Gen.Variant.Zusy.117723_0a76841078

by malwarelabrobot on January 6th, 2015 in Malware Descriptions.

not-a-virus:AdWare.Win32.iBryte.hpkn (Kaspersky), Gen:Variant.Zusy.117723 (B) (Emsisoft), Gen:Variant.Zusy.117723 (AdAware), mzpefinder_pcap_file.YR (Lavasoft MAS)
Behaviour: Adware


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 0a7684107809fe6eb41cf9c1fe9b60a6
SHA1: 558ffb2f0d6fe4248dbef16dbe1cd06e458cc4a0
SHA256: 06ca252dd87f1e4197bdaead5a206f87875d717025c45ea3c1705ab53d60f96e
SSDeep: 6144:zAmwX8q6kcq1hh5FKE1zlstCvs/YjZVrzhA/1OnqWW:smwX6i1eEbs0EQjbhA/1cPW
Size: 353792 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2014-12-17 12:00:43
Analyzed on: Windows7Ada SP1 64-bit


Summary:

Adware. Delivers advertising content in a manner or context that may be unexpected and unwanted by users. Many adware applications also perform tracking functions. Users may want to remove adware if they object to such tracking, do not wish to see the advertising caused by the program or are frustrated by its effects on system performance.

Payload

No specific payload has been found.

Process activity

The PUP creates the following process(es):

TPAutoConnSvc.exe:1776
GoogleUpdate.exe:3408
GoogleUpdate.exe:504
GoogleUpdate.exe:3520
%original file name%.exe:2788
setup.exe:3884
taskeng.exe:3828
39.0.2171.95_chrome_installer.exe:1224

The PUP injects its code into the following process(es):
No processes have been created.

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process GoogleUpdate.exe:504 makes changes in the file system.
The PUP creates and/or writes to the following file(s):

%Program Files% (x86)\Google\Update\Install\{54856654-45A7-4A13-A3EE-10C12C925DCD}\39.0.2171.95_chrome_installer.exe (327230 bytes)
%Program Files% (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\39.0.2171.95\39.0.2171.95_chrome_installer.exe (309253 bytes)

The process setup.exe:3884 makes changes in the file system.
The PUP creates and/or writes to the following file(s):

%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\de.pak (481 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\hi.pak (1137 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\sl.pak (515 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\hr.pak (523 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\th.pak (1121 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\id.pak (505 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\am.pak (769 bytes)
%Program Files% (x86)\Google\Chrome\Application\35.0.1916.114\default_apps (4 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\chrome.exe (1716 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\lv.pak (562 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\bn.pak (1176 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\default_apps\docs.crx (12 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\it.pak (546 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\ca.pak (562 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\ar.pak (742 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Extensions\external_extensions.json (103 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\default_apps\gmail.crx (48 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\metro_driver.dll (1022 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\chrome_100_percent.pak (50 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\en-US.pak (466 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\tr.pak (554 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\xinput1_3.dll (162 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\en-GB.pak (466 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\te.pak (1242 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\fr.pak (596 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\fi.pak (528 bytes)
%Program Files% (x86)\Google\Chrome\Application\35.0.1916.114\Locales (8 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\libglesv2.dll (50 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\kn.pak (1273 bytes)
%Program Files% (x86)\Google\Chrome\Application\chrome.exe (20458 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\d3dcompiler_46.dll (52 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\ro.pak (570 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\chrome.7z (268785 bytes)
%Program Files% (x86)\Google\Chrome\Temp (4 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\ko.pak (568 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\chrome_elf.dll (268 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\VisualElementsManifest.xml (400 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\VisualElements\logo.png (7 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\wow_helper.exe (146 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\hu.pak (587 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\PepperFlash\pepflashplayer.dll (63 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\uk.pak (872 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin (4 bytes)
%Program Files% (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe (22234 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\vi.pak (637 bytes)
C:\Windows\Temp\chrome_installer.log (7903 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\sv.pak (514 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\zh-TW.pak (457 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\gu.pak (1104 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\ms.pak (421 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\nacl64.exe (50 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\widevinecdmadapter.dll (293 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\es.pak (571 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\default_apps\external_extensions.json (5 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\zh-CN.pak (456 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\ru.pak (873 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\VisualElements\splash-620x300.png (22 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\chrome_200_percent.pak (50 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\resources.pak (64 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\libexif.dll (621 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\default_apps\drive.crx (53 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\nb.pak (506 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\sk.pak (579 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\PepperFlash\manifest.json (6 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\sw.pak (471 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\nacl_irt_x86_32.nexe (51 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\default_apps\youtube.crx (47 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\nacl_irt_x86_64.nexe (52 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\es-419.pak (561 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\chrome_child.dll (32644 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\bg.pak (922 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\pt-PT.pak (553 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\39.0.2171.95.manifest (226 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\icudtl.dat (59 bytes)
%Program Files% (x86)\Google\Chrome\Application\39.0.2171.95\Installer\setup.exe (22234 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\fil.pak (570 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\da.pak (506 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\ja.pak (670 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\libpeerconnection.dll (51 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\lt.pak (552 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\chrome.dll (29434 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\default_apps\search.crx (54 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\et.pak (490 bytes)
C:\Users\Public\Desktop\Google Chrome.lnk (6 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\secondarytile.png (641 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk (6 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\he.pak (643 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\ml.pak (1457 bytes)
%Program Files% (x86)\Google\Chrome\Application\35.0.1916.114\VisualElements (4 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\VisualElements\smalllogo.png (21 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\cs.pak (560 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\mr.pak (1126 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\nl.pak (544 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\el.pak (1011 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\ta.pak (1333 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\libegl.dll (423 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\sr.pak (847 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\ffmpegsumo.dll (50 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\pdf.dll (58 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\pt-BR.pak (544 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\fa.pak (793 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\delegate_execute.exe (51 bytes)
%Program Files% (x86)\Google\Chrome\Application\35.0.1916.114 (8 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\pl.pak (553 bytes)

The process 39.0.2171.95_chrome_installer.exe:1224 makes changes in the file system.
The PUP creates and/or writes to the following file(s):

C:\Windows\Temp\CR_BD330.tmp\SETUP.EX_ (375 bytes)
C:\Windows\Temp\CR_BD330.tmp\setup.exe (17361 bytes)
C:\Windows\Temp\CR_BD330.tmp\CHROME.PACKED.7Z (43831 bytes)

Registry activity

The process TPAutoConnSvc.exe:1776 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\ThinPrint\TPPrnUI\NPI456AB0 (HP LaserJet Professional M1212nf MFP)#:1]
"TrayData" = "2,Tray 3, 3,Tray 2, 1,Tray 1, 4,Manual Feed, 7,Auto Select"
"FormData" = "1,2159,2794,Letter¶40,40,2086,2712, 5,2159,3556,Legal¶40,40,2086,3474, 9,2100,2970,A4¶39,39,2032,2890, 7,1842,2667,Executive¶40,40,1761,2585, 258,2159,3302,8.5 x 13 (custom)¶40,40,2086,3220, 11,1480,2100,A5¶39,39,1408,2020, 70,1050,1480,A6¶39,39,975,1399, 13,1820,2570,B5 (JIS)¶39,39,1747,2490, 264,1950,2700,16K 195x270¶39,39,1882,2620, 263,1840,2600,16K 184x260¶39,39,1761,2520, 257,1970,2730,16K 197x273¶39,39,1896,2650, 43,1000,1480,Japanese Postcard¶39,39,921,1399, 82,1480,2000,Double Japan Postcard Rotated¶39,39,1408,1919, 20,1046,2413,Envelope #10¶40,40,975,2331, 37,983,1905,Envelope Monarch¶40,40,907,1823, 34,1760,2500,Envelope B5¶39,39,1693,2420, 28,1620,2290,Envelope C5¶39,39,1544,2209, 27,1100,2200,Envelope DL¶39,39,1029,2120"
"DelAfterCreate" = "1"

[HKU\.DEFAULT\Printers\DevModes2]
"NPI456AB0 (HP LaserJet Professional M1212nf MFP)#:1" = "4E 00 50 00 49 00 34 00 35 00 36 00 41 00 42 00"

The PUP deletes the following registry key(s):

[HKLM\SOFTWARE\ThinPrint\TPPrnUI\NPI456AB0 (HP LaserJet Professional M1212nf MFP)#:1]

The process GoogleUpdate.exe:3408 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:

[HKCU\Software\Classes\Local Settings\MuiCache\2A\52C64B7E]
"LanguageList" = "en-US, en"

[HKCU\Software\Google\Update\proxy]
"source" = "IEWPAD"

The PUP deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"uid"
"old-uid"

The process GoogleUpdate.exe:504 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"ActivePingDayStartSec" = "1420444777"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\CurrentState]
"DownloadProgressPercent" = "0"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{FDA71E6F-AC4C-4A00-8B70-9958A68906BF}]
"DayOfLastRollCall" = "2926"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"LastCheckSuccess" = "1420475495"
"DayOfLastRollCall" = "2926"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState]
"StateValue" = "16"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{FDA71E6F-AC4C-4A00-8B70-9958A68906BF}]
"RollCallDayStartSec" = "1420444777"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"LastCheckSuccess" = "1420475546"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"RollCallDayStartSec" = "1420444777"

[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"LastChecked" = "1420475495"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"pv" = "35.0.1916.153"

[HKCU\Software\Classes\Local Settings\MuiCache\2A\52C64B7E]
"LanguageList" = "en-US, en"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\CurrentState]
"InstallTimeRemainingMs" = "4294967295"

[HKCU\Software\Google\Update\proxy]
"source" = "IEWPAD"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{FDA71E6F-AC4C-4A00-8B70-9958A68906BF}]
"pv" = "35.0.1916.153"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\CurrentState]
"DownloadTimeRemainingMs" = "4294967295"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"DayOfLastActivity" = "2926"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"LastInstallerResult" = "0"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"RollCallDayStartSec" = "1420444777"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"UpdateTime" = "1420475546"

[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"LastInstallerResult" = "0"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\CurrentState]
"InstallProgressPercent" = "4294967295"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"pv" = "1.3.25.11"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"RollCallDayStartSec" = "1420444777"

[HKCU\Software\Classes\Local Settings\MuiCache\2A\52C64B7E\@%SystemRoot%\system32]
"dnsapi.dll,-103" = "Domain Name System (DNS) Server Trust"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"ActivePingDayStartSec" = "1420444777"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"LastInstallerError" = "2"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "0"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"LastCheckSuccess" = "1420475495"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{FDA71E6F-AC4C-4A00-8B70-9958A68906BF}\CurrentState]
"StateValue" = "17"

[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"LastInstallerError" = "2"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"UpdateAvailableCount" = "1"
"DayOfLastActivity" = "2926"
"DayOfLastRollCall" = "2926"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}\CurrentState]
"StateValue" = "3"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"DayOfLastRollCall" = "2926"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "0"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"pv" = "35.0.1916.153"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\CurrentState]
"StateValue" = "4"

[HKCU\Software\Classes\Local Settings\MuiCache\2A\52C64B7E\@%SystemRoot%\system32]
"p2pcollab.dll,-8042" = "Peer to Peer Trust"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"UpdateAvailableSince" = "Type: REG_QWORD, Length: 8"

The PUP deletes the following registry key(s):

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState]
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{FDA71E6F-AC4C-4A00-8B70-9958A68906BF}\CurrentState]
[HKCU\Software\Classes\Local Settings\MuiCache\29]
[HKCU\Software\Classes\Local Settings\MuiCache\29\52C64B7E]
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}\CurrentState]
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\CurrentState]

