Win32.Sality.3_5747337e44

Dynamic Analysis

Payload

Behaviour	Description
WormAutorun	A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Trojan's file once a user opens a drive's folder in Windows Explorer.

Process activity

The Trojan creates the following process(es):No processes have been created.The Trojan injects its code into the following process(es):

%original file name%.exe:320
Explorer.EXE:1572

Mutexes

The following mutexes were created/opened:No objects were found.

File activity

The process %original file name%.exe:320 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%WinDir%\system.ini (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTEVGXIR\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\cc92a7d66e[1].setToken (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1SZTR4PX\pubads_impl_49[1].js (2190 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTEVGXIR\nero-burning-rom-18[1].png (3783 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1SZTR4PX\campaign-100624,101362[1].htm (1320 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\sprite[1].png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\loading[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1SZTR4PX\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\CAOJQT25.gif (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\CAWNUT4V.gif (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\fad58-b3118[2].css (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1SZTR4PX\sd_101362_0d279[1].jpg (17910 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\fad58-b3118[1].css (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1SZTR4PX\f[1].txt (3496 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\f[1].txt (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1SZTR4PX\container[1].html (1287 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTEVGXIR\306e0-e2646[1].js (7347 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTEVGXIR\sd_100624_634cd[1].jpg (14585 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1SZTR4PX\nr-412.min[1].js (8741 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\sd_100624_634cd[1].jpg (21437 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\f[1].txt (109 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1SZTR4PX\campaign-100624,101362[1] (2390 bytes)
%Program Files%\Common Files\Java\Java Update\jusched.exe (368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\CA7W1H7O.gif (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\CAG7JRMK.gif (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\universaldownloader-prefetch[1].htm (657 bytes)
C:\hostd.exe (103 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\winthnidj.exe (741 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTEVGXIR\container[1].htm (2 bytes)
C:\autorun.inf (315 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sd.en.softonic[1].txt (11231 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTEVGXIR\f[1].txt (3462 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\CA8DYHBO.gif (35 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\Reader_sl.exe (1336 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\blank[1].gif (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1SZTR4PX\pubads_impl_49[2].js (3387 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (7384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\CAX8W7TD.gif (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\CAG9M3S1.gif (35 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sd.en.softonic[2].txt (10249 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTEVGXIR\gradientbg[1].png (2 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1SZTR4PX\pubads_impl_49[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sd.en.softonic[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\winthnidj.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\CAWNUT4V.gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\CAG9M3S1.gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\CAX8W7TD.gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\fad58-b3118[1].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1SZTR4PX\f[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\CA7W1H7O.gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\f[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\CAOJQT25.gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\CAG7JRMK.gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\CA8DYHBO.gif (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sd.en.softonic[2].txt (0 bytes)

Registry activity

The process %original file name%.exe:320 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Aas]
"a4_440" = "3154413240"
"a3_694" = "697136351"
"a2_348" = "2494851381"
"a2_349" = "2502017530"
"a2_346" = "2480517564"
"a2_347" = "2487687292"
"a2_344" = "2466183481"
"a2_345" = "2473351998"
"a2_342" = "2451836793"
"a2_343" = "2459002772"
"a2_340" = "2437499835"
"a2_341" = "2444660991"
"a2_180" = "1290439855"
"a2_181" = "1297606601"
"a2_182" = "1304772947"
"a2_183" = "1311955452"
"a2_184" = "1319108819"
"a2_185" = "1326292233"
"a2_186" = "1333458820"
"a2_187" = "1340624004"
"a2_188" = "1347786651"
"a2_189" = "1354957319"
"a4_444" = "3183089724"
"a3_789" = "1344615644"
"a3_788" = "1371246781"

[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = "1"

[HKCU\Software\Aas]
"a2_749" = "1074706400"
"a2_742" = "1024518804"
"a2_743" = "1031696715"
"a2_740" = "1010186109"
"a2_741" = "1017353566"
"a2_746" = "1053202479"
"a2_747" = "1060371987"
"a2_744" = "1038854117"
"a2_745" = "1046035913"
"a1_503" = "2210395814"
"a1_502" = "2320667373"
"a1_501" = "753601411"
"a1_500" = "3846193451"
"a1_507" = "3239386834"
"a1_506" = "3253439469"
"a1_505" = "1746489582"
"a1_504" = "3016075942"
"a1_509" = "2452019330"
"a1_508" = "2190227909"
"a3_659" = "412749722"
"a3_658" = "405760891"
"a4_844" = "1755770828"
"a1_946" = "3220827497"
"a3_78" = "542637991"
"a3_79" = "549622726"
"a3_72" = "533156193"
"a3_73" = "506656128"
"a3_70" = "485103791"
"a3_71" = "525712590"
"a3_76" = "561686245"
"a3_77" = "568613636"
"a3_74" = "513568291"
"a3_75" = "554631746"
"a3_259" = "1873798154"
"a3_258" = "1866220523"
"a1_435" = "2182072345"
"a1_434" = "2503230767"
"a1_433" = "2068514104"
"a1_432" = "2068620302"
"a1_431" = "89276689"
"a1_430" = "4186478837"
"a3_251" = "1782710578"
"a3_250" = "1809280147"
"a3_253" = "1830771188"
"a3_252" = "1789764949"
"a3_255" = "1844811446"
"a3_254" = "1837822487"
"a3_257" = "1825746760"
"a3_256" = "1818692393"
"a3_784" = "1308623673"
"a3_783" = "1335193222"
"a3_782" = "1328269927"
"a3_781" = "1287147972"
"a3_449" = "3202245640"
"a1_636" = "2291408260"
"a3_321" = "2284435336"
"a3_320" = "2310935401"
"a3_323" = "2332478538"
"a3_322" = "2291869739"
"a3_325" = "2346910988"
"a3_324" = "2339397869"
"a3_327" = "2327338446"
"a3_326" = "2320415151"
"a3_329" = "2375379584"
"a3_328" = "2368468577"
"a3_971" = "2682835394"
"a1_729" = "3561492871"
"a1_728" = "3589131433"
"a3_439" = "3130280062"
"a3_438" = "3123369951"
"a3_435" = "3101883130"
"a3_434" = "3094824539"
"a3_437" = "3149870012"
"a3_436" = "3142426397"
"a3_431" = "3106444646"
"a3_430" = "3065901255"
"a3_433" = "3087376952"
"a3_432" = "3113879961"
"a4_818" = "1569373682"
"a4_819" = "1576542803"
"a4_810" = "1512020714"
"a4_811" = "1519189835"
"a4_812" = "1526358956"
"a4_813" = "1533528077"
"a4_814" = "1540697198"
"a4_815" = "1547866319"
"a4_816" = "1555035440"
"a4_817" = "1562204561"
"a1_670" = "1573224667"
"a2_748" = "1067539459"
"a1_593" = "431139822"
"a3_94" = "690598327"
"a3_95" = "698045910"
"a3_96" = "671534665"
"a3_97" = "678453992"
"a3_90" = "662052915"
"a3_91" = "669107282"
"a3_92" = "643004661"
"a3_93" = "649993492"
"a3_98" = "685967115"
"a3_99" = "726580138"
"a4_605" = "42350909"
"a4_604" = "35181788"
"a4_607" = "56689151"
"a4_606" = "49520030"
"a4_601" = "13674425"
"a4_600" = "6505304"
"a4_603" = "28012667"
"a4_602" = "20843546"
"a4_979" = "2723602163"
"a4_978" = "2716433042"
"a4_609" = "71027393"
"a4_608" = "63858272"
"a1_984" = "1620476006"
"a1_983" = "2933608750"
"a1_982" = "1188874552"
"a1_981" = "843930903"
"a1_980" = "1106990929"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Aas]
"a1_855" = "1998076328"
"a3_655" = "383827462"
"a1_857" = "955073799"
"a1_856" = "3796833541"
"a1_851" = "851624685"
"a1_850" = "3209920332"
"a1_853" = "1179146748"
"a3_654" = "376767975"
"a1_859" = "1170012101"
"a3_657" = "431879896"
"a4_779" = "1289777963"
"a4_778" = "1282608842"
"a3_929" = "2381983272"
"a3_656" = "424825529"

[HKLM\SOFTWARE\Microsoft\Security Center]
"FirewallOverride" = "1"

[HKCU\Software\Aas]
"a4_771" = "1232424995"
"a3_651" = "388835458"
"a4_773" = "1246763237"
"a4_772" = "1239594116"
"a4_775" = "1261101479"
"a4_774" = "1253932358"
"a4_777" = "1275439721"
"a3_650" = "348370019"
"a3_653" = "369779012"
"a3_652" = "395889957"
"a4_151" = "1082537271"
"a4_150" = "1075368150"
"a4_153" = "1096875513"
"a4_152" = "1089706392"
"a4_155" = "1111213755"
"a4_154" = "1104044634"
"a4_157" = "1125551997"
"a4_156" = "1118382876"
"a4_159" = "1139890239"
"a4_158" = "1132721118"
"a1_185" = "2581249199"
"a1_184" = "2337334464"
"a1_183" = "2424927341"
"a1_182" = "2979684424"
"a1_181" = "2093867254"
"a1_180" = "2310423066"
"a1_963" = "4077970335"
"a4_559" = "4007538639"
"a4_558" = "4000369518"
"a4_555" = "3978862155"
"a4_554" = "3971693034"
"a4_557" = "3993200397"
"a4_556" = "3986031276"
"a4_551" = "3950185671"
"a4_550" = "3943016550"
"a4_553" = "3964523913"
"a4_552" = "3957354792"
"a1_753" = "2887739143"
"a1_801" = "2633103842"
"a4_824" = "1612388408"
"a4_393" = "2817464553"
"a4_392" = "2810295432"
"a4_391" = "2803126311"
"a4_390" = "2795957190"
"a4_397" = "2846141037"
"a4_396" = "2838971916"
"a4_395" = "2831802795"
"a4_394" = "2824633674"
"a4_399" = "2860479279"
"a4_398" = "2853310158"
"a4_865" = "1906322369"
"a4_864" = "1899153248"
"a4_867" = "1920660611"
"a1_932" = "3863638421"
"a4_866" = "1913491490"
"a1_933" = "3896286936"
"a4_861" = "1877645885"
"a3_758" = "1122262303"
"a4_860" = "1870476764"
"a1_931" = "3554013366"
"a4_863" = "1891984127"
"a1_936" = "2302291942"
"a4_862" = "1884815006"
"a1_937" = "522572762"
"a2_405" = "2903494818"
"a2_404" = "2896347601"
"a2_407" = "2917830100"
"a2_406" = "2910659772"
"a2_401" = "2874810895"
"a2_400" = "2867646385"
"a2_403" = "2889159330"
"a2_402" = "2881994303"
"a1_935" = "3122051319"
"a2_409" = "2932163040"
"a2_408" = "2924995149"
"a2_975" = "2694934206"
"a2_974" = "2687759497"
"a2_977" = "2709261358"
"a2_976" = "2702092879"
"a2_971" = "2666242244"
"a2_970" = "2659074577"
"a2_973" = "2680593019"
"a4_896" = "2128565120"
"a2_979" = "2723595324"
"a2_978" = "2716426449"
"a1_222" = "3792160069"
"a1_223" = "3498312482"
"a1_220" = "3933309957"
"a1_221" = "2591420645"
"a1_226" = "1490557945"
"a1_227" = "2291118015"
"a1_224" = "2501406355"
"a1_225" = "1465038648"
"a1_228" = "3034438239"
"a1_229" = "4289019264"
"a2_579" = "4150923580"
"a2_578" = "4143757663"
"a2_571" = "4093560714"
"a2_570" = "4086391162"
"a2_573" = "4107908294"
"a2_572" = "4100741109"
"a2_575" = "4122242216"
"a2_574" = "4115073823"
"a2_577" = "4136574635"
"a2_576" = "4129408930"
"a2_351" = "2516354362"
"a2_350" = "2509186689"
"a2_353" = "2530701597"
"a2_352" = "2523534125"
"a2_355" = "2545037140"
"a2_354" = "2537877131"
"a2_357" = "2559370976"
"a2_356" = "2552203303"
"a2_359" = "2573721309"
"a2_358" = "2566539165"
"a3_906" = "2183550307"
"a3_622" = "147491207"
"a2_193" = "1383643722"
"a2_192" = "1376477023"
"a2_191" = "1369308412"
"a2_190" = "1362127413"
"a2_197" = "1412309906"
"a2_196" = "1405142451"
"a2_195" = "1397976046"
"a2_194" = "1390807869"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Aas]
"a3_624" = "195544665"
"a2_199" = "1426662736"
"a2_198" = "1419492816"
"a3_625" = "168917752"
"a2_759" = "1146389817"
"a3_626" = "175906587"
"a2_755" = "1117724028"
"a2_754" = "1110554704"
"a2_757" = "1132056447"
"a3_627" = "183481274"
"a2_751" = "1089037216"
"a2_750" = "1081870974"
"a2_753" = "1103388417"
"a2_752" = "1096218938"
"a1_536" = "3981542875"
"a1_537" = "2668391207"
"a1_534" = "3908551979"
"a1_535" = "2556071434"
"a1_89" = "1173003620"
"a1_88" = "2879220014"
"a1_530" = "3318093932"
"a1_531" = "1749212485"
"a1_85" = "1275584315"
"a1_84" = "1831039882"
"a1_87" = "2299876026"
"a1_86" = "3669155528"
"a1_81" = "1441194160"
"a1_80" = "4149883652"
"a1_83" = "2841905592"
"a1_82" = "3509624992"
"a3_914" = "2274560123"
"a2_898" = "2142896427"
"a1_896" = "2897340756"
"a1_890" = "1243149887"
"a2_899" = "2150079379"
"a1_67" = "1220943704"
"a1_66" = "3380930430"
"a1_65" = "432398971"
"a3_133" = "970345548"
"a1_63" = "3218175111"
"a3_135" = "950830350"
"a3_136" = "991836577"
"a1_60" = "970416896"
"a3_138" = "1006335587"
"a3_139" = "979823234"
"a3_684" = "625694981"
"a1_438" = "1255945534"
"a3_682" = "577634371"
"a3_683" = "584688866"
"a1_69" = "3036958462"
"a1_68" = "398851696"
"a3_228" = "1617824845"
"a3_229" = "1624875244"
"a3_224" = "1588903625"
"a3_225" = "1629901672"
"a3_226" = "1636956043"
"a3_227" = "1610836010"
"a3_220" = "1593911669"
"a3_221" = "1600966036"
"a3_222" = "1608410679"
"a3_223" = "1581849174"
"a1_408" = "2866053412"
"a1_409" = "3558056775"
"a1_402" = "3124322016"
"a1_403" = "3930398581"
"a1_400" = "3862243278"
"a1_401" = "3345402300"
"a1_406" = "1994966410"
"a1_407" = "1451369330"
"a1_404" = "116181306"
"a1_405" = "1793452491"
"a2_823" = "1605216496"
"a2_822" = "1598050467"
"a2_821" = "1590872683"
"a3_354" = "2521277451"
"a3_355" = "2528204970"
"a3_356" = "2568813773"
"a3_357" = "2576322924"
"a3_350" = "2492225207"
"a3_351" = "2499791574"
"a3_352" = "2540269385"
"a3_353" = "2547254248"
"a2_827" = "1633898545"
"a1_628" = "2162629450"
"a3_358" = "2583246223"
"a3_359" = "2556735022"
"a1_854" = "2400100653"
"a2_826" = "1626732937"
"a2_825" = "1619553266"
"a1_718" = "1519762768"
"a1_719" = "1528720417"
"a1_716" = "915343875"
"a1_717" = "3530668060"
"a1_714" = "1118994388"
"a1_715" = "2427845817"
"a1_712" = "3714852567"
"a1_713" = "1178852982"
"a1_710" = "3952132191"
"a1_711" = "743304766"
"a4_809" = "1504851593"
"a4_808" = "1497682472"
"a4_803" = "1461836867"
"a1_629" = "379955180"
"a4_801" = "1447498625"
"a4_800" = "1440329504"
"a4_807" = "1490513351"
"a4_806" = "1483344230"
"a4_805" = "1476175109"
"a4_804" = "1469005988"
"a4_37" = "265257477"
"a4_36" = "258088356"
"a4_35" = "250919235"
"a4_34" = "243750114"
"a4_33" = "236580993"
"a4_32" = "229411872"
"a4_31" = "222242751"
"a4_30" = "215073630"
"a4_144" = "1032353424"
"a4_39" = "279595719"
"a4_38" = "272426598"
"a3_915" = "2281614490"
"a4_843" = "1748601707"
"a3_142" = "1034864615"
"a4_946" = "2487021170"
"a4_947" = "2494190291"
"a4_944" = "2472682928"
"a4_945" = "2479852049"
"a4_942" = "2458344686"
"a4_943" = "2465513807"
"a4_940" = "2444006444"
"a4_941" = "2451175565"
"a4_948" = "2501359412"

[HKCU\Software\Aas\695404737]
"28676484" = "35"

[HKCU\Software\Aas]
"a4_498" = "3570222258"
"a4_499" = "3577391379"
"a4_494" = "3541545774"
"a4_495" = "3548714895"
"a4_496" = "3555884016"
"a4_497" = "3563053137"
"a4_490" = "3512869290"
"a4_491" = "3520038411"
"a4_492" = "3527207532"
"a4_493" = "3534376653"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014091520140916]
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012014091520140916\"

[HKCU\Software\Aas]
"a3_448" = "3194799081"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Aas]
"a2_941" = "2451170395"
"a4_708" = "780770372"
"a4_709" = "787939493"
"a3_918" = "2303105535"
"a3_919" = "2310025758"
"a4_704" = "752093888"
"a4_705" = "759263009"
"a4_706" = "766432130"
"a4_707" = "773601251"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"UacDisableNotify" = "1"

[HKCU\Software\Aas]
"a4_701" = "730586525"
"a4_702" = "737755646"
"a4_703" = "744924767"
"a1_888" = "3688254914"
"a1_889" = "912025742"
"a1_886" = "358863244"
"a1_887" = "3211444909"
"a1_884" = "2971868346"
"a1_885" = "2818187559"
"a1_882" = "1178817819"
"a1_883" = "1263857104"
"a1_880" = "2042065446"
"a1_881" = "3363774094"
"a4_124" = "888971004"
"a4_125" = "896140125"
"a4_126" = "903309246"
"a4_127" = "910478367"
"a4_120" = "860294520"
"a4_121" = "867463641"
"a4_122" = "874632762"
"a4_123" = "881801883"
"a4_128" = "917647488"
"a4_129" = "924816609"
"a2_593" = "4251292106"
"a3_444" = "3166269973"
"a3_445" = "3206813364"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Aas]
"a1_831" = "361849185"
"a2_592" = "4244126991"
"a1_930" = "3857795109"
"a1_948" = "506022213"
"a4_238" = "1706250798"
"a4_239" = "1713419919"
"a4_230" = "1648897830"
"a4_231" = "1656066951"
"a4_232" = "1663236072"
"a4_233" = "1670405193"
"a4_234" = "1677574314"
"a4_235" = "1684743435"
"a4_236" = "1691912556"
"a4_237" = "1699081677"
"a1_480" = "333377457"
"a1_723" = "4032836429"
"a1_722" = "3788370949"
"a1_721" = "373629839"
"a1_720" = "3475263989"
"a1_768" = "757178709"
"a1_727" = "164304843"
"a1_726" = "881194584"
"a2_643" = "314771444"
"a2_790" = "1368644300"
"a1_725" = "222525965"
"a2_642" = "307604525"
"a1_724" = "3252967278"
"a2_641" = "300436050"
"a2_640" = "293268345"
"a2_647" = "343452605"
"a2_646" = "336285826"
"a1_158" = "3875725423"
"a1_159" = "1592817806"
"a2_645" = "329118214"
"a1_150" = "403895951"
"a1_151" = "776915845"
"a1_152" = "851394265"
"a1_153" = "3024617901"
"a1_154" = "3593379048"
"a1_155" = "131234754"
"a1_156" = "3663464005"
"a1_157" = "927374277"
"a1_235" = "3861944001"
"a1_234" = "3109231355"
"a1_237" = "1868760955"
"a1_236" = "4173549989"
"a1_231" = "3233904187"
"a1_230" = "2865690999"
"a1_233" = "2885175580"
"a1_232" = "3313021397"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Aas]
"a1_239" = "3023866356"
"a1_238" = "4144934032"
"a2_210" = "1505523175"
"a2_211" = "1512675780"
"a2_212" = "1519860401"
"a2_213" = "1527027772"
"a2_214" = "1534195705"
"a2_215" = "1541369344"
"a2_216" = "1548522229"
"a2_217" = "1555697190"
"a2_218" = "1562863463"
"a2_219" = "1570030499"
"a1_966" = "668069237"
"a2_508" = "3641911284"
"a2_384" = "2752941455"
"a2_504" = "3613230174"
"a2_505" = "3620412382"
"a2_506" = "3627578426"
"a2_507" = "3634745849"
"a2_500" = "3584563417"
"a2_501" = "3591726658"
"a2_502" = "3598895163"
"a2_503" = "3606064988"
"a2_791" = "1375812648"
"a2_698" = "709076629"
"a2_699" = "716246779"
"a2_694" = "680396652"
"a2_695" = "687577534"
"a2_696" = "694745690"
"a2_697" = "701913557"
"a2_690" = "651728466"
"a2_691" = "658892369"
"a2_692" = "666059015"
"a2_693" = "673229946"
"a2_324" = "2322800179"
"a2_325" = "2329956202"
"a2_326" = "2337129761"
"a2_327" = "2344300157"
"a2_320" = "2294115955"
"a2_321" = "2301281329"
"a2_322" = "2308463285"
"a2_323" = "2315632308"
"a1_521" = "4177849392"
"a1_520" = "2905483613"
"a1_523" = "3444765162"
"a1_522" = "1575910915"
"a2_328" = "2351465135"
"a2_329" = "2358648926"
"a1_527" = "1979539256"
"a1_526" = "1315067276"
"a2_799" = "1433168562"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\Aas]
"a2_798" = "1425997193"
"a4_962" = "2601727106"
"a1_98" = "180569467"
"a1_99" = "3789237466"
"a1_92" = "2726995222"
"a1_93" = "3478392928"
"a1_90" = "622596048"
"a1_91" = "3660745850"
"a1_96" = "436411701"
"a1_97" = "1309794487"
"a1_94" = "3471686432"
"a1_95" = "580582469"
"a1_74" = "4185868737"
"a1_75" = "1020818863"
"a1_76" = "695238556"
"a1_77" = "1417177585"
"a1_70" = "1217050680"
"a1_71" = "2924903581"
"a1_72" = "2231819788"
"a1_73" = "1668277733"
"a3_699" = "733118194"
"a3_698" = "725670483"
"a3_129" = "907869896"
"a3_128" = "934369961"
"a1_78" = "888237257"
"a1_79" = "1708909649"
"a3_239" = "1730403494"
"a3_238" = "1689270279"
"a3_237" = "1682343908"
"a3_236" = "1708909381"
"a3_235" = "1701334818"
"a3_234" = "1660856963"
"a3_233" = "1653814880"
"a3_232" = "1646370241"
"a3_231" = "1672935854"
"a3_230" = "1665877263"
"a1_419" = "126561434"
"a1_418" = "3064865817"
"a3_953" = "2520368944"
"a1_415" = "2565677338"
"a1_414" = "854933128"
"a1_417" = "3665385048"
"a1_416" = "3081725686"
"a1_411" = "2792418531"
"a1_410" = "3075540535"
"a1_413" = "3902070457"
"a1_412" = "3534330581"
"a3_939" = "2419869154"
"a3_347" = "2504287570"
"a3_346" = "2463809843"
"a3_345" = "2456759440"
"a3_344" = "2482866289"
"a3_343" = "2475825118"
"a3_342" = "2468836287"
"a3_341" = "2427838236"
"a3_340" = "2420783869"
"a3_349" = "2485301780"
"a3_348" = "2511804917"
"a1_701" = "4011995169"
"a1_700" = "144744320"
"a1_703" = "1730380049"
"a1_702" = "1094527912"
"a1_705" = "951988474"
"a1_704" = "3708803186"
"a1_707" = "691425964"
"a1_706" = "3460719416"
"a1_709" = "3360071278"
"a1_708" = "3718210168"
"a2_360" = "2580885522"
"a4_838" = "1712756102"
"a2_361" = "2588055262"
"a4_836" = "1698417860"
"a4_837" = "1705586981"
"a4_834" = "1684079618"
"a4_835" = "1691248739"
"a4_832" = "1669741376"
"a2_362" = "2595213762"
"a4_830" = "1655403134"
"a4_831" = "1662572255"
"a4_24" = "172058904"
"a4_25" = "179228025"
"a4_26" = "186397146"
"a4_27" = "193566267"
"a4_20" = "143382420"
"a4_21" = "150551541"
"a4_22" = "157720662"
"a4_23" = "164889783"
"a4_951" = "2522866775"
"a2_364" = "2609551691"
"a4_953" = "2537205017"
"a4_952" = "2530035896"
"a4_28" = "200735388"
"a4_29" = "207904509"
"a4_957" = "2565881501"
"a2_365" = "2616722785"
"a2_366" = "2623905540"
"a2_367" = "2631069916"
"a1_743" = "1360432974"
"a2_168" = "1204405323"
"a2_169" = "1211587242"
"a4_847" = "1777278191"
"a4_489" = "3505700169"
"a4_488" = "3498531048"
"a4_487" = "3491361927"
"a4_486" = "3484192806"
"a4_485" = "3477023685"
"a4_484" = "3469854564"
"a4_483" = "3462685443"
"a4_482" = "3455516322"
"a4_481" = "3448347201"
"a4_480" = "3441178080"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014091520140916]
"CacheOptions" = "11"

