
Web Host
Web Host
%d|%d|%d
%d|%d|%d
firefox
firefox
chrome
chrome
.desklink\PersistentHandler
.desklink\PersistentHandler
.DEFAULT\EUDC\949
.DEFAULT\EUDC\949
.DEFAULT\Policies\Microsoft\Office\12.0
.DEFAULT\Policies\Microsoft\Office\12.0
.DVR-MS\ShellEx\{BB2E617C-0920-11D1-9A0B-00C04FC2D6C1}
.DVR-MS\ShellEx\{BB2E617C-0920-11D1-9A0B-00C04FC2D6C1}
BCD00000000\Objects\{1afa9c49-16ab-4a5c-901b-212802da9460}\Description
BCD00000000\Objects\{1afa9c49-16ab-4a5c-901b-212802da9460}\Description
CAPICOM.Settings.1\CLSID
CAPICOM.Settings.1\CLSID
Keyboard Layout\Substitutes
Keyboard Layout\Substitutes
COMPONENTS\DerivedData\Components\amd64_.netframework_31bf3856ad364e35_6.1.7600.16385_none_34b78d5c105d8b49
COMPONENTS\DerivedData\Components\amd64_.netframework_31bf3856ad364e35_6.1.7600.16385_none_34b78d5c105d8b49
.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
DSRefObject8.Simple\CLSID
DSRefObject8.Simple\CLSID
00000000
00000000
COMPONENTS\Installers\RegKeySDTable
COMPONENTS\Installers\RegKeySDTable
.DEFAULT\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
.DEFAULT\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
System\CurrentControlSet\Control\VIDEO\{2D5BA881-99A8-4757-A06E-CB5493B97A39}\0000\Mon12345678
System\CurrentControlSet\Control\VIDEO\{2D5BA881-99A8-4757-A06E-CB5493B97A39}\0000\Mon12345678
FBiblio.Factoid
FBiblio.Factoid
Printers\Connections\,,172.20.60.249,P12_NRG_B&W_4ALL
Printers\Connections\,,172.20.60.249,P12_NRG_B&W_4ALL
.DEFAULT\Software\Microsoft\ADs\Providers\LDAP\CN=Aggregate,CN=Schema,CN=Configuration,DC=domino,DC=softonic,DC=com
.DEFAULT\Software\Microsoft\ADs\Providers\LDAP\CN=Aggregate,CN=Schema,CN=Configuration,DC=domino,DC=softonic,DC=com
DefaultSettings.FixedOutput
DefaultSettings.FixedOutput
System\CurrentControlSet\Control\VIDEO\{4245DE9B-6B89-4598-9438-882C0E0E93FB}\0000\Mon12345678
System\CurrentControlSet\Control\VIDEO\{4245DE9B-6B89-4598-9438-882C0E0E93FB}\0000\Mon12345678
ftp\shell\open\ddeexec
ftp\shell\open\ddeexec
font.size
font.size
.DEFAULT\Software\Microsoft\MediaPlayer\Setup\CreatedLinks
.DEFAULT\Software\Microsoft\MediaPlayer\Setup\CreatedLinks
DefaultSettings.YPanning
DefaultSettings.YPanning
URL Protocol
URL Protocol
System\CurrentControlSet\Control\VIDEO\{795890FD-41FC-48B6-B402-BA484E0B82EC}\0000
System\CurrentControlSet\Control\VIDEO\{795890FD-41FC-48B6-B402-BA484E0B82EC}\0000
asl.log
asl.log
Attach.ToDesktop
Attach.ToDesktop
.DEFAULT\Software\Microsoft\Office\11.0\Common\PersonaMenu
.DEFAULT\Software\Microsoft\Office\11.0\Common\PersonaMenu
System\CurrentControlSet\Control\VIDEO\{B55EA300-EECB-4201-9CC2-E88DC80A835F}\0000
System\CurrentControlSet\Control\VIDEO\{B55EA300-EECB-4201-9CC2-E88DC80A835F}\0000
QuickTime.kar
QuickTime.kar
.KAR\OpenWithProgIds
.KAR\OpenWithProgIds
SOFTWARE\Google\Chrome\Extensions\bboaafafoijjpegaghkniifdlapncebg
SOFTWARE\Google\Chrome\Extensions\bboaafafoijjpegaghkniifdlapncebg
.DEFAULT\Software\Microsoft\SBE\SAL
.DEFAULT\Software\Microsoft\SBE\SAL
DefaultSettings.BitsPerPel
DefaultSettings.BitsPerPel
System\CurrentControlSet\Control\VIDEO\{CF088C39-60FF-4B54-9C0F-80345F8AE401}\0000\Mon12345678
System\CurrentControlSet\Control\VIDEO\{CF088C39-60FF-4B54-9C0F-80345F8AE401}\0000\Mon12345678