The PUP deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"UpdateAvailableSince"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"LastInstallerSuccessLaunchCmdLine"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"LastInstallerSuccessLaunchCmdLine"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"LastInstallerExtraCode1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"UpdateAvailableCount"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"LastInstallerExtraCode1"
"LastInstallerResult"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"UpdateAvailableSince"

[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"old-uid"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"InstallerError"
"LastInstallerResult"

[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"uid"
"LastInstallerResultUIString"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"iid"
"LastInstallerResultUIString"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"LastInstallerError"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"UpdateAvailableCount"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"UpdateAvailableSince"

[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"LastInstallerError"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"UpdateAvailableCount"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"tttoken"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"dr"
"tttoken"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"tttoken"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"InstallerResult"

The process GoogleUpdate.exe:3520 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"IsMSIHelperRegistered" = "1"
"LastStartedAU" = "1420475460"

The PUP deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"uid"
"old-uid"

The process %original file name%.exe:2788 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 40 00 00 00 09 00 00 00 00 00 00 00"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The PUP deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process setup.exe:3884 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"ap" = "-stage:preconditions-multi-chrome-full"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"VersionMajor" = "2171"
"DisplayVersion" = "39.0.2171.95"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"InstallerExtraCode1" = "1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"NoModify" = "1"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{FDA71E6F-AC4C-4a00-8B70-9958A68906BF}]
"pv" = "39.0.2171.95"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"pv" = "39.0.2171.95"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"pv" = "39.0.2171.95"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"UninstallString" = "%Program Files% (x86)\Google\Chrome\Application\39.0.2171.95\Installer\setup.exe"
"InstallerResult" = "0"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\quick-enable-application-host]
"WebAccessible" = "1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"DisplayName" = "Google Chrome"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"UninstallArguments" = " --uninstall --multi-install --system-level"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"UninstallArguments" = " --uninstall --multi-install --chrome --system-level"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"UninstallString" = "%Program Files% (x86)\Google\Chrome\Application\39.0.2171.95\Installer\setup.exe"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\quick-enable-application-host]
"SendsPings" = "1"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{FDA71E6F-AC4C-4a00-8B70-9958A68906BF}]
"Name" = "Google Chrome App Launcher"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\query-eula-acceptance]
"RunAsUser" = "1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"UninstallString" = "%Program Files% (x86)\Google\Chrome\Application\39.0.2171.95\Installer\setup.exe --uninstall --multi-install --chrome --system-level"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"InstallerError" = "2"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"Version" = "24,0,0,0"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\query-eula-acceptance]
"WebAccessible" = "1"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"InstallerError" = "2"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"Version" = "39.0.2171.95"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"Name" = "Google Chrome"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"ap" = "-multi-chrome-full"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath" = "%Program Files% (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level --multi-install --chrome"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"InstallLocation" = "%Program Files% (x86)\Google\Chrome\Application"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"Localized Name" = "Google Chrome"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Commands\on-os-upgrade]
"CommandLine" = "%Program Files% (x86)\Google\Chrome\Application\39.0.2171.95\Installer\setup.exe --on-os-upgrade --multi-install --chrome --system-level --verbose-logging"

[HKCR\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32]
"(Default)" = "%Program Files% (x86)\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\quick-enable-application-host]
"RunAsUser" = "1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"VersionMinor" = "95"
"NoRepair" = "1"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\quick-enable-application-host]
"CommandLine" = "%Program Files% (x86)\Google\Chrome\Application\39.0.2171.95\Installer\setup.exe --multi-install --app-launcher --ensure-google-update-present"

[HKCR\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32]
"ServerExecutable" = "%Program Files% (x86)\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"DisplayIcon" = "%Program Files% (x86)\Google\Chrome\Application\chrome.exe,0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"(Default)" = "Google Chrome"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Commands\on-os-upgrade]
"AutoRunOnOSUpgrade" = "1"

[HKCR\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}]
"(Default)" = "CommandExecuteImpl Class"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"Name" = "Google Chrome binaries"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\query-eula-acceptance]
"CommandLine" = "%Program Files% (x86)\Google\Chrome\Application\39.0.2171.95\Installer\setup.exe --query-eula-acceptance --system-level"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"Publisher" = "Google Inc."

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"IsInstalled" = "1"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"InstallerResult" = "0"

The PUP deletes the following registry key(s):

[HKCR\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}]
[HKCR\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32]
[HKCR\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\Programmable]
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Commands\install-extension]

The PUP deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"InstallerExtraCode1"

The process taskeng.exe:3828 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{6421AACD-F27A-48DF-A1A2-927075070884}]
"data" = "4D 45 4F 57 01 00 00 00 E4 B7 BD 92 8B F2 A0 46"

The process 39.0.2171.95_chrome_installer.exe:1224 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"ap" = "-multi-chrome-full"

Dropped PE files

MD5 File path
ba34c1ce9974fa02c0b19682ab683002 c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
ba34c1ce9974fa02c0b19682ab683002 c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\setup.exe
00ccf557175b834662b75c2fe6d8c7fa c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
e00de70e27713260b12b67e9bffb78eb c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome.dll
ac9f025d821a40f31dbffde53cc06fed c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome_child.dll
649aa174d5798b17439eb877b12e6fa3 c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome_elf.dll
c81e0c917d5db4fecd2ec3c7e2712bbf c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\d3dcompiler_46.dll
2a0cabdd9b4584538a1dd022a4d8fd3f c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe
685642623e6aaeca417301ea4ac8124b c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
8216e260b703e4c7529e09223c505876 c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
4d6c24c57c424023c3e14106689d2ff4 c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libexif.dll
0c1e0e2c32fa30370a6f8c9fca122548 c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
0f02448d17b890e79ddfe3ea51a05ecc c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libpeerconnection.dll
0f5e27ceab632512fb72261e1cbef38b c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\metro_driver.dll
adf6e384f3c299240586603de60e4ba9 c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
9f5f88548aff90d80a656652172f7449 c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
e369fc4fd959e3294517c0fb466a55fe c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\widevinecdmadapter.dll
77f595dee5ffacea72b135b1fce1312e c:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\xinput1_3.dll
205e775b4b2c165922203a390b115523 c:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\39.0.2171.95\39.0.2171.95_chrome_installer.exe
205e775b4b2c165922203a390b115523 c:\Program Files (x86)\Google\Update\Install\{54856654-45A7-4A13-A3EE-10C12C925DCD}\39.0.2171.95_chrome_installer.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: Fusion Install
Product Name: Fusion Install
Product Version: 2.4.8.1
Legal Copyright: Copyright (C) 2013 Fusion Install
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 2.4.8.1
File Description: Fusion Install
Comments:
Language: Spanish (Spain, International Sort)

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 282953 283136 4.48374 a01d824b48b2f959a181180066db3067
.rdata 290816 41866 41984 3.04723 a167d56e562744914df6e8ea392d570f
.data 335872 14836 7168 2.72808 7224405d9597de13f96d77312160f2d4
.rsrc 352256 20096 20480 4.09281 75b2e17a35d9f9b2c9406444d494e731

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 26
c8460b1e67d878c59d840e75121f2b8f
b3e08cb7dd1dbc0a97762de747cb013f
e250df31db701ee335a8508ba40a4bd9
e081692082babbae2fd68a807679c4fe
cb4c3ef9b649f69117c33ad6ea423e67
4f332cba049c8ef630bd8a1e98f9bba2
46d51304c1468c8bfce2dd347099cfe3
8ae85b8710a2d7b0f6feda42a5a32f37
dcee0d92e7062252ec50840329919150
2f455ab424d5b6154ffbe7691aec833a
8ea22d0e79bbe4e3740ed93d40119eab
daa56ddb5dcf22ee5d3af562d30b8c16
c61cbd19ca6ef70c167e10d0bbd1c331
1cc3b6796c0622a4a4a77a1f9e760b5c
79117447557f9855f1a9ef65acd3cd08
42aa5e742fb3df71868b23ca09505d2d
5b8de6ae587636ce1449c01614e0aff7
6674f6c75e059eb6e6e49dc61617fe75
946b750095d92046e54de5f2428c3ce2
31833cb579206d360e6b64e565fa8298
d51f2a56c824d2400d825dd2fc1e3227
3cb1309f46e94872774e45e9d719a06c
d7c0fd35a3b73c88bc8c8548672e06e1
f324b83e8c51bbc955282661913118ee
07c74ec1113a14ac4f99cc8aad10bbdb

URLs

URL IP
hxxp://imp.fusioninstall.com/impression.do/?event=loader_start&implementation_id=leg.0.0.3&user_id=72cf2c02-f663-421e-9fbd-d2b4328a5bf2&subid=adc_Browser 54.204.36.250
hxxp://secure.pn-installer39.com/o/dynamic_ptn2/Setup.exe?mode=dlshift&subid=adc_Browser&callback&user_id=72cf2c02-f663-421e-9fbd-d2b4328a5bf2&browser=--&useragent=Wget/1.13.4 (freebsd9.0)&=72cf2c02-f663-421e-9fbd-d2b4328a5bf2 54.243.186.169
hxxp://imp.fusioninstall.com/impression.do/?event=leg_ldrf_5&implementation_id=leg.0.0.3&user_id=72cf2c02-f663-421e-9fbd-d2b4328a5bf2&subid=adc_Browser 54.204.36.250
hxxp://imp.fusioninstall.com/impression.do/?event=leg_ldrf_exes&implementation_id=leg.0.0.3&user_id=72cf2c02-f663-421e-9fbd-d2b4328a5bf2&subid=adc_Browser 54.204.36.250
hxxp://redirector.c.pack.google.com/edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe
hxxp://r9.sn-3c27ln7d.c.pack.google.com/edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?49f423490ae70653
hxxp://a1363.g.akamai.net/pki/crl/products/WinPCA.crl
hxxp://a1363.g.akamai.net/pki/crl/products/MicrosoftTimeStampPCA.crl
hxxp://a1363.g.akamai.net/pki/crl/products/microsoftrootcert.crl
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/authrootstl.cab?52db14bce467d5d5
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI=
hxxp://e6845.ce.akamaiedge.net/pca3.crl
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY=
hxxp://a1363.g.akamai.net/pki/crl/products/MicCodSigPCA_08-31-2010.crl
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8=
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY= 23.43.139.27
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= 23.43.139.27
hxxp://r9---sn-3c27ln7d.c.pack.google.com/edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1 74.125.13.248
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= 23.43.139.27
hxxp://crl.verisign.com/pca3.crl 23.43.133.163
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk= 23.43.139.27
hxxp://crl.microsoft.com/pki/crl/products/WinPCA.crl 87.245.202.16
hxxp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl 87.245.202.16
hxxp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl 87.245.202.16
hxxp://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl 87.245.202.16
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= 23.43.139.27
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?52db14bce467d5d5 87.245.202.35
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?49f423490ae70653 87.245.202.35
hxxp://cache.pack.google.com/edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe 173.194.44.5
tools.google.com 173.194.44.46