[HKCU\Software\Aas]
"a2_160" = "1147052807"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014091520140916]
"CacheLimit" = "8192"

[HKCU\Software\Aas]
"a4_973" = "2680587437"
"a2_161" = "1154234588"
"a4_977" = "2709263921"
"a4_972" = "2673418316"
"a4_971" = "2666249195"
"a3_901" = "2147558220"
"a3_900" = "2174193453"
"a3_903" = "2162063374"
"a3_902" = "2154612719"
"a3_905" = "2209657024"
"a3_904" = "2202606753"
"a4_719" = "859630703"
"a4_718" = "852461582"
"a4_717" = "845292461"
"a4_716" = "838123340"
"a4_715" = "830954219"
"a4_714" = "823785098"
"a4_713" = "816615977"
"a4_712" = "809446856"
"a4_711" = "802277735"
"a4_710" = "795108614"
"a1_891" = "3587402933"
"a3_776" = "1251683361"
"a1_893" = "1299530220"
"a1_892" = "786977278"
"a1_895" = "3833120326"
"a1_894" = "2423168992"
"a1_897" = "878571692"
"a3_777" = "1292288064"
"a1_899" = "2877879294"
"a1_898" = "345993610"
"a4_974" = "2687756558"
"a3_774" = "1270749039"
"a4_137" = "982169577"
"a4_136" = "975000456"
"a4_135" = "967831335"
"a4_134" = "960662214"
"a4_133" = "953493093"
"a4_132" = "946323972"
"a4_131" = "939154851"
"a4_130" = "931985730"
"a3_772" = "1222762157"
"a4_139" = "996507819"
"a4_138" = "989338698"
"a4_975" = "2694925679"
"a3_770" = "1208254955"
"a3_771" = "1215707658"
"a2_455" = "3261953204"
"a1_617" = "3568331164"

[HKCU\Software\Softonic\Universal Downloader]
"uuid" = "D6DD384A-6EFA-43B2-8367-CD9C5B30666A"

[HKCU\Software\Aas]
"a4_229" = "1641728709"
"a4_228" = "1634559588"
"a4_223" = "1598713983"
"a4_222" = "1591544862"
"a4_221" = "1584375741"
"a4_220" = "1577206620"
"a4_227" = "1627390467"
"a4_226" = "1620221346"
"a4_225" = "1613052225"
"a4_224" = "1605883104"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014091520140916]
"CachePrefix" = ":2014091520140916:"

[HKCU\Software\Aas]
"a1_615" = "3695250270"
"a2_459" = "3290618250"
"a3_678" = "548713167"
"a1_614" = "3395610879"
"a1_820" = "1964905738"
"a1_821" = "808967749"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Aas]
"a1_822" = "2188166873"

"a1_149" = "895771946"
"a1_148" = "3942057135"
"a1_143" = "2190012797"
"a1_142" = "4063618074"
"a1_141" = "2723579432"
"a1_140" = "1692845837"
"a1_147" = "317332838"
"a1_146" = "3459416332"
"a1_145" = "3543732649"
"a1_144" = "3577437385"
"a1_826" = "261275456"
"a1_827" = "2611808516"
"a2_203" = "1455326148"
"a2_202" = "1448153408"
"a2_201" = "1440993002"
"a2_200" = "1433828831"
"a2_207" = "1484012816"
"a2_206" = "1476841772"
"a2_205" = "1469676734"
"a2_204" = "1462492829"
"a2_209" = "1498343936"
"a2_208" = "1491178357"
"a2_519" = "3720779997"
"a2_518" = "3713613697"
"a2_517" = "3706429973"
"a2_516" = "3699264905"
"a2_515" = "3692098752"
"a2_514" = "3684929853"
"a2_513" = "3677765106"
"a2_512" = "3670597221"
"a2_511" = "3663414644"
"a2_510" = "3656246457"
"a2_689" = "644560705"
"a2_688" = "637391703"
"a2_687" = "630224400"
"a2_686" = "623046065"
"a2_685" = "615877085"
"a2_684" = "608707778"
"a2_683" = "601542811"
"a2_682" = "594364743"
"a2_681" = "587209454"
"a2_680" = "580039831"
"a2_337" = "2415998982"
"a2_336" = "2408819258"
"a2_335" = "2401663630"
"a2_334" = "2394484705"
"a2_333" = "2387316074"
"a2_332" = "2380151387"
"a2_331" = "2372981948"
"a2_330" = "2365814959"
"a1_554" = "1448864291"
"a1_555" = "3306840400"
"a1_556" = "251838438"
"a1_557" = "3211339990"
"a3_242" = "1718323611"
"a1_551" = "1809872530"
"a2_339" = "2430334677"
"a2_338" = "2423168561"
"a4_673" = "529851137"
"a1_918" = "56662144"
"a1_919" = "956950633"
"a3_243" = "1725243962"
"a1_852" = "504307635"
"a1_914" = "2621244165"
"a1_398" = "3213396380"
"a1_399" = "2400391163"
"a4_679" = "572865863"
"a1_392" = "3659455175"
"a1_393" = "4258995342"
"a1_390" = "792290316"
"a1_391" = "624110427"
"a1_396" = "1366682741"
"a1_397" = "3713672403"
"a1_394" = "1431378708"
"a1_395" = "3434540974"
"a1_858" = "1356424658"
"a3_116" = "814879197"
"a3_117" = "821922428"
"a3_114" = "834001179"
"a3_115" = "807894458"
"a3_112" = "785940569"
"a3_113" = "826942712"
"a3_110" = "771902343"
"a3_111" = "778955814"
"a1_49" = "1034440646"
"a1_48" = "3094354718"
"a3_554" = "3988280259"
"a3_118" = "862924447"
"a3_119" = "869974846"
"a3_202" = "1465015971"
"a3_203" = "1472066242"
"a3_200" = "1416954337"
"a3_201" = "1424013824"
"a3_206" = "1493543975"
"a3_207" = "1500987462"
"a3_204" = "1445500773"
"a3_205" = "1452936068"
"a1_197" = "1716976240"
"a3_759" = "1163391422"
"a3_208" = "1508041977"
"a3_209" = "1481480472"
"a3_592" = "4261104249"
"a3_593" = "4234604184"
"a3_590" = "4246617511"
"a3_591" = "4253667782"
"a3_596" = "4289649661"
"a3_597" = "4263017500"
"a3_594" = "4241589051"
"a3_595" = "4282591066"
"a3_598" = "4270526655"
"a3_599" = "4277581022"
"a4_848" = "1784447312"
"a3_578" = "4160735531"
"a3_579" = "4134104394"
"a4_770" = "1225255874"
"a3_570" = "4069660115"
"a3_571" = "4076703346"
"a3_572" = "4117701269"
"a3_573" = "4124755764"
"a3_574" = "4098128727"
"a3_575" = "4105641974"
"a3_576" = "4146245737"
"a3_577" = "4153169032"
"a1_774" = "1126929554"
"a1_775" = "754308258"
"a1_776" = "3989482859"
"a1_777" = "661108183"
"a1_191" = "3327358977"
"a1_771" = "3785988987"
"a1_772" = "895389369"
"a1_773" = "3649170610"
"a1_953" = "3022992168"
"a3_927" = "2367492374"
"a1_778" = "889707544"
"a1_779" = "2303709701"
"a3_926" = "2326953207"
"a2_17" = "121878207"
"a2_16" = "114712367"
"a2_15" = "107528316"
"a2_14" = "100361553"
"a2_13" = "93193530"
"a2_12" = "86021463"
"a2_11" = "78858900"
"a2_10" = "71695396"
"a4_829" = "1648234013"
"a4_828" = "1641064892"
"a4_776" = "1268270600"
"a1_592" = "791243791"
"a2_19" = "136209979"
"a2_18" = "129044671"
"a4_11" = "78860331"
"a4_10" = "71691210"
"a4_13" = "93198573"
"a4_12" = "86029452"
"a4_15" = "107536815"
"a4_14" = "100367694"
"a4_17" = "121875057"
"a4_16" = "114705936"
"a4_19" = "136213299"
"a4_18" = "129044178"
"a4_926" = "2343638750"
"a4_927" = "2350807871"
"a1_878" = "1720102266"
"a4_921" = "2307793145"
"a4_922" = "2314962266"
"a1_595" = "2006610958"
"a1_596" = "3270287098"
"a1_597" = "4150760550"
"a1_608" = "2131425361"
"a1_609" = "3380439172"
"a3_378" = "2693094675"
"a3_379" = "2700145074"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Aas]
"a4_846" = "1770109070"
"a3_372" = "2683746013"
"a3_373" = "2657102716"
"a3_370" = "2669182491"
"a3_371" = "2676691642"
"a3_376" = "2712142929"
"a3_377" = "2686171376"
"a3_374" = "2664681375"
"a3_375" = "2705154110"
"a1_759" = "321583033"
"a3_488" = "3515101889"
"a3_489" = "3522680672"
"a4_841" = "1734263465"
"a4_840" = "1727094344"
"a1_950" = "2363097549"
"a3_484" = "3486690637"
"a1_952" = "999095403"
"a2_925" = "2336461340"
"a1_954" = "3667880492"
"a1_955" = "2054934633"
"a1_956" = "136671562"
"a3_485" = "3460055532"
"a1_958" = "2933524705"
"a2_922" = "2314968488"
"a1_750" = "1552779156"
"a1_751" = "145187286"
"a1_756" = "223520970"
"a1_757" = "1379441262"
"a4_722" = "881138066"
"a4_723" = "888307187"
"a4_720" = "866799824"
"a1_661" = "1577378922"
"a4_726" = "909814550"
"a4_727" = "916983671"
"a4_724" = "895476308"
"a4_725" = "902645429"
"a4_728" = "924152792"
"a4_729" = "931321913"
"a3_978" = "2699694267"
"a3_979" = "2740303066"
"a3_127" = "927442486"
"a1_189" = "1471680556"
"a4_903" = "2178748967"
"a1_188" = "516344566"
"a4_900" = "2157241604"
"a1_187" = "1228855685"
"a4_901" = "2164410725"
"a1_186" = "2149659975"
"a2_929" = "2365152667"
"a4_905" = "2193087209"
"a4_586" = "4201104906"
"a4_587" = "4208274027"
"a4_584" = "4186766664"
"a4_585" = "4193935785"
"a4_582" = "4172428422"
"a4_583" = "4179597543"
"a4_580" = "4158090180"
"a4_581" = "4165259301"
"a3_800" = "1423623433"
"a3_801" = "1464105384"
"a3_802" = "1471618507"
"a3_803" = "1445115498"
"a3_804" = "1452026509"
"a3_805" = "1459605292"
"a4_588" = "4215443148"
"a4_589" = "4222612269"
"a3_645" = "312377932"
"a4_909" = "2221763693"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden" = "2"

[HKCU\Software\Aas]
"a4_966" = "2630403590"
"a4_218" = "1562868378"
"a4_219" = "1570037499"
"a4_216" = "1548530136"
"a4_217" = "1555699257"
"a4_214" = "1534191894"
"a4_215" = "1541361015"
"a4_212" = "1519853652"
"a4_213" = "1527022773"
"a4_210" = "1505515410"
"a4_211" = "1512684531"
"a4_458" = "3283457418"
"a4_459" = "3290626539"
"a4_108" = "774265068"
"a4_109" = "781434189"
"a1_843" = "3266989062"
"a4_102" = "731250342"
"a4_103" = "738419463"
"a4_100" = "716912100"
"a4_101" = "724081221"
"a4_106" = "759926826"
"a4_107" = "767095947"
"a4_104" = "745588584"
"a4_105" = "752757705"
"a1_605" = "2072113025"
"a1_558" = "4071168423"
"a1_559" = "370604950"
"a1_606" = "3730379968"
"a3_925" = "2319505492"
"a1_178" = "3972753695"
"a1_179" = "3723872165"
"a1_176" = "3987340007"
"a1_177" = "1626315618"
"a1_174" = "3495292599"
"a1_175" = "282053880"
"a1_172" = "3667624306"
"a1_173" = "2018767060"
"a1_170" = "3932805943"
"a1_171" = "2402304646"
"a1_550" = "1440617176"
"a2_236" = "1691915304"
"a2_237" = "1699084554"
"a2_234" = "1677583712"
"a2_235" = "1684735604"
"a2_232" = "1663230839"
"a2_233" = "1670400581"
"a2_230" = "1648889512"
"a2_231" = "1656063725"
"a1_553" = "4090112821"
"a2_238" = "1706248946"
"a2_239" = "1713411490"
"a2_522" = "3742284481"
"a2_523" = "3749448081"
"a2_520" = "3727948881"
"a2_521" = "3735117334"
"a2_526" = "3770950892"
"a2_527" = "3778131556"
"a2_524" = "3756617432"
"a2_525" = "3763781912"
"a2_838" = "1712752641"
"a2_839" = "1719922542"
"a2_528" = "3785298231"
"a2_529" = "3792467798"
"a3_688" = "620670617"
"a1_626" = "30423423"
"a1_541" = "1599907726"
"a1_627" = "2629272488"
"a1_624" = "1265992489"
"a1_549" = "2748936539"
"a1_548" = "3112349434"
"a1_547" = "633930744"
"a1_546" = "564717662"
"a1_545" = "3931658949"
"a1_544" = "2321432445"
"a1_543" = "3496515810"
"a1_542" = "343018503"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"

[HKCU\Software\Aas]
"a1_540" = "3146179110"
"a2_658" = "422322181"
"a2_659" = "429475486"
"a2_308" = "2208097923"
"a2_309" = "2215250004"
"a2_302" = "2165077457"
"a2_303" = "2172245780"
"a2_300" = "2150728331"
"a2_301" = "2157910109"
"a2_306" = "2193744155"
"a2_307" = "2200913013"
"a2_304" = "2179409111"
"a2_305" = "2186579446"
"a2_786" = "1339959969"
"a2_787" = "1347125539"
"a2_784" = "1325616607"
"a2_785" = "1332799675"
"a2_782" = "1311292136"
"a2_783" = "1318462552"
"a2_780" = "1296943580"
"a2_781" = "1304110294"
"a2_788" = "1354296797"
"a2_789" = "1361476900"
"a1_389" = "3648257493"
"a1_388" = "4209921407"
"a1_385" = "353004240"
"a1_384" = "171237325"
"a1_387" = "931091252"
"a1_386" = "2823104888"
"a1_381" = "421060104"
"a1_380" = "314346913"
"a1_383" = "2255136734"
"a1_382" = "2477968037"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Aas]
"a1_58" = "2143408038"
"a1_59" = "3431200114"
"a1_56" = "3333444949"
"a1_57" = "3373560503"
"a1_54" = "3256475082"
"a1_55" = "550812814"
"a1_52" = "3875219138"
"a1_53" = "2010088276"
"a1_50" = "2745922867"
"a1_51" = "3555608124"
"a3_215" = "1524377438"
"a3_214" = "1517454143"
"a3_217" = "1572437008"
"a3_216" = "1565514737"
"a3_211" = "1529532890"
"a3_210" = "1488928187"
"a3_213" = "1510469276"
"a3_212" = "1536445053"
"a1_616" = "932838360"
"a3_748" = "1050812741"
"a3_219" = "1553446098"
"a3_218" = "1545867443"
"a3_585" = "4177070976"
"a3_584" = "4170159969"
"a3_587" = "4225122370"
"a3_586" = "4217678883"
"a3_581" = "4182227468"
"a3_580" = "4141089261"
"a3_583" = "4162646734"
"a3_582" = "4189150895"
"a3_589" = "4205615364"
"a3_588" = "4198622437"
"a2_916" = "2271949171"
"a3_893" = "2090093684"
"a3_569" = "4062671280"
"a3_568" = "4088782097"
"a3_563" = "4052790138"
"a3_562" = "4045747931"
"a3_561" = "4005270200"
"a3_560" = "3997761049"
"a3_567" = "4081727742"
"a3_566" = "4040721503"
"a3_565" = "4033732668"
"a3_564" = "4026683293"
"a3_109" = "798021476"
"a3_108" = "790966981"
"a1_765" = "1734099330"
"a1_764" = "1308484385"

"a1_762" = "3299752819"
"a1_761" = "374598289"
"a3_724" = "878479485"
"a3_101" = "707522668"
"a3_100" = "733503437"
"a3_103" = "754977070"
"a3_102" = "714511503"
"a3_105" = "769475040"
"a3_104" = "762555713"
"a3_107" = "750493346"
"a3_106" = "742980099"
"a4_854" = "1827462038"
"a4_855" = "1834631159"
"a4_856" = "1841800280"
"a3_726" = "926531903"
"a4_850" = "1798785554"
"a4_851" = "1805954675"
"a4_852" = "1813123796"
"a4_853" = "1820292917"
"a3_721" = "890560280"
"a2_914" = "2257614018"
"a4_858" = "1856138522"
"a1_586" = "3549116598"
"a1_789" = "1888324425"
"a3_720" = "849951481"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Aas]
"a3_898" = "2126083691"
"a3_723" = "904992730"
"a4_939" = "2436837323"
"a4_938" = "2429668202"
"a4_937" = "2422499081"
"a4_936" = "2415329960"
"a4_935" = "2408160839"
"a3_722" = "898003899"
"a4_933" = "2393822597"
"a4_932" = "2386653476"
"a4_931" = "2379484355"
"a4_930" = "2372315234"
"a3_955" = "2568364018"
"a1_788" = "1930200394"
"a1_619" = "238160991"
"a1_618" = "1268353303"
"a3_369" = "2628699640"
"a3_368" = "2621645145"
"a3_365" = "2600170596"
"a3_364" = "2592723909"
"a3_367" = "2647756070"
"a3_366" = "2640767111"
"a3_361" = "2604787424"
"a3_360" = "2564178497"
"a3_363" = "2585673634"
"a3_362" = "2611780355"
"a4_520" = "3727942920"
"a4_521" = "3735112041"
"a1_584" = "2665805071"
"a4_522" = "3742281162"
"a2_62" = "444487593"
"a4_523" = "3749450283"
"a2_63" = "451646188"
"a4_524" = "3756619404"
"a1_971" = "3711284951"
"a2_60" = "430153510"
"a4_525" = "3763788525"
"a1_943" = "1319320435"
"a1_942" = "1684899259"
"a1_941" = "613909208"
"a2_61" = "437318132"
"a1_947" = "2757141865"
"a4_526" = "3770957646"
"a1_945" = "3266137953"
"a1_944" = "2958187934"
"a2_66" = "473167953"
"a1_949" = "780850158"
"a4_527" = "3778126767"
"a2_67" = "480336500"
"a2_64" = "458832787"
"a2_65" = "465984992"
"a4_735" = "974336639"
"a4_734" = "967167518"
"a4_737" = "988674881"
"a4_736" = "981505760"
"a4_731" = "945660155"
"a4_730" = "938491034"
"a4_733" = "959998397"
"a4_732" = "952829276"
"a4_739" = "1003013123"
"a4_738" = "995844002"
"a3_969" = "2668861696"
"a3_968" = "2627790049"
"a4_599" = "4294303479"
"a4_598" = "4287134358"
"a1_782" = "2677199123"
"a4_591" = "4236950511"
"a4_590" = "4229781390"
"a4_593" = "4251288753"
"a4_592" = "4244119632"
"a4_595" = "4265626995"
"a4_594" = "4258457874"
"a4_597" = "4279965237"
"a4_596" = "4272796116"
"a1_786" = "3262391658"
"a1_41" = "2245864771"
"a1_40" = "3100941806"
"a1_43" = "4043037946"
"a3_819" = "1559971962"
"a1_42" = "3353613908"
"a3_813" = "1516544548"
"a1_45" = "2069466706"
"a3_811" = "1536136546"
"a3_810" = "1528623299"
"a3_817" = "1545483192"
"a3_816" = "1571594009"
"a3_815" = "1564605158"
"a1_44" = "481552086"
"a1_47" = "694101233"
"a1_46" = "383543006"
"a4_201" = "1440993321"
"a4_200" = "1433824200"
"a4_203" = "1455331563"
"a4_202" = "1448162442"
"a4_205" = "1469669805"
"a4_204" = "1462500684"
"a4_207" = "1484008047"
"a4_206" = "1476838926"
"a4_209" = "1498346289"
"a4_208" = "1491177168"
"a4_823" = "1605219287"
"a4_449" = "3218935329"
"a4_448" = "3211766208"
"a4_119" = "853125399"
"a4_118" = "845956278"
"a4_115" = "824448915"
"a4_114" = "817279794"
"a4_117" = "838787157"
"a4_116" = "831618036"
"a4_111" = "795772431"
"a4_110" = "788603310"
"a4_113" = "810110673"
"a4_112" = "802941552"
"a4_924" = "2329300508"
"a4_565" = "4050553365"
"a3_750" = "1098874375"
"a3_751" = "1105859238"
"a3_752" = "1079359193"
"a3_753" = "1086794616"
"a4_566" = "4057722486"
"a3_921" = "2290961104"
"a3_754" = "1127403419"
"a4_879" = "2006690063"
"a3_725" = "885927068"
"a3_755" = "1134321722"
"a3_756" = "1108280413"
"a1_783" = "833112081"
"a3_757" = "1115339004"
"a1_959" = "2854354444"
"a2_907" = "2207431140"
"a1_161" = "109543803"
"a1_160" = "3473740387"
"a1_163" = "2978119829"
"a1_162" = "2993931339"
"a1_165" = "3857610817"
"a1_164" = "1871448928"
"a1_167" = "135697"
"a1_166" = "2218662232"
"a1_169" = "2625900666"
"a1_168" = "3313774100"
"a3_727" = "933979486"
"a2_535" = "3835487642"
"a2_534" = "3828318201"
"a2_537" = "3849793390"
"a2_536" = "3842651271"
"a2_531" = "3806800532"
"a2_530" = "3799642291"
"a2_533" = "3821136538"
"a2_532" = "3813966915"
"a2_829" = "1648241968"
"a2_828" = "1641057398"
"a2_539" = "3864154088"
"a2_538" = "3856984111"
"a4_447" = "3204597087"
"a1_572" = "2869389325"
"a1_573" = "639865431"
"a1_570" = "1506928292"
"a1_571" = "2733460120"
"a1_576" = "205994993"
"a1_577" = "2124065016"
"a1_574" = "2282038304"
"a1_575" = "3941228250"
"a1_578" = "4251943180"
"a1_579" = "2881364794"
"a2_649" = "357786506"
"a2_648" = "350621668"
"a2_319" = "2286946742"
"a2_318" = "2279773113"
"a2_315" = "2258280442"
"a2_314" = "2251098951"
"a2_317" = "2272613064"
"a2_316" = "2265446715"
"a2_311" = "2229593277"
"a2_310" = "2222428210"
"a2_313" = "2243929522"
"a2_312" = "2236763605"
"a2_229" = "1641732046"
"a2_228" = "1634566033"
"a2_221" = "1584381345"
"a2_220" = "1577212907"
"a2_223" = "1598706867"
"a2_222" = "1591548276"
"a2_225" = "1613049612"
"a2_224" = "1605891303"
"a2_227" = "1627396328"
"a2_226" = "1620213768"
"a1_370" = "1710371687"
"a1_371" = "305627019"
"a1_372" = "771851598"
"a1_373" = "2467423463"
"a1_374" = "3777272040"
"a1_375" = "3661436489"
"a1_376" = "2462752515"
"a1_377" = "3895555603"
"a1_378" = "1440762109"
"a1_379" = "2755389894"
"a2_793" = "1390143729"
"a2_792" = "1382977568"
"a2_795" = "1404477538"
"a2_794" = "1397309906"
"a2_797" = "1418829741"
"a2_796" = "1411646609"
"a3_36" = "241268621"
"a3_37" = "248309804"
"a3_183" = "1328655230"
"a1_29" = "1433283745"
"a1_28" = "2851145514"
"a1_590" = "1292541173"
"a1_23" = "1074144709"
"a1_22" = "759069734"
"a1_21" = "756503177"
"a1_20" = "2705680933"
"a1_27" = "3929278474"
"a1_26" = "2388423008"
"a1_25" = "2962208839"
"a1_24" = "3031152232"
"a1_284" = "2292533030"
"a1_285" = "514117280"
"a1_286" = "1467209186"
"a1_287" = "3263443408"
"a1_280" = "839999559"
"a1_281" = "1288803849"
"a1_282" = "377348967"
"a1_283" = "2384602373"
"a3_31" = "205278614"
"a1_288" = "3637426497"
"a1_289" = "1298577975"
"a3_778" = "1299211491"
"a3_779" = "1306728706"
"a2_903" = "2178747199"
"a1_591" = "3198230933"
"a3_32" = "212854281"
"a2_972" = "2673425672"
"a3_558" = "4017332551"
"a3_559" = "4024255974"
"a3_556" = "3969214597"
"a3_557" = "4009757988"
"a1_552" = "3400688277"
"a3_555" = "3962303586"
"a3_552" = "3940752129"
"a3_553" = "3981361056"
"a3_550" = "3926311503"
"a3_551" = "3933234926"
"a1_598" = "518828840"
"a1_599" = "1541487273"
"a3_178" = "1292673371"
"a3_179" = "1300121082"
"a3_174" = "1264145351"
"a3_175" = "1271198822"
"a3_176" = "1245079705"
"a3_177" = "1252068664"
"a3_170" = "1235731011"
"a3_171" = "1209100002"
"a3_172" = "1216092933"
"a3_173" = "1223671716"
"a2_31" = "222248516"
"a2_30" = "215077929"
"a2_33" = "236580598"
"a2_32" = "229414455"
"a2_35" = "250911342"
"a2_34" = "243757352"
"a2_37" = "265265056"
"a2_36" = "258096888"
"a2_39" = "279600508"
"a2_38" = "272431381"
"a3_486" = "3467639311"
"a3_487" = "3508182702"
"a3_480" = "3424608201"
"a3_481" = "3431657576"
"a3_482" = "3438646411"
"a3_483" = "3479636266"
"a4_902" = "2171579846"
"a2_584" = "4186761663"
"a4_79" = "566360559"
"a4_78" = "559191438"
"a4_906" = "2200256330"
"a4_907" = "2207425451"
"a4_904" = "2185918088"
"a2_585" = "4193943081"
"a4_73" = "523345833"
"a4_72" = "516176712"
"a4_71" = "509007591"
"a4_70" = "501838470"
"a4_77" = "552022317"
"a4_76" = "544853196"
"a4_75" = "537684075"
"a4_74" = "530514954"
"a3_642" = "324456811"
"a3_390" = "2812641775"
"a3_391" = "2786540046"
"a3_392" = "2793594529"
"a3_393" = "2800513728"
"a3_394" = "2841581411"
"a3_395" = "2848623490"
"a3_396" = "2821991461"
"a3_397" = "2829566020"
"a3_398" = "2870043879"
"a3_399" = "2877036806"
"a1_529" = "2927704877"
"a1_625" = "636247708"
"a1_622" = "3579458944"
"a1_623" = "3022899802"
"a1_620" = "603136574"
"a1_621" = "469799642"
"a3_643" = "331380106"