DefaultSettings.XResolution
DefaultSettings.XResolution
\172.20.60.249\P13_Tech_B&W
\172.20.60.249\P13_Tech_B&W
System\CurrentControlSet\Control\VIDEO\{F92BFB9B-59E9-4B65-8AA3-D004C26BA193}\0000\Mon12345678
System\CurrentControlSet\Control\VIDEO\{F92BFB9B-59E9-4B65-8AA3-D004C26BA193}\0000\Mon12345678
{B8BF51A6-0AB3-48F2-A38E-4E36CADC41AD}
{B8BF51A6-0AB3-48F2-A38E-4E36CADC41AD}
SYSTEM\CurrentControlSet\Control\DeviceClasses\{0a4252a0-7e70-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}\Control
SYSTEM\CurrentControlSet\Control\DeviceClasses\{0a4252a0-7e70-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}\Control
rsa2@22:base.mmartos.coretonic
rsa2@22:base.mmartos.coretonic
Software\SimonTatham\PuTTY\SshHostKeys
Software\SimonTatham\PuTTY\SshHostKeys
LGot Elevation URL. [%s]
LGot Elevation URL. [%s]
New URL was not valid.
New URL was not valid.
D0.0.0.0
D0.0.0.0
C[%d] [%lld|%lld]
C[%d] [%lld|%lld]
Software\Classes\http\shell\open\command\
Software\Classes\http\shell\open\command\
http\shell\open\command\
http\shell\open\command\
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice\
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice\
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice\
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice\
chrome.exe
chrome.exe
iexplore.exe
iexplore.exe
firefox.exe
firefox.exe
opera.exe
opera.exe
opera
opera
safari.ex
safari.ex
browser.startup.homepage
browser.startup.homepage
prefs.js
prefs.js
user.js
user.js
user_pref("browser.startup.homepage", "
user_pref("browser.startup.homepage", "
"browser.startup.homepage", "
"browser.startup.homepage", "
\"browser.startup.homepage\". \"(.)*\"
\"browser.startup.homepage\". \"(.)*\"
browser.search.order.1
browser.search.order.1
browser.search.order.2
browser.search.order.2
browser.search.order.3
browser.search.order.3
\"(.)*.;
\"(.)*.;
browser.search.selectedEngine
browser.search.selectedEngine
browser.search.defaultenginename
browser.search.defaultenginename
browser.search.useDBForOrder
browser.search.useDBForOrder
user_pref("browser.search.useDBForOrder", "false");
user_pref("browser.search.useDBForOrder", "false");
browser.search.useDBForOrder", "false");
browser.search.useDBForOrder", "false");
browser.search.useDBForOrder.*
browser.search.useDBForOrder.*
%s*.*
%s*.*
Software\Mozilla\Mozilla Firefox\
Software\Mozilla\Mozilla Firefox\
\Google\Chrome
\Google\Chrome
SOFTWARE\Mozilla\Mozilla Firefox
SOFTWARE\Mozilla\Mozilla Firefox
SOFTWARE\Mozilla\Mozilla Firefox\
SOFTWARE\Mozilla\Mozilla Firefox\
PathToExe
PathToExe
\Mozilla\Firefox\profiles.ini
\Mozilla\Firefox\profiles.ini
\Mozilla\Firefox\
\Mozilla\Firefox\
\search-metadata.json
\search-metadata.json
json_value.cpp
json_value.cpp
ljson_reader.cpp
ljson_reader.cpp
Applications\iexplore.exe\shell\open\command
Applications\iexplore.exe\shell\open\command
Software\Microsoft\Windows\CurrentVersion\Uninstall
Software\Microsoft\Windows\CurrentVersion\Uninstall
Assertion failed: %s, file %s, line %d
Assertion failed: %s, file %s, line %d
%original file name%.exe_320_rwx_00564000_00001000:
Universal Downloader Download Helper.