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

SURICATA UDPv4 invalid checksum
SURICATA IPv4 invalid checksum

Traffic

GET /pca3.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.verisign.com


HTTP/1.1 200 OK
Server: Apache
ETag: "66304c4a5660ab8615727e6bb27b3cdb:1418950819"
Last-Modified: Fri, 19 Dec 2014 01:00:19 GMT
Date: Mon, 05 Jan 2015 16:36:00 GMT
Content-Length: 933
Connection: keep-alive
Content-Type: application/pkix-crl
0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U
....Class 3 Public Primary Certification Authority..141210000000Z..150
331235959Z0..x0!...v....a_>..2......020924164823Z0!.....A.....{2..Y
.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y..q.....
..fh...020923171400Z0!...?A....a.nF`.P....020923171548Z0!............R
.e.53..010207212458Z0!..!......Y...ISi....010706171411Z0!..$-..I{r....
u<._...080403172226Z0!..&.."?..y..51}..1..010706172118Z0!..4....2..
..{W......080605175030Z0!..B....c............070411175910Z0!..H.Py...N
....* [email protected]!..Y......w
`G........070411175657Z0!..Z`[email protected].*q..080403172017Z0!..l....I..
.Y..] .c..010706171749Z0"......T=deQ...1u.]...010207212247Z0".....p..1
..7<.....e..010207211822Z0...*.H............5..v...V.._)....A... ..
..>.5]....6.(.0uFW.*:T...6$.....R...Y.N.k........%Jn..I.j*.6.3~...r
../[email protected]?....0.A.HTTP/1.1 200 OK..Server: Apache.
.ETag: "66304c4a5660ab8615727e6bb27b3cdb:1418950819"..Last-Modified: F
ri, 19 Dec 2014 01:00:19 GMT..Date: Mon, 05 Jan 2015 16:36:00 GMT..Con
tent-Length: 933..Connection: keep-alive..Content-Type: application/pk
ix-crl..0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc
.1705..U....Class 3 Public Primary Certification Authority..1412100000
00Z..150331235959Z0..x0!...v....a_>..2......020924164823Z0!.....A..
...{2..Y.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y
..q.......fh...020923171400Z0!...?A....a.nF`.P....020923171548Z0!.
<<< skipped >>>


GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=535100, public, no-transform, must-revalidate
Last-Modified: Sun, 4 Jan 2015 21:14:33 GMT
Expires: Sun, 11 Jan 2015 21:14:33 GMT
Date: Mon, 05 Jan 2015 16:36:13 GMT
Connection: keep-alive
0..........0..... .....0......0...0........6?s....V....OlL".O..2015010
4211433Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5......
.l$.%t...............20150104211433Z....20150111211433Z0...*.H........
.....P.<...'A.!..?... .T T..0... .K... #.Z..X.@[email protected]...)`...z.fq
........L:T.........7.I....3.}.5&.b.c..DP....O...~....K....N....ny....
.`..Z....{...........f..n....j.h..A*...7T._.. .....q....6.5$|..=.....t
.)....,..B...8...*.O....SM6....VqP.....e...i7Y....Q-.....#0...0...0...
.......<o&S.-S..}...e.30...*.H........0..1.0...U....US1.0...U....Ve
riSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use a
t hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code S
igning 2009-2 CA0...141205000000Z..150305235959Z0..1.0...U....US1.0...
U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms o
f use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Clas
s 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.......
..{(..t....2.Vf.....&;6).i*[email protected]._p.E.6.|.mk....(....
......p...........X.DF....^0N....b9.:..J. ZK.".^..\..p.'.$..JA..~QG.d.
}...r...gv... f...z.#..}..J...r9h.........LI-..^.......PUD.h<.l....
(n..i.....E.....2....^./Y......Y.m...'...hz..y..E..........0...0...U..
..0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisig
n.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp.
 by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U.....
...0... .....0......0"..U....0...0.1.0...U....TGV-B-24710...*.H...
<<< skipped >>>


GET /impression.do/?event=leg_ldrf_exes&implementation_id=leg.0.0.3&user_id=72cf2c02-f663-421e-9fbd-d2b4328a5bf2&subid=adc_Browser HTTP/1.1
User-Agent: download manager
Host: imp.fusioninstall.com
Cache-Control: no-cache


HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: image/png
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Mon, 05 Jan 2015 16:30:27 GMT
Connection: close
Content-Length: 109
.PNG........IHDR..............wS.....tEXtSoftware.Adobe ImageReadyq.e&
lt;....IDATx.b...?@....... .t.....IEND.B`...



GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com


HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Thu, 13 Nov 2014 06:02:42 GMT
Accept-Ranges: bytes
ETag: "88cab6f7ffcf1:0"
Server: Microsoft-IIS/8.5
VTag: 791936916300000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 554
Cache-Control: max-age=900
Date: Mon, 05 Jan 2015 16:36:22 GMT
Connection: keep-alive
0..&0......0...*.H........0y1.0...U....US1.0...U....Washington1.0...U.
...Redmond1.0...U....Microsoft Corporation1#0!..U....Microsoft Code Si
gning PCA..141112173206Z..150211055206Z.a0_0...U.#..0..........X..7.3.
..L...0... .....7.........0...U......W0... .....7......150210174206Z0.
..*.H................].`...D..9.>LO.ey...Qx%.^.P.& ...D.......b}.K.
.[.....5.m....).....H..6R....G/ju.........:..A.#.9!......D5...|".w.x..
=.u..X6.7{..).XN....g......B.8.!&...........<7fS$..........t<X)%
.b([email protected]... ,...K\....U1cp).........y.T..?rm.t..Y.}.E..
-@...



GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1453
content-transfer-encoding: binary
Cache-Control: max-age=493216, public, no-transform, must-revalidate
Last-Modified: Sun, 4 Jan 2015 09:34:14 GMT
Expires: Sun, 11 Jan 2015 09:34:14 GMT
Date: Mon, 05 Jan 2015 16:35:49 GMT
Connection: keep-alive
0..........0..... .....0......0...0......T3t.%..O.E..~..F.=....2015010
4093414Z0s0q0I0... ........H.dI.....3..^B...d6Q....ZL%."..1.m..._)..a.
.eR&.....Y.)..".\....20150104093414Z....20150111093414Z0...*.H........
.........P.OK.w3.B.R..9_*..-....][\....5'.A.jL..=.OZ...|.......?..R..#
YB.6q|...'.P..G ..h...I.H9.`G.M.}..M...3.......p.."Ug....U...7.3.?....
...$.._Q.\_./.....|.L..[......gzO'.C..6.....B.sK.D..H[......iPI.... ..
.Xp.T.]..LR....R:.m.J..T...lDP..p....J..d./D.F....2....0...0...0..3...
..../...b.v..-....l}0...*.H........0_1.0...U....US1.0...U....VeriSign,
 Inc.1705..U....Class 3 Public Primary Certification Authority0...1412
02000000Z..151216235959Z0..1.0...U....US1.0...U....Symantec Corporatio
n1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G1
 OCSP Responder Certificate 30.."0...*.H.............0..........'.....
.Y..x.3B1.7..Q..`..d.. ....s..t.$a.....j2R.{ ,*..c{.3.....H..3-; )....
.0._...*..9M..V...... ...{m...-.......)..tR..{D....~...M...T..pS.p..^|
o....S..v.).)[email protected]#qh...u1T.].G0.]E...=._.....
. ........TE...Sa.s4........r...3.............0..0...U....0.0l..U. .e0
c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......
0...hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U........0... .
....0......0!..U....0...0.1.0...U....TGV-B-2730...*.H.............$..H
......oU....Y!.z{*.V.M..u.._z..3>.. 0....3..m.....e.......a..D.....
......e..F6:.y.....di.......<y.Z.......x}..q.2....UZ1 :,....
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=541881, public, no-transform, must-revalidate
Last-Modified: Sun, 4 Jan 2015 23:04:05 GMT
Expires: Sun, 11 Jan 2015 23:04:05 GMT
Date: Mon, 05 Jan 2015 16:35:55 GMT
Connection: keep-alive
0..........0..... .....0......0...0........6?s....V....OlL".O..2015010
4230405Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5......
..M.s.Q~...@?j.......20150104230405Z....20150111230405Z0...*.H........
........G..z./....,FS?..1..H.b*.!\..U.X)._...\d.V.....a.....). ......;
..9.pD.o4.....!...........5.O*....Gt...DM'...a.S../......<{;.Q#....
*..~g...p.._WB.:1.....~T....=.1...w'.p#*q..]$.NO..!..e5.`[email protected]. ..v
....~......F.....l.........3U..T...^p3.....q..i,RMX%&....#0...0...0...
.......<o&S.-S..}...e.30...*.H........0..1.0...U....US1.0...U....Ve
riSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use a
t hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code S
igning 2009-2 CA0...141205000000Z..150305235959Z0..1.0...U....US1.0...
U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms o
f use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Clas
s 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.......
..{(..t....2.Vf.....&;6).i*[email protected]._p.E.6.|.mk....(....
......p...........X.DF....^0N....b9.:..J. ZK.".^..\..p.'.$..JA..~QG.d.
}...r...gv... f...z.#..}..J...r9h.........LI-..^.......PUD.h<.l....
(n..i.....E.....2....^./Y......Y.m...'...hz..y..E..........0...0...U..
..0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisig
n.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp.
 by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U.....
...0... .....0......0"..U....0...0.1.0...U....TGV-B-24710...*.H...
<<< skipped >>>


HEAD /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: cache.pack.google.com


HTTP/1.1 302 Found
Date: Mon, 05 Jan 2015 16:32:01 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: hXXp://r9---sn-3c27ln7d.c.pack.google.com/edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1
Content-Type: text/html; charset=UTF-8
Server: ClientMapServer
Content-Length: 609
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 80:quic,p=0.02
HTTP/1.1 302 Found..Date: Mon, 05 Jan 2015 16:32:01 GMT..Pragma: no-ca
che..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, 
must-revalidate..Location: hXXp://r9---sn-3c27ln7d.c.pack.google.com/e
dgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cm
s_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=
nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,
mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B
766083AE100122BCD858CE13C586D8902A04&key=cms1..Content-Type: text/html
; charset=UTF-8..Server: ClientMapServer..Content-Length: 609..X-XSS-P
rotection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Alternate-Proto
col: 80:quic,p=0.02..