[HKCU\Software\Aas\695404737]
"7169121" = "217"

[HKCU\Software\Aas]
"a3_958" = "2556348631"
"a3_959" = "2563272054"
"a1_528" = "3809664841"
"a2_588" = "4215443554"
"a3_950" = "2498827743"
"a3_951" = "2539425406"
"a3_956" = "2575413269"
"a3_957" = "2582860980"
"a3_954" = "2527820627"
"a2_589" = "4222611079"
"a1_976" = "33844850"
"a1_977" = "3028169557"
"a1_974" = "151916680"
"a1_975" = "1986966493"
"a1_972" = "1076194950"
"a1_973" = "412743697"
"a1_970" = "935653671"
"a3_827" = "1616916338"
"a1_770" = "1595785883"
"a1_978" = "21364683"
"a1_979" = "2715076930"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Aas]
"a4_199" = "1426655079"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Aas]
"a3_504" = "3596547281"
"a2_363" = "2602399164"
"a3_507" = "3651577394"
"a3_506" = "3644525971"
"a3_501" = "3608550396"
"a3_500" = "3568002909"
"a3_503" = "3623047358"
"a3_502" = "3615603743"
"a4_821" = "1590881045"
"a4_698" = "709079162"
"a4_699" = "716248283"
"a4_820" = "1583711924"
"a4_692" = "666064436"
"a4_693" = "673233557"
"a4_690" = "651726194"
"a4_691" = "658895315"
"a4_696" = "694740920"
"a4_697" = "701910041"
"a4_694" = "680402678"
"a4_695" = "687571799"
"a4_822" = "1598050166"
"a3_828" = "1624490901"
"a3_829" = "1664967732"
"a3_826" = "1643547347"
"a4_825" = "1619557529"
"a3_824" = "1628992017"
"a3_825" = "1636505264"
"a3_822" = "1581458783"
"a3_823" = "1588517374"
"a3_820" = "1600580765"
"a3_821" = "1607565628"
"a2_900" = "2157245310"
"a1_746" = "42287853"
"a4_827" = "1633895771"
"a2_901" = "2164413259"
"a3_644" = "305393197"
"a4_826" = "1626726650"
"a2_902" = "2171580898"
"a4_274" = "1964339154"
"a4_275" = "1971508275"
"a4_276" = "1978677396"
"a4_277" = "1985846517"
"a4_270" = "1935662670"
"a4_271" = "1942831791"
"a4_272" = "1950000912"
"a4_273" = "1957170033"
"a2_904" = "2185914808"
"a4_278" = "1993015638"
"a4_279" = "2000184759"
"a2_905" = "2193081529"
"a2_906" = "2200249592"
"a4_478" = "3426839838"
"a4_479" = "3434008959"
"a4_476" = "3412501596"
"a4_477" = "3419670717"
"a4_474" = "3398163354"
"a4_475" = "3405332475"
"a4_472" = "3383825112"
"a4_473" = "3390994233"
"a4_470" = "3369486870"
"a4_471" = "3376655991"
"a4_308" = "2208089268"
"a4_309" = "2215258389"
"a4_300" = "2150736300"
"a4_301" = "2157905421"
"a4_302" = "2165074542"
"a4_303" = "2172243663"
"a4_304" = "2179412784"
"a4_305" = "2186581905"
"a4_306" = "2193751026"
"a4_307" = "2200920147"
"a1_114" = "2358681451"
"a1_115" = "1247075533"
"a1_116" = "2008992654"
"a1_117" = "771463680"
"a1_110" = "1461356155"
"a1_111" = "736623961"
"a1_112" = "1927367197"
"a1_113" = "3393950741"
"a1_824" = "2439985994"
"a1_118" = "715161128"
"a1_119" = "1645696939"
"a4_576" = "4129413696"
"a4_920" = "2300624024"
"a3_732" = "969437045"
"a2_498" = "3570225939"
"a2_499" = "3577393630"
"a2_492" = "3527199041"
"a2_493" = "3534377775"
"a2_490" = "3512875056"
"a2_491" = "3520043099"
"a2_496" = "3555878836"
"a2_497" = "3563044870"
"a2_494" = "3541544473"
"a2_495" = "3548709308"
"a2_816" = "1555027485"
"a2_817" = "1562199964"
"a2_814" = "1540699726"
"a2_815" = "1547863461"
"a2_812" = "1526363535"
"a3_740" = "1026900557"
"a2_810" = "1512017717"
"a2_811" = "1519181906"
"a3_733" = "943391636"
"a4_570" = "4086398970"
"a2_818" = "1569368314"
"a2_819" = "1576550125"
"a1_565" = "537538508"
"a1_564" = "1273152642"
"a1_567" = "49838734"
"a1_566" = "4255690531"
"a1_561" = "2367411288"
"a1_560" = "2015656222"
"a1_563" = "2286200320"
"a1_562" = "4171094823"
"a1_569" = "1896572200"
"a1_568" = "1542929761"
"a1_525" = "810852784"
"a2_678" = "565691338"
"a2_679" = "572859422"
"a2_676" = "551356755"
"a2_677" = "558525141"
"a2_674" = "537025476"
"a2_675" = "544181036"
"a2_672" = "522676366"
"a2_673" = "529858404"
"a2_670" = "508340823"
"a2_671" = "515506518"
"a3_982" = "2728158783"
"a2_258" = "1849635093"
"a2_259" = "1856803658"
"a2_254" = "1820950721"
"a2_255" = "1828120182"
"a2_256" = "1835302803"
"a2_257" = "1842467556"
"a2_250" = "1792283635"
"a2_251" = "1799442129"
"a2_252" = "1806626215"
"a2_253" = "1813784247"
"a1_363" = "117152077"
"a1_362" = "2225372787"
"a1_361" = "1827141020"
"a1_360" = "25643302"
"a1_367" = "4101077328"
"a1_366" = "4071263449"
"a1_365" = "2029057275"
"a1_364" = "2256718172"
"a1_369" = "3495942753"
"a1_368" = "3323347055"
"a3_977" = "2692709400"
"a3_924" = "2346001461"
"a1_38" = "2567780123"
"a1_39" = "658741742"
"a1_30" = "95646725"
"a1_31" = "1751547084"
"a1_32" = "3389671537"
"a1_33" = "1651171147"
"a1_34" = "522335573"
"a1_35" = "3841922303"
"a1_36" = "3252633834"
"a1_37" = "2717754716"
"a1_297" = "808258113"
"a1_296" = "322568467"
"a1_295" = "2009975689"
"a1_294" = "2616355135"
"a1_293" = "995208655"
"a1_292" = "3907880597"
"a1_291" = "2067877147"
"a1_290" = "2510891452"
"a1_299" = "1093024641"
"a1_298" = "4058632900"
"a3_769" = "1234824520"
"a1_600" = "3822446902"
"a2_668" = "494007856"
"a1_601" = "3250048239"
"a3_761" = "1143737968"
"a3_760" = "1170380241"
"a3_763" = "1191790386"
"a4_286" = "2050368606"
"a3_765" = "1206362100"
"a1_602" = "3942618951"
"a3_767" = "1186780342"
"a3_766" = "1179725847"
"a2_108" = "774260427"
"a2_109" = "781426638"
"a4_878" = "1999520942"
"a1_603" = "1419336896"
"a2_100" = "716910351"
"a2_101" = "724075541"
"a2_102" = "731243276"
"a2_103" = "738424051"
"a2_104" = "745593177"
"a2_105" = "752748830"
"a2_106" = "759925727"
"a2_107" = "767093272"
"a3_541" = "3861793492"
"a3_540" = "3887912629"
"a3_543" = "3909387158"
"a3_542" = "3868847991"
"a3_545" = "3923892392"
"a3_544" = "3916833801"
"a3_547" = "3904770410"
"a3_546" = "3897785547"
"a3_549" = "3952815660"
"a3_548" = "3945379213"
"a1_607" = "700798112"
"a1_589" = "2800060736"
"a1_588" = "3042719354"
"a3_169" = "1228156448"
"a3_168" = "1187689857"
"a3_167" = "1180635502"
"a3_166" = "1206680783"
"a3_165" = "1199757484"
"a3_164" = "1192698893"
"a3_163" = "1151697898"
"a3_162" = "1144713035"
"a3_161" = "1171213096"
"a3_160" = "1163777673"
"a1_749" = "2876808083"
"a1_748" = "730277852"
"a2_28" = "200729856"
"a2_29" = "207912466"
"a2_26" = "186388923"
"a2_27" = "193561396"
"a2_24" = "172050997"
"a2_25" = "179229793"
"a2_22" = "157728549"
"a2_23" = "164893462"
"a2_20" = "143379575"
"a2_21" = "150542552"
"a4_68" = "487500228"
"a4_69" = "494669349"
"a4_917" = "2279116661"
"a4_916" = "2271947540"
"a4_911" = "2236101935"
"a4_910" = "2228932814"
"a4_913" = "2250440177"
"a4_912" = "2243271056"
"a4_60" = "430147260"
"a4_61" = "437316381"
"a4_62" = "444485502"
"a4_63" = "451654623"
"a4_64" = "458823744"
"a4_65" = "465992865"
"a4_66" = "473161986"
"a4_67" = "480331107"
"a4_833" = "1676910497"
"a4_959" = "2580219743"
"a2_758" = "1139218321"
"a2_7" = "50176552"
"a2_6" = "43009046"
"a2_5" = "35836982"
"a2_4" = "28675515"
"a2_3" = "21508979"
"a2_2" = "14347027"
"a2_1" = "7161178"
"a2_0" = "6483"
"a1_639" = "1698922084"
"a1_638" = "115812297"
"a3_389" = "2805656908"
"a3_388" = "2765048109"
"a2_9" = "64527733"
"a2_8" = "57345730"
"a4_5" = "35845605"
"a4_4" = "28676484"
"a4_7" = "50183847"
"a4_6" = "43014726"
"a4_1" = "7169121"
"a4_0" = "0"
"a4_3" = "21507363"
"a4_2" = "14338242"
"a4_9" = "64522089"
"a4_8" = "57352968"
"a2_756" = "1124888619"
"a3_949" = "2491838908"
"a3_948" = "2484395293"
"a3_945" = "2462900280"
"a3_944" = "2455850905"
"a3_947" = "2510895354"
"a3_946" = "2503967835"
"a3_941" = "2467992228"
"a3_940" = "2427452933"
"a3_943" = "2482482022"
"a3_942" = "2474915527"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Aas]
"a3_875" = "1961196962"
"a1_532" = "230892381"
"a1_533" = "4121473450"
"a4_845" = "1762939949"
"a2_853" = "1820284582"
"a3_708" = "797636205"
"a4_923" = "2322131387"
"a3_970" = "2675785123"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6A 79 DE 65 18 03 50 D4 EF BF 7C E4 5E 36 75 3B"

[HKCU\Software\Aas]
"a1_968" = "890033653"
"a4_689" = "644557073"
"a4_688" = "637387952"
"a1_951" = "2816173798"
"a4_685" = "615880589"
"a4_684" = "608711468"
"a4_687" = "630218831"
"a4_686" = "623049710"
"a4_681" = "587204105"
"a4_680" = "580034984"
"a4_683" = "601542347"
"a4_682" = "594373226"
"a3_831" = "1645985014"
"a3_830" = "1671960663"
"a3_833" = "1659958664"
"a3_832" = "1652904297"
"a3_835" = "1707934282"
"a1_538" = "690255121"
"a3_837" = "1688886028"
"a3_836" = "1681434349"
"a3_839" = "1736479694"
"a3_838" = "1729494959"
"a1_539" = "4164302709"
"a2_911" = "2236098198"
"a1_957" = "2191387732"
"a4_267" = "1914155307"
"a4_266" = "1906986186"
"a4_265" = "1899817065"
"a4_264" = "1892647944"
"a4_263" = "1885478823"
"a4_262" = "1878309702"
"a4_261" = "1871140581"
"a4_260" = "1863971460"

[HKCU\Software\Aas\695404737]
"43014726" = "0B00687474703A2F2F6572656E6B61726168616E2E636F6D2F696D616765732F6C6F676F2E67696600687474703A2F2F677574656B706C2E7A612E706C2F6C6F676F2E67696600687474703A2F2F7777772E6B61707564616E652E636F6D2F6C6F676F2E67696600687474703A2F2F69676F72666F6D696E2E72752F6C6F676F2E67696600687474703A2F2F6D32636F6D756E69636163696F6E2E636F6D2F696D616765732F6C6F676F2E67696600687474703A2F2F6C65656E61656E7465727072697365732E636F6D2F696D672F6C6F676F2E67696600687474703A2F2F7777772E67657269617472696173696E6F702E636F6D2E62722F696D672F627574746F6E2E67696600687474703A2F2F627269746973686D6F746F72732E69742F6C6F676F2E67696600687474703A2F2F617274726F6F6D2E636F6D2E74722F626C6F672F6C6F676F2E67696600687474703A2F2F67616D6D61636F6E7365696C2E66722F696D616765732F627574746F6E2E67696600687474703A2F2F786578796C69612E636F6D2F6C6F676F2E676966"

[HKCU\Software\Aas]
"a4_269" = "1928493549"
"a4_268" = "1921324428"
"a4_461" = "3304964781"
"a4_460" = "3297795660"
"a4_463" = "3319303023"
"a4_462" = "3312133902"
"a4_465" = "3333641265"
"a4_464" = "3326472144"
"a4_467" = "3347979507"
"a4_466" = "3340810386"
"a4_469" = "3362317749"
"a4_468" = "3355148628"
"a4_897" = "2135734241"
"a4_898" = "2142903362"
"a4_899" = "2150072483"
"a2_560" = "4014706090"
"a4_319" = "2286949599"
"a4_318" = "2279780478"
"a1_840" = "2783435907"
"a4_313" = "2243934873"
"a4_312" = "2236765752"
"a4_311" = "2229596631"
"a4_310" = "2222427510"
"a4_317" = "2272611357"
"a4_316" = "2265442236"
"a4_315" = "2258273115"
"a4_314" = "2251103994"

"a3_130" = "915379051"
"a1_923" = "844361436"
"a3_131" = "922302346"
"a3_132" = "962897965"
"a2_880" = "2013860968"
"a1_107" = "2142421463"
"a1_106" = "1676227260"
"a1_105" = "3312848923"
"a1_104" = "1890942678"
"a1_103" = "4030263324"
"a1_102" = "3348342752"
"a1_101" = "2194006544"
"a1_100" = "3572648363"
"a3_134" = "943841519"
"a1_109" = "1191691544"
"a1_62" = "381896016"
"a1_61" = "1232580902"
"a3_137" = "998890944"
"a2_883" = "2035361636"
"a3_686" = "606179783"
"a2_489" = "3505694698"
"a2_488" = "3498526392"
"a3_687" = "613616230"
"a2_485" = "3477024826"
"a2_484" = "3469859585"
"a2_487" = "3491359056"
"a2_486" = "3484191155"
"a2_481" = "3448341345"
"a2_480" = "3441168426"
"a2_483" = "3462691926"
"a2_482" = "3455510869"
"a3_974" = "2704311079"
"a3_685" = "632749476"
"a3_975" = "2711758662"
"a2_882" = "2028205985"
"a3_976" = "2685262841"
"a2_809" = "1504848201"
"a2_808" = "1497680753"
"a4_721" = "873968945"
"a3_680" = "596757377"
"a2_801" = "1447497252"
"a2_800" = "1440329919"
"a2_803" = "1461831070"
"a3_681" = "570649632"
"a2_805" = "1476180947"
"a2_804" = "1469011811"
"a2_807" = "1490516695"
"a2_806" = "1483347099"
"a3_145" = "1022800088"
"a3_972" = "2656717413"
"a3_144" = "1015749817"
"a2_885" = "2049709138"
"a3_973" = "2663771780"
"a3_147" = "1070844314"
"a2_661" = "443813365"
"a2_660" = "436654748"
"a2_663" = "458157340"
"a3_146" = "1063277947"
"a2_665" = "472490702"
"a2_664" = "465325525"
"a2_667" = "486841964"
"a2_666" = "479672842"
"a2_669" = "501172325"
"a3_141" = "1027810116"
"a3_140" = "986812197"
"a2_881" = "2021027079"
"a3_143" = "1008236550"
"a2_249" = "1785117705"
"a2_248" = "1777937151"
"a2_247" = "1770781789"
"a2_246" = "1763598976"
"a2_245" = "1756433666"
"a2_244" = "1749257729"
"a2_243" = "1742106073"
"a2_242" = "1734933951"
"a2_241" = "1727750535"
"a2_240" = "1720584089"
"a1_356" = "250762175"
"a1_357" = "420636958"
"a1_354" = "908731148"
"a1_355" = "2575527481"
"a1_352" = "1366391087"
"a1_353" = "4248563485"
"a1_350" = "2049679008"
"a1_351" = "146252878"
"a2_855" = "1834622170"
"a3_639" = "269411382"
"a1_358" = "3539500011"
"a1_359" = "1975369147"
"a3_638" = "295912343"
"a2_887" = "2064044615"
"a2_886" = "2056879282"
"a3_795" = "1387647762"
"a3_718" = "869065255"
"a3_719" = "843023942"
"a3_714" = "807050403"
"a3_715" = "813969602"
"a3_716" = "821548389"
"a3_717" = "862013828"
"a3_710" = "778506031"
"a3_711" = "785556302"
"a3_712" = "826034145"
"a3_713" = "833615872"
"a2_820" = "1583716537"
"a2_119" = "853131184"
"a2_118" = "845961547"
"a4_869" = "1934998853"
"a4_868" = "1927829732"
"a2_113" = "810112969"
"a2_112" = "802947066"
"a2_111" = "795780612"
"a2_110" = "788609724"
"a2_117" = "838792494"
"a2_116" = "831612145"
"a2_115" = "824446260"
"a2_114" = "817276575"
"a3_534" = "3844868223"
"a3_535" = "3852446878"
"a3_536" = "3825811761"
"a3_537" = "3832866128"
"a3_530" = "3816471291"
"a3_531" = "3823394586"
"a3_532" = "3797414845"
"a3_533" = "3804403676"
"a3_538" = "3840383475"
"a3_539" = "3880858130"
"a2_813" = "1533533193"
"a3_152" = "1106310065"
"a3_153" = "1080268752"
"a3_150" = "1092336383"
"a3_151" = "1099259678"
"a3_156" = "1135231285"
"a3_157" = "1108731220"
"a3_154" = "1087178867"
"a3_155" = "1127787666"
"a3_628" = "223959005"
"a3_629" = "231000188"
"a3_158" = "1115724279"
"a3_159" = "1123168790"
"a2_59" = "422969620"
"a2_58" = "415804377"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014091520140916]
"CacheRepair" = "0"

[HKCU\Software\Aas]
"a2_53" = "379969478"
"a2_52" = "372785305"
"a2_51" = "365619690"
"a2_50" = "358450431"
"a2_57" = "408634703"
"a2_56" = "401463227"
"a2_55" = "394310650"
"a2_54" = "387135913"
"a4_842" = "1741432586"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKCU\Software\Aas]
"a4_55" = "394301655"
"a4_54" = "387132534"
"a4_57" = "408639897"
"a4_56" = "401470776"
"a4_51" = "365625171"
"a4_50" = "358456050"
"a4_53" = "379963413"
"a4_52" = "372794292"
"a3_440" = "3171413137"
"a3_441" = "3178398000"
"a3_442" = "3185321299"
"a3_443" = "3159349746"
"a4_59" = "422978139"
"a4_58" = "415809018"
"a3_446" = "3214379735"
"a3_447" = "3187748726"
"a1_644" = "659091539"
"a1_645" = "3152221406"
"a1_646" = "517090197"
"a1_647" = "3813387625"
"a1_640" = "2767748261"
"a1_641" = "3395487660"
"a1_642" = "2987239699"
"a1_643" = "2979058066"
"a1_648" = "1155269427"
"a1_649" = "2149975971"

[HKCU\Software\Aas\695404737]
"21507363" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Aas]
"a2_953" = "2537206894"
"a3_459" = "3307312066"
"a3_458" = "3266772899"
"a4_784" = "1325623568"
"a4_785" = "1332792689"
"a4_786" = "1339961810"
"a4_787" = "1347130931"
"a4_780" = "1296947084"
"a4_781" = "1304116205"
"a4_782" = "1311285326"
"a4_783" = "1318454447"
"a1_828" = "3111740734"
"a1_829" = "4282729632"
"a4_788" = "1354300052"
"a3_451" = "3249847498"
"a4_670" = "508343774"
"a4_671" = "515512895"
"a4_672" = "522682016"
"a3_450" = "3242793131"
"a4_674" = "537020258"
"a4_675" = "544189379"
"a4_676" = "551358500"
"a4_677" = "558527621"
"a4_678" = "565696742"
"a1_604" = "523967330"
"a1_916" = "1182329711"
"a1_917" = "35170092"
"a1_910" = "450633842"
"a1_911" = "3144343035"
"a1_912" = "2435808516"
"a1_913" = "4118981548"
"a3_844" = "1772455397"
"a3_845" = "1746353668"
"a3_846" = "1753404071"
"a3_847" = "1760327366"
"a3_840" = "1743926369"
"a3_841" = "1717414016"
"a3_842" = "1724861731"
"a3_843" = "1765466434"
"a3_848" = "1801448313"
"a3_849" = "1808437144"
"a3_702" = "721038295"
"a4_874" = "1970844458"
"a1_654" = "2323470994"
"a4_961" = "2594557985"
"a4_414" = "2968016094"
"a4_415" = "2975185215"
"a4_416" = "2982354336"
"a4_417" = "2989523457"
"a4_410" = "2939339610"
"a4_411" = "2946508731"
"a4_412" = "2953677852"
"a4_413" = "2960846973"
"a4_418" = "2996692578"
"a4_419" = "3003861699"
"a3_806" = "1500078927"
"a3_807" = "1507067886"
"a1_138" = "2296022548"
"a1_139" = "3918401422"
"a3_907" = "2190592386"
"a1_132" = "2121832638"
"a1_133" = "2018573656"
"a1_130" = "4287173621"
"a1_131" = "3646932073"
"a1_136" = "4157372838"
"a1_137" = "54167743"
"a1_134" = "2434442728"
"a1_135" = "1838029082"
"a3_768" = "1227770153"
"a4_328" = "2351471688"
"a4_329" = "2358640809"
"a4_326" = "2337133446"
"a4_327" = "2344302567"
"a4_324" = "2322795204"
"a4_325" = "2329964325"
"a4_322" = "2308456962"
"a4_323" = "2315626083"
"a4_320" = "2294118720"
"a4_321" = "2301287841"
"a4_528" = "3785295888"
"a4_529" = "3792465009"
"a4_258" = "1849633218"
"a4_259" = "1856802339"
"a4_252" = "1806618492"
"a4_253" = "1813787613"
"a4_250" = "1792280250"
"a4_251" = "1799449371"
"a4_256" = "1835294976"
"a4_257" = "1842464097"
"a4_254" = "1820956734"
"a4_255" = "1828125855"
"a3_909" = "2238580292"
"a2_470" = "3369488440"
"a2_471" = "3376657800"
"a2_472" = "3383821631"
"a2_473" = "3390989310"
"a2_474" = "3398157927"
"a2_475" = "3405326468"
"a2_476" = "3412507148"
"a2_477" = "3419676119"
"a2_478" = "3426843633"
"a2_479" = "3434007450"
"a4_880" = "2013859184"
"a3_908" = "2231591461"
"a1_797" = "464965187"
"a2_878" = "1999527310"
"a2_879" = "2006695656"
"a2_874" = "1970842162"
"a2_875" = "1978021209"
"a2_876" = "1985177195"
"a2_877" = "1992357943"
"a2_870" = "1942159991"
"a2_871" = "1949343480"
"a2_872" = "1956511651"
"a2_873" = "1963683720"
"a1_349" = "3758178931"
"a1_348" = "2554486405"
"a2_586" = "4201110533"
"a2_587" = "4208276084"
"a2_580" = "4158081939"
"a2_581" = "4165259106"
"a2_582" = "4172423660"
"a2_583" = "4179606326"
"a1_341" = "2086855494"
"a1_340" = "843872653"
"a1_343" = "2697111342"
"a1_342" = "2289860536"
"a1_345" = "3063315076"
"a1_344" = "1232238083"
"a1_347" = "2597578272"
"a1_346" = "1150814533"
"a2_614" = "106880545"
"a2_615" = "114048952"
"a2_616" = "121214427"
"a2_617" = "128381892"
"a2_610" = "78198395"
"a2_611" = "85362695"
"a2_612" = "92531843"
"a2_613" = "99696642"
"a2_618" = "135547349"
"a2_619" = "142712859"
"a2_272" = "1949992080"
"a2_273" = "1957171604"
"a2_270" = "1935657026"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"UpdatesDisableNotify" = "1"