Universal Downloader Download Helper.
KERNEL32.DLL
KERNEL32.DLL
ADVAPI32.dll
ADVAPI32.dll
COMCTL32.dll
COMCTL32.dll
GDI32.dll
GDI32.dll
gdiplus.dll
gdiplus.dll
IPHLPAPI.DLL
IPHLPAPI.DLL
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
PSAPI.DLL
PSAPI.DLL
RPCRT4.dll
RPCRT4.dll
SHELL32.dll
SHELL32.dll
SHLWAPI.dll
SHLWAPI.dll
urlmon.dll
urlmon.dll
USER32.dll
USER32.dll
VERSION.dll
VERSION.dll
WININET.dll
WININET.dll
WLDAP32.dll
WLDAP32.dll
WSOCK32.dll
WSOCK32.dll
URLDownloadToFileW
URLDownloadToFileW
[BEGIN DATA SEGMENT][KEY]WIDTH[VALUE]650[ENDVALUE][KEY]HEIGHT[VALUE]450[ENDVALUE][KEY]URL[VALUE]hXXp://nero-burning-rom.sd.en.softonic.com/universaldownloader-prefetch[ENDVALUE][KEY]NOINT_TITLE[VALUE]No Internet connection detected[ENDVALUE][KEY]NOINT_MSG[VALUE]Softonic Downloader needs an internet connection to function. Please connect and try again.[ENDVALUE][KEY]PROGRESS_BAR_X[VALUE]20[ENDVALUE][KEY]PROGRESS_BAR_Y[VALUE]99[ENDVALUE][KEY]PROGRESS_BAR_HEIGHT[VALUE]30[ENDVALUE][KEY]START_HIDDEN[VALUE]true[E
[BEGIN DATA SEGMENT][KEY]WIDTH[VALUE]650[ENDVALUE][KEY]HEIGHT[VALUE]450[ENDVALUE][KEY]URL[VALUE]hXXp://nero-burning-rom.sd.en.softonic.com/universaldownloader-prefetch[ENDVALUE][KEY]NOINT_TITLE[VALUE]No Internet connection detected[ENDVALUE][KEY]NOINT_MSG[VALUE]Softonic Downloader needs an internet connection to function. Please connect and try again.[ENDVALUE][KEY]PROGRESS_BAR_X[VALUE]20[ENDVALUE][KEY]PROGRESS_BAR_Y[VALUE]99[ENDVALUE][KEY]PROGRESS_BAR_HEIGHT[VALUE]30[ENDVALUE][KEY]START_HIDDEN[VALUE]true[E
1, 40, 1, 0
1, 40, 1, 0
SoftonicDownloader.exe
SoftonicDownloader.exe
%original file name%.exe_320_rwx_00566000_00010000:
SHELL32.DLL
SHELL32.DLL
ShellExecuteA
ShellExecuteA
KERNEL32.DLL
KERNEL32.DLL
%original file name%.exe
%original file name%.exe
.rsrc
.rsrc
c:\%original file name%.exe
c:\%original file name%.exe
hXXp://erenkarahan.com/images/logo.gif
hXXp://erenkarahan.com/images/logo.gif
hXXp://gutekpl.za.pl/logo.gif
hXXp://gutekpl.za.pl/logo.gif
hXXp://VVV.kapudane.com/logo.gif
hXXp://VVV.kapudane.com/logo.gif
hXXp://igorfomin.ru/logo.gif
hXXp://igorfomin.ru/logo.gif
hXXp://m2comunicacion.com/images/logo.gif
hXXp://m2comunicacion.com/images/logo.gif
hXXp://leenaenterprises.com/img/logo.gif
hXXp://leenaenterprises.com/img/logo.gif
hXXp://VVV.geriatriasinop.com.br/img/button.gif
hXXp://VVV.geriatriasinop.com.br/img/button.gif
hXXp://britishmotors.it/logo.gif
hXXp://britishmotors.it/logo.gif
hXXp://artroom.com.tr/blog/logo.gif
hXXp://artroom.com.tr/blog/logo.gif
hXXp://gammaconseil.fr/images/button.gif
hXXp://gammaconseil.fr/images/button.gif
hXXp://xexylia.com/logo.gif
hXXp://xexylia.com/logo.gif
R008biz.com/images/logo.gif
R008biz.com/images/logo.gif
hXXp://lifecom24.co.cc/images/logo.gif
hXXp://lifecom24.co.cc/images/logo.gif
.info/J
.info/J
home.gifI888
home.gifI888
.text
.text
KERNEL32.dll
KERNEL32.dll
h.rata
h.rata
Bkrnl.exe?