GET /pki/crl/products/WinPCA.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Mon, 06 Oct 2014 05:06:02 GMT
If-None-Match: "3e1c83923e1cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com


HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Sun, 21 Dec 2014 06:03:02 GMT
Accept-Ranges: bytes
ETag: "d2e35dc7e31cd01:0"
Server: Microsoft-IIS/8.5
VTag: 791633315200000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 561
Cache-Control: max-age=900
Date: Mon, 05 Jan 2015 16:34:47 GMT
Connection: keep-alive
0..-0......0...*.H........0..1.0...U....US1.0...U....Washington1.0...U
....Redmond1.0...U....Microsoft Corporation1 0)..U..."Microsoft Window
s Verification PCA..141220223154Z..150321105154Z._0]0...U.#..0.......p
............<.J0... .....7.......0...U......30... .....7......15032
0224154Z0...*.H.............h.~oH#i.J.vh_.....A'B..g...........F....9c
.{[email protected].^ 4.r..Wv.Q.0.w..j....c9..w....I..%.~.l..F.......xo....
_...o...7BR.;<..\R/ .....b.(....~..]|.v.u.i.X.B....I......./*...P..
A..fi.}& .x.v{TFP[.G......A......L.o...)R.......V.u..V.../.Q..(L.]....
.uki~..HTTP/1.1 200 OK..Content-Type: application/pkix-crl..Last-Modif
ied: Sun, 21 Dec 2014 06:03:02 GMT..Accept-Ranges: bytes..ETag: "d2e35
dc7e31cd01:0"..Server: Microsoft-IIS/8.5..VTag: 791633315200000000..P3
P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OU
R SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"..X-Powered-By: ASP.NET..Co
ntent-Length: 561..Cache-Control: max-age=900..Date: Mon, 05 Jan 2015 
16:34:47 GMT..Connection: keep-alive..0..-0......0...*.H........0..1.0
...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft 
Corporation1 0)..U..."Microsoft Windows Verification PCA..141220223154
Z..150321105154Z._0]0...U.#..0.......p............<.J0... .....7...
....0...U......30... .....7......150320224154Z0...*.H.............h.~o
H#i.J.vh_.....A'B..g...........F....9c.{[email protected].^ 4.r..Wv.Q.0.w..
j....c9..w....I..%.~.l..F.......xo...._...o...7BR.;<..\R/ .....b.(.
...~..]|.v.u.i.X.B....I......./*...P..A..fi.}& .x.v{TFP[.G......A.
<<< skipped >>>

GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1


Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 04 Oct 2014 05:06:12 GMT
If-None-Match: "58cddbea90dfcf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com


HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Fri, 19 Dec 2014 06:02:00 GMT
Accept-Ranges: bytes
ETag: "9a9a44d511bd01:0"
Server: Microsoft-IIS/8.0
VTag: 279252244600000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 550
Cache-Control: max-age=900
Date: Mon, 05 Jan 2015 16:34:52 GMT
Connection: keep-alive
0.."0......0...*.H........0w1.0...U....US1.0...U....Washington1.0...U.
...Redmond1.0...U....Microsoft Corporation1!0...U....Microsoft Time-St
amp PCA..141218221600Z..150319103600Z._0]0...U.#..0...#[email protected].. .
.5..0... .....7.......0...U......10... .....7......150318222600Z0...*.
H............./..0Q~.r.}.E....&\....F.Z.C..#..F.s........<&\..9G..-
....j..N... .C.Fk....;l.....2.K5D.........-.>...(...g.0.S.[?...T4q&
gt;[email protected].('..e...Y..Bo..q..........I....'....i>
..y:.eH@h`..\...UA.m#.~.. ;.3..d..;..<..........p..s..J..N `Az.....
[email protected]..



GET /impression.do/?event=loader_start&implementation_id=leg.0.0.3&user_id=72cf2c02-f663-421e-9fbd-d2b4328a5bf2&subid=adc_Browser HTTP/1.1
User-Agent: download manager
Host: imp.fusioninstall.com
Cache-Control: no-cache


HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: image/png
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Mon, 05 Jan 2015 16:30:25 GMT
Connection: close
Content-Length: 109
.PNG........IHDR..............wS.....tEXtSoftware.Adobe ImageReadyq.e&
lt;....IDATx.b...?@....... .t.....IEND.B`...



GET /impression.do/?event=leg_ldrf_5&implementation_id=leg.0.0.3&user_id=72cf2c02-f663-421e-9fbd-d2b4328a5bf2&subid=adc_Browser HTTP/1.1
User-Agent: download manager
Host: imp.fusioninstall.com
Cache-Control: no-cache


HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: image/png
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Mon, 05 Jan 2015 16:30:26 GMT
Connection: close
Content-Length: 109
.PNG........IHDR..............wS.....tEXtSoftware.Adobe ImageReadyq.e&
lt;....IDATx.b...?@....... .t.....IEND.B`...



GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab?52db14bce467d5d5 HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 12 Mar 2014 20:20:10 GMT
If-None-Match: "0b96c77303ecf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com


HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: application/octet-stream
Last-Modified: Fri, 12 Sep 2014 18:47:05 GMT
Accept-Ranges: bytes
ETag: "805a83f2b9cecf1:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
Content-Length: 56928
Date: Mon, 05 Jan 2015 16:35:28 GMT
Connection: keep-alive
MSCF....`.......,...................I.................,E.Y .authroot.s
tl..Y-..8..CK...<T...g.v!M.d..f.%d..}K..5..F. ...T..%.,YJ.,!T......
_..x.<=O.....yy....;3..>.|..~..\.....|......;..8..~.za...."A...q
.......g..m......<X........j"I........!..-w.....w....P...H..(.?}..2
.N. .u..a. ...=.C..D.F>rC.. ..|).=.. ..3b.8H.M...(...u8.%...W.g...\
YB.m:.....dE.........V....$....Dn:....0...S."...o..q.....K...I..K...(x
%....>A.R...`.0 .........<`L0mp...%....y.....g.n...R0Op..<..,
....`0$z.@..&.x"....T..H...<........~..E..".....<<.\B(.......
[email protected]/"...f.......k..Jm7j....R.5q....Rz.
.!@...].......Y.[........4.. .D8..&...t.J^O..Q.._..1.J.m5<'k.,....%
T....i.\.;.;q..S./ 8.?Bu.............}D.Q....L....*..[.."e......15m...
_.0.M........#..v!..<...@..?sc.y....*.....tX[........{.W4.Q...^u@..
*..QP.......~.L9N....2r...4.....B..-\(...b.d...K...O.8..Un.......V.<
;.......A...V.....(..s..f..q.{N0.hS.,..;M.|G|[email protected].._.....7._6...C.0...
A;L....%...M=Y.....f.JV.(.5.....0..?*...KZ....jM...8.6U...#...ew.?..?.
..........WE.Or..O>..{.'[email protected]}.o:?~....]&l
t;!...%....}@.d...L.p.a.g ..K."..N1!%..S.bT.H.-.....e..`.0$...0t..DX..
{.....#./...8.5..M...T.......D......V\C.zy.....3E:..>.{..).QW......
q....9..n..1....8%,.........r.p@.>. ...Q.?.p..7.?..7...&..!........
.`. .=....Sf..q.l.A.....L...t.}g..;...f....=.e.~.z....C..*R....H-..=..
.f..(t'.."....F...g._....n.J..U.4vr`}.....1..o@.....@.#...R. L8....z..
].|......3..y..-./....K..6{...s.<R`.}[email protected]....
<<< skipped >>>


GET /o/dynamic_ptn2/Setup.exe?mode=dlshift&subid=adc_Browser&callback&user_id=72cf2c02-f663-421e-9fbd-d2b4328a5bf2&browser=--&useragent=Wget/1.13.4 (freebsd9.0)&=72cf2c02-f663-421e-9fbd-d2b4328a5bf2 HTTP/1.1
Accept-Encoding: gzip
User-Agent: leg_ldrf_exes
Host: secure.pn-installer39.com
Cache-Control: no-cache


HTTP/1.1 410 Gone
Cache-Control: private
Server: Microsoft-IIS/7.5
Date: Mon, 05 Jan 2015 16:30:26 GMT
Connection: close
Content-Length: 0



GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1697
content-transfer-encoding: binary
Cache-Control: max-age=556980, public, no-transform, must-revalidate
Last-Modified: Mon, 5 Jan 2015 03:19:06 GMT
Expires: Mon, 12 Jan 2015 03:19:06 GMT
Date: Mon, 05 Jan 2015 16:36:06 GMT
Connection: keep-alive
0..........0..... .....0......0...0...A0?1=0;..U...4VeriSign Class 3 C
ode Signing 2004 CA OCSP Responder..20150105031906Z0s0q0I0... ........
[email protected].!......Q...==d6|h.[x....7..`..........cV.!.....201501
05031906Z....20150112031906Z0...*.H..............S.X.....3d*L....._.u.
.M...U...#..kf.?yG$Z...g#..=.R.~..#...S=<.;..K..,.......G..%eUb..'.
..K.vBd..u8`..H..4..\..2.........1.....J........N.......'|....}.xq...9
Y..l.f.[..q)DfS%;.}I......tm>O;.......b.0..(DZ.....x{]..\[...%.D...
. ..NM........5..V.;t.l..2........0...0...0..{.........[..I|.....Zm..0
...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....Veri
Sign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/
rpa (c)041.0,..U...%VeriSign Class 3 Code Signing 2004 CA0...140428000
000Z..150729235959Z0?1=0;..U...4VeriSign Class 3 Code Signing 2004 CA 
OCSP Responder0.."0...*.H.............0.........Y....h..@..>.....%.
-.....O...' y.........x..Gw.xF.....?..Z..u,.X.&..........3C..H.l.....f
..;]s!.\"v...|....][email protected]. ..W....n..*
..-f?EY.......UN...r...........-_.%..,P;b.....)(.P.4...,.%....<..6.
....[r^X.EV..S...5#'Y.. .TD...........0...0...U.......0.0...U.%..0... 
.......0...U...........0... .....0......0f..U. ._0]0[..`.H...E....0L0#
.. .........hXXps://d.symcb.com/cps0%.. .......0...hXXps://d.symcb.com
/rpa0!..U....0...0.1.0...U....TGV-B-1080...U......"...?....`>q..i1o
...0...U.#..0.....Q...==d6|h.[x....70...*.H.............B8@.$..wo.....
.E.....P52"b*@'C\.y.(...n....h.f..7f.....v...pb<...]..|........
<<< skipped >>>


GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?49f423490ae70653 HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 03 Jul 2014 23:34:12 GMT
If-None-Match: "0b2464b1797cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com


HTTP/1.1 304 Not Modified
Content-Type: application/octet-stream
Last-Modified: Thu, 03 Jul 2014 23:34:12 GMT
ETag: "0b2464b1797cf1:0"
Cache-Control: max-age=86400
Date: Mon, 05 Jan 2015 16:34:41 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/octet-stream..Las
t-Modified: Thu, 03 Jul 2014 23:34:12 GMT..ETag: "0b2464b1797cf1:0"..C
ache-Control: max-age=86400..Date: Mon, 05 Jan 2015 16:34:41 GMT..Conn
ection: keep-alive..



GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1
Cache-Control: max-age = 812
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 23 Oct 2014 05:05:32 GMT
If-None-Match: "a2f3ff97eeecf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com


HTTP/1.1 304 Not Modified
Content-Type: application/pkix-crl
Last-Modified: Thu, 23 Oct 2014 05:05:32 GMT
ETag: "a2f3ff97eeecf1:0"
Cache-Control: max-age=900
Date: Mon, 05 Jan 2015 16:35:23 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/pkix-crl..Last-Mo
dified: Thu, 23 Oct 2014 05:05:32 GMT..ETag: "a2f3ff97eeecf1:0"..Cache
-Control: max-age=900..Date: Mon, 05 Jan 2015 16:35:23 GMT..Connection
: keep-alive..



GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cac



HEAD /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r9---sn-3c27ln7d.c.pack.google.com


HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 40747600
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Tue, 23 Dec 2014 17:41:59 GMT
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
HTTP/1.1 200 OK..Accept-Ranges: bytes..Content-Length: 40747600..Conte
nt-Type: application/x-msdos-program..Etag: "4c442"..Server: downloads
..Vary: *..X-Content-Type-Options: nosniff..X-Frame-Options: SAMEORIGI
N..X-Xss-Protection: 1; mode=block..Date: Tue, 23 Dec 2014 17:41:59 GM
T..Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT..Connection: keep-aliv
e..Alternate-Protocol: 80:quic,p=0.01......


GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1 HTTP/1.1


Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=0-7862
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r9---sn-3c27ln7d.c.pack.google.com


HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 7863
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Tue, 23 Dec 2014 17:41:59 GMT
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 0-7862/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$........ K..A%..A%.
.A%..Nx..A%..A$..A%...K..A%...Y..A%..A%..A%...]..A%.Rich.A%.........PE
..L....b.T.................(...Zm......-.......@....@.................
..........m.......n.....................................d1..P....P..pY
m...........m.P<...................................................
........................................text...&&.......(.............
..... ..`.data........@[email protected]..
,..............@..@...................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
................................................2...2...2...2.......2.
..2...2...3...3.."3...3..D3..Z3..f3..r3...3...3...3...3...3...3...3...
4...4..64..B4..X4..n4...4...4...4...4...4...4...4...4...5...5..(5..>
;5..N5..b5..~5...5...5...5...5...5...5.......6.......................b
.T........0...............{.8.A.6.9.D.3.4.5.-.D.5.6.4.-.4.6.3.c.-.A.F.
F.1.-.A.6.9.D.9.E.5.3.0.F.9.6.}.....{.F.D.A.7.1.E.6.F.-.A.C.4.C.-.4.a.
0.0.-.8.B.7.0.-.9.9.5.8.A.6.8.9.0.6.B.F.}.....{.8.B.A.9.8.6.D.A.-.5.1.
0.0.-.4.0.5.E.-.A.A.3.5.-.8.6.F.3.4.A.0.2.A.C.B.F.}.....{.4.D.C.8.
<<< skipped >>>

GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1 HTTP/1.1


Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=7863-20204
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r9---sn-3c27ln7d.c.pack.google.com


HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 12342
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Tue, 23 Dec 2014 17:41:59 GMT
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 7863-20204/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
[email protected].;.s..u.......P./.....YYt....EV......P.u.....@.
;.s...t*P......P.[.....YYt.f. ..u.......P.....YY..2.^..U....h...V.u.3.
......f......f....................u....................h..@.......h...
.P.I..............ShL.........VP......._......VVj.......PV......P....@
......t{f......f......W.......tIf9u..}.u.......W.......Yu/.u......../.
[email protected]....@._[^..U....
[email protected]";[email protected]..........
.YYr.^..U....D...SV.....je^.M..u.......M........u..u..M........^[..3.8
].t.3.F...E.P.E.P.......YYu.......P.u.f......f.............YYt..E.P. .
........P......P......P.u..E.Pf......f......f.].f................u..E.
f....:[email protected][email protected].........
[email protected][email protected].
.A.f=..w... .E..P.f...w... 3.f;......].U..V.u...69E.w.2..?.U.3.;.f...v
0W.E...........f.<}[email protected].<[email protected];.r._..^].U...M...t.
.}..t.3...f.<[email protected].].3.].U..V.u...Wt!.}...t..U......f..AABBf..t
.Ou.f!>2._^].....U...U.V.u.RV......u. .R..FP........^].U...}..SVWtH
.][email protected]) ..<0..{..|!...P.E....pP.......YYt.NKKOy
.....2._^[].U..S.]...VWt8.u...t1...3.f..t#...3.....QP.q.....YYt.G..?..
.0f..u.....2._^[].U...U...SVWt^f.:.tX.E....f....tC ......f...u.t"...f.
.t0P...7P.......YYt.FFf.<7.u.f.>.t.CC...GGf..u.3........E._^[].U
[email protected]"........f..-t.f..t..u.Q.Q.....YYu.2.^].
.M...t.....32.dll.................................................
<<< skipped >>>

GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1 HTTP/1.1


Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=20205-32382
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r9---sn-3c27ln7d.c.pack.google.com


HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 12178
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Tue, 23 Dec 2014 17:41:59 GMT
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 20205-32382/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
.oD:...QZ...V.[...YN.T8H....n.Ad\.'.>.g...~'9..R.!...o.G=..........
M.1..I.!....'.....Y.K..T...E.....8.w...x..E;.pc..nxa.."[......T...$..M
...)...u|....y.......1...%..d5.j.x............A...n......k.W.......2&g
t;..=s...OOxWc[i...q..L.&M.r._..*LC.].........M........n....c.Y*..:54.
.%nu`s5 J.c.:.....W=O...C......$...S`;4J..Eg.n3...y...Z..7H..*...t...&
gt;..I...Wr.W...>......t..U.;..M..:......T.sZ......k)..(...S.,..E..
3..,u<.B:...'....i...a....Mst..e..E{.....*d..#. ~.K.......;...s.p.=
.....i....s.....H..jq.......$.`....Lt......'........;.?) .6.x|a....).%
.1..........!d....^.2/.....w}x..jsqdt...b83...........?[..&...hl(..pB.
0C......A.[m../....'V@...=y...6.-J....T.Ak.*....D..q..M..J.:.;...^.L.V
...l. ......dp2..7c.p..... ..4\a%...V.]...A3.C|.-..e.x..[EP.HU...I.nL.
....V....Zz.......}-.).k".&...n..Q%x.!,...a.D.w2.o...a.P0:......}d..D.
;..]B..(....6..dv.......g...3I.Y...s.....-...........#.R.....2_.kho...
.6...'.......[...........*..ya.....N.K...:....g.*[email protected].......(..4u
.b...=7m..^]5.....A..7k..k...B|p.V5Z..........(...s...7.*......9H.e..q
.."...j.....,&....a,:. 5X.....vL.d. .x_.$;/h]!.......]|..K.*.......G#.
.`.O.]........W.....%.8...;.U.3O.....te6q.:k..7.N.2.....0..R..U.....U.
...^...Y..q.....C.c...6...x.s.{...8.v|...... .G^...b..e.x.U....%..fx..
|.....5).@H...:..:m.UzI5.!..._.......%"a.[.4.[.B..x....uEw`=.4....N.,.
.....C.;.(|...M..O...uD...g..9..?.^...T9..... W*..v.....8..2.jZ.....7"
>.#d..F....g).$..........W..n.H}m.......\...7s.....A!...A........o?
m......./.l.i..&..$..0.>..W.I......!< W:p.".4....8#..E...C..
<<< skipped >>>

GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1 HTTP/1.1


Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=32383-44578
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r9---sn-3c27ln7d.c.pack.google.com


HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 12196
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Tue, 23 Dec 2014 17:41:59 GMT
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 32383-44578/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
i*....L...}\.Lgi..)^....>FN...I..2P!.65.d..s...../0.......3.....H.O
...._.Y...{.*zs.3^..x._a.C.V.0R.p..RP._..|..#..=..r.....9...W..?LY|.8.
.........C...(.....#}....E.$..3.....<...I....].....).......=.E..=H%
...z<;./w.$Pl.`I_1..RV-.&.'.../..v}X..N.cN..j#.N.......6..ibp...I. 
....m.!......._.w@/..5.$..8......k....tY.....P..]?.P.Ph<..Z..@nD...
E..U.Nc.y..}.*...7/.(.7!r.K^..wu._.. .W."...... [email protected]#...zN..n
[email protected]/...D...!Y.....N/.cY.H."..q...M.....Pw...s..........
.9/..-l...........y...#c.tF..u.?..:!...l.?N....>..B.'S.(|}k.4...dK.
`,.An.f.K:.Q..o..........i9}....F..0..\........|.........`.*....9..Jk.
hA..........-B...l.2..t.c..W6.z.V...<..B.=<.....y9..X...Wj;.|.P^
.u\ N%:..H..}.._j..Tg............>..0..Rm>\^4.\R.....h.%.V....d.
 KTA.a..1....Aw..8./.<....5.4...?Y..m&..QLF-...P~.L. g.ffl...0`L.^.
[email protected]{.3.g.7r........Ct..o6....}F.I.h.Q..g.-<[email protected]
........Q....U0....a.x.F\..y....S.O'.....sb....\t....y3..&......?.6..b
...3M...]{SKh{..@y ....L.. ../....... .&.]w..h>...T.q[.....w......m
.....'..;....4.Vi&....>...G..........Fm..S.}o..J..9......p..|M...].
....SE.G@.........#q...6.O/...7......u.QYXaG./'S....I.....R....r)...y.
3....B.6...4XL.}4/.=v.....h...|..A.i.d..M?....}.S..Q..2.k.}..#.rI.....
...e..'..F.._&'.>.....B...P../[email protected].._Q.......P:.F..%h......`1P.
.....aP...E"..."0...._\XiE. ............S~.D......%..].......XD....y..
...R..I=)";$B...1.;s.......r..RU.T3l...)Z.0te..]....?...G.....B..==..P
k...s=..$.../..Z*W..ku'_..pP..........54.7..P....f.SO...b.2l......
<<< skipped >>>

GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1 HTTP/1.1


Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=44579-63168
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r9---sn-3c27ln7d.c.pack.google.com


HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 18590
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Tue, 23 Dec 2014 17:41:59 GMT
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 44579-63168/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
...F...<q..(..r...v..k..(x....)._.0..i1..".S...=........[....j.X.`.
..=.o.k.#s........t..6J8.s}......].X,OCx...ybY/-....z.[.Ve)..-.Y..=N..
...A).&.PU....v.Y..^...B04.>.c.%...*~.`h8;lT0X..F.8..]..."...BH...f
...3.dt....'`....]9f{.....F2T5.J...Mof][email protected].".(...._.9@t.......\q
.....w..2A..82........N.$Z.S...&T....m.|..P.!.s..-2K.y..tF...[m...s...
.......I..1.....1y...n..n....sJ.f;.G...p.m.K.(E@..............%,......
........S.B0..i.....CI%I.....k...}].d....b....Tl...llm.]r>.m.{/....
.Q......j..........M.TY.8n.... x.........]1<`YznP....R,.G..m...'W..
../...O....k.s.m.....x.:..^a.#....n..Z.h}R.....]...K...oX....p...d.d.^
...k'[email protected].!\..X(i....t...*dGi....*...H..........
.......l......b.....pM.z..9..<$........c..I.bzU..S1...r2...Y..0<
Y.;c.R.....(....3.R.D ~^.E.>......[.R.Y.F9..4.."H.C..c..G.m.Gq.....
.....M..X.D.-H..8...0.^.\B.......6.....F.........a..]i....#.NIc...Y"Y.
.......!zj........K.zP.d.........A|i.^..0.#.O...........oX...,,j^.....
]...q.%eY....f.'..l.#..X..A.:Xg..C....#.q"o]7......F}..u/........^..PJ
... .c..B..\T....DyI..d...O..l..W4.t.e.V.T......}.G...~.Q...d0}.].....
..8..........;S..V.^...YLm .-{x<.....5.Leu.E;..l$.c.rd....3\5...u.p
P...O,Ll.....93........0]6k....a....07<\.......,M....."..V.. .n....
.K~..MdR.N.......UoR...`......j.. ...............s...16r...._%?..1`[7&
..@(..[.M\E..&l..'q........~W..sG'^.6.6e7k.h.FQ.~..@./..x()..{...5.dS.
..a.vu.Eb...9.]D....tQ..l.L..}....N.~.8xQy.E..}.NY.k.....,8.....Fw..k.
...Z..M...X..F..........B....o"Ry,.....2..9.'......f.\Y. .........
<<< skipped >>>

GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1 HTTP/1.1


Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=63169-79510
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r9---sn-3c27ln7d.c.pack.google.com


HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 16342
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Tue, 23 Dec 2014 17:41:59 GMT
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 63169-79510/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
.f$.......l... ....aH......}/.!.c.........._e.{D.'.NZ-.Q...7zE/.].#..w
...CA....z.f.......Bh..xhq....P...|S5-.3.hZ......q..sn.......4c.=.ms..
......._.....Or@|P.#5S=....t.O..e..t.{........0.a|`.....p..Cl.k..AU...
..i16..;] c{Q..d....|..Lr..W.\...0.~;...>..\....nu....)-.'.-.e..~..
. .......y..r..t.....(..B._..%&"..y!......wK>o9....76...G........&.
0n.n@I..$_.....^..L........{..N@....>f.O......v.m^.A.7E...sH.xF....
...> ......l.w.6.M.#.G...v........q.......jY.. kT.N%..h....`:..Jub.
..g..n.7.B.h..$...,-.' .s.nG..\.U..@y<.l....0..a ...1>.;_.....S.
. ...-f9..........:....$.t.....>?..V...{.....Y..D....~.Md.n...[..e.
.[k.f.W.....[..e.J../2...H..w(..F.:.8-#....RJqIy...~..?c...QyW..z..Tf.
(N.K...".#....;M.mMK....#t...r.........o$...\N..JHk.......7T..|kI.....
't...2.z.Z.B....$}..........e}::...I.`w...........M>..my....I.^.C..
.L./....6...1.K.$`..VW.............!..z&...07......h.Ae84|.`....F..r..
E..k$....w.......&.N.8.7.........jdg..Q.;...|I .KV.....n...0=......Y..
...Argo...&.".ac....Eq{..e5~o3-.%[email protected]$2......T....>.%{..;.4.
[email protected].../.#...yBI....Q..^....0o
....K.x........*....S...%..\'....G..0f....0).]5....LK....*i......ZM,m4
<.......f...z..<...y%%....szc;{.|.q........3.4..<.1k..8.R....
a..o?..o..~....9......XB..T'}$......=...|...*......e..7i[...TR.2>"~
.........0...G.[.........n.a..RC.1...y.....O......!..7...R...-./..f.C.
Dk......P..g...p.!....u7....^5.....F..y....V..Q$.....L......[.:.n.._..
.g.........k2.........eE.9[...Zi...kY..o. .^.X..A......s...B..}.r#
<<< skipped >>>

GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1 HTTP/1.1


Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=79511-118083
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r9---sn-3c27ln7d.c.pack.google.com


HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 38573
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Tue, 23 Dec 2014 17:41:59 GMT
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 79511-118083/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
.....e.kl3K.U.V q.......z...g..F.J..G..;eZZ...O..[.Z....]s.....V.....z
.../z.&.n...m..(.....r|i.%.....<.ztFcv......C.z.m....Eo.".,^.LN%%GX
h.`!..a.z... .*..~Z...$.v.2..os9.._..n...*l.....{&...}....[..,...-....
 ..f.v..k@E....$#....V[....^.0}.[3I.......4.......q.].K.Qc.QP.%..*....
y.%....nW.D.w.J....Z.fy!.M..D.EU..w......N..%./"."..I.(.1~............
.....2..D..R=.d.,$....n.....\.V.,#.l.4-...W.^"..'.tK&..kg..-f.0L....K.
....qx.`.@=.o....ij^...... . .G....3.s[[email protected].<.f.z.k.h..S5...BK_8
...P.../K..).I..B.......{..S.6S....&....!5.J...^L../Nr...n..o?.2v.L...
F[q$v..4....W....?WO.P.\.w..<W1........B`.DTr.7.zm.@I.[... ........
.W..].][email protected]...%.....Z.g.......`.....M...h........!m]
..=".G&..Z...U..s.. .....l.%.[.S...B..oY....h.}Z.s~.tY.N=...e..9$...".
h...&...i.P=la.,.'fh..;....<.A..~i.... ....p.q8..S{.Y^&........CD..
3..j..t.(......U#...4?.F.D.dS...\.6/f....!W..m=-V.Q>.#.uK...e..`f.H
g...>X...Ue.."$...eE..^.J...f..k.1S........`..%H.H"IDA&&...ok..k.p.
\..U......{.M.A..iT...0..b. ..i.d..~H^....=aU@S.#.YoQok.8\. {..G..i4..
...)..9Ws..T.. .U1.......U.I.*>......q......2.......A....}:..u...W.
..>...5.m..{.......%.o..n.....*#[.).w#...M.0Y.B4..G.v|.j. %EN......
.t..;9....-..._.B%g.C..tq.."....kT.~..Q..'..Q.<.b...";..k.pZDO..\..
....Q. ..F....T.iL0JOB..1..O[V.. ..wL.&}.y.%9...z......%....w.U.!.4|.[
.....X..{.U^]..N...l..E..........A.d....\Ru.._...b.#..`yy_...}.J...S.3
..:......P79.i....5..............P.R..WO.@\...../2..B$.#.O.1674...."..
[.5e.A..Y.....^.,.H1. ....RE......Jj.2ku..C..Y..(.......*O.....4..
<<< skipped >>>

GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1 HTTP/1.1


Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=118084-191261
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r9---sn-3c27ln7d.c.pack.google.com


HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 73178
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Tue, 23 Dec 2014 17:41:59 GMT
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 118084-191261/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
...8#.-.....Z C.2V.L....N....$...<......u,sg..&\rW.OW...1.5..r.tQ..
.vT...I_.1.L.jh..~..2...I...D.......Lg... ....#.P{.2".lrH....c.B.M.Iw.
]l9'.W..S.v.U..[I.tUUMvw..fI-:iR..pu.%....g742.{. .y..r........}..ah..
\..O.3..7.>...4\."..r.>.5...^2tR .... ..".".M..e...E.rS}[email protected]
.....qsG:...^U'2;._....5.u.Z.7c..MP.....~o...y..XbN.%[email protected]^.J.5...
...}.?../...m.z..wM. _...BzD...k....g.N...!...&q......X.....qv`%.U=P..
..x.7.C..JY.N...dMi4..8.9.....R<B..GD...... ..A:.n#Q.D.4.AJ......A.
.(.........I#..P)X..{.....O-..g....6.A...].@../..u....*......-. )|..P.
X......G.iS.d...T?.,Dt...._n.F............0...2.1:".)v..=.I.$..w?O.|..
...\...2..........2..T7.Q..&F..j0..~.I..P....D.E.l.....l..m...Q....Fi.
gD..Ch..JA.b......~...]...VI.x8QRG....l....C]....&..;.z......4..M.H..d
..W[.M.}.....&%..S8.z.......6.!.&.]e4jw.Y....:..3..h&'c`.a..EZ.Z...;..
4....X.s.P.[..k..m.......mjN)..'.p.sk.i.c._;`....*.:..N...;m*....q.j..
......C.E........A....=..g................#.....K.i0.t..A.....U.o.".E.
.}...5.Cv.%...¸..^........\.`&v.l.......Y|.m....=...... ...\...0}...
.......o...{....y![q)Z^c`Ny.........%..iq../.~{....vIR.=|[email protected]*yi
.......6<..L.G..^OV.g..i.pEa..X<..!....l./..I......$......6k ...
t....9 ........\....Z....;!< .....)b.......F..D....5...k._W. ...~gY
_.....gE##..C.B&......R....w.x.m...z........8.G.92.;.T.....C...c-.:.r.
...)......5wr...u0..j....<..L.ui...g...4.B.\....<F..6 .!..JC...L
.H.,L......ci....Si..!....BCX(H........^[email protected]^...4....
 .4.u.X.........I..m.rd...Jj.).X".mm0vs....$...FI.W.......Q..U..-.
<<< skipped >>>

GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1 HTTP/1.1


Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=191262-444794
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r9---sn-3c27ln7d.c.pack.google.com


HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 253533
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Tue, 23 Dec 2014 17:41:59 GMT
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 191262-444794/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
....0.......88HI.%.i(%.....\!pc~W.....:9....p...I..qX4Z....W.3y7...)..
#...*d.......?=.m..L.z^#%_G.fL..9.....}:.u[..g&..^..g.z.....eM.H..H.[.
kl.}.8..LuD's..*..t..A.E..J....y.0.B=.?7....IG.M..q.*61.].k.q..P..h..Q
....uG.eh..u..*.y.T.T..! ..n=|..:$..yTD`.s..Z.....1.....\..[.q....^a..
B.7.38...C.)...,.._..8.ZG....N....f.-07L.n...g(..S.......Y.W......E...
.'0X...C.)..P..g#. [email protected](&W A....>...>.O.E....S..n.fL.bRb.}H.
m........},....#..I..sS...6.c.Yc....Q....N........$...C2.....hL8.....^
....1..0..C.T...A...A.K....JX.vP....Z... ...&..B.8Zd.}(A..{[email protected].
..#.D.....S'.....Z..Vza..7..}~.......#g.SmjoY...p..F..#...X8..".......
........_..d>Tk......j<........T*]JJ..T....3...'jR.....x........
v.i...r8RE.X!.z.w:.f].:......u*~...S....g$.......-x[....6.WY.LE.v..-,.
.t..........Z.......G.%......h..*&.'....[..N.......?.'0.G.C..A....w..R
....x.).e...f8.|p*[email protected].}...9....t.&..Qm..h..BwXz.^C..|.&...M...
..3..b..!>KF%^....*om..b .>.Y...d...'8.R\..w.2../;..%.F=...)#...
.....M;..8...e....../A...We..U2.>...V*_.E....Ts]....I.}%.......Jt..
........6YO.....o...fj..;\b.<[email protected][email protected]....%)a z..
1|..P...}...8.q...#c/V..qs4..q..bk..9..d]\..A...xBJ.P....a..?.6.1f&...
L...P>...1.>.p........f.....9 g.....c.....9.V.".'[email protected]
$m.qgSlt...y.^....ezT..&NaE..._...n3,B...3....h...p...N....Q...O.. ..Q
9.Da.....C......u...P.d./....m..zk....>....`..0..Ve.l.~.G....V...^.
L..b........V..)9R_....)....D./.F."v...#;.R..9.Sj.,..,[email protected]^
.0.c%M..~......>J^...x.b*.4.........J..K< ....x.F.;qf..c..:.
<<< skipped >>>

GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1 HTTP/1.1


Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=444795-717433
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r9---sn-3c27ln7d.c.pack.google.com


HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 272639
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Tue, 23 Dec 2014 17:41:59 GMT
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 444795-717433/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
. .......A.....?....n.=....)....2.....c.N.t}....2W;F[....M.2GM~.N.u...
.8.k!.s....3y.cc..t=....y..G..0Q..UG..x).....n. -..e.fS...&N...j...O..
C..i.8_..<.".......T..[.a..&..$.geYU.....,.qG.w.^...q..o...s.....e.
]QJ\..GA.Ny.CI.......eG....O..*..[.7<(B..).~'.........Lu.........;.
...x.......swe6..=...M.Q.9.....7M.....1........l.....X0./2.>c......
......~.7s........G.,.r.qopz.fs.=0/~...Q........-.O..VZ....>.....d-
.Cgg.P...*?L1c.*........].z.....f..cNG.8.U.D...`...k...E..a)..5.9.....
.*..w.......h`S...'....~w.....}......kA..>.!.HGN.........`.jUd.H[..
...z......l.....\...([email protected]....{...\..)&pKy.tA]...UAD..`L^..3.
..[7..B..A.JY...........nn... ....l..B%......V..7%....xO.%...D|......;
(]..;..?.k...b.....q......iYdXw.h... ._t.>F.8.L.....Nt..."V0..r....
....H^.{..(.q....`..L.Du..&..".....g.bw.A2.i.6...k.xB........K&|..n...
.^...tV7y.L..>.../#Y...._..........p.....0.....3..~(..1........;.]O
zS..V.."/.......!......?j.-.n...P..S.E..9..nG...U..(.%.~...{ ..:......
e..q.w"#.......07lO.......<....ei`w..H.\3....I...4..B?....n........
..JG.T{h..t.Y`u..C....QnYJ.T....i.X....JC.2.[.?....r...&.2.}..........
.cI;.xgC.O(......... .C..=...c...I#.Tv.(Ws.e4ZO..5.q..:p......Z...Q..Y
...^4..I.....XD..5x...CV~8.3p[......|x. 9..7......4e......4...q.`..b.K
*UN..C.........*.$.@..(g.u..h..X.%J%s.5.y).de.n...I..\....B..#.^h.....
.*a.Kd...K.o.'..<./...8%.PX..._|..}.v..... b.Z... ........]J.v...R.
...]>...".W..s......l..h...b c.iH6R.7,.'.P.....x:=C...n..i...Q.l. .
.."...... [email protected]..#.3...... 2.)!d{.H._&i.bk..[Bj|...Y.E.[Q
<<< skipped >>>

GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1 HTTP/1.1


Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=717434-1335064
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r9---sn-3c27ln7d.c.pack.google.com


HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 617631
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Tue, 23 Dec 2014 17:41:59 GMT
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 717434-1335064/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
M..6v..!.[.?n.I.HL.......4..a..Z........0_.{..g.l/..1%.r.m)..o....^.g.
1l..x..yh..C..^fc...(...T;....A.pe......V.AQ........x..._...........rL
.]\.q..mt..t5U.N...d.Q.........wM...]jQ.O.d........7D...p...R.....E..G
d.M.V......&IZ..~....6...S;...h`...~...../dVSL.......G..S.J...T.l.5...
:...`.z...T$....~...om..C..9H..U...C.i...........%.....`L..E.. ....p..
..*..q#...h....g...m../.)'r......Q~I.u....aA..o...|.=.iNMR..h0<....
76..gw....gN.c...~vN5$NZ..N.'.[.|..:.mOe..?O...90=...- .}f.3*.!......~
.Y.t.*....2Qv.g...L.(Q@n5G4...\......}m...'..;...-X.F.q.............:.
.=.zX......lh. ..........,._.f{P .[..s...yLP...s.>...UO5As..."S .).
IQ-N....vJ..X<...}...S7.:[..d...no...l...S.......Dlw.......sf...G.V
...gkCj..8.i.bQ.z"...I..I.V@. I....AR...[...".|.V..5A..n.b,h.*v3.R... 
q{cc...:..A....b......s.e5....p.D;.......L.9..>c.1.@..... .........
..ad3(.Q.q....BH.V:6...6..b....2....... .J...4.;v.Y.Av.......;....6w..
..P7[.........$].O*d.L...S[..2..?.?!t{........O1.39.:.\...T..g..w.....
.j......<M3?......... .);y{.....cE~.v0.E.T.*.Bt......."...y.=... .j
.J0X.`..uf..R.o..t....M.zA..b..B.?.....84..,@.> l .....Z.'R.....{..
m.e........?.Q.G.K.......dj.}@|..q`Q.[z.....;*......j..A`...C^...c..t.
..@'...0.7..}....9.!$.t%......6^...,.j,c.PP.J{V....4A4..:/.[..q!o.Q.C|
5.)..)....R8L....B.1jzT.. ?.......a....F.`Y.W3.)....YK.1l.!...V2=.4w.x
....x...6w.Q....=...l!...B..i.)....BB.;...1..%.:...5.#.G..Q...p. i..&l
t;......nm.,..,F..I.Z5j<.)I....OQ..[.B;r...s.....=.$._|..a..7..L[.h
.o....q.a5AN0.{.!.C/ l..,..=4;Eu..'. ..."..1.U1T.k......#0.......8
<<< skipped >>>

GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1 HTTP/1.1


Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=1335065-3512052
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r9---sn-3c27ln7d.c.pack.google.com


HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 2176988
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Tue, 23 Dec 2014 17:41:59 GMT
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 1335065-3512052/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
.jh..)V...A.8/].Z.../.GO......_.i.4.......8s6Fd..M.&......?.{Z.|....S.
Z.ap|sQ../.........T.$6.......j.ym..... ...ny..S..8'....FX..p.W"..Qh..
D......b......6..}F.C3c{^..e.zeG..U.i>..........y8B.=.q'.&]l.....M.
G. ~.... ........C.c.j.`.....%B.J.vB.y..8A.3....[.,e....*..=xCl*..EG;.
l<o...... ...t.Il,a..7Y.m.>..g......S.C.b^......T@..^......."...
.|m.ZW.h!.1C.....g.=..C....m..c1. ...1/e...............K......jH...y.0
"u..w.x..5^.........]...'-In'Ogs.......||..pE.....soD..yf......:......
...u.H9.h...iwRXt.....D.......B..FY..K........G""J.c......0W.qFFQ.....
1....\.1B...)..zcqj...o..... ;......ax.....Ro.-..,.(/..;.:.|.|#.u.....
gBv...=J..V.WWA.......u.c........9. .r..`..^tB.j.,&..~I..|..H".1<,F
..p...yFu.jj-/.h..S..i..7..zLp.)..j9..Z.Z.y?J....l.......D.[...J...s.[
V......z.F...OA..0.:.Y.:.Y.H...0,.D....L....@O4..`...3u.!.............
}.....*....s.-#..U....LH..o............0..T4"......N.....w.......$.[".
}v.F$..0......9d.;a..p.....x...\t..a8.-.:EkF.._..........85...;.. ..R.
......oa.m.f.c...u....F..; ..#.b{f.O...u_...m~...D..............o.....
W&..7....1rt..)....|. ...)t.6P.K..A......... .......{.qjq.Y.2....8....
..8YH..7).......R..M..Fd..d;..{...._..<.I).dq.....(."AML.s.Q.....f.
[email protected]...[37.=..ev{.f.C.eo.wI/
...w. Wb........u..8.Bi.....#M.Y|..W....2....\...TJ.&.......`.......c6
L#/b..".DS./...a(...<.Z.f..W(.....<..}..4..E.B....Rq..va`..r.*..
q......*CG.I...x......cp0..G.1.C.....Nk..&..y.2......F.%.[@.........$[
`f%.i.B........E.....:......F.!..?.N..#..M..s..........;.q.t ....B
<<< skipped >>>

GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1 HTTP/1.1


Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=3512053-8336686
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r9---sn-3c27ln7d.c.pack.google.com


HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 4824634
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Tue, 23 Dec 2014 17:41:59 GMT
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 3512053-8336686/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
Rm..2.Y....f.S..>M^..N|j$b.?.8p..R...9.u..i...T......J....w9w...H6*
.~...%.|.?9...%^.9.*.1tO....H;....I.....7.]..gs6.............../SC.f.8
...RA....E.......Es!....y.v.&.N....KH..Aq.d,.oJ.......2...."<......
R...I.bK.eT.x.,.i.....Hf##..y$.*...h...d:.C...#.....w..Pe.f.........,.
...g..P....7.. ..P.jD....._hD>..}.|.....,5V..o".!.B..-^.L<$A>
..g....x>..Xk....=............s~L.b...v[...GtQ.$#.D..c?K.....t'$a.T
.t?....5.,./.P.._.m.O<....vZR.%.s.r..2.R.6..I&..*....?.5..3.U.E....
..F...W.......o..&*./. .dX.=.Q...J"~....ph..R.@)..?L....}~;Z..o..2..*"
S../..6......... .z.....S.....F..nk.Ac]..~...A^G.%..)]..TE..\..T...*.Q
......*...M....0.._|.....2.P....T..q...J*HU.=2q.ok#bp.i..s.>[.B..=?
<.k.;.w.40.......|..4^2.......I.Y.]-a.'CO(f.K}.}t0Ik.........T.....
... u.E..=.kG.......rL).~.............G.......:|......m.. $.*.P..\..O.
&.E.s..&9..`Mf.O..X7....-e....b..[p.&a.%.l...$ep?.[...y...".k...I..e. 
W.P.q.4.y.gz.\a...m?.d..|*|..0....k. O..>.E......9O...>o. ......
R.<.M...._.g...........MZ V.wr.8.....w...<~r..\}H.o....g.NW..7_V
N93..|..0...X.`e....v..:.|.n.r....YCjr2...9.%q?r..L....]...15.%.tWV...
[email protected]{...M...by..5.......P.!c..)...........n........K./.ub............
.......~zb..jFR..Y..1^..3m.n..:.6...~..V.k.N..rv..h')7..=.Geh?.u..Q.Aq
...7K...v..q.a....9.$,q.........I.. (..sE.*.........!....:"..y..|'.|..
T.Y..v.....z...11.4J.x..&..A.(.C.............p.H...1...*? .f...,\l....
L|;......0z).Q..n|;'...._......-.m....Mn...=...6!-].M.h]i.)..#.. .2...
N.|..H..OlEd.8;;..x.Te.!1.-/.....U..(.....PD...I.....t.....:.e8...
<<< skipped >>>

GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1 HTTP/1.1


Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=8336687-18727031
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r9---sn-3c27ln7d.c.pack.google.com


HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 10390345
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Tue, 23 Dec 2014 17:41:59 GMT
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 8336687-18727031/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
u`...!.......$.t..q.).....#..'...c.h*...L.w...);..u.6.N.L.._u......h..
..Y..8..ai..j'g....|. .@o...:D).Y....O..R....P5p......4bIj..u.-`E{..By
.$a.....:...B..Z..k..2..|.W6.....FL.......yF:..}...l=.Q.V..t..4......{
.v..g.L.../Q[...jr>..>...r&...4|/'.......D.......$Z...<.a..i.
...'....I.f....,G.`.iv7..\.Z..w...k....>....{...U.1':.K.}'N1..|0;yM
]...}..j.yjj..4L.[U..vG2..h..x.....<.........({D...S...c,)8.G.'...0
.` c$a...^].g#}>d.i .OTF.:....9V..>..O.R3K4....k... ....prNv....
..U.4Q..[e.5..%.....O!.;>......EB%'=..8..2`...}i....%5..6..!..L.j..
...=].d.=....O"L...JWv.j.{.S...N$hps#....8.,.P ....C......d..S-.....&l
t;Y..m^[...Y..xZ~....JE........j....r.......c..40%.Lx...........u...5.
.4.F.A.'D....&.....o...R..0:.n...=z...Us...1V.....\|..>.....^......
..F(....4....|[email protected]{..7 . 3l..X._.w.G&.].jZ.d...jzi..
.Q:..)7!'.. pw...1E.......^..^.....p..Y.l.oc.r....4.../.......N..KU2..
...fY'#W)1?......ake'I3...9l3..u..`Rf.i.m...R7D..8a..~[2.^v..NP..G.8..
 -(.<..X.>.<.7... .s...K.>.r....^\4../.....=f:g.y.J*.t..P.
.J...R.M.........x.".....>..&.........&....U_...~t....c.L..A.B.uf..
.D$K..L.l.h.x.x..3[.n.#m&....MLq...9iB.2*B......X.=s;[email protected]...
......g..i.&$H.9..H..Y.H..)[email protected]//..".....=...3..>
b...4.;....e.....H..X.?.^....z;. .b[.i..Z..90...#.-.G6h../G....i..wI:L
...Ss..D.L... Q...w~1G...}.*.T.BV...<..v.39....\.(.....>.......-
.........j.|[email protected]_....)......s..Q..!~.f..
*..a.p.{..........O.c..<.#.U..Z.....<..S/..YL.YO!....... ~F.
<<< skipped >>>

GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1 HTTP/1.1


Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=18727032-36558834
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r9---sn-3c27ln7d.c.pack.google.com


HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 17831803
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Tue, 23 Dec 2014 17:41:59 GMT
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 18727032-36558834/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
...9......0d....{..7....L.....X.:_CZ....!.`..8.Ma.....,...Cg...]....Ca
vaNX@.\.(...hZ.....@u..]n.S.....$...z.H{3.y...l..&.Ug.fJB.oX.U..,F-,.T
.......5...po...s.$.bL6n.......$).jA...|..X......|....tJ..G,=....^..y.
.....H.0.`c...g.j)H,B....%.c.!s... ....6e...:l..fs.5.H....w|..{.:.4...
..A..;.k-.n.F_.i.....d.0E..........L..y...1....p.ii...E...kE..."..Ju|.
P!......R.1.\[..q&.......6'*`..kJ.....J.q...Y.^......#.. .<K.2X....
........._...WL....4r.n!$L.....-,.H .w..7......N....5.l.]7/.9.>..5y
..CR.t.`.........u.vR.S$Ja...[.....Pu.... ..Z....$TH.2.f.M...Z..M3...:
0.A.(O#....{...|%:[email protected]%y.q.%.L."$....
....,.'>U...J.<'X..8.oO$g....<ju..t.,.fF.c.......].p.\".....j
D..V...nF.G...6....$.%V.%w~B.g..`..3..a.....v.-y.O>.?..4..ra_.J.y.v
*.<.....O.o|.dr.....L;.V".t.../..-..........`a.....jW..eZ..$.hZ...*
..f.(@..._.J....:.jiD..&Uv..J.s.......=.0kz.y...?.0....'...S..U G.....
...a...,C..X....N]&g_...oz.)z.Vl7........2.e..u...>..N.....I..(....
O.RJ...s...o.k..Wv..J3.....sH.;.xg.~..k.O.iQ........X.).m.1...&.j(....
.h{.).....-I.nn.......,.x.=....xl..!'.........Z(@...B..p......U...... 
.....}T].....h.....e".2.`..g].....kC...q.....5"9..Q.u.Q`.G.7E...Q\..J.
D..3x7.................R..y.....p../.m......;Rt.......\'C......v....1=
........?...-....P.x*.|...i.'.r...hok3..6.(..&.^.^..z.p...P.LN..#I.3Y.
.u1...M...H..b..}...I........H..\TbK.A.......-$.{.!....^..t..6...4 .].
zeD...N...o.l.M.e.....[PN.%R.......6..4..9].][..yB.5.(c$.[.z[..x=ez..T
j%....._.k.|n.%...#.UF....`Q.....B....x...-.,b... ..sCr...eTl...n.
<<< skipped >>>

GET /edgedl/chrome/win/24C7E2C109DDFCC6/39.0.2171.95_chrome_installer.exe?cms_redirect=yes&expire=1420489921&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1420475375&mv=u&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,shardbypass&signature=34722838BD207666E3F86766967F5EA5EA1F3852.4E8B766083AE100122BCD858CE13C586D8902A04&key=cms1 HTTP/1.1


Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Dec 2014 17:25:00 GMT
Range: bytes=36558835-40747599
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r9---sn-3c27ln7d.c.pack.google.com


HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 4188765
Content-Type: application/x-msdos-program
Etag: "4c442"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Tue, 23 Dec 2014 17:41:59 GMT
Last-Modified: Tue, 09 Dec 2014 17:25:00 GMT
Content-Range: bytes 36558835-40747599/40747600
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
.r..og|..0...~..o.k*...6~..(_.~.A]..o..A./.=..l...*.......J........\."
........^.Q......F.??.K.L.."%..n>..'...7..6J......}...Y....@"P..gK.
..g...n..o...o.1....{.{9.G.w..ScaR.o.....7t;........a),..iI.>^.;...
..;..j.E....h..`.e.[go.J........hUm.2....1..%c..9...".8\....F.k...}<
;...3.m?.......Q.... ..VkDm......J.....CZ...b...d b.........TS..:I....
....l .h.r..p....~.Xd.[....j.b.../."=..U.|..3np/?Rk?.N-A.t.6.&./....i.
$/.\....Z...L$......d#.i...K.sg......c..^j..{x.$,%..;.D.]....H...H.O.Y
..X.8F1.t...8...:....h/G.&,[email protected]..{.....RGZ....
n..y8...r... .V...X...RO.j...X..n..-'..A~)_..).r|R. S>m$..w...B@...
.7a.!';.Cj.gR....qUK.z...h...=..<)..S..7..]".l...C<.;..u .H5..[o
Hg...{3V.9....g....X......9..NH:).Ld3....I}...q.....2..1...*.3"._~. ..
...5zl...zpg......&.....#.....A-....q2...M.Y...).i .aM...35....r...x7.
.M7../..( S......9..G...Q....bI".$.....R..8:..r<.cd:..F.U.DF.G..f..
.m.K\...9J.....I......R...M...#%.$-,[email protected]...}...
.E.PO.I.HT../...K..sg..p....6..V....Nv.=...y .~x....Qy...-.y. mH....E.
..0W.A!....=5...."..H.]...s\l...!.... }[email protected]......$.....k.5
.`)".wx<,.b...W.....f u...'..1.6.Z;)..'..Fc...X...6.y&.,.,l.|BF...#
[E.....r![.i.w&/[email protected]..&...S|[....w...=...~...gA.fZ..W-..LT.u.C_
..T5M./...d.z].2.6d&.*...K,..N....I..VC..:@w3...^i.a. .....(C$..geQ...
.yC..I......6^:@ol. |.I....95".r[.-.sSa..B..k..z..y.{..I...X.4r5...=.B
[email protected]..&...%.w......HPU.....Q>.1~&........7_4.
.....Q..>g..|.x|...V._...%.ydj.2..........[%.........w.V.......
<<< skipped >>>






The PUP connects to the servers at the folowing location(s):







Strings from Dumps were not found.







Remove it with Ad-Aware




    

  1. Click (here) to download and install Ad-Aware Free Antivirus.
    2. 

  2. Update the definition files.
    3. 

  3. Run a full scan of your computer.
    4. 





Manual removal*




    

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):
    

    TPAutoConnSvc.exe:1776
    GoogleUpdate.exe:3408
    GoogleUpdate.exe:504
    GoogleUpdate.exe:3520
    %original file name%.exe:2788
    setup.exe:3884
    taskeng.exe:3828
    39.0.2171.95_chrome_installer.exe:1224
    

    2. 

  2. Delete the original PUP file.
    3. 

  3. Delete or disinfect the following files created/modified by the PUP:
    

    %Program Files% (x86)\Google\Update\Install\{54856654-45A7-4A13-A3EE-10C12C925DCD}\39.0.2171.95_chrome_installer.exe (327230 bytes)
    %Program Files% (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\39.0.2171.95\39.0.2171.95_chrome_installer.exe (309253 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\de.pak (481 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\hi.pak (1137 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\sl.pak (515 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\hr.pak (523 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\th.pak (1121 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\id.pak (505 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\am.pak (769 bytes)
    %Program Files% (x86)\Google\Chrome\Application\35.0.1916.114\default_apps (4 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\chrome.exe (1716 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\lv.pak (562 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\bn.pak (1176 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\default_apps\docs.crx (12 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\it.pak (546 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\ca.pak (562 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\ar.pak (742 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Extensions\external_extensions.json (103 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\default_apps\gmail.crx (48 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\metro_driver.dll (1022 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\chrome_100_percent.pak (50 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\en-US.pak (466 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\tr.pak (554 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\xinput1_3.dll (162 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\en-GB.pak (466 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\te.pak (1242 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\fr.pak (596 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\fi.pak (528 bytes)
    %Program Files% (x86)\Google\Chrome\Application\35.0.1916.114\Locales (8 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\libglesv2.dll (50 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\kn.pak (1273 bytes)
    %Program Files% (x86)\Google\Chrome\Application\chrome.exe (20458 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\d3dcompiler_46.dll (52 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\ro.pak (570 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\chrome.7z (268785 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\ko.pak (568 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\chrome_elf.dll (268 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\VisualElementsManifest.xml (400 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\VisualElements\logo.png (7 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\wow_helper.exe (146 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\hu.pak (587 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\PepperFlash\pepflashplayer.dll (63 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\uk.pak (872 bytes)
    %Program Files% (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe (22234 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\vi.pak (637 bytes)
    C:\Windows\Temp\chrome_installer.log (7903 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\sv.pak (514 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\zh-TW.pak (457 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\gu.pak (1104 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\ms.pak (421 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\nacl64.exe (50 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\widevinecdmadapter.dll (293 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\es.pak (571 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\default_apps\external_extensions.json (5 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\zh-CN.pak (456 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\ru.pak (873 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\VisualElements\splash-620x300.png (22 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\chrome_200_percent.pak (50 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\resources.pak (64 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\libexif.dll (621 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\default_apps\drive.crx (53 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\nb.pak (506 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\sk.pak (579 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\PepperFlash\manifest.json (6 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\sw.pak (471 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\nacl_irt_x86_32.nexe (51 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\default_apps\youtube.crx (47 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\nacl_irt_x86_64.nexe (52 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\es-419.pak (561 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\chrome_child.dll (32644 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\bg.pak (922 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\pt-PT.pak (553 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\39.0.2171.95.manifest (226 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\icudtl.dat (59 bytes)
    %Program Files% (x86)\Google\Chrome\Application\39.0.2171.95\Installer\setup.exe (22234 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\fil.pak (570 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\da.pak (506 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\ja.pak (670 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\libpeerconnection.dll (51 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\lt.pak (552 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\chrome.dll (29434 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\default_apps\search.crx (54 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\et.pak (490 bytes)
    C:\Users\Public\Desktop\Google Chrome.lnk (6 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\secondarytile.png (641 bytes)
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk (6 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\he.pak (643 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\ml.pak (1457 bytes)
    %Program Files% (x86)\Google\Chrome\Application\35.0.1916.114\VisualElements (4 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\VisualElements\smalllogo.png (21 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\cs.pak (560 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\mr.pak (1126 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\nl.pak (544 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\el.pak (1011 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\ta.pak (1333 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\libegl.dll (423 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\sr.pak (847 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\ffmpegsumo.dll (50 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\pdf.dll (58 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\pt-BR.pak (544 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\fa.pak (793 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\delegate_execute.exe (51 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source3884_31476\Chrome-bin\39.0.2171.95\Locales\pl.pak (553 bytes)
    C:\Windows\Temp\CR_BD330.tmp\SETUP.EX_ (375 bytes)
    C:\Windows\Temp\CR_BD330.tmp\setup.exe (17361 bytes)
    C:\Windows\Temp\CR_BD330.tmp\CHROME.PACKED.7Z (43831 bytes)
    

    4. 

  4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
    5. 



*Manual removal may cause unexpected system behaviour and should be performed at your own risk.












 
 




 
No votes yet












				


							


			

				
					  
							

		

		


					
							

	

	
	        


	

        
      
 

      
      

      
    
 

    
  
 

		


		

		
			

			

				

					Lavasoft is the maker of Ad-Aware,
					the world's most popular anti-malware 
					software with over 450 million 
					downloads.
				

				

					© 2026 Lavasoft. All rights reserved.

					Terms Of Use |   Privacy Policy
					


								

			


		

		


	

	
	

	

		x
		
Our best antivirus yet!

		
Fresh new look. Faster scanning. Better protection.

		

			
Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

			
For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

			
			Download adaware antivirus 12
		

		No thanks, continue to lavasoft.com
	

	

		

			close x
			
Discover the new adaware antivirus 12

			
Our best antivirus yet

			Download Now