[HKCU\Software\Aas]
"a2_276" = "1978674527"
"a2_277" = "1985840918"
"a2_274" = "1964339769"
"a2_275" = "1971505280"
"a2_908" = "2214597802"
"a2_909" = "2221766158"
"a2_278" = "1993057239"
"a2_279" = "2000190400"
"a1_842" = "1634218767"
"a2_298" = "2136392335"
"a2_299" = "2143559075"
"a1_841" = "2547618788"
"a2_290" = "2079043203"
"a2_291" = "2086208356"
"a2_292" = "2093377769"
"a2_293" = "2100557218"
"a2_294" = "2107726134"
"a2_295" = "2114892733"
"a2_296" = "2122058227"
"a2_297" = "2129226468"
"a2_728" = "924144108"
"a2_729" = "931316383"
"a2_720" = "866797803"
"a2_721" = "873967310"
"a2_722" = "881132509"
"a2_723" = "888299537"
"a2_724" = "895468255"
"a2_725" = "902651269"
"a2_726" = "909819209"
"a2_727" = "916991716"
"a1_594" = "1784588204"
"a4_450" = "3226104450"
"a3_791" = "1392659870"
"a3_709" = "804547212"
"a4_451" = "3233273571"
"a3_707" = "790584778"
"a3_706" = "749582763"
"a3_705" = "742524168"
"a3_704" = "769089769"
"a3_703" = "761646198"
"a4_452" = "3240442692"
"a3_701" = "713602996"
"a3_700" = "706548501"
"a4_890" = "2085550394"
"a4_891" = "2092719515"
"a4_892" = "2099888636"
"a4_453" = "3247611813"
"a4_894" = "2114226878"
"a4_895" = "2121395999"
"a2_128" = "917645185"
"a2_129" = "924814695"
"a2_126" = "903314444"
"a2_127" = "910481325"
"a2_124" = "888963883"
"a2_125" = "896146701"
"a2_122" = "874629691"
"a2_123" = "881793740"
"a2_120" = "860297932"
"a2_121" = "867462259"
"a3_35" = "267899754"
"a3_526" = "3787937127"
"a3_525" = "3780489412"
"a3_524" = "3739884709"
"a3_523" = "3732895746"
"a4_456" = "3269119176"
"a3_521" = "3751945024"
"a3_520" = "3744501537"
"a2_824" = "1612383982"
"a4_457" = "3276288297"
"a3_529" = "3809412696"
"a3_528" = "3768345145"
"a1_12" = "2367829575"
"a1_13" = "1742888275"
"a1_10" = "1045746602"
"a1_11" = "2248124487"
"a1_16" = "1948295"
"a1_17" = "3230785291"
"a1_14" = "4228476659"
"a1_15" = "2344135185"
"a1_18" = "1035401"
"a1_19" = "2433039998"
"a3_149" = "1051199068"
"a3_148" = "1044210237"
"a2_896" = "2128563127"
"a2_48" = "344116656"
"a2_49" = "351283202"
"a1_846" = "3336911761"
"a2_40" = "286766553"
"a2_41" = "293931573"
"a2_42" = "301094795"
"a2_43" = "308281190"
"a2_44" = "315448654"
"a2_45" = "322616940"
"a2_46" = "329783265"
"a2_47" = "336949364"
"a2_897" = "2135725104"
"a4_42" = "301103082"
"a4_43" = "308272203"
"a4_40" = "286764840"
"a4_41" = "293933961"
"a4_46" = "329779566"
"a4_47" = "336948687"
"a4_44" = "315441324"
"a4_45" = "322610445"
"a3_453" = "3230791052"
"a3_452" = "3223736685"
"a4_48" = "344117808"
"a4_49" = "351286929"
"a3_457" = "3259718400"
"a3_456" = "3285821153"
"a3_455" = "3278766670"
"a3_454" = "3271781935"
"a1_657" = "691188927"
"a1_656" = "1887835737"
"a1_655" = "1224847007"
"a1_632" = "4254636369"
"a1_653" = "1800426496"
"a1_652" = "3653254483"
"a1_651" = "1746889087"
"a1_650" = "3897339266"
"a3_796" = "1428649909"
"a1_659" = "3994854456"
"a1_658" = "1861306084"
"a3_797" = "1435691988"
"a3_18" = "112354555"
"a3_19" = "152901914"
"a3_14" = "83367783"
"a3_15" = "124488582"
"a3_16" = "131411001"
"a3_17" = "104906840"
"a3_10" = "88506851"
"a3_11" = "95435266"
"a3_12" = "69459621"
"a3_13" = "76378820"
"a3_240" = "1737322713"
"a4_886" = "2056873910"
"a3_793" = "1406704208"
"a3_809" = "1488018592"
"a3_798" = "1442679927"
"a3_799" = "1416568982"
"a3_248" = "1761236945"
"a2_172" = "1233087144"
"a4_797" = "1418822141"
"a4_796" = "1411653020"
"a4_795" = "1404483899"
"a4_794" = "1397314778"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Aas]
"a4_792" = "1382976536"
"a4_791" = "1375807415"
"a4_790" = "1368638294"
"a1_839" = "3273766328"
"a1_838" = "2755555164"
"a4_799" = "1433160383"
"a4_798" = "1425991262"
"a4_663" = "458159927"
"a4_662" = "450990806"
"a4_661" = "443821685"
"a4_660" = "436652564"
"a4_667" = "486836411"
"a4_666" = "479667290"
"a4_665" = "472498169"
"a4_664" = "465329048"
"a1_907" = "1533949174"
"a1_906" = "4174202724"
"a4_669" = "501174653"
"a4_668" = "494005532"
"a1_903" = "1158686905"
"a1_902" = "83910980"
"a1_901" = "711104684"
"a1_900" = "250984115"
"a3_857" = "1865835152"
"a3_856" = "1824837233"
"a3_855" = "1817794014"
"a3_854" = "1844425151"
"a3_853" = "1836850460"
"a3_852" = "1829861629"
"a3_851" = "1789379674"
"a3_850" = "1781801019"
"a1_635" = "1193005573"
"a4_949" = "2508528533"
"a3_859" = "1846328146"
"a3_858" = "1872824115"
"a1_734" = "36853059"
"a2_644" = "321951808"
"a4_976" = "2702094800"
"a4_454" = "3254780934"
"a1_524" = "2869274437"
"a4_407" = "2917832247"
"a4_406" = "2910663126"
"a4_405" = "2903494005"
"a4_404" = "2896324884"
"a4_403" = "2889155763"
"a4_402" = "2881986642"
"a4_401" = "2874817521"
"a4_400" = "2867648400"
"a1_825" = "2743030208"
"a1_879" = "4132934545"
"a3_640" = "276404393"
"a4_409" = "2932170489"
"a4_408" = "2925001368"
"a3_641" = "283851976"
"a3_646" = "352855791"
"a3_647" = "360438542"
"a4_789" = "1361469173"
"a1_129" = "152038362"
"a1_128" = "2914587450"
"a1_125" = "153967328"
"a1_124" = "1156009269"
"a1_127" = "1048999283"
"a1_126" = "385503612"
"a1_121" = "1951210903"
"a1_120" = "2274506726"
"a1_123" = "997114921"
"a1_122" = "917876335"
"a4_331" = "2372979051"
"a4_330" = "2365809930"
"a4_333" = "2387317293"
"a4_332" = "2380148172"
"a4_335" = "2401655535"
"a4_334" = "2394486414"
"a4_337" = "2415993777"
"a4_336" = "2408824656"
"a4_339" = "2430332019"
"a4_338" = "2423162898"
"a1_833" = "383922147"
"a4_539" = "3864156219"
"a4_538" = "3856987098"
"a4_249" = "1785111129"
"a4_248" = "1777942008"
"a1_832" = "1689039641"
"a4_245" = "1756434645"
"a4_244" = "1749265524"
"a4_247" = "1770772887"
"a4_246" = "1763603766"
"a4_241" = "1727758161"
"a4_240" = "1720589040"
"a4_243" = "1742096403"
"a4_242" = "1734927282"
"a1_830" = "3398027568"
"a4_793" = "1390145657"
"a1_836" = "3376803229"
"a1_835" = "3466572344"
"a1_754" = "2305021708"
"a1_834" = "3115934796"
"a1_634" = "1425519971"
"a2_463" = "3319308020"
"a2_462" = "3312136345"
"a2_461" = "3304971126"
"a2_460" = "3297790379"
"a2_467" = "3347972645"
"a2_466" = "3340805045"
"a2_465" = "3333636934"
"a2_464" = "3326473407"
"a2_469" = "3362323120"
"a2_468" = "3355156423"
"a1_934" = "3333929896"
"a4_802" = "1454667746"
"a4_872" = "1956506216"
"a2_869" = "1934986544"
"a2_868" = "1927823812"
"a2_867" = "1920655985"
"a2_866" = "1913488949"
"a2_865" = "1906324973"
"a2_864" = "1899161326"
"a2_863" = "1891991172"
"a1_791" = "3151905761"
"a2_861" = "1877643095"
"a2_860" = "1870471707"
"a2_597" = "4279960511"
"a2_596" = "4272793846"
"a2_595" = "4265630512"
"a2_594" = "4258460401"
"a1_338" = "1316468300"
"a1_339" = "2132724266"
"a2_591" = "4236944054"
"a2_590" = "4229778952"
"a1_334" = "1854509779"
"a1_335" = "249077073"
"a1_336" = "2818671390"
"a1_337" = "2894278062"
"a1_330" = "588188775"
"a1_331" = "4167150909"
"a1_332" = "4025161733"
"a1_333" = "1135666947"
"a2_607" = "56695250"
"a2_606" = "49515057"
"a3_30" = "231909751"
"a2_604" = "35179575"
"a1_64" = "1122843265"
"a2_602" = "20847561"
"a2_601" = "13666178"
"a2_600" = "6514322"
"a4_875" = "1978013579"
"a2_609" = "71032050"
"a2_608" = "63860963"
"a2_265" = "1899820478"
"a2_264" = "1892654376"
"a2_267" = "1914152456"
"a2_266" = "1906987319"
"a2_261" = "1871148340"
"a2_260" = "1863970202"
"a2_263" = "1885472324"
"a2_262" = "1878302348"
"a2_919" = "2293450456"
"a1_908" = "895712081"
"a2_269" = "1928489830"
"a2_268" = "1921322071"
"a1_905" = "938682965"
"a2_884" = "2042528275"
"a1_482" = "1389686973"
"a1_483" = "1993382589"
"a2_289" = "2071884430"
"a2_288" = "2064709199"
"a1_486" = "2501591954"
"a1_487" = "3666787385"
"a1_484" = "1697003441"
"a1_485" = "747138846"
"a2_283" = "2028859133"
"a2_282" = "2021690380"
"a2_281" = "2014514622"
"a2_280" = "2007357323"
"a2_287" = "2057539716"
"a2_286" = "2050375676"
"a2_285" = "2043192934"
"a2_284" = "2036038365"
"a2_739" = "1003018299"
"a2_738" = "995836533"
"a3_522" = "3725445091"
"a2_733" = "960000094"
"a2_732" = "952832699"
"a2_731" = "945667475"
"a2_730" = "938483748"
"a2_737" = "988671590"
"a2_736" = "981502189"
"a2_735" = "974335090"
"a2_734" = "967168889"
"a4_446" = "3197427966"
"a1_637" = "1512569603"
"a3_912" = "2226582457"
"a1_240" = "1402431167"
"a1_241" = "3432842879"
"a1_242" = "1094223260"
"a1_243" = "3794322998"
"a1_244" = "4206425278"
"a1_245" = "3938543723"
"a1_246" = "549784845"
"a1_247" = "1730608452"
"a1_248" = "3663095493"
"a1_249" = "2230742747"
"a3_738" = "978859403"
"a3_739" = "986426922"
"a4_445" = "3190258845"
"a2_131" = "939149247"
"a2_130" = "931977481"
"a2_133" = "953499496"
"a2_132" = "946332230"
"a2_135" = "967831553"
"a2_134" = "960665677"
"a2_137" = "982166556"
"a2_136" = "974997993"
"a2_139" = "996513072"
"a2_138" = "989332039"
"a4_889" = "2078381273"
"a4_888" = "2071212152"
"a2_79" = "566357027"
"a2_78" = "559189905"
"a3_916" = "2254979389"
"a3_288" = "2048100105"
"a3_289" = "2055027624"
"a3_184" = "1336102801"
"a3_917" = "2262558044"
"a3_282" = "2038692083"
"a3_283" = "2045680914"
"a3_280" = "1990631473"
"a3_281" = "2031109200"
"a3_286" = "2067091063"
"a3_287" = "2074141334"
"a3_284" = "2019045813"
"a3_285" = "2026624468"
"a3_606" = "66123703"
"a3_607" = "40004566"
"a3_604" = "52150005"
"a3_605" = "59069204"
"a3_602" = "4023859"
"a3_603" = "11016786"
"a3_600" = "23079281"
"a3_601" = "30657936"
"a4_700" = "723417404"
"a3_608" = "46992457"
"a3_609" = "87597288"
"a1_796" = "1942973377"
"a1_583" = "3260371491"
"a1_794" = "1317185613"
"a1_795" = "2448133221"
"a1_792" = "3921862575"
"a1_793" = "442046893"
"a1_790" = "1172279049"
"a1_582" = "1970676540"
"a3_635" = "240424626"
"a3_911" = "2219532038"
"a1_581" = "3479254246"
"a1_798" = "263297553"
"a1_799" = "1282523878"
"a1_580" = "3340641947"
"a3_198" = "1436076335"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = "0"

[HKCU\Software\Aas]
"a3_196" = "1388556397"
"a3_197" = "1429034124"
"a3_194" = "1407548331"
"a3_195" = "1380982730"
"a3_192" = "1393042153"
"a3_193" = "1400620808"
"a3_190" = "1345525207"
"a3_191" = "1352568438"
"a2_981" = "2737944666"
"a1_585" = "2466652412"
"a3_468" = "3338201981"
"a3_469" = "3379269532"
"a3_466" = "3324236475"
"a3_467" = "3331159770"
"a3_464" = "3343287801"
"a3_465" = "3350216216"
"a3_462" = "3295169831"
"a3_463" = "3302744390"
"a3_460" = "3314758757"
"a3_461" = "3321800836"
"a1_468" = "3457802530"
"a1_469" = "3532404486"
"a3_518" = "3696916079"
"a3_519" = "3703958158"
"a1_460" = "3697605570"
"a1_461" = "3933378033"
"a1_462" = "3010174909"
"a1_463" = "307173796"
"a1_464" = "1227910302"
"a1_465" = "4123726314"
"a1_466" = "2447930796"
"a1_467" = "348729639"
"a3_29" = "224867540"
"a3_28" = "183865525"
"a1_668" = "933460586"
"a1_669" = "3772417729"
"a3_21" = "167399900"
"a3_20" = "159956413"
"a3_23" = "148336286"
"a3_22" = "140888703"
"a3_25" = "195929936"
"a3_24" = "188875569"
"a3_27" = "176880658"
"a3_26" = "169827315"
"a2_830" = "1655401518"
"a3_499" = "3560555322"
"a2_831" = "1662570244"
"a3_498" = "3587059355"
"a2_832" = "1669737552"
"a3_497" = "3579611768"
"a2_833" = "1676917780"
"a3_496" = "3539014105"
"a2_834" = "1684083048"
"a3_495" = "3532029350"
"a2_835" = "1691252072"
"a4_955" = "2551543259"
"a3_494" = "3524581639"
"a2_836" = "1698421574"
"a3_493" = "3551077604"
"a2_837" = "1705586284"
"a3_492" = "3544154181"
"a3_491" = "3503090722"
"a1_837" = "428026265"
"a3_527" = "3761424774"
"a3_490" = "3496037251"
"a3_775" = "1244236686"
"a4_915" = "2264778419"
"a3_868" = "1944793805"
"a3_869" = "1918293868"
"a4_914" = "2257609298"
"a3_862" = "1901368503"
"a3_863" = "1908803798"
"a3_860" = "1853775861"
"a3_861" = "1860825108"
"a3_866" = "1930361355"
"a3_867" = "1937350314"
"a3_864" = "1882303817"
"a3_865" = "1889747432"
"a1_806" = "1995492875"
"a1_807" = "3457109150"
"a1_804" = "1398149907"
"a1_805" = "723340659"
"a1_802" = "2180390580"
"a1_803" = "2301577498"
"a1_800" = "4125314709"

"a1_808" = "3685875569"
"a1_809" = "3212555248"
"a4_656" = "407976080"
"a4_657" = "415145201"
"a4_654" = "393637838"
"a4_655" = "400806959"
"a4_652" = "379299596"
"a4_653" = "386468717"
"a4_650" = "364961354"
"a4_651" = "372130475"
"a1_938" = "2188653124"
"a1_939" = "282501988"
"a4_658" = "422314322"
"a4_659" = "429483443"
"a3_773" = "1263760076"
"a4_849" = "1791616433"
"a4_919" = "2293454903"
"a4_918" = "2286285782"
"a2_656" = "407969831"
"a1_875" = "1470385475"
"a4_925" = "2336469629"
"a3_762" = "1151312531"
"a1_684" = "1631603569"

"a4_438" = "3140074998"
"a4_439" = "3147244119"
"a1_874" = "1102780839"
"a4_432" = "3097060272"
"a4_433" = "3104229393"
"a4_430" = "3082722030"
"a4_431" = "3089891151"
"a4_436" = "3125736756"
"a4_437" = "3132905877"
"a4_434" = "3111398514"
"a4_435" = "3118567635"
"a3_928" = "2374546825"
"a4_344" = "2466177624"
"a4_345" = "2473346745"
"a4_346" = "2480515866"
"a4_347" = "2487684987"
"a4_340" = "2437501140"
"a4_341" = "2444670261"
"a4_342" = "2451839382"
"a4_343" = "2459008503"
"a3_764" = "1198848853"
"a4_348" = "2494854108"
"a4_349" = "2502023229"
"a4_508" = "3641913468"
"a4_509" = "3649082589"
"a4_506" = "3627575226"
"a4_507" = "3634744347"
"a4_504" = "3613236984"
"a4_505" = "3620406105"
"a4_502" = "3598898742"
"a4_503" = "3606067863"
"a4_500" = "3584560500"
"a4_501" = "3591729621"
"a3_383" = "2729068342"
"a3_382" = "2721620631"
"a4_882" = "2028197426"
"a3_381" = "2748124788"
"a2_456" = "3269120179"
"a2_457" = "3276280324"
"a2_454" = "3254786147"
"a3_380" = "2741212629"
"a2_452" = "3240437065"
"a2_453" = "3247605383"
"a2_450" = "3226102597"
"a2_451" = "3233271180"
"a3_387" = "2757612682"
"a3_633" = "259938800"
"a2_458" = "3283464605"
"a3_386" = "2784112747"
"a3_385" = "2776670152"
"a4_881" = "2021028305"
"a3_384" = "2769681321"
"a1_735" = "525649699"
"a2_852" = "1813122265"
"a1_730" = "2982642212"
"a2_850" = "1798787277"
"a2_851" = "1805957094"
"a2_856" = "1841806694"
"a2_857" = "1848973030"
"a2_854" = "1827459016"
"a1_731" = "507374155"
"a3_632" = "252486993"
"a2_858" = "1856140487"
"a2_859" = "1863316489"
"a1_732" = "3716682257"
"a2_714" = "823781945"
"a1_733" = "552492515"
"a1_329" = "3597048311"
"a1_328" = "3566407507"
"a1_327" = "3287703473"
"a1_326" = "2907653428"
"a1_325" = "175319869"
"a1_324" = "525794026"
"a1_323" = "2735525937"
"a1_322" = "130746460"
"a1_321" = "956372511"
"a1_320" = "108244105"
"a2_650" = "364968582"
"a1_436" = "2889715043"
"a1_736" = "477916713"
"a3_631" = "211878206"
"a1_737" = "3617407209"
"a2_652" = "379257823"
"a3_923" = "2339079058"
"a2_926" = "2343633682"
"a2_927" = "2350799710"
"a2_924" = "2329308211"
"a2_653" = "386476586"
"a4_887" = "2064043031"
"a2_923" = "2322134033"
"a2_920" = "2300617601"
"a2_921" = "2307797524"
"a2_654" = "393638133"
"a2_928" = "2357985217"
"a2_655" = "400804928"
"a3_630" = "204893343"
"a2_657" = "415139667"
"a3_922" = "2298015603"
"a1_495" = "1105747519"
"a1_494" = "318960739"
"a1_497" = "3680467215"
"a1_496" = "2406892608"
"a1_491" = "3725974449"
"a1_490" = "696637795"
"a1_493" = "2966729331"
"a1_492" = "585886935"
"a1_499" = "3986502608"
"a1_498" = "438939916"
"a3_637" = "288468852"
"a2_708" = "780764847"
"a2_709" = "787945883"
"a2_706" = "766430674"
"a2_707" = "773592270"
"a2_704" = "752096945"
"a2_705" = "759264955"
"a2_702" = "737760913"
"a2_703" = "744931224"
"a2_700" = "723411657"
"a2_701" = "730582986"
"a4_885" = "2049704789"
"a2_638" = "278936953"
"a2_639" = "286109400"
"a3_808" = "1481095169"
"a2_632" = "235918944"
"a2_633" = "243078675"
"a2_630" = "221583547"
"a2_631" = "228752436"
"a2_636" = "264600717"
"a2_637" = "271767864"
"a2_634" = "250253227"
"a2_635" = "257418660"
"a1_253" = "3011258721"
"a1_252" = "171851724"
"a1_251" = "2215471946"
"a1_250" = "4059921647"
"a1_257" = "2033029075"
"a1_256" = "3246456242"
"a1_255" = "346835233"
"a1_254" = "3402770033"
"a3_920" = "2284050097"
"a1_259" = "1054237073"
"a1_258" = "567584487"
"a3_729" = "914469392"
"a3_728" = "907418097"
"a4_884" = "2042535668"
"a2_144" = "1032350423"
"a2_145" = "1039515971"
"a2_146" = "1046684945"
"a2_147" = "1053866415"
"a2_140" = "1003680491"
"a2_141" = "1010851434"
"a2_142" = "1018017204"
"a2_143" = "1025182293"
"a1_781" = "1232351683"
"a1_780" = "3041747000"
"a2_68" = "487502104"
"a2_69" = "494670791"
"a2_148" = "1061036019"
"a2_149" = "1068191298"
"a1_787" = "4272024598"
"a4_455" = "3261950055"
"a3_299" = "2126993250"
"a3_298" = "2119545539"
"a3_295" = "2131608046"
"a3_294" = "2091003215"
"a3_297" = "2146049696"
"a3_296" = "2139060737"
"a3_291" = "2103079018"
"a3_290" = "2062081995"
"a3_293" = "2083555628"
"a3_292" = "2110067853"
"a1_904" = "2114167873"
"a3_634" = "266990099"
"a3_619" = "159571106"
"a3_618" = "152516611"
"a3_611" = "68549034"
"a3_610" = "95044875"
"a3_613" = "82982508"
"a3_612" = "75537869"
"a3_615" = "131026734"
"a3_614" = "123579023"
"a3_617" = "111511520"
"a3_616" = "104522561"
"a3_181" = "1280611004"
"a3_180" = "1307180573"
"a3_34" = "260325067"
"a3_182" = "1288058591"
"a3_185" = "1309597744"
"a3_33" = "253401768"
"a3_187" = "1324038386"
"a3_186" = "1316586579"
"a3_189" = "1371566516"
"a3_188" = "1364647189"
"a3_38" = "289377359"
"a3_39" = "296296686"
"a3_471" = "3359687774"
"a3_470" = "3386187839"
"a3_473" = "3407682832"
"a3_472" = "3367139569"
"a3_475" = "3422180818"
"a3_474" = "3414733235"
"a3_477" = "3403113108"
"a4_282" = "2021692122"
"a3_479" = "3450714966"
"a3_478" = "3443656503"
"a1_479" = "2804595649"
"a1_478" = "1894959175"
"a3_509" = "3632529140"
"a3_508" = "3624950357"
"a1_473" = "2387773611"
"a1_472" = "1103246438"
"a1_471" = "2379117898"
"a1_470" = "3938420648"
"a1_477" = "816165282"
"a1_476" = "1528691430"
"a1_475" = "2321673444"
"a1_474" = "2836606918"
"a4_533" = "3821141493"
"a1_679" = "1377344607"
"a1_678" = "1703694772"
"a4_532" = "3813972372"
"a1_675" = "1308466583"
"a1_674" = "3623284541"
"a1_677" = "1819489224"
"a1_676" = "893662589"
"a1_671" = "3267842959"
"a4_531" = "3806803251"
"a1_673" = "797282648"
"a1_672" = "2744916182"

[HKLM\SOFTWARE\Microsoft\Security Center]
"UacDisableNotify" = "1"