Bkrnl.exe?
= =$=(=,=
= =$=(=,=
322%2`.50728)
322%2`.50728)
.klkjw:9fqwi
.klkjw:9fqwi
FamXf39.sys
FamXf39.sys
.pBTa8
.pBTa8
%s:*:
%s:*:
Bg.laXV
Bg.laXV
&?%x=
&?%x=
GUrlA'
GUrlA'
Web%w|nc
Web%w|nc
HTTP)
HTTP)
2GUARDCMD.
2GUARDCMD.
.ENHCDM
.ENHCDM
PL/KPCKwWEB
PL/KPCKwWEB
MM.PFW.
MM.PFW.
.bssf
.bssf
J:CRT
J:CRT
ADVAPI32.dll
ADVAPI32.dll
MSVCRT.dll
MSVCRT.dll
SHELL32.dll
SHELL32.dll
USER32.dll
USER32.dll
WS2_32.dll
WS2_32.dll
RegCloseKey
RegCloseKey
SHFileOperationA
SHFileOperationA
%original file name%.exe_320_rwx_00B80000_0108E000:
c:\windows
c:\windows
hXXp://erenkarahan.com/images/logo.gif
hXXp://erenkarahan.com/images/logo.gif
hXXp://gutekpl.za.pl/logo.gif
hXXp://gutekpl.za.pl/logo.gif
hXXp://VVV.kapudane.com/logo.gif
hXXp://VVV.kapudane.com/logo.gif
hXXp://igorfomin.ru/logo.gif
hXXp://igorfomin.ru/logo.gif
hXXp://m2comunicacion.com/images/logo.gif
hXXp://m2comunicacion.com/images/logo.gif
hXXp://leenaenterprises.com/img/logo.gif
hXXp://leenaenterprises.com/img/logo.gif
hXXp://VVV.geriatriasinop.com.br/img/button.gif
hXXp://VVV.geriatriasinop.com.br/img/button.gif
hXXp://britishmotors.it/logo.gif
hXXp://britishmotors.it/logo.gif
hXXp://artroom.com.tr/blog/logo.gif
hXXp://artroom.com.tr/blog/logo.gif
hXXp://gammaconseil.fr/images/button.gif
hXXp://gammaconseil.fr/images/button.gif
hXXp://xexylia.com/logo.gif
hXXp://xexylia.com/logo.gif
%System%\drivers\nsnnn.sys
%System%\drivers\nsnnn.sys
4669375537
4669375537
.rsrc
.rsrc
.text
.text
SHELL32.DLL
SHELL32.DLL
ShellExecuteA
ShellExecuteA
KERNEL32.DLL
KERNEL32.DLL
hXXp://89.119.67.154/testo5/
hXXp://89.119.67.154/testo5/
hXXp://kukutrustnet777.info/home.gif
hXXp://kukutrustnet777.info/home.gif
hXXp://kukutrustnet888.info/home.gif
hXXp://kukutrustnet888.info/home.gif
hXXp://kukutrustnet987.info/home.gif
hXXp://kukutrustnet987.info/home.gif
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
h.rdata
h.rdata
H.data
H.data
.reloc
.reloc
ntoskrnl.exe
ntoskrnl.exe
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50728)
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50728)
Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
hXXp://VVV.klkjwre9fqwieluoi.info/
hXXp://VVV.klkjwre9fqwieluoi.info/
hXXp://kukutrustnet777888.info/
hXXp://kukutrustnet777888.info/
Software\Microsoft\Windows\CurrentVersion\policies\system
Software\Microsoft\Windows\CurrentVersion\policies\system
Software\Microsoft\Windows\ShellNoRoam\MUICache
Software\Microsoft\Windows\ShellNoRoam\MUICache
%s:*:Enabled:ipsec
%s:*:Enabled:ipsec
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
GdiPlus.dll
GdiPlus.dll
hXXp://
hXXp://
ipfltdrv.sys
ipfltdrv.sys
VVV.microsoft.com