[HKCU\Software\Aas]
"a4_530" = "3799634130"
"a4_537" = "3849817977"
"a4_536" = "3842648856"
"a1_868" = "2799929950"
"a4_535" = "3835479735"
"a3_981" = "2721238428"
"a3_980" = "2747738493"
"a3_983" = "2769230430"
"a4_534" = "3828310614"
"a3_984" = "2776284913"
"a2_151" = "1082534276"
"a2_150" = "1075367481"
"a1_869" = "3776186774"
"a2_271" = "1942838536"
"a3_879" = "1989722918"
"a3_878" = "1982672519"
"a1_823" = "2479838962"
"a3_874" = "1954273539"
"a3_877" = "2009303652"
"a3_876" = "2001736133"
"a3_871" = "1966337070"
"a3_870" = "1925204879"
"a3_873" = "1946690784"
"a3_872" = "1973321793"
"a2_159" = "1139884579"
"a4_758" = "1139226422"
"a2_158" = "1132719733"
"a1_925" = "2760549574"
"a1_924" = "1260824136"
"a1_927" = "577685344"
"a1_926" = "4105351152"
"a1_921" = "4116132828"
"a1_920" = "1037726498"
"a3_787" = "1363737626"
"a1_922" = "3068425997"
"a3_80" = "590099577"
"a1_929" = "1177926256"
"a1_928" = "3648754206"
"a4_649" = "357792233"
"a4_648" = "350623112"
"a4_641" = "300439265"
"a4_640" = "293270144"
"a4_643" = "314777507"
"a4_642" = "307608386"
"a4_645" = "329115749"
"a4_644" = "321946628"
"a4_647" = "343453991"
"a4_646" = "336284870"
"a3_786" = "1323129851"
"a1_819" = "2396693021"
"a1_818" = "1868640983"
"a3_785" = "1316202328"
"a3_746" = "1069934723"
"a1_811" = "890799902"
"a1_810" = "3259060122"
"a1_813" = "435705023"
"a1_812" = "1550071929"
"a1_815" = "2058075798"
"a1_814" = "708636880"
"a1_817" = "3912762155"
"a1_816" = "1081022788"
"a4_963" = "2608896227"
"a4_429" = "3075552909"
"a4_428" = "3068383788"
"a4_425" = "3046876425"
"a4_424" = "3039707304"
"a4_427" = "3061214667"
"a4_426" = "3054045546"
"a4_421" = "3018199941"
"a4_420" = "3011030820"
"a4_423" = "3032538183"
"a4_422" = "3025369062"
"a3_743" = "1014841262"
"a3_745" = "1062892640"
"a3_742" = "1007917839"
"a4_967" = "2637572711"
"a3_741" = "1033955052"
"a2_802" = "1454658088"
"a4_357" = "2559376197"
"a4_356" = "2552207076"
"a4_355" = "2545037955"
"a4_354" = "2537868834"
"a4_353" = "2530699713"
"a4_352" = "2523530592"
"a4_351" = "2516361471"
"a4_350" = "2509192350"
"a3_747" = "1043369250"
"a4_359" = "2573714439"
"a4_358" = "2566545318"
"a4_511" = "3663420831"
"a4_510" = "3656251710"
"a4_513" = "3677759073"
"a4_512" = "3670589952"
"a4_515" = "3692097315"
"a4_514" = "3684928194"
"a4_517" = "3706435557"
"a4_516" = "3699266436"
"a4_519" = "3720773799"
"a4_518" = "3713604678"
"a3_744" = "1021891521"
"a3_749" = "1091421668"

[HKCU\Software\Aas\695404737]
"50183847" = "1F9250EF2381E2D9AE4EF061ECA0F3D0A24F2023E89C2CC85BD49E90D6877045BE906EB0B25DD268CB741DC41D5C0FD47CEE5BA9EC3B7870BCA79176776C9A465761F37DEECEAF24ABF58324DE41122D8DABCB3B58798401D9A821FDDE7FC8A4F09BD1E0428648329420F6E9AF57D2FFB6D3C8D7335A31244418C372DFCCE75F"

[HKCU\Software\Aas]
"a2_845" = "1762938206"
"a2_844" = "1755771419"
"a2_847" = "1777272008"
"a2_846" = "1770103265"
"a2_841" = "1734269382"
"a2_840" = "1727101803"
"a2_843" = "1748603482"
"a2_842" = "1741437539"
"a3_780" = "1280228773"
"a4_928" = "2357976992"
"a2_849" = "1791606907"
"a2_848" = "1784456039"
"a1_312" = "2180151375"
"a1_313" = "927618031"
"a1_310" = "481933288"
"a1_311" = "647870567"
"a1_316" = "1450237418"
"a1_317" = "1250744883"
"a1_314" = "4156468900"
"a1_315" = "2833822325"
"a3_620" = "166490309"
"a1_318" = "1301091499"
"a1_319" = "1125458049"
"a4_929" = "2365146113"
"a4_982" = "2745109526"
"a2_449" = "3218937631"
"a2_448" = "3211771464"
"a3_621" = "140449124"
"a2_441" = "3161573976"
"a2_440" = "3154415999"
"a2_443" = "3175918007"
"a2_442" = "3168752975"
"a2_445" = "3190254510"
"a2_444" = "3183084219"
"a2_447" = "3204602348"
"a2_446" = "3197434928"
"a2_939" = "2436828390"
"a2_938" = "2429672745"
"a4_893" = "2107057757"
"a2_931" = "2379493138"
"a2_930" = "2372317688"
"a2_933" = "2393819278"
"a2_932" = "2386645513"
"a2_935" = "2408155104"
"a2_934" = "2400986499"
"a2_937" = "2422491447"
"a2_936" = "2415335690"
"a3_818" = "1552537563"
"a2_711" = "802287172"
"a2_710" = "795114717"
"a2_713" = "816623867"
"a2_712" = "809449634"
"a2_715" = "830950631"
"a1_510" = "180343373"
"a2_717" = "845299442"
"a2_716" = "838118283"
"a2_719" = "859632728"
"a2_718" = "852467469"
"a1_587" = "2080654806"
"a3_623" = "187965990"
"a2_629" = "214416870"
"a2_628" = "207236011"
"a2_625" = "185731262"
"a2_624" = "178567839"
"a2_627" = "200068328"
"a2_626" = "192900533"
"a2_621" = "157048599"
"a2_620" = "149881642"
"a2_623" = "171398536"
"a2_622" = "164230852"
"a1_266" = "4041142932"
"a1_267" = "2588369122"
"a1_264" = "3930482866"
"a1_265" = "1337802452"
"a1_262" = "2537537684"
"a1_263" = "2486002664"
"a1_260" = "2886838330"
"a1_261" = "160393310"
"a1_268" = "1137044479"
"a1_269" = "2772261924"
"a2_157" = "1125552222"
"a2_156" = "1118386041"
"a2_155" = "1111221798"
"a2_154" = "1104052019"
"a2_153" = "1096866298"
"a2_152" = "1089701742"
"a2_99" = "709741665"
"a2_98" = "702575887"
"a2_97" = "695408226"
"a2_96" = "688242170"
"a2_95" = "681059214"
"a2_94" = "673904719"
"a2_93" = "666724584"
"a2_92" = "659557168"
"a2_91" = "652391986"
"a2_90" = "645229003"
"a3_260" = "1847236781"
"a3_261" = "1854160076"
"a3_262" = "1861734767"
"a3_263" = "1902212494"
"a3_264" = "1909255713"
"a3_265" = "1883210304"
"a3_266" = "1890133731"
"a3_267" = "1930746626"
"a3_268" = "1938194341"
"a3_269" = "1945179076"
"a1_915" = "148957612"
"a1_847" = "957760081"
"a3_404" = "2913010493"
"a1_844" = "4017060726"
"a3_405" = "2886510428"
"a1_845" = "3627122681"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Aas]
"a2_862" = "1884809027"
"a4_983" = "2752278647"
"a1_961" = "2628986911"
"a3_668" = "477267765"
"a3_669" = "484195156"
"a1_960" = "4004826889"
"a3_664" = "448737713"
"a3_665" = "489346512"
"a3_666" = "496258675"
"a3_667" = "470278802"
"a3_660" = "453353533"
"a3_661" = "460801116"
"a3_662" = "467859711"
"a3_663" = "441294110"
"a3_43" = "324843106"
"a3_42" = "284237251"
"a3_41" = "277248416"
"a3_40" = "269796609"
"a3_47" = "353765350"
"a3_46" = "313221959"
"a3_45" = "305778468"
"a3_44" = "332278405"
"a1_965" = "1877855257"
"a3_49" = "368270520"
"a3_48" = "360822809"
"a1_964" = "457062762"
"a4_99" = "709742979"
"a4_98" = "702573858"
"a3_406" = "2893962239"
"a3_407" = "2901015582"
"a3_400" = "2884615609"
"a3_401" = "2857980376"
"a3_402" = "2865023611"
"a3_403" = "2906025626"
"a4_91" = "652390011"
"a4_90" = "645220890"
"a4_93" = "666728253"
"a4_92" = "659559132"
"a4_95" = "681066495"
"a4_94" = "673897374"
"a4_97" = "695404737"
"a4_96" = "688235616"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"FirewallOverride" = "1"

[HKCU\Software\Aas]
"a1_448" = "2099106733"
"a1_449" = "809291551"
"a1_446" = "1504255146"
"a3_408" = "2941554865"
"a1_444" = "848369847"
"a1_445" = "2307304388"
"a1_442" = "2510016308"
"a1_443" = "1534441225"
"a1_440" = "2402163357"
"a3_409" = "2949002448"
"a1_680" = "2845409521"
"a1_681" = "2362195095"
"a1_682" = "1549548244"
"a1_683" = "1104426242"
"a2_561" = "4021871606"
"a1_685" = "787158579"
"a1_686" = "3984036280"
"a1_687" = "734153494"
"a1_688" = "1920116894"
"a1_689" = "1957376943"

"a3_834" = "1700949547"
"a1_767" = "4239806450"
"a1_766" = "1167506985"
"a3_318" = "2262948439"
"a3_319" = "2303950582"
"a2_599" = "4294297419"
"a3_310" = "2239031135"
"a3_311" = "2246548478"
"a3_312" = "2219916305"
"a3_313" = "2226966704"
"a3_314" = "2267968723"
"a3_315" = "2275010930"
"a3_316" = "2248445333"
"a3_317" = "2255889972"
"a3_933" = "2410528684"
"a3_934" = "2384417743"
"a1_760" = "956564676"
"a2_605" = "42345526"
"a3_935" = "2391471214"
"a3_476" = "3395669621"
"a1_447" = "1805521938"
"a2_603" = "28011520"
"a3_880" = "2030724953"
"a3_881" = "2037718008"
"a3_882" = "2044771355"
"a3_883" = "2018660538"
"a3_884" = "2025714909"
"a3_885" = "2066704764"
"a3_886" = "2073693599"
"a1_745" = "3690776848"
"a3_888" = "2054642257"
"a3_889" = "2061696752"
"a1_769" = "717548085"
"a1_441" = "3343155879"
"a4_964" = "2616065348"
"a1_744" = "3616854825"
"a4_857" = "1848969401"
"a4_638" = "278931902"
"a4_639" = "286101023"
"a4_634" = "250255418"
"a4_635" = "257424539"
"a4_636" = "264593660"
"a4_637" = "271762781"
"a4_630" = "221578934"
"a4_631" = "228748055"
"a4_632" = "235917176"
"a4_633" = "243086297"
"a2_913" = "2250430962"
"a1_747" = "2192198327"
"a2_912" = "2243265748"

"a2_651" = "372135184"
"a2_910" = "2228932120"
"a3_794" = "1380597491"

[HKCU\Software\Aas\695404737]
"35845605" = "402"

[HKCU\Software\Aas]
"a2_917" = "2279117906"
"a4_883" = "2035366547"
"a2_509" = "3649091568"
"a4_740" = "1010182244"
"a4_741" = "1017351365"
"a4_742" = "1024520486"
"a4_743" = "1031689607"
"a4_744" = "1038858728"
"a4_745" = "1046027849"
"a4_746" = "1053196970"
"a4_747" = "1060366091"
"a4_748" = "1067535212"
"a4_749" = "1074704333"
"a1_866" = "4199476712"
"a1_867" = "895750463"
"a1_860" = "603737227"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Aas]
"a1_862" = "3871489828"
"a4_859" = "1863307643"
"a4_182" = "1304780022"

[HKLM\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = "1"

[HKCU\Software\Aas]
"a4_180" = "1290441780"
"a4_181" = "1297610901"
"a4_186" = "1333456506"
"a4_187" = "1340625627"
"a4_184" = "1319118264"
"a4_185" = "1326287385"
"a4_188" = "1347794748"
"a4_189" = "1354963869"
"a1_741" = "989367800"
"a2_918" = "2286284485"
"a4_168" = "1204412328"
"a1_194" = "1064144958"
"a1_195" = "3215787710"
"a4_160" = "1147059360"
"a4_161" = "1154228481"
"a4_162" = "1161397602"
"a4_163" = "1168566723"
"a4_164" = "1175735844"
"a4_165" = "1182904965"
"a4_166" = "1190074086"
"a4_167" = "1197243207"
"a4_296" = "2122059816"
"a4_297" = "2129228937"
"a4_294" = "2107721574"
"a4_295" = "2114890695"
"a4_292" = "2093383332"
"a4_293" = "2100552453"
"a4_290" = "2079045090"
"a4_291" = "2086214211"
"a4_142" = "1018015182"
"a3_952" = "2546868881"
"a4_568" = "4072060728"
"a4_569" = "4079229849"
"a4_298" = "2136398058"
"a4_299" = "2143567179"
"a2_598" = "4287131629"
"a1_192" = "2238422939"
"a1_193" = "732562558"
"a1_969" = "4222060629"
"a4_934" = "2400991718"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Aas]
"a3_790" = "1351657855"
"a4_958" = "2573050622"
"a1_742" = "3981471096"
"a4_368" = "2638236528"
"a4_369" = "2645405649"
"a4_362" = "2595221802"
"a4_363" = "2602390923"
"a4_360" = "2580883560"
"a4_361" = "2588052681"
"a4_366" = "2623898286"
"a4_367" = "2631067407"
"a4_364" = "2609560044"
"a4_365" = "2616729165"
"a3_505" = "3603458416"
"a1_305" = "3421434401"
"a1_304" = "707440494"
"a1_307" = "39290917"
"a1_306" = "2089016908"
"a1_301" = "1243772087"
"a1_300" = "377215937"
"a1_303" = "2037911556"
"a1_302" = "1730954614"
"a3_792" = "1399711281"
"a1_309" = "957340069"
"a1_308" = "4185842874"
"a2_540" = "3871320754"
"a2_541" = "3878501085"
"a2_542" = "3885669945"
"a1_481" = "1386132830"
"a2_544" = "3900004455"
"a2_545" = "3907170172"
"a2_546" = "3914338298"
"a2_547" = "3921502820"
"a2_548" = "3928672707"
"a2_549" = "3935852586"
"a2_894" = "2114231423"
"a2_895" = "2121397153"
"a2_892" = "2099897648"
"a2_893" = "2107063378"
"a2_890" = "2085544849"
"a2_891" = "2092727882"
"a2_438" = "3140068003"
"a2_439" = "3147249951"
"a2_434" = "3111400013"
"a2_435" = "3118565315"
"a2_436" = "3125733903"
"a2_437" = "3132900972"
"a2_430" = "3082717283"
"a2_431" = "3089850200"
"a2_432" = "3097067252"
"a2_433" = "3104235088"
"a2_948" = "2501357173"
"a2_949" = "2508522819"
"a4_908" = "2214594572"
"a2_944" = "2472685679"
"a2_945" = "2479860070"
"a2_946" = "2487021931"
"a2_947" = "2494187969"
"a2_940" = "2444001515"
"a1_488" = "2757558950"
"a2_942" = "2458338245"
"a2_943" = "2465521989"
"a1_279" = "1968173548"
"a1_278" = "664349528"
"a1_489" = "347198258"
"a1_271" = "165089041"
"a1_270" = "269890400"
"a1_273" = "2895454373"
"a1_272" = "795251928"
"a1_275" = "2122568718"
"a1_274" = "1841120907"
"a1_277" = "91937324"
"a1_276" = "2018825433"
"a2_764" = "1182240241"
"a2_765" = "1189407361"
"a2_766" = "1196573059"
"a2_767" = "1203741765"
"a2_760" = "1153558746"
"a2_761" = "1160740228"
"a2_762" = "1167911220"
"a2_763" = "1175075372"
"a2_768" = "1210924990"
"a2_769" = "1218092611"
"a2_382" = "2738607666"
"a2_383" = "2745776956"
"a2_380" = "2724258886"
"a2_381" = "2731441970"
"a2_386" = "2767276008"
"a2_387" = "2774443692"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCU\Software\Aas]
"a2_385" = "2760109069"
"a2_388" = "2781625171"
"a2_389" = "2788790321"
"a1_613" = "3670373404"
"a1_612" = "2190925770"
"a1_611" = "378930651"
"a2_368" = "2638241306"
"a2_369" = "2645409084"
"a1_610" = "1301501812"
"a2_88" = "630887799"
"a2_89" = "638057350"
"a2_84" = "602207799"
"a2_85" = "609384216"
"a2_86" = "616539609"
"a2_87" = "623707973"
"a2_80" = "573513063"
"a2_81" = "580703495"
"a2_82" = "587872491"
"a2_83" = "595044464"
"a3_273" = "1974165848"
"a3_272" = "1966722361"
"a3_271" = "1926113414"
"a3_270" = "1918678119"
"a3_277" = "2002712284"
"a3_276" = "1962103485"
"a3_275" = "1954659866"
"a3_274" = "1947600379"
"a2_162" = "1161400897"
"a2_163" = "1168569831"
"a3_279" = "1983582110"
"a3_278" = "2009623423"
"a2_166" = "1190082311"
"a2_167" = "1197239408"
"a2_164" = "1175739327"
"a2_165" = "1182902856"
"a3_690" = "668723035"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Aas]
"a3_679" = "589715310"
"a1_666" = "1394841824"
"a3_677" = "541662892"
"a3_676" = "568228365"
"a3_675" = "560775658"
"a3_674" = "553725259"
"a3_673" = "513247528"
"a3_672" = "505681033"
"a3_671" = "532246550"
"a3_670" = "525328375"
"a3_50" = "341766363"
"a3_51" = "348755322"
"a3_52" = "389745053"
"a3_53" = "396796476"
"a3_54" = "370165343"
"a3_55" = "377748222"
"a3_56" = "384737041"
"a3_57" = "425210800"
"a3_58" = "432789459"
"a3_59" = "406145138"
"a3_417" = "3006523432"
"a3_416" = "2965403529"
"a3_415" = "2958480150"
"a3_414" = "2984984311"
"a3_413" = "2977536596"
"a3_412" = "2970543669"
"a3_411" = "2929937810"
"a3_410" = "2922490227"
"a3_419" = "2986877162"
"a3_418" = "3013512267"
"a1_451" = "1528033624"
"a1_450" = "3206314397"
"a1_453" = "1934355960"
"a1_452" = "3131106548"
"a1_455" = "2847247596"
"a1_454" = "2347916861"
"a1_457" = "3904302061"
"a1_456" = "3528703637"
"a1_459" = "1447116587"
"a1_458" = "1187677879"
"a1_693" = "324597547"
"a1_692" = "3778512520"
"a1_691" = "3221761635"
"a1_690" = "1645017903"
"a1_697" = "1037239108"
"a1_696" = "2398500209"
"a1_695" = "866700007"
"a1_694" = "2131044778"
"a1_699" = "2013645675"
"a1_698" = "1818806831"
"a3_896" = "2145139113"
"a3_695" = "704178558"
"a1_962" = "3130393407"
"a3_309" = "2231976764"
"a3_308" = "2191503005"
"a3_303" = "2155521254"
"a3_302" = "2148466759"
"a3_301" = "2174512164"
"a3_300" = "2167589765"
"a3_307" = "2183924346"
"a3_306" = "2210566619"
"a3_305" = "2203581880"
"a3_304" = "2162448665"
"a4_86" = "616544406"
"a4_87" = "623713527"
"a4_84" = "602206164"
"a4_85" = "609375285"
"a4_82" = "587867922"
"a4_83" = "595037043"
"a4_80" = "573529680"
"a4_81" = "580698801"
"a3_887" = "2047190590"
"a3_730" = "921917107"
"a4_88" = "630882648"
"a4_89" = "638051769"
"a3_731" = "962513618"
"a4_954" = "2544374138"

[HKCU\Software\Aas\695404737]
"14338242" = "0"

[HKCU\Software\Aas]
"a3_913" = "2267125720"
"a3_736" = "998505673"
"a1_740" = "2476125870"
"a3_737" = "1005490536"
"a3_697" = "685057584"
"a3_892" = "2083171285"
"a3_891" = "2109683634"
"a3_890" = "2102235923"
"a3_897" = "2119163336"
"a3_734" = "950445111"
"a3_895" = "2138211638"
"a3_894" = "2131222679"
"a3_899" = "2166680202"
"a3_735" = "990926934"
"a3_696" = "678137233"
"a1_967" = "4077207857"
"a4_387" = "2774449827"
"a1_940" = "322489111"
"a1_752" = "3738640450"
"a4_629" = "214409813"
"a4_628" = "207240692"
"a4_627" = "200071571"
"a4_626" = "192902450"
"a4_625" = "185733329"
"a4_624" = "178564208"
"a4_623" = "171395087"
"a4_622" = "164225966"
"a4_621" = "157056845"
"a4_620" = "149887724"
"a2_75" = "537687532"
"a2_74" = "530523857"
"a1_763" = "2087675051"
"a2_77" = "552015079"
"a2_76" = "544855370"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"GlobalUserOffline" = "0"

[HKCU\Software\Aas]
"a2_71" = "509015974"
"a2_70" = "501836608"
"a4_753" = "1103380817"
"a4_752" = "1096211696"
"a4_751" = "1089042575"
"a4_750" = "1081873454"
"a4_757" = "1132057301"
"a2_73" = "523339161"
"a4_755" = "1117719059"
"a4_754" = "1110549938"
"a1_877" = "579325204"
"a1_876" = "810251044"
"a4_759" = "1146395543"
"a2_72" = "516173523"
"a1_873" = "1720760690"
"a1_872" = "4171408854"
"a1_871" = "4018489424"
"a1_870" = "4069098623"
"a4_195" = "1397978595"
"a4_194" = "1390809474"
"a4_197" = "1412316837"
"a4_196" = "1405147716"
"a4_191" = "1369302111"
"a4_190" = "1362132990"
"a4_193" = "1383640353"
"a4_192" = "1376471232"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"FirewallDisableNotify" = "1"

[HKCU\Software\Aas]
"a4_198" = "1419485958"
"a1_909" = "3625865012"
"a4_179" = "1283272659"
"a4_178" = "1276103538"
"a4_173" = "1240257933"
"a4_172" = "1233088812"
"a4_171" = "1225919691"
"a4_170" = "1218750570"
"a4_177" = "1268934417"
"a4_176" = "1261765296"
"a4_175" = "1254596175"
"a4_174" = "1247427054"
"a4_577" = "4136582817"
"a3_123" = "898388146"
"a4_575" = "4122244575"
"a4_574" = "4115075454"
"a4_573" = "4107906333"
"a4_572" = "4100737212"
"a4_571" = "4093568091"
"a3_122" = "891468819"
"a4_970" = "2659080074"
"a3_121" = "850861040"
"a4_579" = "4150921059"
"a4_578" = "4143751938"
"a4_289" = "2071875969"
"a4_288" = "2064706848"
"a3_636" = "247859925"
"a3_120" = "843343697"
"a4_281" = "2014523001"
"a4_280" = "2007353880"
"a4_283" = "2028861243"
"a1_108" = "748701790"
"a4_285" = "2043199485"
"a4_284" = "2036030364"
"a4_287" = "2057537727"
"a3_126" = "886312343"
"a3_125" = "879323508"
"a3_124" = "905966805"
"a4_965" = "2623234469"
"a3_691" = "642161658"
"a3_967" = "2620735566"
"a4_379" = "2717096859"
"a4_378" = "2709927738"
"a3_966" = "2647370799"
"a4_375" = "2688420375"
"a4_374" = "2681251254"
"a4_377" = "2702758617"
"a4_376" = "2695589496"
"a4_371" = "2659743891"
"a4_370" = "2652574770"
"a4_373" = "2674082133"
"a4_372" = "2666913012"
"a3_964" = "2599327597"
"a3_963" = "2592338634"
"a3_962" = "2584764075"
"a4_756" = "1124888180"
"a3_961" = "2611395080"
"a1_755" = "3272971937"
"a1_437" = "776513319"
"a3_960" = "2604335593"
"a2_553" = "3964520775"
"a2_552" = "3957353333"
"a2_551" = "3950187944"
"a2_550" = "3943009099"
"a2_557" = "3993191990"
"a2_556" = "3986039335"
"a2_555" = "3978856519"
"a2_554" = "3971690277"
"a2_889" = "2078376302"
"a2_888" = "2071203954"
"a2_559" = "4007540152"
"a2_558" = "4000376899"
"a4_980" = "2730771284"
"a4_981" = "2737940405"
"a2_429" = "3075549582"
"a2_428" = "3068382134"
"a2_427" = "3061215286"
"a2_426" = "3054048546"
"a2_425" = "3046879278"
"a2_424" = "3039712923"
"a2_423" = "3032533800"
"a2_422" = "3025359404"
"a2_421" = "3018198441"
"a2_420" = "3011031412"
"a1_758" = "1669352330"
"a2_565" = "4050556904"
"a4_984" = "2759447768"
"a2_959" = "2580227774"
"a2_958" = "2573055361"
"a2_957" = "2565876629"
"a2_956" = "2558720507"
"a2_955" = "2551535057"
"a2_954" = "2544370679"
"a1_785" = "577389109"
"a2_952" = "2530043526"
"a2_951" = "2522873585"
"a2_950" = "2515690489"
"a1_208" = "952880261"
"a1_209" = "3902711420"
"a1_204" = "1557726206"
"a1_205" = "1734842724"
"a1_206" = "1606698075"
"a1_207" = "863885837"
"a1_200" = "1315231896"
"a1_201" = "1608844795"
"a1_202" = "1295828569"
"a1_203" = "3549696178"
"a2_777" = "1275441828"
"a2_776" = "1268276079"
"a2_775" = "1261099770"
"a2_774" = "1253926161"
"a2_773" = "1246758546"
"a2_772" = "1239591506"
"a2_771" = "1232434665"
"a2_770" = "1225257775"
"a2_779" = "1289776126"
"a2_778" = "1282609960"
"a2_395" = "2831808691"
"a2_394" = "2824626181"
"a2_397" = "2846143780"
"a2_396" = "2838974808"
"a2_391" = "2803122343"
"a2_390" = "2795959671"
"a2_393" = "2817462238"
"a2_392" = "2810286293"
"a2_399" = "2860477484"
"a2_398" = "2853310520"
"a2_568" = "4072056865"
"a2_569" = "4079226334"
"a2_379" = "2717090044"
"a2_378" = "2709923002"
"a2_373" = "2674086634"
"a2_372" = "2666907332"
"a2_371" = "2659738291"
"a2_370" = "2652573230"
"a2_377" = "2702756703"
"a2_376" = "2695590574"
"a2_375" = "2688428346"
"a2_374" = "2681255433"
"a3_246" = "1746738975"
"a3_247" = "1753789374"
"a3_244" = "1765852765"
"a3_245" = "1773304572"
"a2_179" = "1283274804"
"a2_178" = "1276108083"

[HKLM\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = "1"

[HKCU\Software\Aas]
"a3_241" = "1744311672"
"a2_175" = "1254590602"
"a2_174" = "1247419038"
"a2_177" = "1268938850"
"a2_176" = "1261772761"
"a2_171" = "1225922164"
"a2_170" = "1218753033"
"a2_173" = "1240256170"
"a3_249" = "1801832560"
"a4_960" = "2587388864"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKCU\Software\Aas]
"a1_511" = "931669705"
"a1_512" = "3638291038"
"a1_513" = "4013031903"
"a1_514" = "3958547948"
"a1_515" = "2686297747"
"a1_516" = "2068612522"
"a1_517" = "336099160"
"a1_518" = "3372373750"
"a1_519" = "2433334556"
"a3_648" = "367361953"
"a3_649" = "340792256"
"a3_69" = "478110732"
"a3_68" = "470664173"
"a3_65" = "449123976"
"a3_64" = "442135145"
"a3_67" = "497168202"
"a3_66" = "489720619"
"a3_61" = "454263092"
"a3_60" = "413199509"
"a3_63" = "468244982"
"a3_62" = "461186391"
"a1_784" = "2545032013"
"a3_514" = "3667976427"
"a2_543" = "3892835585"
"a1_424" = "3402944141"
"a1_425" = "3851920658"
"a1_426" = "2990021577"
"a1_427" = "3613716613"
"a1_420" = "856321375"
"a1_421" = "3826160185"
"a1_422" = "3785413771"
"a1_423" = "3336147957"
"a3_199" = "1409969486"
"a1_428" = "502994524"
"a1_429" = "2572995377"
"a3_515" = "3709043978"
"a3_693" = "690213052"
"a2_965" = "2623242229"
"a3_338" = "2439897659"
"a3_339" = "2446886490"
"a3_336" = "2391856505"
"a3_337" = "2432846232"
"a3_334" = "2411437223"
"a3_335" = "2384801990"
"a3_332" = "2363312101"
"a3_333" = "2403923972"
"a3_330" = "2348814115"
"a3_331" = "2356388674"
"a1_738" = "883572716"
"a1_739" = "3053894998"
"a3_428" = "3084957701"
"a3_429" = "3058850980"
"a3_422" = "3041926607"
"a3_423" = "3049502318"
"a3_420" = "2994455821"
"a3_421" = "3001383340"
"a3_426" = "3070911299"
"a3_427" = "3077900258"
"a3_424" = "3022858881"
"a3_425" = "3029913376"
"a1_864" = "523310761"
"a2_915" = "2264786274"
"a1_865" = "3126767389"
"a4_870" = "1942167974"
"a4_873" = "1963675337"
"a1_861" = "2570629476"
"a1_863" = "2447064901"
"a3_87" = "607024862"
"a3_86" = "633131711"
"a3_85" = "626081308"
"a3_84" = "585598461"
"a3_83" = "578085210"
"a3_82" = "571034939"
"a3_81" = "597665944"
"a4_183" = "1311949143"
"a3_89" = "654610320"
"a3_88" = "614067057"
"a4_612" = "92534756"
"a4_613" = "99703877"
"a4_610" = "78196514"
"a4_611" = "85365635"
"a4_616" = "121211240"
"a4_617" = "128380361"
"a4_614" = "106872998"
"a4_615" = "114042119"
"a4_968" = "2644741832"
"a4_969" = "2651910953"
"a4_618" = "135549482"
"a4_619" = "142718603"

"a4_871" = "1949337095"
"a3_689" = "661144376"
"a3_812" = "1543047557"
"a3_692" = "649083933"
"a4_876" = "1985182700"
"a4_766" = "1196579390"
"a4_767" = "1203748511"
"a4_764" = "1182241148"
"a4_765" = "1189410269"
"a4_762" = "1167902906"
"a4_763" = "1175072027"
"a4_760" = "1153564664"
"a4_761" = "1160733785"
"a1_848" = "3736778538"
"a1_849" = "2751562466"
"a1_439" = "3795105180"
"a4_768" = "1210917632"
"a4_769" = "1218086753"
"a3_938" = "2446500163"
"a3_512" = "3687557161"
"a2_662" = "450989747"
"a3_513" = "3660926024"
"a3_930" = "2355479115"
"a3_931" = "2362926826"
"a3_932" = "2403474189"
"a3_814" = "1523992135"
"a4_877" = "1992351821"
"a3_510" = "3639513879"
"a3_936" = "2398382209"
"a3_937" = "2439449888"
"a3_511" = "3679991734"
"a3_516" = "3715971501"
"a3_517" = "3723025868"
"a1_198" = "716825427"
"a1_199" = "2930490802"
"a4_148" = "1061029908"
"a4_149" = "1068199029"
"a4_146" = "1046691666"
"a4_147" = "1053860787"
"a1_196" = "2224894454"
"a4_145" = "1039522545"
"a1_190" = "3753178288"
"a4_143" = "1025184303"
"a4_140" = "1003676940"
"a4_141" = "1010846061"
"a2_983" = "2752276782"
"a3_910" = "2245638887"
"a4_548" = "3928678308"
"a4_549" = "3935847429"
"a4_542" = "3885663582"
"a4_543" = "3892832703"
"a4_540" = "3871325340"
"a4_541" = "3878494461"
"a4_546" = "3914340066"
"a4_547" = "3921509187"
"a4_544" = "3900001824"
"a4_545" = "3907170945"
"a4_839" = "1719925223"
"a1_662" = "694475266"
"a1_663" = "1318027886"
"a3_965" = "2639793036"
"a1_660" = "2430620838"
"a4_380" = "2724265980"
"a4_381" = "2731435101"
"a4_382" = "2738604222"
"a4_383" = "2745773343"
"a4_384" = "2752942464"
"a4_385" = "2760111585"
"a4_386" = "2767280706"
"a4_169" = "1211581449"
"a4_388" = "2781618948"
"a4_389" = "2788788069"

"a1_667" = "20902370"
"a1_664" = "1837927862"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = "1"

[HKCU\Software\Aas]
"a1_665" = "211893541"
"a1_0" = "1653765306"
"a1_1" = "2441982131"
"a1_2" = "2510997625"
"a1_3" = "2714402161"
"a1_4" = "1265725528"
"a1_5" = "936486802"
"a1_6" = "3200061838"
"a1_7" = "1317326292"
"a1_8" = "2781411382"
"a1_9" = "166804951"
"a2_566" = "4057704599"
"a2_567" = "4064890624"
"a2_564" = "4043387656"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"EnableLUA" = "0"

[HKCU\Software\Aas]
"a2_562" = "4029039725"
"a2_563" = "4036221064"
"a3_8" = "40388897"
"a3_9" = "47967552"
"a3_6" = "59977839"
"a3_7" = "67032206"
"a3_4" = "11991981"
"a3_5" = "52535244"
"a3_2" = "31040235"
"a3_3" = "4933386"
"a3_0" = "17001001"
"a3_1" = "23989832"
"a2_412" = "2953686568"
"a2_413" = "2960845836"
"a2_410" = "2939345221"
"a2_411" = "2946514673"
"a2_416" = "2982348759"
"a2_417" = "2989529206"
"a2_414" = "2968014834"
"a2_415" = "2975179879"
"a2_418" = "2996697901"
"a2_419" = "3003869796"
"a2_962" = "2601725602"
"a2_963" = "2608893321"
"a2_960" = "2587391511"
"a2_961" = "2594556347"
"a2_966" = "2630406513"
"a2_967" = "2637575892"
"a2_964" = "2616059638"
"a4_950" = "2515697654"
"a1_631" = "339219008"
"a2_968" = "2644744329"
"a2_969" = "2651908657"
"a4_564" = "4043384244"
"a1_219" = "3792488515"
"a1_218" = "130732880"
"a1_217" = "2346596960"
"a1_216" = "2330595743"
"a1_215" = "1112003368"
"a1_214" = "2105713993"
"a1_213" = "3632581131"
"a1_212" = "3267163917"
"a1_211" = "982742950"
"a1_210" = "1144944535"
"a4_567" = "4064891607"
"a1_630" = "2037151968"
"a2_980" = "2730778602"
"a4_560" = "4014707760"
"a2_982" = "2745110696"
"a4_956" = "2558712380"
"a2_984" = "2759456003"
"a4_561" = "4021876881"
"a4_562" = "4029046002"
"a4_563" = "4036215123"
"a4_443" = "3175920603"
"a1_633" = "297848718"
"a4_442" = "3168751482"
"a4_441" = "3161582361"

A firewall is disabled:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = "0"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

Antivirus notifications are disabled:

[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\c:]
"%original file name%.exe" = "c:\%original file name%.exe:*:Enabled:ipsec"

Firewall notifications are disabled:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

Antivirus notifications are disabled:

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = "1"

The Trojan deletes the following registry key(s):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014031720140318]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

Dropped PE files

MD5	File path
23203a6a5b07979cf92f0780415e59ee	c:\hostd.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Trojan's file once a user opens a drive's folder in Windows Explorer.

Removals

Remove it with Ad-Aware

1. Click (here) to download and install Ad-Aware Free Antivirus.
2. Update the definition files.
3. Run a full scan of your computer.

Manual removal*

1. Terminate malicious process(es) (How to End a Process With the Task Manager):No processes have been created.
2. Delete the original Trojan file.
   
3. Delete or disinfect the following files created/modified by the Trojan:

   %WinDir%\system.ini (70 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTEVGXIR\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\cc92a7d66e[1].setToken (20 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1SZTR4PX\pubads_impl_49[1].js (2190 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTEVGXIR\nero-burning-rom-18[1].png (3783 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1SZTR4PX\campaign-100624,101362[1].htm (1320 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\sprite[1].png (7 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\loading[1].gif (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1SZTR4PX\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\CAOJQT25.gif (35 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\CAWNUT4V.gif (35 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\fad58-b3118[2].css (22 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1SZTR4PX\sd_101362_0d279[1].jpg (17910 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\fad58-b3118[1].css (5 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1SZTR4PX\f[1].txt (3496 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\f[1].txt (392 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1SZTR4PX\container[1].html (1287 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTEVGXIR\306e0-e2646[1].js (7347 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTEVGXIR\sd_100624_634cd[1].jpg (14585 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1SZTR4PX\nr-412.min[1].js (8741 bytes)
   %Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\sd_100624_634cd[1].jpg (21437 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\f[1].txt (109 bytes)
   %Program Files%\Common Files\Java\Java Update\jusched.exe (368 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\CA7W1H7O.gif (35 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\CAG7JRMK.gif (35 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\universaldownloader-prefetch[1].htm (657 bytes)
   C:\hostd.exe (103 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\winthnidj.exe (741 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTEVGXIR\container[1].htm (2 bytes)
   C:\autorun.inf (315 bytes)
   %Documents and Settings%\%current user%\Cookies\Current_User@sd.en.softonic[1].txt (11231 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTEVGXIR\f[1].txt (3462 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\CA8DYHBO.gif (35 bytes)
   %Program Files%\Adobe\Reader 9.0\Reader\Reader_sl.exe (1336 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\72H4N9GJ\blank[1].gif (35 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1SZTR4PX\pubads_impl_49[2].js (3387 bytes)
   %Documents and Settings%\%current user%\Cookies\index.dat (7384 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\CAX8W7TD.gif (35 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHIBWBEV\CAG9M3S1.gif (35 bytes)
   %Documents and Settings%\%current user%\Cookies\Current_User@sd.en.softonic[2].txt (10249 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTEVGXIR\gradientbg[1].png (2 bytes)

4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
   
5. Find and delete all copies of the worm's file together with "autorun.inf" scripts on removable drives.
   
6. Reboot the computer.
   

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Static Analysis

VersionInfo

Company Name: Softonic
Product Name: Softonic Downloader
Product Version: 1, 40, 1, 0
Legal Copyright: Copyright (C) 2013
Legal Trademarks:
Original Filename: SoftonicDownloader.exe
Internal Name: Softonic Downloader
File Version: 1, 40, 1, 0
File Description: Softonic Downloader
Comments:
Language: Language Neutral

Company Name: Softonic Product Name: Softonic Downloader Product Version: 1, 40, 1, 0Legal Copyright: Copyright (C) 2013Legal Trademarks: Original Filename: SoftonicDownloader.exe Internal Name: Softonic Downloader File Version: 1, 40, 1, 0File Description: Softonic Downloader Comments: Language: Language Neutral

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
sUfpPq55	4096	1081344	0	0	d41d8cd98f00b204e9800998ecf8427e
8hAP7m16	1085440	360448	357376	5.54407	7a78f3c46404bd9578587a65c955d1d6
.rsrc	1445888	90112	90112	5.37642	7ddda77e94c24cbe0179cbee8172eb5a

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Network Activity

URLs

URL	IP
hxxp://nero-burning-rom.sd.en.softonic.com/universaldownloader-prefetch
hxxp://nero-burning-rom.sd.en.softonic.com/95323/universaldownloader-prefetch
hxxp://nero-burning-rom.sd.en.softonic.com/js/generated/306e0-e2646.js
hxxp://www-google-analytics.l.google.com/__utm.gif?utmwv=5.4.6&utms=1&utmn=631952532&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=installation assistant&utmhid=251083253&utmr=-&utmp=/95323/universaldownloader-prefetch&utmht=1410756303649&utmac=UA-48247475-1&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qAAg~
hxxp://softonic-analytics.net/blank.gif?product=st_activity&event=prefetch:campaigns:selected&id_session=D6DD384A-6EFA-43B2-8367-CD9C5B30666At1410756303f95323&id_campaign=100624&id_campaign=101362&ts=1410756304118
hxxp://nero-burning-rom.sd.en.softonic.com/universaldownloader-track
hxxp://nero-burning-rom.sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303
hxxp://nero-burning-rom.sd.en.softonic.com/css/generated/fad58-b3118.css
hxxp://screenshots.en.sftcdn.net/campaign/scrn/100000/100624/sd_100624_634cd.jpg
hxxp://screenshots.en.sftcdn.net/en/scrn/95000/95323/nero-burning-rom-18.png
hxxp://nero-burning-rom.sd.en.softonic.com/shared/img/sd_client/gradientbg.png
hxxp://nero-burning-rom.sd.en.softonic.com/shared/img/sd_client/sprite.png
hxxp://nero-burning-rom.sd.en.softonic.com/shared/img/sd_client/loading.gif
hxxp://screenshots.en.sftcdn.net/campaign/scrn/101000/101362/sd_101362_0d279.jpeg
hxxp://pagead46.l.doubleclick.net/tag/js/gpt.js
hxxp://www-google-analytics.l.google.com/__utm.gif?utmwv=5.4.6&utms=2&utmn=1681216182&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=-&utmp=/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303&utmht=1410756305665&utmac=UA-48247475-1&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qAAg~
hxxp://www-google-analytics.l.google.com/__utm.gif?utmwv=5.4.6&utms=4&utmn=1350765831&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=http://unknown_browser_unknown_version&utmp=/start_api&utmht=1410756305727&utmac=UA-152357-4&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~
hxxp://screenshots.en.sftcdn.net/campaign/scrn/100000/100624/sd_100624_634cd.jpg?v=0.26649063561436414
hxxp://www-google-analytics.l.google.com/__utm.gif?utmwv=5.4.6&utms=3&utmn=1651002142&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=http://unknown_browser_unknown_version&utmp=/init_startup&utmht=1410756305712&utmac=UA-152357-4&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~
hxxp://www-google-analytics.l.google.com/__utm.gif?utmwv=5.4.6&utms=5&utmn=1653110540&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=http://unknown_browser_unknown_version&utmp=/legal_start&utmht=1410756305759&utmac=UA-152357-4&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~
hxxp://www-google-analytics.l.google.com/__utm.gif?utmwv=5.4.6&utms=6&utmn=461011899&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=http://unknown_browser_unknown_version&utmp=/legal_timestamp&utmht=1410756305774&utmac=UA-152357-4&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~
hxxp://www-google-analytics.l.google.com/__utm.gif?utmwv=5.4.6&utms=7&utmn=502429803&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=http://unknown_browser_unknown_version&utmp=/C100624--load1&utmht=1410756305806&utmac=UA-152357-4&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~
hxxp://www-google-analytics.l.google.com/__utm.gif?utmwv=5.4.6&utms=8&utmn=10372948&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=http://unknown_browser_unknown_version&utmp=/C101362--load2&utmht=1410756305821&utmac=UA-152357-4&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~
hxxp://partnerad.l.doubleclick.net/gpt/pubads_impl_49.js
hxxp://c.global-ssl.fastly.net/nr-412.min.js
hxxp://pagead-googlehosted.l.google.com/safeframe/1-0-0/html/container.html
hxxp://pagead46.l.doubleclick.net/pagead/show_companion_ad.js
hxxp://beacon-6.newrelic.com/1/cc92a7d66e?a=2337116&ap=152&fe=1453&dc=719&v=412.920d26d&to=NQcAZUJXXUdWAEZdVwxNN0NZGVtAUwxRRxcLDAZUSBhDXEc=&f=["err"]&jsonp=NREUM.setToken
hxxp://www.google-analytics.com/__utm.gif?utmwv=5.4.6&utms=8&utmn=10372948&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=http://unknown_browser_unknown_version&utmp=/C101362--load2&utmht=1410756305821&utmac=UA-152357-4&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~
hxxp://www.googletagservices.com/tag/js/gpt.js
hxxp://www.google-analytics.com/__utm.gif?utmwv=5.4.6&utms=5&utmn=1653110540&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=http://unknown_browser_unknown_version&utmp=/legal_start&utmht=1410756305759&utmac=UA-152357-4&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~
hxxp://www.google-analytics.com/__utm.gif?utmwv=5.4.6&utms=1&utmn=631952532&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=installation assistant&utmhid=251083253&utmr=-&utmp=/95323/universaldownloader-prefetch&utmht=1410756303649&utmac=UA-48247475-1&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qAAg~
hxxp://static.sd-client.en.softonic.com/js/generated/306e0-e2646.js
hxxp://static.sd-client.en.softonic.com/css/generated/fad58-b3118.css
hxxp://tpc.googlesyndication.com/safeframe/1-0-0/html/container.html	173.194.43.76
hxxp://static.sd-client.en.softonic.com/shared/img/sd_client/gradientbg.png
hxxp://www.google-analytics.com/__utm.gif?utmwv=5.4.6&utms=6&utmn=461011899&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=http://unknown_browser_unknown_version&utmp=/legal_timestamp&utmht=1410756305774&utmac=UA-152357-4&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~
hxxp://static.sd-client.en.softonic.com/shared/img/sd_client/loading.gif
hxxp://js-agent.newrelic.com/nr-412.min.js
hxxp://static.sd-client.en.softonic.com/shared/img/sd_client/sprite.png
hxxp://www.google-analytics.com/__utm.gif?utmwv=5.4.6&utms=2&utmn=1681216182&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=-&utmp=/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303&utmht=1410756305665&utmac=UA-48247475-1&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qAAg~
hxxp://www.google-analytics.com/__utm.gif?utmwv=5.4.6&utms=7&utmn=502429803&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=http://unknown_browser_unknown_version&utmp=/C100624--load1&utmht=1410756305806&utmac=UA-152357-4&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~
hxxp://www.google-analytics.com/__utm.gif?utmwv=5.4.6&utms=4&utmn=1350765831&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=http://unknown_browser_unknown_version&utmp=/start_api&utmht=1410756305727&utmac=UA-152357-4&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~
hxxp://sd.en.softonic.com/95323/universaldownloader-prefetch	46.28.209.70
hxxp://partner.googleadservices.com/gpt/pubads_impl_49.js
hxxp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303	46.28.209.70
hxxp://pagead2.googlesyndication.com/pagead/show_companion_ad.js
hxxp://sd.en.softonic.com/universaldownloader-track	46.28.209.70
hxxp://www.google-analytics.com/__utm.gif?utmwv=5.4.6&utms=3&utmn=1651002142&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=http://unknown_browser_unknown_version&utmp=/init_startup&utmht=1410756305712&utmac=UA-152357-4&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /shared/img/sd_client/sprite.png HTTP/1.1

Accept: */*

Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: static.sd-client.en.softonic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Mon, 15 Sep 2014 04:45:32 GMT

Server: Apache

Last-Modified: Thu, 29 May 2014 10:06:17 GMT

Accept-Ranges: bytes

Content-Length: 7892

Cache-Control: max-age=172800

Expires: Wed, 17 Sep 2014 04:45:32 GMT

Keep-Alive: timeout=3, max=10

Connection: Keep-Alive

Content-Type: image/png

.PNG........IHDR.......\.....ld......sBIT.....O.....PLTE...................................................................................................................................h.......................f.....n........Dw.I..............U..}..,...v..\. g...........x.a...R..............>....:n........M..].T*..:.....m....tV.....]........7....Q..P..O)....P.i...O..N..N..M....sJ..M..K..L..L..J..J..JJz...I..I..H..I..H..Istv..H..G..H..G..G..G..F..F.x.go...F..F..E..E..D..D..D..B..C/v...B:~4kid..A..A..@..A..>/g..m..p..i...<..=.z:.g.;b..z:.7@.6?[ZW.5>.u8.4<.s7.b..3;.1:.09{O$./8.p5..7.-6.[..m4&Q..,5. 3.k3(X..*2.)1.R..(0.'/.%,.T..f1.e1.&..$,.$,.%-.# .# ."*.#,."*.!)." .!(.!*.!). (..'. (..&. '.I...'..&..%..&..%..%..$..$.."..#..#..".."..!..!....9.899...................*................>.j.....tRNS.....................................................................................................................................................................................................................................................~T.....pHYs...........~.....tEXtSoftware.Adobe Fireworks CS6.......gIDATx...._[.^..'.LhC...4.t.K....H.w0......^.)w.i..T...q..w..bq..*U.2j]..hU...^.}).\.......,.@......._..!0.u>y....@.......eh\..fUHC....c.X;4.c..I...m..c...d.B.2...}. ..- ...A....,.:p51.4.Ig..:.}......r......WXw..........z. 3v..^.....2......5.Bw.;...M.......ffx..Ac.......jf...F53.K...y...^.(h..M].>....................y.o.:...m.-.2C....................(.Jro.P............wqo....7....<...7*.z......

<<< skipped >>>

GET /95323/universaldownloader-prefetch HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: sd.en.softonic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Mon, 15 Sep 2014 04:45:26 GMT

Server: Apache

Set-Cookie: sd_client_en-admin=deleted; expires=Sun, 15-Sep-2013 04:45:25 GMT; path=/; domain=sd.en.softonic.com

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-control: max-age=0, must-revalidate

Pragma: no-cache

Vary: Accept-Language,Accept-Encoding,User-Agent

Content-Encoding: gzip

Content-Length: 7105

Keep-Alive: timeout=3, max=10

Connection: Keep-Alive

Content-Type: text/html; charset=utf-8

...........=m[......B./.6/.....KI8..n.....>.7.IL.....S.......$.P.!6..S4...h4.........v.......0D......E.Z.....h4.....s..;...:L.(.. ....h.... .F[....i.T..I.q.........k.T.z/.U^.....c.F...4.u]...B/.oW..B.oM.^......zP>{..Y..FA.f^.zt(..i..Q....i...y(...v%...,..n.e~.mW.8.z..*...8....j\u.D.......J0..~...... .=..Wi7.F...F0V...._.....'5.$...p......~..h.h..8b.HQ.....D>.........P.....ig~....@Y0..I..l.K4.6k...N..O...).5>..mw>..}.ivv..[.....62.X....q.C....i.M`...L5.C..|.....:..):.G]..t.R6./=...$..q..!:. ..y.......w.'...Q..q.....~v.|..Y..7hq5....}...&.v..;........u..@4..;C.i.s.....E.T\`"..r.W.m^.$...d...g...........Q?...&M.%~6N">....xyE`............Q^.D.....R....W..e.i..rn..........1e.9.X^t&.O.....K.!J..l.n!.R.`..,.e..E..7....._S.G...Y$W...b8..\A...L....5......n..... ...MK.....5..^pE*...8.....:.5.............>4g........W...L.... i.D.}E..R....N....~...S&y....'.n3..OpQ...K...K....0.6..-q....{.....3..PK.......(..T.s.f..d....;...[1....Y. .m.7...(.m>.....mg^_....w....k..K;.c..zqw<.._.&......W02W.....{... ...a^...........@d~w..cVTE.I/.5..Xg...._E..........x8....pb......3.\...K....,.`L.........,.K..|.......z.. .m".\..F....w|..Q......Dp.H...<N..w...8.y../.^....k.f..].a|..3...[...~o.4..$4tM...*.3.'.n<................$...q.....A9El...Eu.]......*,C....fqUMk.%j;}.oA9...|..|.J...v}4N....F.l.N..g..6>...It...._...~o."9.).z....w...TZ1k].1...7.k6....k/|"Xz...8....f....G^......B....6:...I.U.. ]]..3H.....V...V.^..{!......(....Ve4QV.u?.z..%A...Ye._]t.{4...;D..}/..?C...o..............}.X...7.....8.#Q..R.G..Fo..