VVV.microsoft.com
?%x=%d
?%x=%d
&%x=%d
&%x=%d
SYSTEM.INI
SYSTEM.INI
USER32.DLL
USER32.DLL
.%c%s
.%c%s
\\.\amsint32
\\.\amsint32
NTDLL.DLL
NTDLL.DLL
autorun.inf
autorun.inf
ADVAPI32.DLL
ADVAPI32.DLL
win%s.exe
win%s.exe
%s.exe
%s.exe
WININET.DLL
WININET.DLL
InternetOpenUrlA
InternetOpenUrlA
avast! Web Scanner
avast! Web Scanner
Avira AntiVir Premium WebGuard
Avira AntiVir Premium WebGuard
cmdGuard
cmdGuard
cmdAgent
cmdAgent
Eset HTTP Server
Eset HTTP Server
ProtoPort Firewall service
ProtoPort Firewall service
SpIDer FS Monitor for Windows NT
SpIDer FS Monitor for Windows NT
Symantec Password Validation
Symantec Password Validation
WebrootDesktopFirewallDataService
WebrootDesktopFirewallDataService
WebrootFirewall
WebrootFirewall
%d%d.tmp
%d%d.tmp
SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
%s\%s
%s\%s
%s\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
%s\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
Software\Microsoft\Windows\CurrentVersion\Ext\Stats
Software\Microsoft\Windows\CurrentVersion\Ext\Stats
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Explorer.exe
Explorer.exe
A2CMD.
A2CMD.
ASHWEBSV.
ASHWEBSV.
AVGCC.AVGCHSVX.
AVGCC.AVGCHSVX.
DRWEB
DRWEB
DWEBLLIO
DWEBLLIO
DWEBIO
DWEBIO
FSGUIEXE.
FSGUIEXE.
MCVSSHLD.
MCVSSHLD.
NPFMSG.
NPFMSG.
SYMSPORT.
SYMSPORT.
WEBSCANX.
WEBSCANX.
.adata
.adata
M_%d_
M_%d_
%c%d_%d
%c%d_%d
?456789:;
?456789:;
!"#$%&'()* ,-./0123
!"#$%&'()* ,-./0123
GetProcessHeap
GetProcessHeap
GetWindowsDirectoryA
GetWindowsDirectoryA
RegEnumKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegDeleteKeyA
RegOpenKeyExA
RegOpenKeyExA
RegCreateKeyA
RegCreateKeyA
RegCloseKey
RegCloseKey
SHFileOperationA
SHFileOperationA
&3&3&3&389
&3&3&3&389
.rdata
.rdata
.data
.data
Bkrnl.exe?
Bkrnl.exe?
= =$=(=,=
= =$=(=,=
322%2`.50728)
322%2`.50728)
.klkjw:9fqwi
.klkjw:9fqwi
FamXf39.sys
FamXf39.sys
.pBTa8
.pBTa8
%s:*:
%s:*:
Bg.laXV
Bg.laXV
&?%x=
&?%x=
GUrlA'
GUrlA'
Web%w|nc
Web%w|nc
HTTP)
HTTP)
2GUARDCMD.
2GUARDCMD.
.ENHCDM
.ENHCDM
PL/KPCKwWEB
PL/KPCKwWEB
MM.PFW.
MM.PFW.
.bssf
.bssf
J:CRT
J:CRT
ADVAPI32.dll
ADVAPI32.dll
MSVCRT.dll
MSVCRT.dll
SHELL32.dll
SHELL32.dll
WS2_32.dll
WS2_32.dll
%original file name%.exe_320_rwx_02510000_00002000:
SHELL32.DLL
SHELL32.DLL
ShellExecuteA
ShellExecuteA
KERNEL32.DLL
KERNEL32.DLL
.rsrc
.rsrc
Explorer.EXE_1572_rwx_00FF0000_00002000:
SHELL32.DLL
SHELL32.DLL
ShellExecuteA
ShellExecuteA
KERNEL32.DLL
KERNEL32.DLL
.rsrc
.rsrc
%original file name%.exe_320_rwx_02620000_00001000:
|%original file name%.exeM_320_
|%original file name%.exeM_320_
Explorer.EXE_1572_rwx_01E20000_00001000:
|explorer.exeM_1572_
|explorer.exeM_1572_