<<< skipped >>>

GET /en/scrn/95000/95323/nero-burning-rom-18.png HTTP/1.1

Accept: */*

Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: screenshots.en.sftcdn.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Fri, 30 Apr 2010 11:20:24 GMT

Cache-Control: max-age=172800

Content-Type: image/png

Content-Length: 13893

Accept-Ranges: bytes

Date: Mon, 15 Sep 2014 04:45:32 GMT

Connection: keep-alive

Age: 0

X-Served-By: screenshots

X-Cache: HIT

X-Cache-Hits: 210619

Expires: Wed, 17 Sep 2014 04:45:32 GMT

.PNG........IHDR...d...d.............pHYs.................vpAg...d...d..&^...5nIDATx...y...u.v.{..k...}...Y.Y..H..)...%"E.....T........&....).I$y.q.K.ydJ.%.$.R... @."........t..^{....n.xU_.,XIJq._..........{...w.}.D..y.....'.....`..!...XJ...ZK)..F......R#...Hk5<<........1....3.7p....f).:.N..n....;;;.0...F>_.<..-.u.Q .(..$I......|>.T*....|...B!.8.....v.7n....i.;.n..I.T.....Z.-.....c......Hk..""#.i*.8...Z.i-}.s]gttxbb.R..5.....F.q..s..U...bhhhh....,....t..Z...G.Zk....wj.t.$.v..hH..$.<...}......EDa..j..^xauu}bbjh.P.TJ.!!..F.K.r.A...?#.6..A;.7j...8i4Z.V.Z.&Ix..}....|......J.tyy... .z.\.OL.... .9gFh..J.4UJ)...Gk.........L........N.Z.omm1...s{.......t.-.r..../.............;w....r....R...>"...2O.7t......\.F.z..!"*....V.ol.{...0...dY......c..c_..W...I..?.........'N..r.z.8.g.....eY.1cb.R.....*.S0.Qvt...Ow...,3....o.\.....>..............x......?...u...E..G`I)766.y.8"_XX.....?S....,sJD.....r.2..."..6 .>.=..4..e.....^olll....;vx..=A..N......{........av..\.w...iz..../_ .*....TJ..kMJis@=.m..8..m...1d..$...R*..N...v..u].0..[....`..0p.@.E...dp.T.A.{.s........?Z.Tz.~.Y.F..R...k.....4M.....Vwnnn...B!gV.L".q....,.2*c..........F...v.D......,..,.....<.X,.........9......c...cw5%.<wvv:..n.X..7...}.c....h......|......{...moo?....;G......\.@..A.I#..8.%.R.n.Z.>..../.......'..8.L..Y.....$.H.R!.<..........qs....=...(.K...!n3q.d....!..F........x..............@8....s...w..Um...kss..........##e..H.....5!.m.Bp.....K...;w..........R.N.R...4@........m.c.u....;.$.&q..j......s...3.NV...........[.ED..5.......

<<< skipped >>>

GET /campaign/scrn/101000/101362/sd_101362_0d279.jpeg HTTP/1.1

Accept: */*

Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: screenshots.en.sftcdn.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Thu, 21 Aug 2014 13:51:12 GMT

Cache-Control: max-age=172800

Content-Type: image/jpeg

Content-Length: 54735

Accept-Ranges: bytes

Date: Mon, 15 Sep 2014 04:45:32 GMT

Connection: keep-alive

Age: 0

X-Served-By: screenshots

X-Cache: HIT

X-Cache-Hits: 791572

Expires: Wed, 17 Sep 2014 04:45:32 GMT

......JFIF.....H.H......Exif..II*................*hXXp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:6D8D89E2AAD311E3BE6B9AEEC3B9D744" xmpMM:DocumentID="xmp.did:6D8D89E3AAD311E3BE6B9AEEC3B9D744"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:6D8D89E0AAD311E3BE6B9AEEC3B9D744" stRef:documentID="xmp.did:6D8D89E1AAD311E3BE6B9AEEC3B9D744"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...C....................................................................C......................................................................................................................b............................!.."1.2ABQR.#aq.3br.......$C..%Ss.....4Dcv...&7t..'(89Udu......We....................................J........................"..2B..R.#b!13Ar.$Qq.........4a..ST....mEUd...............?.....{($>T...........PHh$#AND.!....bE.7......|^...pO..q.].)@?Uk....O..(.>...Kc\......&...z.3.6.n...K./O.]..BU^#.4B..n.b.r.DWk.....E*Y...U..[2...Z......bsB.=v....-..i.......}..%.........\...-.t2...r\D...Gf....)..

<<< skipped >>>

GET /__utm.gif?utmwv=5.4.6&utms=1&utmn=631952532&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=installation assistant&utmhid=251083253&utmr=-&utmp=/95323/universaldownloader-prefetch&utmht=1410756303649&utmac=UA-48247475-1&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qAAg~ HTTP/1.1

Accept: */*

Referer: hXXp://sd.en.softonic.com/95323/universaldownloader-prefetch

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google-analytics.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Pragma: no-cache

Expires: Wed, 19 Apr 2000 11:43:00 GMT

Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

Date: Thu, 04 Sep 2014 22:34:28 GMT

Server: Golfe2

Content-Length: 35

Age: 886263

Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate

Alternate-Protocol: 80:quic,p=0.002

GIF89a.............,...........D..;HTTP/1.1 200 OK..Pragma: no-cache..Expires: Wed, 19 Apr 2000 11:43:00 GMT..Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT..X-Content-Type-Options: nosniff..Content-Type: image/gif..Date: Thu, 04 Sep 2014 22:34:28 GMT..Server: Golfe2..Content-Length: 35..Age: 886263..Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate..Alternate-Protocol: 80:quic,p=0.002..GIF89a.............,...........D..;....

GET /__utm.gif?utmwv=5.4.6&utms=2&utmn=1681216182&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=-&utmp=/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303&utmht=1410756305665&utmac=UA-48247475-1&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qAAg~ HTTP/1.1

Accept: */*

Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google-analytics.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Pragma: no-cache

Expires: Wed, 19 Apr 2000 11:43:00 GMT

Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

Date: Thu, 04 Sep 2014 22:34:28 GMT

Server: Golfe2

Content-Length: 35

Age: 886265

Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate

Alternate-Protocol: 80:quic,p=0.002

GIF89a.............,...........D..;....

GET /__utm.gif?utmwv=5.4.6&utms=4&utmn=1350765831&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=http://unknown_browser_unknown_version&utmp=/start_api&utmht=1410756305727&utmac=UA-152357-4&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~ HTTP/1.1

Accept: */*

Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google-analytics.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Pragma: no-cache

Expires: Wed, 19 Apr 2000 11:43:00 GMT

Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

Date: Thu, 04 Sep 2014 22:34:28 GMT

Server: Golfe2

Content-Length: 35

Age: 886265

Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate

Alternate-Protocol: 80:quic,p=0.002

GIF89a.............,...........D..;....

GET /__utm.gif?utmwv=5.4.6&utms=5&utmn=1653110540&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=http://unknown_browser_unknown_version&utmp=/legal_start&utmht=1410756305759&utmac=UA-152357-4&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~ HTTP/1.1

Accept: */*

Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google-analytics.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Pragma: no-cache

Expires: Wed, 19 Apr 2000 11:43:00 GMT

Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

Date: Thu, 04 Sep 2014 22:34:28 GMT

Server: Golfe2

Content-Length: 35

Age: 886265

Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate

Alternate-Protocol: 80:quic,p=0.002

GIF89a.............,...........D..;....

GET /__utm.gif?utmwv=5.4.6&utms=7&utmn=502429803&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=http://unknown_browser_unknown_version&utmp=/C100624--load1&utmht=1410756305806&utmac=UA-152357-4&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~ HTTP/1.1

Accept: */*

Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google-analytics.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Pragma: no-cache

Expires: Wed, 19 Apr 2000 11:43:00 GMT

Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

Date: Thu, 04 Sep 2014 22:34:28 GMT

Server: Golfe2

Content-Length: 35

Age: 886265

Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate

Alternate-Protocol: 80:quic,p=0.002

GIF89a.............,...........D..;HTTP/1.1 200 OK..Pragma: no-cache..Expires: Wed, 19 Apr 2000 11:43:00 GMT..Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT..X-Content-Type-Options: nosniff..Content-Type: image/gif..Date: Thu, 04 Sep 2014 22:34:28 GMT..Server: Golfe2..Content-Length: 35..Age: 886265..Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate..Alternate-Protocol: 80:quic,p=0.002..GIF89a.............,...........D..;..

GET /tag/js/gpt.js HTTP/1.1

Accept: */*

Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.googletagservices.com

Connection: Keep-Alive

HTTP/1.1 200 OK

P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"

Content-Type: text/javascript; charset=UTF-8

ETag: 12398482878374649242

Date: Mon, 15 Sep 2014 04:00:47 GMT

Expires: Mon, 15 Sep 2014 05:00:47 GMT

X-Content-Type-Options: nosniff

Content-Disposition: attachment; filename="f.txt"

Content-Encoding: gzip

Server: cafe

Content-Length: 14914

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=3600

Age: 2685

Alternate-Protocol: 80:quic,p=0.002

...........}kw.:..........1i.....d.(P..r..<]..$ns.vZ....gF..........4.4..F...H...)....v~^.d;r/.l.....)...D.".n_..p....l.2V.........`.y...f.E.3....>...n..4cS.`GI.n...b.aye.7.D.m....}...'.l.e6..Y...a........D..?..pv...pU..[...CP..5]L.(.....8.......... .F......q..u.P.y.d7'.1 .....v.>...2.............bg..*m.....k...ZE.4......x..u.@@..j..*..E.....P... B.. 7.#DJ.J.....(.F..y.N..N.....;...f.q....ou...W.7[.....O.U......5. j.%C..i.B?...0.;..F..z.8If.M.c.P.......[4..y."!.I.....g.K........P.i:...l.wC]..q....Zj......U.....1*....{....Q3..i.g......e.U..g!...g...zG.F8%..4.#..Sq..Z..y.~..=.< }.p..z..1M>.>.,x6K|.).....Pw............j..Y...I.Y.FO.3..Sr;N_..6w...!......:|...z.'S...[.$"...{..{_.o.._...".s.]9..N.u..~....s.r.b..........Q^i...V....^0?..V..o.-..T..E.c...K...M..Nk....Cf[..-H...;W ...}..~7...sZ*).b[.Q["...Y...q.....c.w.9....>...}.y.=.....kfQ.8..N...v........E....'f.-.xZ..Lt..O..P.?..j.`eRU#....-....5...........d..1..#.'..A.Q...:..I4.3..yI......... .U.NU...{..a..n......0..p{b. Mm3."1.X..zz*.z9............]Xd.Q.._e....l6.G........\A.. .....,D(.m.....o.=..9q...7..i.._..y..Y4..n5.........v:..e...dw...b.T..f}..z.{.....[s6.X./...L..3Z..lb9.........a3.-@L.. /..(#....F|......Q~.A.d..#J.......}..e.......2u/.............s.......m.......S.@....&.(.....\.(p..'........<...<............k.@#.S.0.P.0...`~..-...G.u...S.P.S.P?.......(....R.(..>...z..k.:..H.-...#Ge..}..#%.t.Hk.@.,.`:eh...."|...E...F..|.[..F...p.....Ujj.0S. .J(..J.A...m.9......7...qb.0-`..Q9S..\.n.W.)........P.ln.f@...;...].-.2.a..oy....B..X..

<<< skipped >>>

GET /gpt/pubads_impl_49.js HTTP/1.1

Accept: */*

Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: partner.googleadservices.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/javascript

Last-Modified: Mon, 08 Sep 2014 11:09:31 GMT

Date: Wed, 10 Sep 2014 18:57:15 GMT

Expires: Thu, 10 Sep 2015 18:57:15 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 34135

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=31536000

Age: 380899

Alternate-Protocol: 80:quic,p=0.002

......n.....y..H.8..^E..'#..c.c@../..a.&......u....K...{.....d....wg.[}..U.u..b...tj;...|{....`....S..m....t.*.F..... ..o.]...J`e.....4...0..4........O......,..........mY.?,...-U"3m.....".9..y.m6..}>.N.......u. z...p...=.I.Z.} e..P.....&A<..5..8........Fq2....S.f..0.7.BGg.<.=.N..x..1...O.-Q.......39......dT.......*z...Z..,.......(...3..(u./w..(j.W,.5.RN.T.!r....Hi^..LT. .K.Vy....3.cF......U.bq.H....Y|.T.....S..s..Y..%...q.-...b.]X.-.}...k...s..bb;..?n9.......c..5..k.............>..i.A...%a.w........|..m:......g1....g.....<...;P..].b.O.w.j..4...\.-d.n..8..j...Z6cBV.fmBn|u^..q&ww..;..5T..&|.7o.PMy>....4....pw...........m]r.)...4.^..........b.......-..........Vo8...........p>.....e[X.j`f.K`..w.......6i.l...."en.N'..=?p.............JW..v..SX....a.7?V..|8.....S....0O.>...J{=d...F....N.......n....4.h6..5]\.2)..8Mt........y8.0.a.l......PD.,!.<....y.N(...k{.U.$.2..}..9...jO8...ob...Ob.:^dy:.t..0....A........o.......,.]..G..\.U6.....?.N:5.....Y....x6..).o,u...>.,h.fm.w.p.E..C..x.yqLw-....E s..]>.yp.Vs....0.8...x-s...u...~.f^`./...._............M..V....(....As.....f.{..9.>....Z.{.....5.b.......w..[....Q..Y.......@.K...V. ...........P..y..E.....g..I...../M.P3...@O.1~.V4....D..........?...^...N..z.........r....}..a......P..@(...=...7v.Y..D..d.N...c.. .Y%...lM....._..am[,.8...Y~<..#.&..../$..[l.].&..OVp4....y.v..?^..x..[&.t.e..<....9......J.g..D.8.q.*._.=Vq.0*.V..D./...f1..bd.bX.E8.b}..&3rVzw.\<....=..wq....1..E.....[.......L(.`pJ.)....c0.`......._.Ct.=?.~..s....{...J..........

<<< skipped >>>

GET /campaign/scrn/100000/100624/sd_100624_634cd.jpg HTTP/1.1

Accept: */*

Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: screenshots.en.sftcdn.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Tue, 11 Feb 2014 10:50:08 GMT

Cache-Control: max-age=172800

Content-Type: image/jpeg

Content-Length: 55463

Accept-Ranges: bytes

Date: Mon, 15 Sep 2014 04:45:32 GMT

Connection: keep-alive

Age: 0

X-Served-By: screenshots

X-Cache: HIT

X-Cache-Hits: 8007

Expires: Wed, 17 Sep 2014 04:45:32 GMT

......JFIF.....%.%.....C....................................................................C.........................................................................|..............................................p...........................!..1A...Qaq.."T.....2RSV..........$&'38Urw...#46BXfv....%(CDFHWb.....)5gsu..7G........................................c........................!..1.AQ..."aq2R......#ST......3BU.....$%&4Cbdst..56Dceru.....EVv....FW...............?........T.I$.e.QC.....&9.s...)K..a....uy.#G.GH...I$..#...wwb..T.....$.U*... ;.*"".wv8UEPY...*....k...7..2....~z..b..-...2].R..%.N....(.n'HT..L.....w.......q.....p..qF..Xh.\>...{.....0..i,!...qum..n.#0W..k?#<x.i...7...>..H.......h......4g.....8..P..........x..........)Z...fr......V.*H*S.....C..._;."..t....[.......Oxv.F.....u[..)5.v.kM.[.....V.5).....%..v..nVT..o'1.v.5..x.m.A.Egx#.....Yf{<H.f...\F.r.p%..d..X.W..txG..Y..]#.R\.0.bW.>.....>.....;....;...I.DY...Lx..6.....,/...u8..CZjCO....}..`..Htt.Q....]Ar[..\.P..x......uk. ".R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R......0...[Fh.Xh...B.&F......;..."..v..u...T ...............?.V.......]s[..z.W..v............X.m..0.pJ.E=.i........'.Q<.ym......h.W.X..mB.^......8.C..7.O.*Ij...{ k...Z7.....t8......n....`.E....)i8....d..HD...4u..c..8<..x....)......M...3.........e.....=...M*..-D.........q.v1...8E.t..c.$P...._p....^J...P..2.5Mf...%./.,..F..hu[[H...[U.....-.... ....vx....T(..s.H....*........I.....=..&..4..,h..$T.p...q...s.)..._>.. )...=..i...w

<<< skipped >>>

GET /campaign/scrn/100000/100624/sd_100624_634cd.jpg?v=0.26649063561436414 HTTP/1.1

Accept: */*

Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: screenshots.en.sftcdn.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Tue, 11 Feb 2014 10:50:08 GMT

Cache-Control: max-age=172800

Content-Type: image/jpeg

Content-Length: 55463

Accept-Ranges: bytes

Date: Mon, 15 Sep 2014 04:45:33 GMT

Connection: keep-alive

Age: 0

X-Served-By: screenshots

X-Cache: MISS

X-Cache-Hits: 0

Expires: Wed, 17 Sep 2014 04:45:33 GMT

......JFIF.....%.%.....C....................................................................C.........................................................................|..............................................p...........................!..1A...Qaq.."T.....2RSV..........$&'38Urw...#46BXfv....%(CDFHWb.....)5gsu..7G........................................c........................!..1.AQ..."aq2R......#ST......3BU.....$%&4Cbdst..56Dceru.....EVv....FW...............?........T.I$.e.QC.....&9.s...)K..a....uy.#G.GH...I$..#...wwb..T.....$.U*... ;.*"".wv8UEPY...*....k...7..2....~z..b..-...2].R..%.N....(.n'HT..L.....w.......q.....p..qF..Xh.\>...{.....0..i,!...qum..n.#0W..k?#<x.i...7...>..H.......h......4g.....8..P..........x..........)Z...fr......V.*H*S.....C..._;."..t....[.......Oxv.F.....u[..)5.v.kM.[.....V.5).....%..v..nVT..o'1.v.5..x.m.A.Egx#.....Yf{<H.f...\F.r.p%..d..X.W..txG..Y..]#.R\.0.bW.>.....>.....;....;...I.DY...Lx..6.....,/...u8..CZjCO....}..`..Htt.Q....]Ar[..\.P..x......uk. ".R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R......0...[Fh.Xh...B.&F......;..."..v..u...T ...............?.V.......]s[..z.W..v............X.m..0.pJ.E=.i........'.Q<.ym......h.W.X..mB.^......8.C..7.O.*Ij...{ k...Z7.....t8......n....`.E....)i8....d..HD...4u..c..8<..x....)......M...3.........e.....=...M*..-D.........q.v1...8E.t..c.$P...._p....^J...P..2.5Mf...%./.,..F..hu[[H...[U.....-.... ....vx....T(..s.H....*........I.....=..&..4..,h..$T.p...q...s.)..._>.. )...=..i...w

<<< skipped >>>

GET /safeframe/1-0-0/html/container.html HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: tpc.googlesyndication.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/html

Last-Modified: Tue, 14 Jan 2014 13:13:27 GMT

Date: Wed, 10 Sep 2014 22:12:06 GMT

Expires: Thu, 10 Sep 2015 22:12:06 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 1287

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=31536000

Age: 369208

Alternate-Protocol: 80:quic,p=0.002

......n....VyS.8...Oa<.G".....4.#C.Q.B.= Iw.[q\.;......>.N..;;.3MyO...]Vs...}{w}d..8..j....9.<...*R.....8.|,.v.(.¶.R....As..O.e..h.J.0..p..*J.B...4|P.(.4..Z6`...BMeb.....m..y.m..BU.!....a.].....E!W.lm..4.. ..j$.8....0...n.2..!I`Lh.l.....:@b.<S.I .WCb^M..&.So......w.u....szd........DaR.... .718.P...t;.......?.&....4..*.0.a.$.X.!.......A.O...[..5X.]..h..(0.9.y[.Q...4.B....v..I...*....a......M=MD:4.ZO.6.<.g.@/...G.z.....^.FI..=.4...7 ..N.R.h.a....arQ..L.!.N.:.-.P....B.D...=...n.a....e".`J....'\f.8N."s]j.(.%!9..@..`.<..<..v.`... g...Y....6.......C....h.......b.s_..G.......-....2..v6.#EL...je;....p.......d."...]U.e..b.s.R.[O.j.E...../.X..p.".......b.^/..R..w.....|.........V....@.=...,........l"..n._..,.......8............"...u....U. .._y.[.i..../T...C..GQ,...yYx.7...h...mL.;.#.zla.-..lw:n;.O..I9......ZC..q5..j&uN.rY...fO......7..;Y..e.......I...{.U..Y..}L..G...1..^....~..P..Sp~.....H/...f..w...).T.8...~s.X..w.X....*..Q5...l.$I.Q......8z...p....b.$.....D.4...p...og.A.$..uj.t.t.....u..ej...e.]....Sa.G.....A.;_.s.)A.5..i&....*.].9....."..(..C...n\.....M..j..V..h....3..e..z...n...]_..d.\;.kW..&"..D...h...T7I..R].u.....).t....e.........C.;.......=...]A!{o...l"..........H..*.o{..E..w..PD.......po.L#L5v....i.gUM....8.....5f..3^...U.l....-............... ......S.S.......Si.......

<<< skipped >>>

GET /__utm.gif?utmwv=5.4.6&utms=3&utmn=1651002142&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=http://unknown_browser_unknown_version&utmp=/init_startup&utmht=1410756305712&utmac=UA-152357-4&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~ HTTP/1.1

Accept: */*

Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google-analytics.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Pragma: no-cache

Expires: Wed, 19 Apr 2000 11:43:00 GMT

Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

Date: Thu, 04 Sep 2014 22:34:28 GMT

Server: Golfe2

Content-Length: 35

Age: 886265

Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate

Alternate-Protocol: 80:quic,p=0.002

GIF89a.............,...........D..;....

GET /__utm.gif?utmwv=5.4.6&utms=6&utmn=461011899&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=http://unknown_browser_unknown_version&utmp=/legal_timestamp&utmht=1410756305774&utmac=UA-152357-4&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~ HTTP/1.1

Accept: */*

Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google-analytics.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Pragma: no-cache

Expires: Wed, 19 Apr 2000 11:43:00 GMT

Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

Date: Thu, 04 Sep 2014 22:34:28 GMT

Server: Golfe2

Content-Length: 35

Age: 886265

Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate

Alternate-Protocol: 80:quic,p=0.002

GIF89a.............,...........D..;....

GET /__utm.gif?utmwv=5.4.6&utms=8&utmn=10372948&utmhn=sd.en.softonic.com&utmcs=utf-8&utmsr=1276x846&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Nero Burning ROM installation assistant&utmhid=247865455&utmr=http://unknown_browser_unknown_version&utmp=/C101362--load2&utmht=1410756305821&utmac=UA-152357-4&utmcc=__utma=30725629.770450565.1410756303.1410756303.1410756303.1;+__utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~ HTTP/1.1

Accept: */*

Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google-analytics.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Pragma: no-cache

Expires: Wed, 19 Apr 2000 11:43:00 GMT

Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

Date: Thu, 04 Sep 2014 22:34:28 GMT

Server: Golfe2

Content-Length: 35

Age: 886265

Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate

Alternate-Protocol: 80:quic,p=0.002

GIF89a.............,...........D..;HTTP/1.1 200 OK..Pragma: no-cache..Expires: Wed, 19 Apr 2000 11:43:00 GMT..Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT..X-Content-Type-Options: nosniff..Content-Type: image/gif..Date: Thu, 04 Sep 2014 22:34:28 GMT..Server: Golfe2..Content-Length: 35..Age: 886265..Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate..Alternate-Protocol: 80:quic,p=0.002..GIF89a.............,...........D..;..

GET /js/generated/306e0-e2646.js HTTP/1.1

Accept: */*

Referer: hXXp://sd.en.softonic.com/95323/universaldownloader-prefetch

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: static.sd-client.en.softonic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Mon, 15 Sep 2014 04:45:30 GMT

Server: Apache

Last-Modified: Tue, 09 Sep 2014 14:38:53 GMT

Accept-Ranges: bytes

Cache-Control: max-age=2592000

Expires: Wed, 15 Oct 2014 04:45:30 GMT

Vary: Accept-Encoding,User-Agent

Content-Encoding: gzip

Keep-Alive: timeout=3, max=10

Connection: Keep-Alive

Transfer-Encoding: chunked

Content-Type: text/javascript

1faa...............z.H.8..?O!a.U..Q.lk!..'Kr.......b..AH.D...-.9.y..`.Inl....jf...V.E .{FFFD...l-....t......{^s....l=[...I:i... ...$...>..........Co.o&..u.nv.I..b3.....}:....d..?....f.'...T..?z..K.i2........ .}<..M.~6..`:..._.qr....G......h..8....W.a.....t.9..|s2MG......T..K......<....t.O...xx1..G..8M..A....N.......t.S....B.&.....9.d....,......8..........~...M....8=O.....8...t<.B..c..Fqv.....,....No...:y(.>..x.s..I6.l.g}.F.BL.L.Y.O..i|......>.&....MR.qor.MF......-.C=....7'.s.Q..*...Q.&A.....\...<M........{.C..Y}.#..S/o...6........}.8.....fy2q2d..e.\w...v..e8....a...p6=..F.ZN...&...)..h..GU.R.>.O.a>1..c...GJN{%u..6.Q.f.]\N..-lE...u.{..x..RX..!....M.u.O/...'........O.....~>......v...4n...M.R.......Sk.**.b......i.z..W._....#2.....=S.?...i2.F..wYw.C.m.Z.Wk..r:.5...n0o.0......<..z.d.4....V.&V...]M.........v..2......o...G.1...k1.m8.........l:.S...~. .[.......?.....4...]../..G..8 mP......./..Fm....S.......w.8x.....(.....=@0Q.y... roc..R.`.... G.X.......P...C...,......[Ot..qz9.......1...'..H-.....1....%...^.....8_....".O.Gh......:t.'...r.kqbcz.MB...e..........i...(.T....k...a..xJ.w.>.M....3.B....s...6...(N...).r~A)?a.e<.x.....D.>P..#..B.......,..`..{..~.a.<.4..vO..9t"...Ex.m..>......}{v.P.T........)...L6....hk.o....o.`.".?.....~....`...Mj<..p.N....#Ch#.BD.....y.{.N......~._L/..p:<.....0...U<.}\5..E:5yR.)]..Y....W..fm....r....u..[..!P...S).{........V.A.A.......~...a.H......zi.I[.i.\..........T.... ............wa...vw....)1.....j'....B...@Y....x|A.o.....2]UAz.. ..Z

<<< skipped >>>

GET /css/generated/fad58-b3118.css HTTP/1.1

Accept: */*

Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: static.sd-client.en.softonic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Mon, 15 Sep 2014 04:45:32 GMT

Server: Apache

Last-Modified: Tue, 09 Sep 2014 14:38:53 GMT

Accept-Ranges: bytes

Cache-Control: max-age=2592000

Expires: Wed, 15 Oct 2014 04:45:32 GMT

Vary: Accept-Encoding,User-Agent

Content-Encoding: gzip

Content-Length: 5307

Keep-Alive: timeout=3, max=9

Connection: Keep-Alive

Content-Type: text/css

...........<i...q.. .y..= 5...6....b..:....ZdK..".$5o.........%....}.]...........H..v..s...o6...].....].'......hGZ..Iw...I..*2......_...~.E..U.K...........\.U..yxL..8<N..4<...<........sZd..0/.s.v.sG.J.:..U...s...;.]&F\N.9..:..$....>.yI.#...n.,......z.U..6J.. uK...F...$.......?.....t.P. ...m.........Q.V...}.$~".e_.].v/.].ly...'..8....r..E..CKzUp......"?.......?.'....8~.C..zG..i....;.\R6.......d.kB.6U.r..X..-.K..l._.QdM...D/...6....*=...T....x........-.oFo6.6.....x.g.wUw.|..|..y..>.YF....,/9N.......{......81..n.......GUY.l..p$....q.LxL.........H.]Ge....8k.C..,X..cX{. F'.T..B.I.M[5......0.Z.y.....D.}Q=;dl..Lz...]{nH.~....*h..........!H#.e..1...*......m......../..MN..%e......!..o.L.k.......y).A2.B.3.Y..... ...8N....qA2a?.@.I.......S..Z%.J.w._....W.4.."8.@..1..SRH-pb.W....S......2]*..r.=....R........;.................],.m.....~tj.....3.........g..lA.K..L........."7.pj}.{.;....0C...<..... .N[.9.'..E..G.LR..2.......5......Mu....)~..}.L&..3.....i..C..e.....<..}.-..h1../...5%].D.~.O7.=.-$..Pr..~...@.........nN.._%C..]..-..6..`.\..d...0.H.....wt. ...A...[.........d..3.......te..n!..%.de.f3.3Og...~i.Y.,...........z../......x....K}......|....>l....O....[f.......C.&7t...MPL1.c%4.....q.I..E...5Isp]lX......6..N......-Y........0.o.H....S.(@7..D..1f<S'-e..n...,*.m[J......#ce.6.....f...>........H.oQ^f.3.^J...ZW.`y..d..%...q.A.A......q..<....0!...F..1gD0..".5..p..RR.`....5_.Fr\.B0.. iJ.N...l....#...:G....,5cb....z..k.](..m\L. .`'.......kc.xlT,#...."g.ki..3F....9.5../}.4.H.j.$0W...#.g\.*.=.....

<<< skipped >>>

GET /shared/img/sd_client/gradientbg.png HTTP/1.1

Accept: */*

Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: static.sd-client.en.softonic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Mon, 15 Sep 2014 04:45:32 GMT

Server: Apache

Last-Modified: Thu, 27 Mar 2014 08:15:57 GMT

Accept-Ranges: bytes

Content-Length: 2958

Cache-Control: max-age=172800

Expires: Wed, 17 Sep 2014 04:45:32 GMT

Keep-Alive: timeout=3, max=8

Connection: Keep-Alive

Content-Type: image/png

.PNG........IHDR...)...........\.....tEXtSoftware.Adobe ImageReadyq.e<....PLTE............................................................................................................................................................O *E...4tRNS....................................................KW"e...HIDATx....v.9..Q{.%y......I.3.\...m..`..u.s1.s.D...Q,. ..`(..S....O.....SJ........8...=.LR.[.&......:.eJY..oI:./...$..BJ.#KS.sH2..%.{F..='..?HR./..6.X......)./R.. ..6.....F..g.[.I.<.l..2$...42.....S.....>..........h2..f..3.........<...X&r....T..gg.-...t.....em<b.V&.g.c....6E,.-..qF6. ...o.Q.$S...(./y...DD..w..:iQ .c....3.&.TcCT.t,UE.E..HP.R.s.......V.`...%...'6.`...g..UIf(..K....uF2..r......T.!..]fLWF..\lU$....=c:2#.`....<...E". .".. qU.7P.[..c.}.J.q.N.*..:g)%...!.. ..,.@x..0.m.8.........A..,9.:l....c....<...G.8...O......?.....5..'}.....TB..#.... Uxq..\..Y....1.P ..P.........Cda...g.....V'....G.:..uW..2.X......a2!.....L..2...mb...f:.i. z........S...u)d8dC.R..q.`..N.^.~.q.......].....U.....%..p1&..b5..K..q..h...D......0...b..?M`...ak..2}J.7....l..<........7\...g!.Jf.0k.......){.-[.f...M.. ..`.hY}..]....Z...z`.J.eb.........Vl..s...p.Zi.*..kd~..Q...l.@......(l.v.L%:..|.c....,..Tg.....I..7[.-#,.....j#...B.`..b.m`..[....g..<Gs......".5c.R.4QC.5.]...X......@.S..I...T.h.6.9MD....w.Xb..N....%0.m./....z{{~.y...........gz.zz.........??{..g~....D...............z._.......k.}...^?v..w.O..........t.x...~..x..}.......................................=..m...]Ew7...._....j_.j.....~.&....\7....~.....Pw..

<<< skipped >>>

GET /shared/img/sd_client/loading.gif HTTP/1.1

Accept: */*

Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: static.sd-client.en.softonic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Mon, 15 Sep 2014 04:45:32 GMT

Server: Apache

Last-Modified: Thu, 27 Mar 2014 08:15:57 GMT

Accept-Ranges: bytes

Content-Length: 1553

Cache-Control: max-age=172800

Expires: Wed, 17 Sep 2014 04:45:32 GMT

Keep-Alive: timeout=3, max=7

Connection: Keep-Alive

Content-Type: image/gif

GIF89a........................................................................................................................................................................................................................................................................................................................................~..}..|..z..y..x..t..v..s..r..q..p..m..o..l..k..j..............!..NETSCAPE2.0.....!.....|.,............|..;\r....bvwz.....-lqK'......|.[p9.....4lE.....Nj#.....^g.....[c.....G_......[8..!..IV*..'..|#OP1......).. @JGB=93)...$3<9 ......!.....|.,..........y.|.|4RhjW:...)Vilortvd1.&]eA..&Lwt.N`..|<.-[;...|AX....NU....JQ....8M.....%I.....|8C ......<=%.........173/*&!....% '.....!.....|.,..........w.|.|-EY[L3..!GX[_cgjZ..LS6.Cmj..?M)..6r`."I0..Iu:3E...&xZ<A...zr9=.. 8....5!....*0....... *..........!$!................!.....|.,..........w.|.|$9IM@,...8GJOSWZM&..;A..:_]).1<...0dU|.7$..Aj4&3..mR,0..pi(...qk.)..&uX.$..Mw;|....{g.|.......|2....................!.....|.,..........z.|.|.(591#...'258=AE<...)-....-KI ..)...&PE|."...5W,......ZD...._X....c[....fL....Dk4|....9o\......'Jsl......zxa.....[;....!.....|.,..........x.|.|..$'#......"&*.2-......... 77.......=5|.....(C#......G6....LG....QJ...|U?....:Z,|...1_M.N'|.Be]&.fyxtrokV)..;YljS....!.....|.,..........w.|.|...........................$%........*&|......0......3)..95..=9[z...B1<wL./G#.ct8.)M>./mrF.7TL...]nkfc_ZH!.5O_[G....!.....|.,..........v.|.|........|.........1.......gz.|...|;wM.|...Xv'..!.lt..&"jr.|*'So../#5lD.#3.|

<<< skipped >>>

GET /nr-412.min.js HTTP/1.1

Accept: */*

Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: js-agent.newrelic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

x-amz-id-2: mZ38p9x7 6lET9fvdRu0yyqIpAaPEpXVmuG8N1V8Kum5cfiLfrPa0FHBT0k8TO h

x-amz-request-id: 8BF027566AAC8475

Cache-Control: public, max-age=315360000

Expires: Thu, 31 Dec 2037 23:55:55 GMT

Last-Modified: Fri, 09 May 2014 18:03:22 GMT

ETag: "e9277060b8e4dfb70120dcdefe5b54d7"

Content-Type: application/javascript

Server: AmazonS3

Content-Length: 14848

Accept-Ranges: bytes

Date: Mon, 15 Sep 2014 04:45:34 GMT

Via: 1.1 varnish

Age: 2329736

Connection: keep-alive

X-Served-By: cache-dfw1830-DFW

X-Cache: HIT

X-Cache-Hits: 112129

X-Timer: S1410756334.153525591,VS0,VE0

Vary: Accept-Encoding

!function(n,e,t){function r(t,i){if(!e[t]){if(!n[t]){var u="function"==typeof __nr_require&&__nr_require;if(!i&&u)return u(t,!0);if(o)return o(t,!0);throw new Error("Cannot find module '" t "'")}var a=e[t]={exports:{}};n[t][0].call(a.exports,function(e){var o=n[t][1][e];return r(o?o:e)},a,a.exports)}return e[t].exports}for(var o="function"==typeof __nr_require&&__nr_require,i=0;i<t.length;i )r(t[i]);return r}({1:[function(n,e){e.exports=function(n,e){return"addEventListener"in window?addEventListener(n,e,!1):"attachEvent"in window?attachEvent("on" n,e):void 0}},{}],2:[function(n,e){function t(n,e,t,o){l[n]||(l[n]={});var i=l[n][e];return i||(l[n][e]=i={params:t||{}}),i.metrics=r(o,i.metrics),i}function r(n,e){return e||(e={count:0}),e.count =1,f(n,function(n,t){e[n]=o(t,e[n])}),e}function o(n,e){return e?(e&&!e.c&&(e={t:e.t,min:e.t,max:e.t,sos:e.t*e.t,c:1}),e.c =1,e.t =n,e.sos =n*n,n>e.max&&(e.max=n),n<e.min&&(e.min=n),e):{t:n}}function i(n,e){return e?l[n]&&l[n][e]:l[n]}function u(n){for(var e,t={},r="",o=0;o<n.length;o )r=n[o],t[r]=a(l[r]),t[r].length&&(e=!0),delete l[r];return e?t:null}function a(n){return"object"!=typeof n?[]:f(n,function(n,e){return e})}function c(n,e){"undefined"==typeof e&&(e=(new Date).getTime()),d[n]=e}function s(n,e,r){var o=d[e],i=d[r];"undefined"!=typeof o&&"undefined"!=typeof i&&t("measures",n,{value:i-o})}var f=n(1),l={},d={};e.exports={store:t,take:u,get:i,mark:c,measure:s}},{1:20}],3:[function(n,e){function t(n){return c[n]}function r(n){return null===n||void 0===n

<<< skipped >>>

GET /blank.gif?product=st_activity&event=prefetch:campaigns:selected&id_session=D6DD384A-6EFA-43B2-8367-CD9C5B30666At1410756303f95323&id_campaign=100624&id_campaign=101362&ts=1410756304118 HTTP/1.1

Accept: */*

Referer: hXXp://sd.en.softonic.com/95323/universaldownloader-prefetch

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softonic-analytics.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Mon, 15 Sep 2014 04:45:31 GMT

Server: Apache

Set-Cookie: softonic_analytics-admin=deleted; expires=Sun, 15-Sep-2013 04:45:30 GMT; path=/; domain=softonic-analytics.net

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-control: max-age=0, must-revalidate

Pragma: no-cache

Content-Length: 35

Connection: close

Content-Type: image/gif

GIF89a.............,...........D..;..

POST /universaldownloader-track HTTP/1.1

md5_hash: 500738f5bf501b0815474b8e33b325c3

Accept-Language: en-us

Referer: hXXp://sd.en.softonic.com/95323/universaldownloader-prefetch

Accept: application/json, text/javascript, */*; q=0.01

Content-Type: application/x-www-form-urlencoded; charset=UTF-8

x-requested-with: XMLHttpRequest

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: sd.en.softonic.com

Content-Length: 18483

Connection: Keep-Alive

Cache-Control: no-cache

Cookie: __utma=30725629.770450565.1410756303.1410756303.1410756303.1; __utmb=30725629.1.10.1410756303; __utmc=30725629; __utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); UACR_95323=false; UACA_95323=false; _FCen=100516||.100623||.100509||.101361||.101362|1|1410756303.100624|1|1410756303; UD1_POSITION_95323=

id_session=D6DD384A-6EFA-43B2-8367-CD9C5B30666At1410756303f95323&id_machine=a8a67a25000000000000000c298a8b37&id_user=D6DD384A-6EFA-43B2-8367-CD9C5B30666A&id_file=95323&id_section=643&id_main_section=616&ab_test=&api_version=1.40.2&timestamp=1410756303&download_browser=unknown_browser&download_browser_version=unknown_version&client_timezone=3&test_track=false&flavour=&av_installed=&step=prefetch_events&events=[["special_conditions_evaluation",[{"campaign_id":"100516","campaign_priority":1164,"campaign_reranked_priority":null,"special_condi

HTTP/1.1 200 OK

Date: Mon, 15 Sep 2014 04:45:31 GMT

Server: Apache

Set-Cookie: sd_client_en-admin=deleted; expires=Sun, 15-Sep-2013 04:45:30 GMT; path=/; domain=sd.en.softonic.com

Vary: Accept-Encoding,User-Agent

Content-Encoding: gzip

Content-Length: 35

Keep-Alive: timeout=3, max=10

Connection: Keep-Alive

Content-Type: application/json; charset=utf-8

...........V*.I,)-V.R..V.....l.........

GET /95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303 HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: sd.en.softonic.com

Connection: Keep-Alive

Cookie: __utma=30725629.770450565.1410756303.1410756303.1410756303.1; __utmb=30725629.1.10.1410756303; __utmc=30725629; __utmz=30725629.1410756303.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); UACR_95323=false; UACA_95323=false; _FCen=100516||.100623||.100509||.101361||.101362|1|1410756303.100624|1|1410756303; UD1_POSITION_95323=

HTTP/1.1 200 OK

Date: Mon, 15 Sep 2014 04:45:31 GMT

Server: Apache

Set-Cookie: sd_client_en-admin=deleted; expires=Sun, 15-Sep-2013 04:45:31 GMT; path=/; domain=sd.en.softonic.com

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-control: max-age=0, must-revalidate

Pragma: no-cache

Vary: Accept-Encoding,User-Agent

Content-Encoding: gzip

Content-Length: 16495

Keep-Alive: timeout=3, max=9

Connection: Keep-Alive

Content-Type: text/html; charset=utf-8

...........}.r.......0..D^.;.Q.|...%Y.%...`.@....0.Q....7&b......O..LfV..n...}....},..% ....z.b......]...l..l.`.[Q...ym.T.9.Q>.==<P*..r..N`....v..{.*j?..F.4....Z..{....-.U...g!L.,...n<.E...l'hNi.....k...;......7.....^..nn.....B%.y....6,].7:..n...c..........9...........o....z..[.2.....}...............T..g...........Y..9..3.jLs.w.Y.s.dus/..s....}.m......\?..w...!..(_....snQ|..f..J. ...r.ga.c..k.......5... v%_....lRm6.qnWI.$/....w]?.{/.......^._w_.......|..}....Hc#...;. .A$.M.M.".........~.,kA.....8.!.G.....G..EtY.=.....IB....O `..u.M........(..n.....5..:...c ;..L..y.:._c. l8......VM.45L...YZ.....].:*4 .?.2.W....O...3...^?..5..b......F?g..P....-..w....=..Z...k/.q.3....0...k]. .[...t.......o..$h..... .X..=....TeI. t}eh.}.q..4.. ..D....F..7..vvr.d..m9.....%... .:.KN5.......6S...Gn9.T.sKy.&!..C..7....A....|..t@..83P.y-[..$./:nh.l..9.H....C....... ..k.r.ca!..*y-.U.........XA..},..[X.s......oA?.... \X.>.=..].../.....z..P..[0:P.N...C5.5... .^6 y.....#..|^.HHxp.a....lE..o.E...B.Q.....-.@...@.Hw.O..t......t...i].5jZ...-5*.r.R.8.4......X.874.7k?.[...].-..A.r.m.@Q......l.....KM-. D.|..V.Z=....r....&.......,.#=.D..E....b..)...4].D{..t[...|.:P.c~8.M.._.[M.L1.~..c#......,.[..?.Q..3...........2.......U=..........,8..[..|.{}..e....>hYf..Gk"....Xm.ec...n.9.......n....l4....pc....5r.r..;.1..W.35.u..N...UA....T. 0.....$.W.y.i"/.M..r~..}N.M..vb.....h..8..i.:.V8.. ......]@..pl.......5A...D.../.S..Q..(A.[N/E?@%.<.\{...h.n.....kI...(t&Q.p..F0.|.G.y...i0`..Z.1 ..........`.F.<s..;7...X.r.Y./].9.u|..G.i..`..K.v.....p.

<<< skipped >>>

GET /pagead/show_companion_ad.js HTTP/1.1

Accept: */*

Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pagead2.googlesyndication.com

Connection: Keep-Alive

HTTP/1.1 200 OK

P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"

Content-Type: text/javascript; charset=UTF-8

ETag: 12091451992921066871

Date: Mon, 15 Sep 2014 04:03:23 GMT

Expires: Mon, 15 Sep 2014 05:03:23 GMT

X-Content-Type-Options: nosniff

Content-Disposition: attachment; filename="f.txt"

Content-Encoding: gzip

Server: cafe

Content-Length: 46029

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=3600

Age: 2531

Alternate-Protocol: 80:quic,p=0.002

............i[...0.._..sIw,......_..@..0....G.....fH.....4.zpV.>...n..pK*.R.&..x6......~.z...;...v..x..5....p.v...k .....i..g...s.j2....Q5,'p.....]....e.^...}...I.<}|.C..u.....x411.:^u........b..~<5-..V.......Ex..6.....)..|.|....9..L..j7.....7.".R.......c..w..-{Pj.-......q4..=........S.u}........&.kN&....1<..N.....@.........'.....NG...?.V.o0...........ptw.-.dm.m.0j.B-.d.....M $.......(....XISq..hQ*.t.M...I...&.?.........VqpTk....nA{K..../5..J.$...G.$Z.....8..MU@..2.p.-.O...9..lC1...z.9gQ.B.4'...aJ.%.h.........Zc...M.....Y......j.....A..a..n......Y......U}X...ta......W.....Y..dt...L......Q.........m.%.N...Y......r..(....fC.|.k..U........Z.`...YR...]..K...ruu....HT.......O`...i.6Z.F!..F..{r...........s...../.v..x..].:.%.....(..>..w....Qu8.{|,.m...L..i.H....].........,.g.Z.....~.~..g.m>"..F.zL5...2...... ...H.w)`1.......F\.Wr......W..s:.&I.v0..).Z.'....X........A.N.9....*.`.%.z.P..z...........W.Q.-h.....c....Y....=w.o...n..rY...._.ln...Em..U.j<Yg.|]...No.z.M..9L....R.........F.Z.0X.b...PB!.......6..K?......g........V .&M....%.k0...=.H'...Z}......../.F.` u..-.. ...c......G. .;.u...&.n5.....`.^W....=.. #c..1...k...'....x.....a....e..........L#.&..FY.(...vi.$..<@V.._\&..^.......w..};/Yj..4....1c...;....1n0..N0...:....Q&./.... =...j.ET.-..'w.\...G...........Zy...t......p..<.S.i.X.y.....aL...../.k.B.t.,y\.ut..f.f..~w...~_..)......>..3..b..........xz..>.-...7.p...7.-.4>".h...............co.....a....0...9..7.j0..ll."..4...a...lCi.S.._<VlU..=.....\i]b....b5.y....Y.....U......d..qh.a.

<<< skipped >>>

GET /1/cc92a7d66e?a=2337116&ap=152&fe=1453&dc=719&v=412.920d26d&to=NQcAZUJXXUdWAEZdVwxNN0NZGVtAUwxRRxcLDAZUSBhDXEc=&f=["err"]&jsonp=NREUM.setToken HTTP/1.1

Accept: */*

Referer: hXXp://sd.en.softonic.com/95323/universaldownloader/campaign-100624,101362?sd_timestamp=1410756303

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: beacon-6.newrelic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Set-Cookie: JSESSIONID=8696c82a9fa52f0;Path=/

Expires: Thu, 01 Jan 1970 00:00:00 GMT

Content-Type: text/javascript;charset=ISO-8859-1

Content-Length: 20

NREUM.setToken(null)HTTP/1.1 200 OK..Set-Cookie: JSESSIONID=8696c82a9fa52f0;Path=/..Expires: Thu, 01 Jan 1970 00:00:00 GMT..Content-Type: text/javascript;charset=ISO-8859-1..Content-Length: 20..NREUM.setToken(null)..

GET /universaldownloader-prefetch HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: nero-burning-rom.sd.en.softonic.com

Connection: Keep-Alive

HTTP/1.1 301 Moved Permanently

Date: Mon, 15 Sep 2014 04:45:26 GMT

Server: Apache

Set-Cookie: sd_client_en-admin=deleted; expires=Sun, 15-Sep-2013 04:45:25 GMT; path=/; domain=sd.en.softonic.com

Location: hXXp://sd.en.softonic.com/95323/universaldownloader-prefetch

Vary: Accept-Encoding,User-Agent

Content-Encoding: gzip

Content-Length: 20

Keep-Alive: timeout=3, max=10

Connection: Keep-Alive

Content-Type: text/html; charset=utf-8

....................HTTP/1.1 301 Moved Permanently..Date: Mon, 15 Sep 2014 04:45:26 GMT..Server: Apache..Set-Cookie: sd_client_en-admin=deleted; expires=Sun, 15-Sep-2013 04:45:25 GMT; path=/; domain=sd.en.softonic.com..Location: hXXp://sd.en.softonic.com/95323/universaldownloader-prefetch..Vary: Accept-Encoding,User-Agent..Content-Encoding: gzip..Content-Length: 20..Keep-Alive: timeout=3, max=10..Connection: Keep-Alive..Content-Type: text/html; charset=utf-8........................

Map

The Trojan connects to the servers at the folowing location(s):

Strings from Dumps

%original file name%.exe_320:

`.rsrc

`.rsrc

j;j.htzR

j;j.htzR

j;j.hD}R

j;j.hD}R

G><.tn>

G><.tn>

II I!"II#$IIII%&'III(I)*I III,-.II/0123IIII4I5IIIIIII6IIIIII789:;II?@ABCDEFIIIIGIIIIH

II I!"II#$IIII%&'III(I)*I III,-.II/0123IIII4I5IIIIIII6IIIIII789:;II?@ABCDEFIIIIGIIIIH

88888888888888888

88888888888888888

%u$Vj%

%u$Vj%

t.Gj:W

t.Gj:W

.tMHtJH

.tMHtJH

xSSSh

xSSSh

FTPjKS

FTPjKS

FtPj;S

FtPj;S

C.PjRV

C.PjRV

j;j.hh

j;j.hh

hTCP

hTCP

%s:%d

%s:%d

WARNING: failed to save cookies in %s

WARNING: failed to save cookies in %s

About to connect() to %s%s port %d (#%d)

About to connect() to %s%s port %d (#%d)

Connected to %s (%s) port %d (#%d)

Connected to %s (%s) port %d (#%d)

malformed

malformed

:]://%[^

:]://%[^